Fortinet FortiNAC Reviews

We are a solution provider and this is one of the products that we implement for our clients.

My role is security and I deal with products to protect data centers. FortiNAC makes up part of the security solution in a data center.

The most valuable features are usability and security.

The response and resolution time for technical support issues need to be improved. Support overall needs to be a little faster.

I have two years of experience with FortiNAC.

FortiNAC is a stable product.

Scalability depends on licensing. Our customers vary in size from small and medium-sized businesses to enterprise-level organizations.

The technical support is in need of improvement because sometimes it takes too long to resolve issues.

I have worked with other similar solutions including Cisco ISE. I find that many of the SMBs and Enterprise-level customers choose Cisco instead.

The installation is pretty simple. The length of time for deployment depends on the planning and what is in the environment. It will normally take about a day.

I would rate this solution a seven out of ten.

We are a solution provider and this is one of the products that we implement for our customers. It is used as part of the network security and protects our clients.

This solution is very easy to implement and use.

The interface is user-friendly.

The most valuable feature for us is the support for iOS and iPhones.

The problem with Fortinet is that if you want to be 100% secure then you have to buy other products. It should support better integration with third-party solutions.

The reporting capability needs to be improved.

We have been using FortiNAC for about three years.

FortiNAC is a stable solution.

It is a scalable solution, although the scalability also depends on the other products that it is integrated with. Our customers are medium-sized and enterprise-level organizations. Our clients have about 500 users.

This solution is so stable that we have not had any problems and never needed to contact technical support.

I am also working with Cisco ISE. It is very complicated compared to FortiNAC.

It is very easy and straightforward to implement.

Three of our engineers were involved in the deployment. One of them focuses on security and the others take care of networking.

The licensing fees are a little bit high.

I try to push the use of this product because sometimes, the complicated solutions like Cisco ISE sometimes make the customers feel annoyed.

My advice to anybody who is considering this solution is that if the budget allows it, the entire security solution should be made up of Fortinet products. They integrate well and it will be better overall. A complete and secure solution will include products like FortiSandbox and FortiAnalyzer as well.

I would rate this solution an eight out of ten.

I was certified in FortiNAC (Part of Fortinet-NSE6) last year and I've personally implemented FortiNAC in three organizations. We work as a team with people who have expertise in different areas and Vendors and have exposure to different infrastructures.

FortiNAC scans your network to discover every user, application, and device (IOT), With up to 18 different techniques, it can then profile each element based on observed characteristics and responses for granular visibility - We then apply state-based control(eth0 VLAN switching) and Policy based control rules for access control and response.

Anyone (Domain users, Contractors, guests, etc) wanting to connect to the network has to be accessed by the NAC. Users come in at different times and some may be working from branches or home through a VPN and they will be authenticated in the same way with different privileges on the Network.

So it has to run 24/7. It's authenticating users all the time. We are gold partners with FortiNac. 

There are quite a number of things that are valuable about this solution. Having dealt with Cisco ISE, I realize that FortiNAC is different in a way that gives you granular visibility of the entire network infrastructure related to IOT devices (Who, What, When, Which information). It's helpful that you can know what's going on from your phone, your tablet, and from home. The solution provides containment, reporting and security event-alarm mapping and saves log and carries out further analysis for cyber thefts. It really is a good solution.

I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via FSSO or Certificate management he has to have a persistent agent.

The admin UI is not that good. It could be better matched and more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a FortiAuthenticator to build it.

The other thing would probably be the visibility granular. For example, when I have a user at a particular branch, I can't tell what SSIDs they are connected to. I only have the IP addresses so if the wireless controller is integrated with FortiNAc, you're going to realize that you won't be able to know whether a particular person is connected, that an AP is connected to a particular SSID, is connected to. . .  etc. It only gives you the IP addresses, Host names, etc. That has to be improved and am sure it will be in the next build version. 

Additional features, would be an agentless link and adopters - online, offline adopters - it picks the IP's, the host names, the layer 3 information, layer 2 information, what's connected. And also to give different privileges, best rule privileges to users. 

VLAN Interswitching (state based controls) could be quicker when doing the process flow from different sorts of authentication. When it comes to guests or contractors, you don't want to use a dissolvable agents. It dissolves in the process of downloading, but it takes longer and that could be improved.

