FortiNAC: Network Access Control

Security for networks with IoT

Available in:
web product icon fortinac
Overview Models & Specifications Customer Reviews Resources Demos Ecosystem Use Cases FAQs

FortiNAC Overview

The proliferation of Internet of Things (IoT) devices, has made it necessary for organizations to improve their visibility into what is attached to their networks. They need to know every device and every user accessing their networks. IoT devices enable digital transformation initiatives and improve efficiency, flexibility, and optimization. However, they are inherently untrustworthy, with designs that prioritize low-cost over security. FortiNAC provides the network visibility to see everything connected to the network, as well as the ability to control those devices and users, including dynamic, automated responses.

 

FortiNAC News

   

FortiNAC Product Details:

The IoT revolution has raised a new challenge for network owners. How can you see and protect against a myriad of devices showing up on the network? Network Access Control has come back to the forefront of security solutions to address that challenge. This technology was deployed to assist with bring-your-own-device (BYOD) policies and is now getting renewed focus as a means to safely accommodate headless IoT devices in the network. FortiNAC enables three key capabilities to secure IoT devices:

  • Network visibility to see every device and user as they join the network
  • Network control to limit where devices can go on the network
  • Automated response to speed the reaction time to events from days to seconds

Collectively, these three capabilities provide the tools that network owners need to secure a world that is embracing IoT. The FortNAC solution protects both wireless and wired networks with a centralized architecture that enables distributed deployments with automated responsiveness.      

 

FortiNAC Product Details:

video fortiNAC Alex Rowe

Introduction to FortiNAC

Gain Visibility, Control, and Automated Response across your wired and wireless network using network access control.

Watch Now

Features

monitoring icon

Agentless scanning

Detect and identify headless devices as they connect to the network

analytics icon

17 profiling methods

Utilize up to 17 different ways of determining the identity of a device

icon benefits management

Simplified onboarding

Automate onboarding process for large number of endpoints, users, and guests

Benefits

segmentation icon

Micro-segmentation

With identified devices, FortiNAC can narrowly restrict network access for those devices to only necessary network assets

platform support icon

Extensive multi-vendor support

Interact with and configure network devices (switches, wireless access points, firewalls, clients) from more than 150 vendors

Scalable

Scalability

FortiNAC architecture enables effective scaling to multi-site locations and supporting millions of devices

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.

Learn More

FortiNAC Models and Specifications

The FortiNAC product line includes hardware appliances, virtual machines and licenses.  The licenses can run on either the hardware appliance or the virtual machine.  Each FortiNAC deployment requires both a Control and Application server.  Note that if your deployment is larger than what a single server can support, you can stack servers for more capacity.  The FortiNAC solution has no upper limit on the number of concurrent ports it can support.

FortiNAC-CA-500C
Function
Control and Application Server
Capacity
Each server manages up to 2,000 ports in the network
FortiNAC-CA-600C
Function
Control and Application Server
Capacity
Each server manages up to 15,000 ports in the network
FortiNAC-CA-700C
Function
Control and Application Server
Capacity
Each server manages up to 25,000 ports in the network
FortiNAC-M-550C
Function
Management Server
Capacity
Unlimited
FortiNAC Control and Application VM
Capacity
See datasheet for details
FortiNAC Manager VM
Capacity
Unlimited
FortiNAC Reporting VM
Capacity
n/a
FortiNAC Base License
Functionality
Endpoint Visibility and Auto Provisioning
Device Count
100, 1K, 10K, or 50K concurrent endpoint device per license
FortiNAC Plus License
Functionality
Visibility and Control
Device Count
100, 1K, 10K, or 50K concurrent endpoint device per license
FortiNAC Pro License
Functionality
Visibility, Control, and Response
Device Count
100, 1K, 10K, or 50K concurrent endpoint device per license

Our Customers Emphasize the Value of FortiNAC in Gartner Peer Insights Reviews

 

★★★★
“Fit Our Needs As A K-12 Organization That Wanted To Do BYOD Minus Issue With Registration”

Director of Media and Technology
IndustryEducation
Role: CTO
Firm Size: <50M USD

“This solution fits our needs because it allows for network segmentation, filtering, and user management within the product. It also interoperates with our directory, our firewall, and our filtering solutions seamlessly."

