Fortinet's local support could be improved. 

I hope that Fortinet can add a feature with a remediation mechanism when you find a broken piece so that you can click on something and download the needed update or resolve the firewall issue more easily. Currently, we have to use an external remediation server to download updates. For example, the Kaspersky antivirus was originally built just for threat detection and prevention. Still, they've gone to another level where the solution can point to a vulnerability, and you can click a button to remediate it, and the solution goes and pulls the download and fixes it.

One of the biggest issues with Fortinet FortiNAC is that it is not intuitive and has a high learning curve.

The training documentation needs to be more transparent. 

Our users have been asking for simpler documentation and training materials to facilitate the deployment process. I would suggest focusing on enhancing essential features, as our customers typically need to implement basic scenarios rather than advanced functionalities.

The training from Fortinet FortiNAC could improve. Fortinet has to plan for better training for its partners. Additionally, device management should have more integration with other devices, such as new and third-party devices.

Fortinet FortiNAC could improve its hardware for use with cloud-based firewalls.

We have tried to do a small POC and it failed. 

I had a bad experience with FortiNAC. The customer was asking for a NAC solution. I suggested FortiNAC. The switch with the customer was Cisco and it was not integrated with Cisco. We tried to provide him with a FortiSwitch as the core switch and the solution worked. It's working, however, not the expected way for the customer. The issue is it just doesn't integrate with Cisco switches. 

They need to change or upgrade the technology in the product.

The solution is not stable.

We have not been able to scale the product.

It's very hard to set up.

The user interface and the product's intuitiveness could be improved. In future releases, it would be great if they could improve the usability of the solution, particularly for SaaS environments.

The platform must enable troubleshooting. We can connect with CLI, but the interface is missing things. We need visibility and troubleshooting features to solve problems as quickly as possible. We can integrate the product with Active Directory to bundle and manage users. However, the product does not have much space to record logs for troubleshooting and analyzing. We need FortiAnalyzer to troubleshoot and analyze the logs.

Fortinet FortiNAC's documentation should be improved because there's not much debugging or troubleshooting documentation for the Fortinet FortiNAC. We had to open a ticket with Fortinet for an issue we faced on the FortiNAC. During this ticket handling, we were able to learn a lot of troubleshooting comments which are not properly documented. If it is documented, it's only internally on Fortinet, not as a public document. Fortinet FortiNAC must work around this and allow partners access to those troubleshooting documents.

I would like to see a more refined way to customize the portals. We are not able to do a lot of customization on the Fortinet FortiNAC portals. We cannot change anything or create a title for the Fortinet FortiNAC portal as we can on other portals.

The product must try to streamline the user interface. The product must make its UI similar to other Fortinet products.

I have 20 years of experience working with these kinds of products with no issues. Any graphical user interface was very easy to use. Now, everything is new.

For future releases, I recommend that Fortinet make more series with a hard disk. We have customers who request a hard disk. On the one series, 21.101, we can see it has an internal hard disk. The 101 and 201 have a hard disk, however, the 100 and 200 do not. Keeping the hard disk on the one series will be easier for the distributor and will keep the prices lower for the customer. 

When you compare the solution to other NAC solutions like ISE and Portnox, you realize that it is not able to work as a single sign-on device. You need to use it with FortiAuthenticator. If you want to use certificate management, and two-factor authentication, you have to buy a FortiAnalyzer, which is different from ISE. I would like to see these features included with the solution.

The reporting can also use improvement. 

The solution's licensing price should be improved. 

The solution's technical support needs improvement.

I would like to be able to compare the configuration backup before and after.

The technical support could improve; the response time is quite slow. 

The product could be more user-friendly in terms of GUI than HPE. The configuration needs improvement as well.

Any NAC solution has three to four phases. The first phase is discovery and classification. They do discovery, but they are lacking a lot of features in terms of classification. Also, they don't do a lot of classifications. They cannot help you if, for example, you're classifying Windows, and you want to check which Windows version it is, like Windows 7, Windows 8, Windows 10. It's a little bit difficult. It's not easy like the other products. 

Classifications and visibility need to be improved a lot. They have to start work on being agentless. Agentless means they need to have strong integration with Windows. They need to use the RTC. They cannot force people to have an agent for people who are going to the domain. There needs to be compatibility with switches. For any NAC solution, all the inputs will be through switches. So if it is not compatible with switches, this is a big disaster. When I was doing their switches, there were a lot of customers whose switches were not compatible with FortiNAC.