I've been using the solution for a year and a half. 

FortiNAC is Pretty stable. We initially had a couple of troubleshooting issues in the deployments but we worked them out and it's fine now and has pretty good Visibility across the Network for every device, application and user, extend Control of the Network to third-party products and automated responsiveness.

You won't find so many NAC solutions like it. I mean it's granular, you will see a lot that you need to ask. It will give you all the controls you need and it has event alarm mapping, - I mean "you can't control what you can't see"

It is very scalable, you can have as many features and access points as you want. as you have. It depends on the licenses, but you can have as many IoT devices (Switches, routers, Firewals, WLC, etc) as you want and as many features as you want. You can have visibility to all the ports of the switches on the NAC, you can easily see  Who, What, When, Which information then control and respond

Technical support is good. You create a ticket and within that ticket you explain what challenges you're facing. They assign you an engineer who'll help solve the issue. It's pretty easy and straight forward and they're always there to help. 

Initial setup is pretty easy. If you're doing a VM setup, you do the registration on the Fortinet portal, and then you set the IP addresses. I think it's pretty good when you're implementing it the first time, it's very easy but when you get to tests, which are the UAT's, you're most likely to have a few issues that you need to be aware of.

Deployment time depends on the kind of customer. For example, the current implementation I'm doing has an assessing vendor. 90% of the network is wireless and 10% is cabled in network. They have more than 80 access features, more than 80 routers, and two wireless controllers. They have a number of databases and different firewalls - to use that fountain it slows things down. You're also dealing with Domain users, contractors and Guests in different locations. Obviously this will take more time than a project with less infrastructure devices. It really depends on the nature of the infrastructure.

There is a base license level which pretty much gives you topologies and groupings automation/control, etc. When it comes to policies, it's only going to give you user host profiling and network access. If you're looking for endpoint compliance, integrations, Incidence response and reporting, then you have to go for an Plus or PRO license.

You need to think about what you need as a company. There are so many government institutions, so many corporate institutions in the world that want to protect their networks. People have different privileges within a network, an instructor cannot have the same privileges as a normal user and the guest. We have guests coming onto our network, contractors coming to work at different times on the network, the main users who are working in different departments and who shouldn't have access to some platforms. When it comes to authentication you need to make sure you're protected from all kinds of threats. You have different products, Vendors and divices that all need to be controlled. If something goes off you need to know where and why. 

I would rate this product a eight out of 10. It's still evolving. 

You can simply control whole network even you can check your switches configuration

Compliance checks are a good feature. Compliance check is for windows updates and for antivirus updates, etc. 

Security is also good. No guest can enter without credentials, such as usernames and passwords. You have full visibility, which is very good.

The implementation process needs improvement. Right now, it's somewhat complicated. They could create some templates to facilitate implementation. Right now everything is done manually, and it just takes a really long time at the initial setup.  

I've been using the solution for three years.

The solution is stable.

The solution is easily scalable. Once you have one working correctly, you can expand easily to make it as big as you want. However, setting up the first properly takes time.

I've contacted technical support three or four times. They have been very good.

We didn't previously use a different solution.

The initial setup is complex. How long it takes to deploy depends on the complexity of the project, for example, if you are setting up the solution at branches or just at one location. So long as the team is cooperating and coordinating, it shouldn't take more than three months. You only need one to two engineers to deploy the solution. Afterward, you may only need one person for maintenance.

You need professional engineers to set up the solution. Only trained and experienced people will be able to handle the implementation.

We use the on-premises deployment model.

In terms of advice I'd give to others, I'd say the most important thing to worry about is organizing the network, like active directory groups and groups of users, etc. Organize the groups with VLAN IDs that are not too specific and the VLANs should be on all company switches.

I'd rate the solution eight out of ten.

The solution is generally used for compliance and other related items such as network visibility. 

The most valuable features of the solution are the user-friendliness, the graphical interface, and the technical support. The interface is very nice and the customization is good.

Overall, our clients seem to be quite pleased with the product.

For our organization and our clients, the price is the main concern. They should work to make it more competitive.

