Fortinet FortiAuthenticator Reviews

We use this solution for two-factor authentication of most of our services. It includes VPN but also many other services that we have on our internet servers. We use the on-premise version because we also want it integrated into our in-house applications. We are customers of Fortinet and I'm a systems administrator. 

Security is such a big issue these days, a password alone is no longer enough for securing identity. In that sense, providing a second layer of authentication for users gives the company some level of comfort. 

I think the ease of deployment is a valuable feature. I like that the interface is intuitive and that natively and easily, it integrates with radios, ILDAP, fan mail, and with any applications supporting those protocols

I'd say that the integration with some other enterprise applications could be improved. For instance, ADFS. FortiAuthenticator does not work natively with ADFS and the company is not looking in that direction. It's one of our in-house applications and it was a challenge integrating with FortiAuthenticator. We had to write a separate, customized adapter for ADFS before we could make it work. We tried to get Fortinet to work on it but I don't think their development team is interested. It's not in their plan. The other challenge was when I integrated with I think VMware - there was an issue between the radio adapter and FortiAuthenticator. Both parties were not ready to work together and the implementation was buggy. 

I believe this solution can be adapted to so many things, depending on the technical side and the implementation engineers. I'd like to see some additional use cases that can be infused into the solution, such as ADFS.

I've been using this solution for two years. 

I haven't had any issues with stability. 

It's a very scalable solution. They now have the option of deployment as a VM, and then they have the hardware. I believe we use the 1000D for the hardware - it's able to support up to 10,000 users. You license the appliance based on the number of users and if you need to add more, you buy additional licenses. Almost everybody in the company uses it and I'd say we've had a total of around 4,000 users.

The technical support is mid-range It's not your wow kind of support but they do have levels of support. The support is in connectivity with their clients and it has to be renewed every year. You might do better if you go through their partners or something similar. They're not really there when it comes to support.

We used RSA SecurID before Fortinet. We switched because of the high costs associated with RSA. I believe that with RSA you need to pay a token license every three years but with Fortinet, once you buy it, you own it. Even if a token is lost, you can always reposition the token and that will not come at any extra cost. It's cost-effective for us. We also have several channels we can use for authentication with FortiAuthenticator. With RSA, users are stuck with either carrying the dongle, the hardware token, or maybe having the mobile application token on their phone. With Fortinet you can decide whether to use a hardware token, soft token, email token, push notification, or SMS. It gives us flexibility and comfort.

Initial setup was pretty straightforward. We were up and running within three days. I carried out the deployment. 

The license is a one-off payment. 

Every environment is obviously different so each user needs to know what they are looking for, and make a decision based on that. This is a cost effective and flexible solution. If a company is looking to use it on their server, it's important to look at the integration channels and your environment, the support. It's important to know that the channels are supported. 

I would rate this solution a seven out of 10. 

Our primary use case is two-factor authentication, and we use it for a handful of our clients.

FortiAuthenticator is really good software that integrates very well with Fortinet products.

The licensing structure is cost-effective for us compared to some of the other solutions that have recurring monthly costs. We like that it has more one-time costs than the monthly recurring cost per user.

Although two-factor authentication has come a long way, there are a lot of companies that are going further. The reason for this is because people are finding ways to compromise traditional, web-based solutions. I would like to see more ways to authenticate, such as adding facial recognition to the two-factor, where you log into your phone or another device. That would be great.

I have had stability issues with FortiAuthenticator.

As long as you purchase the right amount of licensing, it's scalable.

Generally, the technical support is very good. I know some people that work for Fortinet and we haven't had any issues with getting to the right resources when needed.

We have always used Fortinet products.

The initial setup is fairly simple because there's product training available for all of the tools from Fortinet. Our team is fully versed in those products, so it wasn't very difficult.

The licensing fee is less in the long term because it's not a recurring cost.

My advice is that for any solution you want to deploy, you have to ensure that your team is trained so that you can support it. Before FortiAuthenticator goes into play, make sure that your team is trained.

Overall, we are pretty satisfied with FortiAuthenticator.

I would rate this solution a nine out of ten.

Integrated RADIUS server with 802.1x functionality and access control. Single Sign On and AD integration. It integrates very tightly with the rest of the Fortinet ecosystem.

