I've done quite a lot of work with ClearPass, and not a lot with FortiNAC/Bradford. ClearPass incorporates a number of different functions including ClearPass Guest for creating complex wireless guest networks, ClearPass Onboard for automating the configuration of wireless devices, ClearPass OnGuard for checking system posture (AV, OS Updates, etc.). But the core of this is a very advanced RADIUS server, ClearPass Policy Manager. This allows configuration of policies to support WPA2-Enterprise deployments, wired 802.1x, MAC authentication, etc. and allows integration of multiple lists of MAC addresses, connection to external servers such as Google Admin Console and JAMF for Apple deployments, etc.
FortiNAC, formerly Bradford, is a Network Access Control system, which maintains a list of MAC addresses of permitted devices on the network and can modify switch port configurations to move devices into either a quarantine VLAN or DeadEnd VLAN based on various things that it checks - AV posture, OS updates, etc.
One thing of note is that FortiNAC must be used with a separate RADIUS server if you wish to deploy WPA2-Enterprise for wireless devices. While this could be Microsoft's NPS (free) running on a Windows server, I don't believe there is any way to integrate Google Admin Console (Chromebooks) or JAMF (Apple).
So essentially ClearPass incorporates all of the functionality of FortiNAC/Bradford, plus many other functions. Which product is right for your environment largely depends on what problem you are trying to solve.
We've deployed both over the years and we find ClearPass to be more flexible, much easier to configure and far better at Radius. Overall, we believe ClearPass is a more rounded product.
If you haven't engaged anyone to help in your configuration, we have someone working for us that's been configuring ClearPass since before it was called ClearPass (Avenda previously) and would be more than happy to assist.
Product Manager at a energy/utilities company with 10,001+ employees
Real User
2020-02-17T16:37:55Z
Feb 17, 2020
I am not familiar with FortiNAC. We don’t use it. We use Aruba ClearPass and have been very satisfied with its functionality, simplicity, and security. We are also evaluating Cisco ISE but it is very expensive and works with a limited set of new Cisco switches only. My recommendation is to pick a hardware vendor-agnostic NAC solution like Aruba.
We performed a comparison between Aruba Clearpass vs Fortinet FortiNAC based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Ease of Deployment: Aruba ClearPass reviewers say that although deployment is not so complex, it is definitely not easy, either. They mention that users need to have some technical expertise to install it. Most Fortinet FortiNAC users say that its deployment is not easy.
Features: Users of both...
I've done quite a lot of work with ClearPass, and not a lot with FortiNAC/Bradford. ClearPass incorporates a number of different functions including ClearPass Guest for creating complex wireless guest networks, ClearPass Onboard for automating the configuration of wireless devices, ClearPass OnGuard for checking system posture (AV, OS Updates, etc.). But the core of this is a very advanced RADIUS server, ClearPass Policy Manager. This allows configuration of policies to support WPA2-Enterprise deployments, wired 802.1x, MAC authentication, etc. and allows integration of multiple lists of MAC addresses, connection to external servers such as Google Admin Console and JAMF for Apple deployments, etc.
FortiNAC, formerly Bradford, is a Network Access Control system, which maintains a list of MAC addresses of permitted devices on the network and can modify switch port configurations to move devices into either a quarantine VLAN or DeadEnd VLAN based on various things that it checks - AV posture, OS updates, etc.
One thing of note is that FortiNAC must be used with a separate RADIUS server if you wish to deploy WPA2-Enterprise for wireless devices. While this could be Microsoft's NPS (free) running on a Windows server, I don't believe there is any way to integrate Google Admin Console (Chromebooks) or JAMF (Apple).
So essentially ClearPass incorporates all of the functionality of FortiNAC/Bradford, plus many other functions. Which product is right for your environment largely depends on what problem you are trying to solve.
We've deployed both over the years and we find ClearPass to be more flexible, much easier to configure and far better at Radius. Overall, we believe ClearPass is a more rounded product.
If you haven't engaged anyone to help in your configuration, we have someone working for us that's been configuring ClearPass since before it was called ClearPass (Avenda previously) and would be more than happy to assist.
We are using Aruba ClearPass in CCHE.
We use a Cisco-based solution.
I am not familiar with FortiNAC. We don’t use it. We use Aruba ClearPass and have been very satisfied with its functionality, simplicity, and security. We are also evaluating Cisco ISE but it is very expensive and works with a limited set of new Cisco switches only. My recommendation is to pick a hardware vendor-agnostic NAC solution like Aruba.