★★★★★
“Implementation Was Smooth And Product Runs With Very Few Problems”

VP Networking
Industry: Finance
Role: Infrastructure and Operations
Firm Size:1B - 3B USD

“Our company has been using the FortiNAC product for around 6 years and it has been a good experience. We use it to manage around 13K devices across 3 data centers and 260+ locations.”

★★★★
“Solid NAC Solution... Some Room To Improve Interface And Support”

Sr Director, Network Operations
Industry: Miscellaneous
Role: Infrastructure and Operations
Firm Size: <50M USD

“Once we got the hang of managing it, it's really been a god-send having visibility of all devices connected across our entire network.”

★★★★★
“Flexible Product, Vendor Agnostic, A Great Value In Device Registration On The Network”.

LAN Admin
Industry: Education
Role: Infrastructure and Operations
Firm Size: Gov't/PS/ED <5,000 Employees

“Flexible product, can get very detailed as to what you want to check/analyze/scan or can be setup very simplistic for on-boarding purposes. Is vendor agnostic on the hardware side and implementation was very smooth. We have been using this product for 11 years.”

★★★★★
“Seemless With No Customer Impact”

CIO - CISO
Industry: Healthcare
Role: CIO

"The product is easy to use and understand and the support team helped whenever asked. The protection of the network cannot happen without Port security and this product does that and gives you visibility."

★★★★
“Solid Products, But Needs Persistent Agent For Chromebooks”

Network Administrator
Industry: Education
Role: System Integrator
Firm Size: Gov't/PS/ED <5,000 Employees

“The overall experience has been great.”

★★★★★
“Effective Tool That Works Well”

Lead Network Architect Engineer
Industry: Government
Role: Infrastructure and Operations
Firm Size: Gov't/PS/ED <5,000 Employees

“The Network Sentry - Network Access Control aka NAC, has been critical in the control of access to our environment. It has allowed us to keep those who don't belong out, it alerts on attempts, and allowed us to catch audit penetration attempts.”

 
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.

Resources

Data Sheets

FortiNAC Data Sheet

FortiNAC Datasheet

White Papers & eBooks

Understanding 802.1X and NAC: 3 Problems to Avoid

How to Successfully Design a Network Access Solution

The Evolution of Network Access Control (NAC)

How IoT and BYOD Devices Have Changed NAC Solutions

Network Access Control (NAC) in the Era of IoT and BYOD

An eBook for a quick overview of the latest NAC trends

Case Studies

Pepperdine University

Pepperdine University Enables Network Access Control for Rapid Threat Remediation

Grupo Universal

Grupo Universal Integrates Communications and Security with Secure SD-WAN

Crawford & Company

Claims Management Giant Stays Competitive and Increases Agility with Secure SD-WAN and NAC

Major Oil and Gas Company

Major Oil and Gas Company Leads the Pack in Securing Critical Infrastructure with Network Access Control

Isavia Airport

Isavia Airport Gains Stronger Cyber Fence

Salvation Army UK & Republic of Ireland

Salvation Army Automates Guest Access & Expands BYOD Usage with Network Access Control

Atrius Health

Healthcare Group Uses Network Access Control To Identify and Close Security Gaps

Abbotsford School District

School District in British Columbia Secures Its Network and Enables BYOD with Network Access Control

Utah Valley University

Network Access Control Makes BYOD Fast, Simple, and Reliable At Large Public University

Saudi Geological Survey

Government Agency Implements Network Access Control for Mobile Device Access

Zahid Tractor

Heavy Equipment Retailer Gains Complete Endpoint Visibility with Network Access Control

Smart Building

From Concept to Reality: Designing Network Access Control Technology into a Smart Building Complex

Miami Marlins

Miami Marlins Ballpark Uses Game-Changing Network Access Control Throughout the Venue

Bridgestone

Financial organization increases security and lowers operating costs by implementing NAC

New College

Oxford University college uses NAC to secure the network and safely on-board students.