It integrated with the existing Cisco wireless infrastructure to solidify the way people authenticate onto the network. It permitted having a centralized area to authenticate all users and enabled SSOimplementation.

A better integration with other vendors. The device is rich in features but there are a lot of functionalities I have still not experienced with.

Two and a half years.

Overall not really, a few hiccups with the syncing with AD but nothing major.

Not in my experience. The device can scale on a VM with an additional license. And there are boxes that can support thousands of users (which I have still not met).

Very good. In our area we get support both in French and English and the response times are usually pretty decent.

We are a Fortinet reseller and integrator so there were no "switches" per say.

The setup process can be tedious.

I would start off with a VM including the base license and scale according to the number of users you need to authenticate.

ClearPass by Aruba and ISE by Cisco are the two main competitors in this space. To me ClearPass seams to be the most feature-rich solution for the price and vendor neutral as is FortiAuthenticator.

I strongly recommend someone accompany you in the initial deployment of the product to view all the functionalities that the platform is capable of doing.

One of the most valuable features is the simple FSSO (Fortinet Single Sign-On) configuration that helps to manage user-based security rules.

It is a cool security product. It's easy to use, implement and maintain, but there is room for improvement.

When we came across access management, we required several technical features to help manage user access to critical systems and remote access. That’s why we always go for a SSO two-factor authentication server. FortiAuthenticator is a bundle of these features. It has its own hardware and software token for two-factor authentication. It supports single sign-on and seamless integration with user-based web filtering, without any prior authentication. It can act as a Radius server to support other systems for Radius authentication. One of the common practices is using FortiAuthenticator with Dot1.X network access control.

The GUI is not fancy enough and some of the settings are difficult to access.

Part of the configuration has to be done by CLI, which is not friendly for security administrators.

Integration with other firewalls may not be as good as expected.

I have used it for two years, mostly implementation for clients.

No stability issues so far, as long as the number of users is not too large.

No issues for scalability: It is easy to add new resources as we deploy virtual machines.

FortiCare can provide prompt replies. They have basic knowledge on every single product in the Fortinet family. They have a standard protocol to response to support cases which is great. They are willing to accept RMA for technical difficulties that cannot be solved in a short period of time.

I have tried Cisco ISE as a NAC solution. Cisco ISE is the "Terminator" of NAC solutions, which has numerous features to prevent unauthorized access. However, its integration with FortiGate firewall is not great. When I use the SSLVPN service from FortiGate, it fails to authenticate with two-factor authentication. For this, using FortiAnthenticator would be a good choice for its genuine integration.

It is quite straightforward to set up the FortiAuthenticator. We mainly deploy as a virtual machine. An OVF file is provided by Fortinet and you just simply compile the file in the VMware environment. Upon simple configuration, such as IP address and default gateway, you can access the web GUI and do any configuration, as you like.

Licensing is straightforward, as Fortinet provides stackable licenses for FortiAuthenicator. Count the number of users and select sufficient licenses. Pricing is acceptable; much cheaper than Cisco ISE.

I have tried Cisco ISE. For state-of-the-art features, I would recommend Cisco ISE because of its brilliant features. But I would recommend FortiAuthenticator, if you are currently using FortiGate firewall and you seek a well-suited, complimentary NAC solution.

The need for a NAC solution depends on your infrastructure. If you are a Fortinet user, FortiAuthenticator would be a nice choice to enhance security on VPN and web access. However, there are many other choices, such as ForeScout, which is vendor-neutral, to support different systems from different vendors.

The primary use case is internal authentication.

There are multiple areas that are in need of improvement. It is not a mature product.

It is difficult to successfully configure.

I have been using Fortinet FortiAuthenticator for one year.

The is not a very stable product.

This is a scalable product. However, due to multiple challenges in the implementation, I will not be expanding its usage. Rather, I will be changing products.

The support team is pathetic and does not properly understand the solution.

This was the first of this type of solution that we implemented.

The initial setup is not straightforward. Our deployment took almost two months to complete.

We had a system integrator to assist us with the implementation and deployment. The implementation partner does not have sufficient expertise.

One or two engineers can implement it.

We have not seen ROI for this solution.

We pay for licensing on a yearly basis. There are no costs in addition to the standard licensing fees.

Due to problems that I've been having with the implementation, after perhaps two years I will be changing to another product.

