We just raised a $30M Series A: Read our story

Fortinet FortiNAC Competitors and Alternatives

Get our free report covering Cisco, Aruba Networks, ForeScout, and other competitors of Fortinet FortiNAC. Updated: October 2021.
543,424 professionals have used our research since 2012.

Read reviews of Fortinet FortiNAC competitors and alternatives

CW
Network Infrastructure Specialist at a tech services company with 51-200 employees
Real User
Top 20
Good posturing, good integration, and excellent technical support

Pros and Cons

  • "At the moment, ISE seems to integrate very well with a number of other technologies."
  • "This product doesn't work in isolation."

What is our primary use case?

Mainly the use case of the solution is for ensuring that the corporate staff gets access to their authorized systems. 

Another use case is for contractors to get access to the authorized systems. Those are the ones that hope to assist in the maintenance or for authorized admissions to the network.

We do also use it for remote access, for example, VPN's and also for wired and wireless access to the network.

What is most valuable?

The posturing is the solution's most important aspect. When a user connects his or her machine to the network, the first is for ISE to check whether that machine is authorized, check that that machine is compliant with respect to antiviruses, whether it complies with respect to Windows updates, et cetera. If not, a feature is on auto-remediation, so that the proper antivirus and Windows updates can be pushed to the machine.

At the moment, ISE seems to integrate very well with a number of other technologies. It integrates well with Microsoft and integrates well with other wireless systems.

What needs improvement?

In terms of the improvements I need, they've already, according to my research, done those improvements with their new versions. The features have already improved on their newer version, and that's why we need to update to that new version.

What is required is that Cisco needs to be doing health checks and following up with the customer to ensure that their Cisco partners have done the deployment right. That's something that has really helped us.

Whenever a partner comes and does any deployment, we would, later on, engage Cisco for a health check, so that Cisco could assist with their products. They would check whether it has been deployed following the best practices - or they would just alert us on which features that we have paid for and we are not taking advantage of that. 

Cisco needs to continue with that health check. That engagement with their customers to reconfirm everything is like a quality assurance that the Cisco partners have given the right stuff to their customers.

This product doesn't work in isolation. For example, when we talk of posturing the Microsoft updates, the system that does automatic updates for Microsoft needs to work in an ideal fashion. The antivirus needs to work. OF course, the antivirus is not Cisco. Those products need to work as they should so that integration of the ISE product will work as well. When all factors are held constant, Cisco works well. 

For how long have I used the solution?

We have been using the solution for six years now.

What do I think about the stability of the solution?

We have been using it, especially during alternative working arrangements (due to the COVID-19). Using it, it's been stable. We have not had any issues. The only reason we are looking to upgrade is we didn't know the benefits that the newer version offered. When we checked with Cisco, they advised us that we were missing a few items that actually gaps caused by the partner's setup which we realized we missed during the health check.

We haven't had bugs or glitches. It doesn't crash or freeze. It's good.

What do I think about the scalability of the solution?

Everyone in our company is using Cisco. In terms of users, we have about 1,500, however, in terms of endpoints we have, that would be closer to about 3,000 to 4,000 endpoints, including wireless gadgets, switches, laptops, phones, and all that. We use it on a daily basis.

Scalability probably might be an issue. Before we bought ISE, we did sizing for each. We looked at the number of users in the organization, 1,500,  and then we used a factor to look at the uppermost band. We decided we would have to go for 4,000 licenses or 4,500 licenses. We multiplied by three. Based on that, we went for a certain hardware model.

This time, the hardware model we are going for supports up to or has the capability to support up to 10,000 users or endpoints. When we go for that, we will have used even less than 50% of what their hardware is capable of. Above 10,000, there's another hardware model that we're generally expected to go for. 

Basically, when you get the right model, when you do the right scaling, it will be very scalable. However, from the onset, you need to write hardware for USI.

The solution is more meant for enterprise-level organizations. It's not really for small companies, however, that has more to do with the pricing.

How are customer service and technical support?

