Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
  • 0
  • 140

What needs improvement with Fortinet FortiNAC?

Please share with the community what you think needs improvement with Fortinet FortiNAC.

What are its weaknesses? What would you like to see changed in a future version?

PeerSpot user
19 Answers
Technical manager at Sancfis
Real User
Top 20
Oct 3, 2022

The technical support could improve; the response time is quite slow.

Search for a product comparison
Boller -Anyiine - PeerSpot reviewer
Security Solutions Architect at a manufacturing company with 1,001-5,000 employees
Real User
Top 5
Sep 6, 2022

When you compare the solution to other NAC solutions like ISE and Portnox, you realize that it is not able to work as a single sign-on device. You need to use it with FortiAuthenticator. If you want to use certificate management, and two-factor authentication, you have to buy a FortiAnalyzer, which is different from ISE. I would like to see these features included with the solution. The reporting can also use improvement.

Boniphace Mkindi - PeerSpot reviewer
Telecommunications Engineer at TZ Telecom Ltd.
Real User
Top 20
Jul 21, 2022

The interface works fine, but it could be better.

Head Of Information Technology at Zambia National Building Society
Real User
Top 5
Jul 5, 2022

I hope that Fortinet can add a feature with a remediation mechanism when you find a broken piece so that you can click on something and download the needed update or resolve the firewall issue more easily. Currently, we have to use an external remediation server to download updates. For example, the Kaspersky antivirus was originally built just for threat detection and prevention. Still, they've gone to another level where the solution can point to a vulnerability, and you can click a button to remediate it, and the solution goes and pulls the download and fixes it.

Pavel Zhuykov - PeerSpot reviewer
CEO at Physnetwork
Real User
Top 10
May 31, 2022

The automation in Fortinet FortiNAC could improve.

ZaidoonAbuhanak - PeerSpot reviewer
Top 5Leaderboard
Apr 10, 2022

We have tried to do a small POC and it failed. I had a bad experience with FortiNAC. The customer was asking for a NAC solution. I suggested FortiNAC. The switch with the customer was Cisco and it was not integrated with Cisco. We tried to provide him with a FortiSwitch as the core switch and the solution worked. It's working, however, not the expected way for the customer. The issue is it just doesn't integrate with Cisco switches. They need to change or upgrade the technology in the product. The solution is not stable. We have not been able to scale the product. It's very hard to set up.

Learn what your peers think about Fortinet FortiNAC. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,584 professionals have used our research since 2012.
Real User
Feb 23, 2022

Any NAC solution has three to four phases. The first phase is discovery and classification. They do discovery, but they are lacking a lot of features in terms of classification. Also, they don't do a lot of classifications. They cannot help you if, for example, you're classifying Windows, and you want to check which Windows version it is, like Windows 7, Windows 8, Windows 10. It's a little bit difficult. It's not easy like the other products. Classifications and visibility need to be improved a lot. They have to start work on being agentless. Agentless means they need to have strong integration with Windows. They need to use the RTC. They cannot force people to have an agent for people who are going to the domain. There needs to be compatibility with switches. For any NAC solution, all the inputs will be through switches. So if it is not compatible with switches, this is a big disaster. When I was doing their switches, there were a lot of customers whose switches were not compatible with FortiNAC. If these things are well-designed, then they can compete in the NAC market. And also in terms of IOT, they cannot discover the IOT things perfectly or the OT, operation technology, things. In terms of HA, they're having a lot of problems. You just need to put the HA between two clients, and you have a lot of problems. There are problems with the classifications. In terms of control, they're not doing well. They cannot do integration with SCCM, for example. They have a lot of things missing.

Eranjaya-Kumarasiri - PeerSpot reviewer
Security Engineer at Eguardian lanka
Top 20
Feb 15, 2022

Fortinet FortiNAC could further improve its network visibility.

Ahmet Coruk - PeerSpot reviewer
Co-founder at Korunet
Real User
Top 5Leaderboard
Jan 19, 2022

Integration is hard in Fortinet FortiNAC, but they are evolving and getting better. For example, with Cisco, Aruba, Huawei, and Extreme devices, Fortinet FortiNAC is working properly, but some other devices have problems.

Cyber Security Engineer at a tech services company with 201-500 employees
Real User
Nov 3, 2020

Overall, it's a great product. The GUI is a little bit strange — different than other Fortinet products. It could be more user-friendly.

Manjil Bhetwal - PeerSpot reviewer
Presales Engineer at a tech services company with 11-50 employees
Real User
Top 5
Apr 30, 2020

This solution could be more agile. The technical support is in need of improvement.

Asst. Network Security Engineer at a tech services company with 11-50 employees
Real User
Apr 26, 2020

The response and resolution time for technical support issues need to be improved. Support overall needs to be a little faster.

Technology Consultant Team Head at Ignite Solutions
Real User
Top 20
Apr 26, 2020

The problem with Fortinet is that if you want to be 100% secure then you have to buy other products. It should support better integration with third-party solutions. The reporting capability needs to be improved.

