2019-03-11T07:21:00Z
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
  • 0
  • 104

What needs improvement with FortiNAC?

Please share with the community what you think needs improvement with FortiNAC.

What are its weaknesses? What would you like to see changed in a future version?

10
PeerSpot user
10 Answers
Manjil Bhetwal - PeerSpot reviewer
Presales Engineer at a tech services company with 11-50 employees
Real User
Top 5
2020-04-30T10:58:55Z
Apr 30, 2020

This solution could be more agile. The technical support is in need of improvement.

Search for a product comparison
AM
Technology Consultant Team Head at Ignite Solutions
Real User
Top 20
2020-04-26T06:32:39Z
Apr 26, 2020

The problem with Fortinet is that if you want to be 100% secure then you have to buy other products. It should support better integration with third-party solutions. The reporting capability needs to be improved.

MA
Asst. Network Security Engineer at a tech services company with 11-50 employees
Real User
2020-04-26T06:32:39Z
Apr 26, 2020

The response and resolution time for technical support issues need to be improved. Support overall needs to be a little faster.

Boller Anyiine - PeerSpot reviewer
Cyber Security Specialist at a tech services company with 51-200 employees
Real User
2020-04-02T07:00:12Z
Apr 2, 2020

I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via FSSO or Certificate management he has to have a persistent agent. The admin UI is not that good. It could be better matched and more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a FortiAuthenticator to build it. The other thing would probably be the visibility granular. For example, when I have a user at a particular branch, I can't tell what SSIDs they are connected to. I only have the IP addresses so if the wireless controller is integrated with FortiNAc, you're going to realize that you won't be able to know whether a particular person is connected, that an AP is connected to a particular SSID, is connected to. . . etc. It only gives you the IP addresses, Host names, etc. That has to be improved and am sure it will be in the next build version. Additional features, would be an agentless link and adopters - online, offline adopters - it picks the IP's, the host names, the layer 3 information, layer 2 information, what's connected. And also to give different privileges, best rule privileges to users. VLAN Interswitching (state based controls) could be quicker when doing the process flow from different sorts of authentication. When it comes to guests or contractors, you don't want to use a dissolvable agents. It dissolves in the process of downloading, but it takes longer and that could be improved.

Rupsan Shrestha - PeerSpot reviewer
Technical Presales Engineer at Dristi Tech Pvt.ltd
Real User
2020-02-20T06:38:00Z
Feb 20, 2020

For our organization and our clients, the price is the main concern. They should work to make it more competitive. Customization could be improved in future releases.

it_user1232502 - PeerSpot reviewer
Senior Cybersecurity Solution Architect at Dimension Data
Real User
2019-11-21T07:12:00Z
Nov 21, 2019

Something that the developers of FortiNAC might look at to improve, is more integration with third-party products. The dashboard also needs to improve.

Learn what your peers think about Fortinet FortiNAC. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,584 professionals have used our research since 2012.
Ahmed-Fawzy - PeerSpot reviewer
Sr. Network Architect at a manufacturing company with 10,001+ employees
Reseller
2019-11-18T07:22:00Z
Nov 18, 2019

I think that the course content could be improved, it's not that simple to work through. I'm an expert on Cisco ISE. And also I have CCIE on Cisco. I made a comparison between Cisco ISE and FortiNAC. Cisco ISE has full integration but FortiNAC doesn't.

SamerKiwan - PeerSpot reviewer
System Security Engineer at a tech services company with 11-50 employees
Real User
2019-11-04T06:14:00Z
Nov 4, 2019

The implementation process needs improvement. Right now, it's somewhat complicated. They could create some templates to facilitate implementation. Right now everything is done manually, and it just takes a really long time at the initial setup.

SJ
Senior Information Technology Officer at a financial services firm with 501-1,000 employees
Real User
2019-07-08T07:42:00Z
Jul 8, 2019

I think the network devices need to give more information. In the next release, we'd like to see more information on controlling, for example, adding more policies etc. We should get more information about IoT devices, and have more information available for the users.