UC Irvine Medical

NAC Provides Secure BYOD and Aids HIPAA Compliance at UC Irvine Medical Center

Solution Guides

Helping to Ensure OT Security Using FortiNAC

The digital transformation of OT has introduced many new IP devices to those networks. Learn how FortiNAC provides visibility and control in OT environments.

Securing Diverse Network Environments for K-12 School Districts

In the last two years there were 386 cyber incidents in U.S. public schools. Securing today's primary and secondary school networks require containment of personal data.

Securing and Simplifying Network Access for Higher Education

FortiNAC help schools secure sensitive data while maximizing existing infrastructure investments

FortiNAC Simplifies Comprehensive IoT Security

The risk exposure presented by Internet of Things (IoT) devices is perhaps the most challenging part of a network to secure. FortiNAC works with all firewalls enabling organizations to leverage ...

FortiNAC and the Fortinet Security Fabric

As part of the Fortinet Security Fabric, FortiNAC provides comprehensive device visibility, enforces dynamic controls, and orchestrates automated threat responses that reduce containment time from ...

Integrated Network Access Controls That Maximize Security Investments

FortiNAC offers an ideal network access control (NAC) solution with a wide range of third-party security solutions helps enterprises secure sensitive data while maximizing the value of their ...

FortiNAC: Role-based Dynamic Network Access

With the cost of an endpoint-based breach reaching into the millions of dollars per event, it is critical for security teams to understand and address network access control (NAC) vulnerabilities ...

FortiNAC Supports Compliance with the NIST Cybersecurity Framework

FortiNAC can assist organizations looking to deploy a cybersecurity solution that follows the guidance from the NIST

FortiNAC: Security Automation and Orchestration Platforms

FortiNAC provides a policy-based security automation and orchestration platform that enables discovery of every endpoint and network infrastructure device, provides contextual awareness for ...

Webinars and Videos

Use a Zero-Trust Network Access Approach to Defend your Network

Learn how a Zero Trust Network Access approach from Fortinet can transform the effectiveness of your security. Fortinet’s Zero-Trust Network Access approach provides the framework and the tools ...

NAC Transformed: Network Sentry to FortiNAC & Beyond

Find out how the latest version of FortiNAC provides better visibility, intent-based segmentation, and extends the reach of the Security Fabric. Learn more about what Fortinet has been up to since ...

Take Control of IoT Live Stream Event

The Can't Miss Live Stream Security Event of the Year

Conducting IoT Device Reconnaissance with Broad and Deep Network Visibility

Participate in the webinar to learn how to protect and secure IoT devices.

Acing CIS Control #1 and Increasing Satisfaction Using NAC | FortiNAC

SD-Branch overview

Extend the security of Secure SD-WAN to the enterprise branch network.

Fuse Community


Related Links

Product Demo

The surge in deployment of IoT devices requires advanced network security. Specifically, network operators need to be able to identify every user and device that connects to the network and then grant or limit network access appropriately. Furthermore, the network needs constant supervision to ensure ongoing safe operation with automated responses to threats as they are detected.  FortiNAC from Fortinet can provide those capabilities so that network operators can confidently know who and what is on their network. Come and see how FortiNAC can provide visibility, control, and response for your network.

video thumb fortinac demo 301x158

FortiNAC Demo

Walk-through of the FortiNAC product demo

Watch Now

FortiNAC Integrations Alliance Partners

FortiNAC has integrations with more than 150 vendors, enabling it to integrate with virtually every switch, wireless access point, and firewall in your network.  The below companies are examples of Fortinet Fabric partners with integrations.  For a complete list of vendors with integrations, please see the data sheet

Cisco
Cisco

Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected.

Resources
Functionalities
Orchestration, SDN-NFV & Virtualization
Learn More
CyberMDX
CyberMDX

Coupling CyberMDX detection and identification capabilities with Fortinet, healthcare organizations are equipped with unmatched IoMT & IoT asset visibility, classification and attack-prevention enforcement tools.

