Fortinet FortiNAC Reviews

The primary use case is that we are using it as a network access control (NAC), preventing external devices from plugging into the network or foreign computers from joining the network.

We are using the latest version.

When it works, it's great. It keeps things off the network which are supposed to be off the network.

When it works, doing what it's supposed to.

Not using a Java front-end would be fantastic. It takes forever to load the system up and get in there to configure everything. It is too slow to do anything at all.

The stability is relatively poor, as it has taken us roughly 12 months to get the network access control to be functional. It took us six months to get the USB lockdown to work appropriately. It still false flags mice, etc. On top of it, it broke once we finally got the network access control working. It literally took us 12 months for people to be blocked on an Ethernet connection, and it takes about 90 seconds to knock them off. Even then, it's only 50/50. We have escalated this every week for 12 months, and I'm not sure we'll be renewing this contract.

The technical support is bad. We've had to escalate to Tier 2 and Tier 3. My customer relationship manager on the other side of this has stopped returning phone calls and emails, because there has been such a constant back and forth.

We didn't have something prior. We had someone do a security audit on us, and they made some recommendations of things that we were missing. We contacted a managed service provider to recommend things to fix these issues, and this was one of those things. We went with what the managed service provider recommended as a solution along with having a short timeframe.

The initial setup was highly complex. Every time you get one piece to work, everything else breaks. We have not been able to get a full solution in place.

We used a managed service provider to help get everything up and running.

The process was frustrating. The managed a lot of our network as is, and they've done several of these setups. They moved from the previous version to the newest version, and they have even stopped recommending it as a solution because they don't want to do this again with another customer.

Look into the complexity of using tools. Anything that is difficult to manage will probably be painful to maintain.

We have a very aggressive roadmap with a fairly mature security posture. 

It’s a unified place where we can manage campus onboarding/BYOD NAC security.

It has provided port/wireless security to all devices trying to connect to our campus network.

Interaction with other vendors switches & APs should be more thoroughly tested as integration between Networks Sentry and other networking equipment needs to be seamless for this product to work.

I've been using it for five years.

We had no issues with deployment.

We had no issues with the stability.

We had no issues with the scalability.

Customer Service leaves a lot to be desired. Most times the engineers blame the customer’s network even even before they collect the necessary data regarding an issue. We’ve discovered several flaws and bugs with the system in various occasions, only to have Bradford support deny there’s a problem or make fun of the customer. Also, response time on cases has been terrible. After opening a case, it could take days before an initial response from TAC is performed. Even after that... cases can linger open for weeks or months before any feasible solution is found. We had a case regarding integration with Aerohive open for over a year. Furthermore, case resolution follows very non-standard Practices in the industry. In many instances, TAC engineers close the cases without notice or without asking the customer if it's OK to close the case or if the issue has been resolved.

This is the first NAC appliance we ever used on-campus.

Initial set-up required engineers to be on-site to configure the box to work with our network. Thus, I would say it was complex (this was in 2010; it might be different now).

We implemented through a team provided by the vendor. I would advise to test implementation in a small building before make a campus-wide deployment.

Pricing & Licensing are fair as far as we can tell.

I would make sure this product integrates well with the customer’s network before deployment. We had to move away from this product recently on the Wireless side of the network as the Sentry would not integrate well with our Aerohive Wireless Infrastructure. We had an issue where the Sentry would not properly communicate with the APs and thus would let customers blocked from our network for no particular reason. Since this issue went unresolved for over three years, we decided to implement a different Wireless NAC solution and cut back our Bradford licenses to less than half of the original (we’re now using Bradford only to secure our wired network).

Auto Switch port Tagging – Allows for easy management without using consoles.

Currently this product manages access to our Wi-Fi network, it also us used to prevent rouge devices from gaining access to our LAN.

I've used it for one and a half years.

It deployed just fine for us.

Issues with polling switches, hosts not being updated with accurate host names affected its stability.

It scaled well enough for us.

As there is currently not any UK based support – Poor.

Personally did not set up the product but rather complex overhearing conversations.

This is a very complex product which is very good when used correctly, it has control over fundamental parts of your network so correct configuration and implementation strategy is a must.

Out of 6500 wireless devices we see issues with less than 0.5% of clients. Though the product has many features we only utilize a fraction of them. We use the product for registration and management of our wireless network (NAC). The most valuable asset is visibility in to what a client is and who is using it. By forcing guests/users to register their BYOD devices we know who they are and can then apply appropriate web filtering policies to them based on a number of factors. We can then use that data to export reports etc on usage of our wireless network as a whole and troubleshoot as needed.

Prior to using the product we had a fully open wireless network. This means anyone could come in off the street and connect to our wifi. We would not have knowledge of who they are if the did something illegal or wrong. Our level of security has increase greatly as well as our knowledge of who is on our network.

We have had issues with certain Windows 10 devices not being able to register which requires manual intervention to fix. I think they are working on this issue. As Windows 10 devices grow this issue will become greater.

Another major pain point is management of existing and new wireless access points. You must import the Aps into Network Sentry every time you put them on the network. Its also advised to use DHCP reservations for each AP. The system does not delete APs if you remove them from production as well. This means you must remove the APs from Sentry each time its stake out of production or placed in a new building etc. The initial setup of an AP doubled as a result of using this product. There are steps that must be performed and if any are missed, the AP becomes a black hole resulting in zero connectivity for clients connecting to it.

We’ve used this solution for two years.

Their technical support is a 8/10. They are responsive and have the ability (if you allow) to log into your equipment remotely and fix problems or perform upgrades. They are helpful in answering questions and configuration assistance is always available as this product is complex at first.