Boller Anyiine - PeerSpot reviewer
Cyber Security Specialist at a tech services company with 51-200 employees
Real User
Apr 2, 2020

I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via FSSO or Certificate management he has to have a persistent agent. The admin UI is not that good. It could be better matched and more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a FortiAuthenticator to build it. The other thing would probably be the visibility granular. For example, when I have a user at a particular branch, I can't tell what SSIDs they are connected to. I only have the IP addresses so if the wireless controller is integrated with FortiNAc, you're going to realize that you won't be able to know whether a particular person is connected, that an AP is connected to a particular SSID, is connected to. . . etc. It only gives you the IP addresses, Host names, etc. That has to be improved and am sure it will be in the next build version. Additional features, would be an agentless link and adopters - online, offline adopters - it picks the IP's, the host names, the layer 3 information, layer 2 information, what's connected. And also to give different privileges, best rule privileges to users. VLAN Interswitching (state based controls) could be quicker when doing the process flow from different sorts of authentication. When it comes to guests or contractors, you don't want to use a dissolvable agents. It dissolves in the process of downloading, but it takes longer and that could be improved.

Rupsan Shrestha - PeerSpot reviewer
Technical Presales Engineer at Dristi Tech Pvt.ltd
Real User
Feb 20, 2020

For our organization and our clients, the price is the main concern. They should work to make it more competitive. Customization could be improved in future releases.

it_user1232502 - PeerSpot reviewer
Senior Cybersecurity Solution Architect at Dimension Data
Real User
Nov 21, 2019

Something that the developers of FortiNAC might look at to improve, is more integration with third-party products. The dashboard also needs to improve.

Ahmed-Fawzy - PeerSpot reviewer
Sr. Network Architect at a manufacturing company with 10,001+ employees
Nov 18, 2019

I think that the course content could be improved, it's not that simple to work through. I'm an expert on Cisco ISE. And also I have CCIE on Cisco. I made a comparison between Cisco ISE and FortiNAC. Cisco ISE has full integration but FortiNAC doesn't.

SamerKiwan - PeerSpot reviewer
System Security Engineer at a tech services company with 11-50 employees
Real User
Nov 4, 2019

The implementation process needs improvement. Right now, it's somewhat complicated. They could create some templates to facilitate implementation. Right now everything is done manually, and it just takes a really long time at the initial setup.

Senior Information Technology Officer at a financial services firm with 501-1,000 employees
Real User
Jul 8, 2019

I think the network devices need to give more information. In the next release, we'd like to see more information on controlling, for example, adding more policies etc. We should get more information about IoT devices, and have more information available for the users.

Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Oct 31, 2021
How does Cisco ISE compare with Fortinet FortiNAC? Which is better and why?
See 1 answer
Oct 31, 2021
Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user experience is intuitive, supportive, and, once learned, easy to use. This is a very stable and flexible product overall. This solution works well with many different cloud options. Cisco ISE can be complex and complicated to deploy and use. You have to have a lot of understanding of the product to use all of the functions successfully. The end-user interface is complicated and not user-friendly. We also found that this solution can be slow and a bit buggy at times. Fortinet FortiNac’s interface is very user-friendly, stable, and scales easily. But its setup and deployment was slow and complex - everything needed to be done manually. It would be good if they developed some templates to improve the setup process. Currently, it just takes too long. If your organization is very large, it is not very feasible. The dashboard could be more user friendly and the reporting capability should be better. We also found this solution to be on the expensive side. Conclusion Both of these products have excellent scalability and are very stable. They provide solid endpoint user security and work well with mobiles, gadgets, laptops, etc. Cisco can be very expensive and complex to use - it is best for larger, enterprise-level organizations with a Cisco-trained tech team. Fortinet Fortigate is very user friendly, flexible and agile. It is simple to use and manage and it’s very good for smaller to mid-level organizations, and can do well for larger enterprise organizations as well.
Mark Karanja - PeerSpot reviewer
Jun 28, 2021
Hello,  I'm researching these two solutions: Cisco ISE (Identity Services Engine) and Fortinet FortiNAC. And I'm looking for recommendations on which product to choose and why? Thank you for your help!
See 2 answers
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jun 28, 2021
Hi @Sean Muller ​, @Manjil Bhetwal ​, @Ahmed-Fawzy ​and @Nayef Hamzeh. Possibly, you can assist here? ​ Thank you!
John Sayer - PeerSpot reviewer
President at JTS Network Consulting, LLC
Jun 28, 2021
My preference would be HPE/Aruba's Clearpass product over either of these 2 products, although Clearpass really shines when using the Wireless Guest and OnBoarding functions.  The authentication functionality is good and very complete with hooks to tie into external servers such as Google Admin Console for Chromebooks and JAMF for Apple devices.   I haven't seen the latest incarnation of ISE, but my understanding is that it is a complete product.   FortiNAC is the old Bradford Systems NAC solution.  Fortinet has recently added the ability for it to be a standalone RADIUS server for wireless WPA2-Enterprise implementations.   Prior to that, it was essentially a MAC address repository that checked each device connecting to a network and then changed the VLAN for the device through SNMP and direct commands sent to the switches. Very old-school NAC.   I was hoping that perhaps the added RADIUS functionality would allow standard Wired-802.1x and wireless WPA2 functionality. Tested this at a customer a couple of months ago and it failed completely. Without that functionality, you will need a separate RADIUS server in addition to FortiNAC.  
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 10, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the top Top 5 Network Access Control (NAC) S...
See 2 comments
Arvind Singh - PeerSpot reviewer
Engineer at IPR
Apr 7, 2022
This is based on the user's feedback. A link for Gartner report should also be available.
IT Infrastructure Manager at a healthcare company with 10,001+ employees
Apr 10, 2022
As a user of Cisco ISE, I am completely not trusting this review. Cisco ISE is a buggy immature solution.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 10, 2022
Top 5 Network Access Control (NAC) Software Solutions
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Fortinet FortiNAC Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,584 professionals have used our research since 2012.