Functionalities
Internet of Things
CyGlass, Inc
CyGlass, Inc

CyGlass is an AI based SaaS security platform that uses network data to uncover, pinpoint, and respond to advanced cyber threats that have evaded traditional security controls.

Resources
Functionalities
Threat Intelligence
Cynerio
Cynerio

The Cynerio-Fortinet joint solution equips healthcare IT security teams with comprehensive security and remediation policies that ensure uninterrupted clinical services. Armed with detailed insights into medical device behavior, impact, and criticality, hospitals can enforce customized cybersecurity policy using ACLs, VLANs, NAC and firewalls.

Functionalities
Internet of Things
Extreme Networks
Extreme Networks

Extreme Networks, Inc. delivers software-driven networking solutions that help IT departments everywhere deliver the ultimate business outcome: stronger connections with customers, partners, and employees.

Resources
Functionalities
Cloud, Networking
Google Cloud Platform
Google Cloud Platform

Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. Fortinet provides critical firewalling, advanced security and scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.

Resources
Functionalities
Cloud
Hewlett Packard Enterprise
Hewlett Packard Enterprise

Hewlett Packard Enterprise is an industry-leading technology company that enables customers to go further, faster. With the industry’s most comprehensive portfolio, HPE's technology and services help customers around the world make IT more efficient, more productive, and more secure.

Resources
Functionalities
Secure Access, SDN-NFV & Virtualization, Vulnerability Management
Learn More
Intel
Intel

Intel invents at the boundaries of technology to make amazing experiences possible for business and society, and for every person on Earth. To learn more about Intel and our technologies, please visit: www.intel.com

Resources
Functionalities
SDN-NFV & Virtualization
Jamf
Jamf

Jamf automates Apple device deployment, management and security without impacting the end-user experience or requiring IT to touch the device. Jamf preserves the native and consistent Apple experience that people expect at work, while fulfilling the security and compliance requirements of the enterprise.

Functionalities
Endpoint Security, Secure Access
McAfee
McAfee

McAfee is one of the world’s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place.

Resources
Functionalities
Endpoint Security
Medigate
Medigate

Together, Medigate and Fortinet deliver the deep clinical visibility and cybersecurity intelligence needed to accurately detect real-time threats in healthcare networks and automate effective policy enforcement to keep patient data and operations safe.

Functionalities
Internet of Things
Microsoft Azure
Microsoft Azure

Microsoft is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.

Resources
Functionalities
Cloud
Learn More
Nozomi Networks
Nozomi Networks

Nozomi Networks is a leading provider of real-time visibility, advanced monitoring capabilities, and strong security for industrial control networks supporting critical infrastructure. Nozomi has been deployed in some of the largest industrial installations, providing some of the fastest return-on–investment in the industry.

Resources
Functionalities
Operational Technology
Ordr
Ordr

Ordr delivers comprehensive proactive protection for the hyper-connected enterprise. The Ordr Systems Control Engine utilizes sophisticated machine learning and artificial intelligence to provide complete visibility and exhaustive control over every class of connected device and system.

Functionalities
Internet of Things
RAD Data Communications
RAD Data Communications

RAD is a global Telecom Access solutions and products vendor, at the forefront of pioneering technologies. For critical infrastructure, our Service Assured Networking solutions include best-of-breed products for cyber-secure industrial IoT (IIoT) backhaul with edge/fog computing and seamless migration to modern packet-switched OT WANs.

Resources
Functionalities
Operational Technology
Siemens
Siemens

Siemens is a global powerhouse focusing on the areas of electrification, automation and digitalization.

Resources
Functionalities
Operational Technology
Symantec
Symantec

Symantec Corporation (NASDAQ:SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. The partnership with Fortinet combines Symantec’s endpoint protection leadership with Fortinet’s best-in-class network security and Fabric integration to deliver unparalleled security protection.

Resources
Functionalities
Cloud, Endpoint Security
Tenable
Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform.