The initial deployment took three days however we encountered many issues. The main factor was our network set-up was not fully understood by Bradford prior to purchase and deployment. This created many issues while we were in production with 10-15% of our users having connectivity problems every day. We were not fully operational until 3 months after deployment.

Initial set-up was done via a “Quick Start” where the bare bones are implemented by and on site tech. This is not meant to be a full implementation but to get the foundation in place. The on-site tech was knowledgeable but again, we had issues with understanding out network set-up and its complexity which were not discovered in the quick start.

Vendor team on site, which we paid for. In house is available but would have been very time consuming to learn and implement. I would not recommend quick start but instead have a tech on site for a minimum of 5-7 business days to fully understand the product. Its not until you are in full production will you see issues and have questions. As questions, learn how the product works deep down.

Pricing is expensive but cheaper than some other solutions out there. Licensing is based on number of concurrent devices and a number of other factors depending on implementation type. Yearly maintenance fees are very reasonable and highly recommended. ROI is immediate for us in terms of visibility.

We did not evaluate other solutions other than on a cost basis.

Explain you network set-up in full detail with diagrams. VLANs, SSIDs, switch vendors, wireless vendors, subnets. What methods do you use today for wireless authentication (802.1x/WPA2-PSK/Open). Show them everything and what it looks like to be a client on your network today and the process to get on-line. This product manages both wired and wireless network is you choose both options. This product can also do posturing of devices to ensure they meet criteria like current updates and Antivirus etc. We are not using that functionality yet however.

We used it for network access control of internal users on wired networks, as well as to enforce USB port blocking. Some complaints were directed to me, and that was the primary use case.

The device fingerprinting feature was helpful in creating and enforcing access policies. The device profiling feature allows you to create fingerprints and define acceptance policies based on that.

The user interface and the product's intuitiveness could be improved. In future releases, it would be great if they could improve the usability of the solution, particularly for SaaS environments.

I worked with the Fortinet FortiNAC solution for around four months.

Initially, during the first week or two, it was a bit unstable, but they were resolved.

It is scalable, especially with the VM part, allowing for easy expansion based on needs. Around 50 users were using FortiNAC from our customer side. 

The customer service and support team is really good. They know what they are doing. 

I have experience with other solutions as well. In terms of pros, I would say Fortinet has a simpler version, and it's more user-friendly when it comes to creating policies. As for cons, I'm not sure if it supports certain devices that require a more secure connection.

The initial setup required someone with experience. I would rate my experience with the initial setup around an eight out of ten, where ten is the most complex. So, it was moderately complex.

The documentation was comprehensive and well-documented. I didn't have any complaints working with it.

I deployed it virtually on a VMware server. I set it up, onboarded the devices, created the policies, and added the necessary configurations.

Deployment varied depending on user dependencies, but it took around ten days. There were three people involved in the deployment.

Moreover, it doesn't really require much maintenance besides regular updates.

I would recommend Fortinet FortiNAC. Overall, I would give it an eight out of ten. The UI could be improved, but overall, it's a good solution.

We use Fortinet FortiNAC to receive excellent visibility of our network for traffic and what devices are connected to prevent attacks.

Fortinet FortiNAC could further improve its network visibility.

I have been using Fortinet FortiNAC for two and a half years.

Fortinet FortiNAC is a stable solution.

I have found Fortinet FortiNAC to be scalable.

The deployment of Fortinet FortiNAC could be better. When we are deploying the solution we have some level of dependencies with other vendors for their connection to Fortinet FortiNAC. Without these dependencies, it would be better.

Overall I am satisfied with the solution.

My advice to others wanting to implement Fortinet FortiNAC I would recommend before the start of the deployment to have a good summary of the documents ready. It makes it easier to follow the guides and have knowledge of their network beforehand.

I rate Fortinet FortiNAC an eight out of ten.

We use the tool to connect different networks, like connecting one side to another. Additionally, we deploy some policies to allow certain users within the network environment.

The most valuable aspect of this product is its security features. Many customers prefer cheaper devices, but those often lack adequate security measures. It also supports compliance with industry regulations. 

Fortinet FortiNAC's price is expensive compared to other products. 

I have been using the solution for three to four years. 

I rate the tool's stability a nine out of ten.

Fortinet FortiNAC's scalability is good. 

I haven't used the tool's support yet.

The tool's main difference from other products is security, ease of access, and integration with other devices.

The initial setup is not complex—it's quite straightforward. However, the complexity of the environment can vary depending on the customer's requirements.

It could be difficult, depending on the environment. Sometimes, we need integration with other devices, which adds complexity. It's particularly challenging when integrating with older vendors, as their installation processes are often more complex.

I rate it a nine out of ten.

I rate Fortinet FortiNAC's pricing an eight out of ten. 

I rate the overall solution a nine out of ten. 

The product offers good profiling features and can support various vendor products.

FortiNAC could improve integration with other vendors and enhance stability to compete more effectively with solutions like Cisco ISE.

We've been using both FortiNAC for about four years.

We contacted Fortinet's technical support, who helped resolve our issues.

Positive

Cisco ISE is more stable but comes at a higher cost than FortiNAC.

Deploying FortiNAC can be time-consuming, especially considering the integration challenges with other vendors.

Integrating FortiNAC with other vendors can be challenging, especially for Ruckus and Intelisys. We find Cisco ISE more comfortable for vendor integration.

I recommend FortiNAC, but with the caveat that users may encounter challenges with integration and stability.

I rate it a seven out of ten.