If these things are well-designed, then they can compete in the NAC market. And also in terms of IOT, they cannot discover the IOT things perfectly or the OT, operation technology, things.

In terms of HA, they're having a lot of problems. You just need to put the HA between two clients, and you have a lot of problems. There are problems with the classifications. In terms of control, they're not doing well. They cannot do integration with SCCM, for example. They have a lot of things missing.

Fortinet FortiNAC's device compatibility could be improved, particularly for VoIP devices.

The GUI and network visibility in Fortinet FortiNAC could improve.

Integration with 3rd-party devices can be improved.

The interface works fine, but it could be better.

I've realized that one of the issues is the need to use agents. For instance, if a domain user has to authenticate on the network via FSSO or Certificate management he has to have a persistent agent.

The admin UI is not that good. It could be better matched and more friendly to use and it cannot work as a RADIUS server. You have to have a RADIUS server which means bringing in a FortiAuthenticator to build it.

The other thing would probably be the visibility granular. For example, when I have a user at a particular branch, I can't tell what SSIDs they are connected to. I only have the IP addresses so if the wireless controller is integrated with FortiNAc, you're going to realize that you won't be able to know whether a particular person is connected, that an AP is connected to a particular SSID, is connected to. . .  etc. It only gives you the IP addresses, Host names, etc. That has to be improved and am sure it will be in the next build version. 

Additional features, would be an agentless link and adopters - online, offline adopters - it picks the IP's, the host names, the layer 3 information, layer 2 information, what's connected. And also to give different privileges, best rule privileges to users. 

VLAN Interswitching (state based controls) could be quicker when doing the process flow from different sorts of authentication. When it comes to guests or contractors, you don't want to use a dissolvable agents. It dissolves in the process of downloading, but it takes longer and that could be improved.

I think that the course content could be improved, it's not that simple to work through. I'm an expert on Cisco ISE. And also I have CCIE on Cisco. I made a comparison between Cisco ISE and FortiNAC. Cisco ISE has full integration but FortiNAC doesn't.

There could be better integration with legacy equipment. It integrates perfectly with all Fortinet solutions, but if you look at other third-party integrations—not on the networking part; but more on the security infrastructure part—it's more limited.

Its stability and scalability can be better. Aruba ClearPass is better in these aspects.

Integration is hard in Fortinet FortiNAC, but they are evolving and getting better. For example, with Cisco, Aruba, Huawei, and Extreme devices, Fortinet FortiNAC is working properly, but some other devices have problems.

The automation in Fortinet FortiNAC could improve.

Interaction with other vendors switches & APs should be more thoroughly tested as integration between Networks Sentry and other networking equipment needs to be seamless for this product to work.

We have some stability issues with the solution, the network drops out too often. We started using AWS and the line drops out less frequently than when we use Fortinet. 

We have had issues with certain Windows 10 devices not being able to register which requires manual intervention to fix. I think they are working on this issue. As Windows 10 devices grow this issue will become greater.

Another major pain point is management of existing and new wireless access points. You must import the Aps into Network Sentry every time you put them on the network. Its also advised to use DHCP reservations for each AP. The system does not delete APs if you remove them from production as well. This means you must remove the APs from Sentry each time its stake out of production or placed in a new building etc. The initial setup of an AP doubled as a result of using this product. There are steps that must be performed and if any are missed, the AP becomes a black hole resulting in zero connectivity for clients connecting to it.

Not using a Java front-end would be fantastic. It takes forever to load the system up and get in there to configure everything. It is too slow to do anything at all.

Something that the developers of FortiNAC might look at to improve, is more integration with third-party products. The dashboard also needs to improve.

The problem with Fortinet is that if you want to be 100% secure then you have to buy other products. It should support better integration with third-party solutions.

The reporting capability needs to be improved.

Fortinet FortiNAC could further improve its network visibility.

For our organization and our clients, the price is the main concern. They should work to make it more competitive.

Customization could be improved in future releases.

The implementation process needs improvement. Right now, it's somewhat complicated. They could create some templates to facilitate implementation. Right now everything is done manually, and it just takes a really long time at the initial setup.  

I think the network devices need to give more information.

In the next release, we'd like to see more information on controlling, for example, adding more policies etc. We should get more information about IoT devices, and have more information available for the users.

This solution could be more agile.

The technical support is in need of improvement.

Overall, it's a great product. The GUI is a little bit strange — different than other Fortinet products. It could be more user-friendly.

The response and resolution time for technical support issues need to be improved. Support overall needs to be a little faster.