Resources
Functionalities
Operational Technology, Endpoint Security
Wavespot
Wavespot

Together with Fortinet, Wavespot helps Enterprises derive meaningful and actionable insights from Fortinet security and WIFI products. The Wavespot suite, powered by Fortinet services, includes Visitors and IoT analytics, captive portal and marketing automation.

Functionalities
Automation, Secure Access

FortiNAC Use Cases

Branch have grown in complexity with more devices, including headless IoT devices, getting connected to the network-without a corresponding increase in staff. To maintain visibility, control, and responsiveness in Branch Offices, FortiNAC is part of the Fortinet's Secure SD-Branch Solution. Learn more here.

Fortinet sd-branch

FortiNAC Videos

Secure SD-Branch overview

FortiNAC FAQs

Below are answers to common questions regarding FortiNAC and related services:

How does FortiNAC identify a new device on the network?
FortiNAC uses the network characteristics of the device to classify the devices. There are up to 20 different attributes and techniques that FortiNAC can utilize such as Vendor OUI and DHCP fingerprinting, to profile a device.

Does FortiNAC analyze device behavior (EUBA) to identify a device?
No, FortiNAC does not perform behavior analysis but does collect network data about a device, utilizing up to 20 methods to profile a device.

Do I need a FortiNAC in every location?
No, FortiNAC’s architecture enables complete visibility even from remote locations. There are many organizations that deploy FortiNAC in a cloud such as Amazon Web Services (AWS) to provide NAC for their network.

What is the upper limit of how many devices FortiNAC can support?
There is no upper limit for how large a network can be. The FortiNAC servers can be stacked and managed as a group.

What form factor does FortiNAC come in?
The FortiNAC solution requires a server to run the Control and Application functions. Those can run in one server for smaller deployments while larger organizations might need several servers. Severs can be either hardware appliances or Virtual Machines (VMs). Licenses that run on the servers determine the level of functionality of the solution.

What are the most popular form factor?
The VM form factor is most commonly deployed.

Do you need a server at each location?
No, the architecture of FortiNAC means that you can centrally deploy and provide coverage for several sites. FortiNAC is not sniffing the traffic directly, so it does not need to be on the network. This greatly enhances FortiNAC’s ability to scale to multi-site locations.

What are the different license levels for FortiNAC?
FortiNAC offers three levels of capability:

  • Base - offering visibility and network lockdown (does not permit new devices to join without permission)
  • Plus - offering the Base capabilities and adds user identification and segmentation.
  • Pro - offering the Plus capabilities and add automatic response

Can you move from one license level to another?  Or do you have to buy a whole new license?
Fortinet offers upgrade FortiNAC licenses so that if you want to move from Base to Plus, or Plus to Pro, you can simply buy the upgrade license.

Are the FortiNAC licenses incremental in their features?  Do you need to buy Base if you buy Pro?
No, the FortiNAC licenses are all-inclusive so you only need to purchase the level that you want.

Are the FortiNAC licenses subscriptions?
FortiNAC licenses are offered in both perpetual and subscription forms.

Are the license measured by user?
No, the licenses are counted by active port or wireless device. For example, if you have 300 users in your network, but only 100 are active at any one time, you only need licenses for 100 active ports.

Are the FortiNAC licenses shared across locations?
Yes, when deployed with a Management Server, the FortiNAC licenses can be shared across the locations, as well as across stacked servers.

Does FortiNAC do end-user behavior analysis (EUBA)?
No, FortiNAC does not perform behavior analysis but does collect network data about a device, utilizing up to 20 methods to profile a device. When deployed with a FortiGate, ForitNAC can use the traffic sensing capabilities in the FortiGate to watch for anomalies in traffic patterns.

How does FortiNAC protect against MAC-spoofing if it does not do EUBA?
FortiNAC can protect against MAC-spoofing both on initial network access and after a MAC address has been granted permission. FortiNAC will look at 18 other factors to see if the device matches the appropriate profile for that MAC address and OUI. FortiNAC can quarantine a device with a suspicious profile for a network administrator to investigate and resolve.

Learn more about Fortinet today

Request a Demo
Request a Quote