This is not a product that I would recommend to others. There are different industry standards that require different expertise, and this product does not much help.

I would rate this solution a three out of ten.

The most valuable aspect of the solution is the security. It's great. 

The ease of use is really nice. Using Authenticator, I've been able to actually work better on my authentication due to the fact that I have a single fabric to authenticate control from my firewall and on my access points. Authentication takes place from this area. 

It's easy to use for us due to the fact that, for each and every user, even a Mac user, we're able to easily retrieve them and add them. The authenticator syncs to my system and brings all the users to me under my firewall. 

For us, the solution works quite well. I can't think of an area where improvements are needed. I haven't worked with it too extensively yet, so it's hard to gauge what's lacking.

The solution could be more automated. It should be able to let me automate a lot of things so that what normally is done as a matter of manual processes can be handled quicker. Slow integrations can be taken up/out if there was more automation.

I've only worked with the solution for five or six months at this point. I haven't worked with it extensively, although I do have an understanding of how it works and what to do, as well as how to configure it.

It's a stable product that integrates well with other products (such as FortiNAC). It's reliable. It doesn't give us any problems. We don't have to worry about bugs or glitches of the system crashing.

The solution is scalable. While we have plans to grow it out and integrate it a bit more with other solutions, we're not at that stage yet.

We are a company of about 200 people. The whole organization uses it at this point. All authentication happens through FortiAuthenticator.

I'm really happy with the technical support. They are responsive and knowledgable.

Before using FortiAuthenticator we were not using anything else. We just were controlling everything from our Fortinet firewall. That was the only equipment which we had at that point in time. Now, we have got FortiAuthenticator.

Going forward we might go for FortiNAC. That might be in the cards for us. However, we're not immediately going to make the switch as it offers access control.

The initial setup wasn't a problem at all. It was handled by certified Fortinet engineers. For that reason, it wasn't complex or difficult.

We had certified Fortinet engineers assist us with the initial implementation. They handled the setup and configurations as well.

We're just end users. We don't have a special relationship with the company.

We're using the latest version of the solution. It might be something around version six.

I would recommend FortiAuthenticator to other organizations.

It is really a good product. Somebody looking for a good security product should go with FortiGate products. New users should explore all the features and see how they can maximize usage.

Overall, I'd rate the solution eight out of ten.

We use this product for SSL two-factor authentication and FortiToken management.

It does the job I paid for, but the graphical interface could be improved. If we take FortiGate or Fortinet, the graphical user interface is better designed. I think they can work on this.

It would be good to remove the FortiAuthenticator or to combine FortiAuthenticator and Fortinet. That would provide a single platform that can manage network access and user management. It doesn't make sense for me to sell FortiAuthenticator to a customer and then sell them Fortinet as well. I think they should just combine them into one solution.

The solution is stable. I installed it two years ago, but we rarely check the internet for changes. It's really stable. We don't have problems.

I think it's scalable. There are two kinds of appliances: virtual and physical. If you do a good sizing, the physical one can remain with the customer for a long time. The virtual one can be increased as you need. You can pay as you go with them. You purchase a base license and add to it as needed.

I have done an installation at an operator with over 200 users. That is the biggest one I've done.

I don't usually have problems with this solution so I rarely test the support features. I cannot evaluate the support team.

It was straightforward to implement and took one day to deploy.

I would rate this solution as seven out of ten. I know there are other solutions that have a more modern graphical interface and provide better user management functionality. We need to tell the customer to get two solutions instead of doing the job with just one. I think I could give eight or nine to another solution, but FortiAuthenticator should be a seven.

The feature I value the most is the one-time passwords because it helps to authenticate users so you know the timing of their usage.

I don't have any issues with this solution, but it may need a better, more user-friendly interface or better design of the platform.

I have found that the solution is very stable. I am officially conducting at FortiGate and I found that it was so easy to conduct my environment and control my environment with this solution. 

We have seven users licensed on this solution. With FortiAuthenticator it is so easy to manage our users and it is scalable to all the users at our university or in our environment.  

I am really impressed by the technical support because they were very helpful. Once we logged our complaint, we received an answer from them in no time, and they quickly fixed our issue. 

The initial setup is very easy.

I will recommend this solution to others who are considering to use it. I give it a ten out of ten rating.