We're dealt with technical support in the past. Their support is excellent, except for Umbrella. There is a technology called Cisco Umbrella, and they're a bit slow, however, the technical support in general, depending on the severity of the issue, is very prompt. I would say we are quite satisfied with their level of service.

Which solution did I use previously and why did I switch?

I've only ever used Cisco. I used to use NAC, however, they changed to ISE. I've never used any other product.

How was the initial setup?

We had a partner set up the solution, and we're not sure if they set it up correctly. The partners come straight to us, and do the deployment. Cisco only is there to be the third eye to come and check that the deployment has been done okay.

You have to make sure that other items connected to ISE are correctly implemented and updated as well (such as the antivirus), otherwise, it won't work as you need it to. There's a lot of configuration that needs to be done at the outset.

I'm not sure how long the deployment takes, as I wasn't at the company when it was set up. However, it's my understanding that it shouldn't take too long so long as everything surrounding it is correctly aligned.

Any maintenance that needs to be done is handled by a third party. That includes patching, et cetera. We have an SLA with a Cisco recognized partner.

What about the implementation team?

We worked with a partner that assisted with the setup.

Afterward, Cisco will also come in to do a "health check" to make sure the setup is correct and they can direct users to features they should use or are not using.

What's my experience with pricing, setup cost, and licensing?

Cisco does not sell directly. They have authorized partners you need to buy through.

I don't deal directly with the licensing and therefore do not have any idea what the pricing of the product is. It's not part of my responsibilities.

It is my understanding, however, that it would be expensive for smaller organizations. Startups may not be able to afford these products.

We don't really worry about pricing, as cheap might be expensive in the long run if you don't get a product that is right for your organization, or is more likely to break down over time.

Which other solutions did I evaluate?

We are in the process of doing a refresh and I have compared other technologies to see how they stack up. I've looked at Fortinet, for example.

I wouldn't say we are switching from Cisco. What we are doing is we were exploring other technologies that offer similar functions. Sometimes it's good to look outside as you might think you have the best and yet you don't. We are just looking for other solutions to get to know what they offer. If we feel that there is something unique that is on offer somewhere else, then we would want to check that in Cisco and see, where is this offered in Cisco's product? 

We haven't concluded that we are switching. In any case, from what I have seen so far, it is likely we won't switch. 

What other advice do I have?

We're just a customer. We buy their products for our security and our connectivity.

We're not using the latest version. We're actually using a few versions. We have ISE, which is version 2.3. We're supposed to up to version 2.7, and that requires a refresh of the hardware.

That's why we are saying, "Should we try to look for a different solution?" That's why I have been looking for comparisons. We haven't dedicated a lot of time to that yet. From my assessments so far, however, ISE still wins the show and it's likely that the partner that was doing the deployment originally on behalf of Cisco probably missed out on a number of things. It's really about the engineers who are doing the deployment. You need to make sure you have some good ones.

I would recommend this solution to others, especially mature organizations as the smaller organizations may not be able to afford this. 

On a scale from one to ten, I would rate the product at an eight

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
CD
Director of Computer Information Services at a university with 5,001-10,000 employees
Real User
Top 20
Easy to scale, enforces policies well, and has responsive technical support

Pros and Cons

  • "It is very easy to scale the product."
  • "The solution would be much better if it offered self-service onboarding."

What is our primary use case?

We primarily use the solution for network security.

What is most valuable?

A lot of campuses use SafeConnect.

It gives us good visibility and enforces policies.

It helps enforce network security by scanning devices, making sure they have current and valid antivirus solutions with up-to-date antivirus definitions, and steers our end users by enforcing policy groups and steering them to the right access.

Technical support is responsive.

The stability is pretty good.

It is very easy to scale the product.

What needs improvement?

The solution would be much better if it offered self-service onboarding.

We'd like to have more granular visibility into the devices that are on the network.

It's a bit pricey as a product.

For how long have I used the solution?