DP
IT and Operations Manager at a financial services firm with 51-200 employees
Real User
2019-03-11T07:21:00Z
Mar 11, 2019

Not using a Java front-end would be fantastic. It takes forever to load the system up and get in there to configure everything. It is too slow to do anything at all.

Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Oct 31, 2021
How does Cisco ISE compare with Fortinet FortiNAC? Which is better and why?
See 1 answer
Oct 31, 2021
Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user experience is intuitive, supportive, and, once learned, easy to use. This is a very stable and flexible product overall. This solution works well with many different cloud options. Cisco ISE can be complex and complicated to deploy and use. You have to have a lot of understanding of the product to use all of the functions successfully. The end-user interface is complicated and not user-friendly. We also found that this solution can be slow and a bit buggy at times. Fortinet FortiNac’s interface is very user-friendly, stable, and scales easily. But its setup and deployment was slow and complex - everything needed to be done manually. It would be good if they developed some templates to improve the setup process. Currently, it just takes too long. If your organization is very large, it is not very feasible. The dashboard could be more user friendly and the reporting capability should be better. We also found this solution to be on the expensive side. Conclusion Both of these products have excellent scalability and are very stable. They provide solid endpoint user security and work well with mobiles, gadgets, laptops, etc. Cisco can be very expensive and complex to use - it is best for larger, enterprise-level organizations with a Cisco-trained tech team. Fortinet Fortigate is very user friendly, flexible and agile. It is simple to use and manage and it’s very good for smaller to mid-level organizations, and can do well for larger enterprise organizations as well.
Mark Karanja - PeerSpot reviewer
Infrastructure Engineer at NATIONAL CONSTRUCTION AUTHORITY
Jun 28, 2021
Hello,  I'm researching these two solutions: Cisco ISE (Identity Services Engine) and Fortinet FortiNAC. And I'm looking for recommendations on which product to choose and why? Thank you for your help!
See 2 answers
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jun 28, 2021
Hi @Sean Muller ​, @Manjil Bhetwal ​, @Ahmed-Fawzy ​and @Nayef Hamzeh. Possibly, you can assist here? ​ Thank you!
John Sayer - PeerSpot reviewer
President at JTS Network Consulting, LLC
Jun 28, 2021
My preference would be HPE/Aruba's Clearpass product over either of these 2 products, although Clearpass really shines when using the Wireless Guest and OnBoarding functions.  The authentication functionality is good and very complete with hooks to tie into external servers such as Google Admin Console for Chromebooks and JAMF for Apple devices.   I haven't seen the latest incarnation of ISE, but my understanding is that it is a complete product.   FortiNAC is the old Bradford Systems NAC solution.  Fortinet has recently added the ability for it to be a standalone RADIUS server for wireless WPA2-Enterprise implementations.   Prior to that, it was essentially a MAC address repository that checked each device connecting to a network and then changed the VLAN for the device through SNMP and direct commands sent to the switches. Very old-school NAC.   I was hoping that perhaps the added RADIUS functionality would allow standard Wired-802.1x and wireless WPA2 functionality. Tested this at a customer a couple of months ago and it failed completely. Without that functionality, you will need a separate RADIUS server in addition to FortiNAC.  
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 10, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the top Top 5 Network Access Control (NAC) S...
See 2 comments
Arvind Singh - PeerSpot reviewer
Engineer at IPR
Apr 7, 2022
This is based on the user's feedback. A link for Gartner report should also be available.
UM
IT Infrastructure Manager at a healthcare company with 10,001+ employees
Apr 10, 2022
As a user of Cisco ISE, I am completely not trusting this review. Cisco ISE is a buggy immature solution.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 10, 2022
Top 5 Network Access Control (NAC) Software Solutions
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Fortinet FortiNAC Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
653,584 professionals have used our research since 2012.