Customization could be improved in future releases.

I recently deployed the product. I've been using it for about a year.

Regarding scaling, I don't believe I would know about the requirements related to scaling the product. However, in terms of the device itself, my client is fully sufficient with the license. He has the number of devices he needs in order to monitor everything. I don't believe our client has scaled it, so I don't know how easy or difficult scaling is.

Our clients are largely medium-sized enterprises and may have up to about 400 devices on site. 

I've never reached out to technical support myself and have never opened a support ticket, but I have heard that the solution is quite good at handling customer queries.

We've used community support and it's been quite good. We've found most of the answers to our queries using it.

The initial setup is quite straightforward. We didn't run into any complexities during the implementation.

We're a Fortinet partner.

I would recommend the product to others. Usability is a crucial thing for networking and this product offers that. I'm not familiar with other NAC products. However, I think every organization should be implementing NAC. That does not always mean just FortiNAC products. There are other NAC products as well. We are very fortunate to have access to such products that continue to help our customers.

Overall, I'd rate the solution eight out of ten.

I don't exactly remember the version our clients are using currently, however, and I believe it is vm based for 2000 devices.

We don't actually use the solution in our own organization, but we have deployed it and we provide service, support, and monitoring on the devices to our clients.

I'm a senior network architect and our company is a reseller of FortiNAC. This is a new product for me and we'll be starting implementation shortly. We've been testing the product and I'm just finishing the course. I'll be implementing for our client which is a medium-size company.

The interface is good and simple to use. Some of the ideas presented on the online course could be clearer, like policy creation. But the interface and other features are very good. 

I think that the course content could be improved, it's not that simple to work through. I'm an expert on Cisco ISE. And also I have CCIE on Cisco. I made a comparison between Cisco ISE and FortiNAC. Cisco ISE has full integration but FortiNAC doesn't.

I've been using FortiNAC for just one month.

I'll have a better idea next week about the stability, once it's been tested in the production environment.

The communication with customer support is fine from an administration perspective. But it's lacking documentation on the concept of how the technology works. There are no documents in the FortiNAC library relating to network function. 

I would rate this product an eight out of 10. 

We are only consultants, so we implement FortiNAC for our customers. The good part about FortiNAC is that it works seamlessly across either public cloud, private cloud, a hybrid one or on premises. So, depending on the client's requirements, I usually suggest that they go for public cloud where they have remote locations, and that they go for an application where they have a large deployment, adequate network and technical staff to support the requests.

The features we generally propose is basically agent-based authentication and the agent case solution product for wireless endpoints, which allow them to do automatic registration, and the third would be the health checks.

Something that the developers of FortiNAC might look at to improve, is more integration with third-party products. The dashboard also needs to improve.

FortiNAC is quite a stable solution. 

FortiNAC is a highly scalable product. The licenses remain unlimited. It's a subscription-based license, which is based on the usage and number of concurrent users. So the good part is that it can be deployed out of any environment.

The technical support for us has been extremely good and the local support is excellent. 

The initial setup was easy and straightforward. The deployment can be done within a day.

The good thing about FortiNAC is that it's more vendor agnostic. And then we have the deployed FortiNAC activate solution, which are different kinds of firewalls, which works perfectly fine. 

On a scale from one to 10, my rating for this program will be a nine. Additional features that I would like to see included in the next release of this solution is more integration with third-party products and probably some improvements on the dashboard.

The solution is good at giving a deep dive into each product. It tells you, for example, what is connected to the network. It gives us good reporting tools.

I think the network devices need to give more information.

In the next release, we'd like to see more information on controlling, for example, adding more policies etc. We should get more information about IoT devices, and have more information available for the users.

Scalability can be improved.

The solution is good, so I've had no reason to contact Technical Support.

This is the first product we have used.

The initial setup was straightforward. You only need one person for deployment and maintenance.

We used a consultant to assist with implementation. They were good. We didn't have a problem with them.

We evaluated so many other products but we found the features of this solution to be the most valuable.

I would rate this solution at a seven or eight out of 10. If they improved their network devices and their IoT product I would rate them higher. The solution is pretty inexpensive. That's why we are using it. I am satisfied with the interface, the dashboard, and the overall support.