SafeConnect has been around for a long time and they were purchased by OPSWAT. It's an NAC solution that we've had for probably about 12 years now.

What do I think about the stability of the solution?

It's been very stable for the most part.

It's been pretty reliable. At one time it was a hardware appliance, and now it's a cloud-hosted solution. The performance is good.

What do I think about the scalability of the solution?

The scalability is no issue. You just have to pay for the licensing pack that pertains to your tier. Therefore, it's pretty quick to scale. It's pretty simple and straightforward. 

How are customer service and support?

We've used technical support in the past. The response time is very good. We are very satisfied with the level of service.

Which solution did I use previously and why did I switch?

We currently have SafeConnect (or OPSWAT NAC) and we are looking to possibly move to another platform.

How was the initial setup?

I wasn't a part of the solution's initial setup. The system was already in place when I got here. I've been at this company for ten years and it was in place when I got here, so we haven't switched it yet. However, now we feel we need something that's a little more intelligent.

What's my experience with pricing, setup cost, and licensing?

The solution is a bit expensive. It could offer better pricing.

For our tier group, for one year, the cost is probably around $10,000 for the license. If you do multi-year, you could get two years, and you could get it for about $8,000 per year. If you do three years, you get it around $7,000 a year. The longer the license, the better the pricing.

Which other solutions did I evaluate?

I'm looking at ClearPass since we have Aruba Wi-Fi on campus and also for the FortiNAC solution as we have Fortinet firewalls. We're looking to upgrade it to something a little more intuitive, something a little smarter, like ClearPass or FortiNAC.

We couldn't get the pricing we were looking for with FortiNAC or ClearPass, and therefore, we just renewed the license for our SafeConnect for OPSWAT. As of right now, the project is off the table until next year, around this time.

What other advice do I have?

We're just a customer and an end-user.

The solution was purchased by OPSWAT. It's now referred to as OPSWOT.

I'd rate the solution at an eight out of ten overall. We've been happy with it, however, it's time to maybe look at other options.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
ITCS user
Security Analyst at a tech company with 11-50 employees
Real User
Top 5
Very user-friendly, with good useability, but needs to offer better documentation

Pros and Cons

  • "The solution offers very good visibility."
  • "The solution could offer more useful documentation."

What is most valuable?

The solution offers very good visibility.

The fact that it is a single management solution is quite useful. Whether it's on-premises or on the cloud, we're able to manage it centrally.

The solution is quite user-friendly.

What needs improvement?

We don't have much experience with the solution just yet. It's only been a few months. I'm not sure which features are lacking.

A few items are complex when it comes to handling the initial setup.

The solution could offer more useful documentation. 

We found it difficult to find metrics on the solution. They should work to make this more intuitive.

For how long have I used the solution?

I've been working with the solution for just about three months.

What do I think about the stability of the solution?

The solution is stable. I haven't seen any bugs or glitches. There haven't been any crashes. We can count on it. It's reliable. It's quite good.

What do I think about the scalability of the solution?

The scalability is very, very good. They use very light containers. It's not hard to expand if a company needs to. However, pricing is based on the devices themselves. If a company needs additional devices, it becomes much less feasible. A large corporation won't have trouble with this, but a smaller organization might.

How are customer service and technical support?

I don't have enough experience with technical support to really comment on their level of service. The solution is still new to us.

Which solution did I use previously and why did I switch?

We're also using Cisco and Fortinet solutions.

How was the initial setup?

The initial setup has a moderate level of difficulty. Some things are simple. Others are more complex.

The deployment typically takes a week or two.

What about the implementation team?

I handled the deployment myself with the help of a team.

What's my experience with pricing, setup cost, and licensing?

The pricing is okay, but the cost of scaling can be expensive if a company must buy more devices.

What other advice do I have?

I'd rate the solution eight out of ten. If the metrics were easier to find, we would rate it higher.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Get our free report covering Cisco, Aruba Networks, ForeScout, and other competitors of Fortinet FortiNAC. Updated: October 2021.
543,424 professionals have used our research since 2012.