Sold by: Fortinet Inc.Â
Deployed on AWS
FortiNAC is a zero-trust access solution that oversees and protects all digital assets connected to the enterprise network, covering devices ranging from IT, IoT, OT/ICS, to IoMT. With network access control that enhances the Fortinet Security Fabric, FortiNAC delivers visibility, control, and automated response for everything that connects to the network. FortiNAC provides protection against IoT threats, extends control to third-party network devices, and orchestrates automatic response to a wide range of network events.
4.4
Overview
Visibility, Zero Trust Access, and Incident Response for Connected Assets and Users FortiNAC™ continues to be a cutting-edge network access control solution, enabling organizations to enforce network access policies and assure adherence to security protocols in light of increasingly sophisticated threats. It provides a comprehensive snapshot of all devices and users on the network, facilitating granular control of access based on user roles, device types, network locations, and now the behavioral patterns of devices and users. The solution's capability now extends beyond automated onboarding of new endpoints; it incorporates real-time threat intelligence and continuous risk assessment of devices, leveraging machine learning and AI technologies from FortiGuard Services. Given the rising prominence of BYOD (Bring Your Own Device) and IoT (Internet of Things), FortiNAC's continuous monitoring and immediate remediation of non-compliant devices have become even more crucial. Moreover, FortiNAC's integration goes beyond third-party security solutions; it integrates with a wide range of cloud-based platforms and DevOps tools to ensure seamless and secure network operations in hybrid IT environments. FortiNAC leverages its integration with FortiAnalyzer to gain deep insight into network security posture, encompassing realtime visibility, predictive analytics, and more robust compliance reporting. With FortiNAC, organizations can more effectively secure their network against unauthorized access, potential threats, and increasingly, the insider threats, aligning with the emerging Zero Trust security model that emphasizes "never trust, always verify".
Highlights
- Granular Visibility Across the Network for Every Device and User, the FortiNAC leverages AI and machine learning from FortiGuard Security Services to provide detailed profiling of devices, including headless devices and IoT assets on your network. This profiling incorporates multiple information sources, behavior patterns, and real-time threat intelligence to accurately identify and assess what is on your network.
- Seamless Integration and Control Across Diverse Environments, with the power of micro-segmentation and Zero Trust policies, FortiNAC allows for configuration changes on switches and wireless products from an extended range of vendors. It amplifies the reach of the Security Fabric across multi-cloud, hybrid IT, and heterogeneous environments, implementing "never trust, always verify" principles.
- Automated Responsiveness, the FortiNAC reacts to network events in real-time to contain threats before they spread, utilizing a broad and customizable set of automation policies. Leveraging AI, these policies can instantly trigger configuration changes and remediation actions when targeted behavior or anomalies are observed, aligning with the Zero Trust model's dynamic and proactive approach.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 7.6.5
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Please bring your own license
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Support for Remote Group Mapping for Entra ID
Groups configured in Microsoft Entra ID are now available for policy matching and appear under Who/What > Groups when building User/Host Profiles. See Microsoft Entra ID Authentication Cookbook. MFA/SSO Access to FortiNAC Administrator Interface
Admin MFA (multi-factor authentication) enforces a second factor for administrator logins to the FortiNAC GUI. FortiNAC sends a token code by SMS or email that is required to complete login. See Multi-factor Authentication. Backup IP (Shared/Non-shared) for N+1 Failover Group
The Backup IP acts as the IP for both the primary and secondary servers upon failover. This removes the need to configure separate primary and secondary IPs on managed network devices integrated with FortiNAC for services such as SNMP traps, RADIUS, and Administration GUI access. See N+1 Failover Group and Load Balancing. Self-Registration Guest Login Option in the Authentication Portal Enhanced External Ethernet Adapter Management
Better control of external adapters (such as USB docking stations and Ethernet dongles) that are shared among users:
Identify external adapters that may be shared. Authenticate users connecting to an external adapter before granting network access. Provision network access based on criteria that include the external adapter connection.See Docking Station Management. Allowed Hosts Granular Control
Administrators can now control the maximum number of host records associated with a user at the user-group level. Previously, this was only available per user and globally. See Groups in the Administration Guide. The Host Inventory page is now a standalone URL accessible outside the registration process for host management. See Host inventory in the Administration Guide.Enhanced Network Device Management Security Options
Use Token for RESTful API Calls to FortiGate: For FortiGate integrations where "admin-restrict-local" is configured (enforces authentication via TACACS+ server whenever it is reachable). This reduces the number of logs generated by FortiNAC logins to FortiGate over SSH. SSH Public Key Authentication: New SSH Key Management page for generating keys. See SSH Key Management in the Administration Guide. New Credentials tab options to configure SSH keys and extract the public key selected. See Credentials in the Administration Guide.SSID Description Column in SSID Inventory View
A new Description column has been added next to the SSID name, allowing administrators to enter or edit descriptive text for each SSID. captive.apple.com Allowed DNS Configuration Exception
Improved user experience when using captive portal authentication with macOS devices. See Apple CNA Instructions Portal in the Administration Guide. GUI Option and API Parameter for OCSP Soft-fail Flag
Adds resilience when OCSP lookups fail due to high demand on the OCSP server. Applies to certificate-based RADIUS authentication with OCSP enabled. See Configure Local Server in the Administration Guide. FortiNAC VDOM Multi-Tenancy
FortiNAC now supports VDOM multi-tenancy for integrations where FortiGate provides shared infrastructure from FortiSwitch and FortiAP managed in the MGMT VDOM. The MGMT VDOM is the highest security zone and can share FortiSwitch ports/VLANs and FortiAP SSIDs to tenant VDOMs. See FortiGate Multitenancy Integration Guide Import PKCS#12 Certificates via FortiNAC GUI
Upload PKCS#12 certificates from the Certificate Management page. Support for FortiNAC Deployment in Alibaba Cloud
FortiNAC now supports deployment on Alibaba Cloud
See the Alibaba Reference Cloud Manual. LDAP Group Search Screen Enhancements
Improved LDAP Group/OU search with a search bar to filter LDAP groups/OUs. FortiNAC Captive Portal over NATted Infrastructure with FortiGate
Addresses challenges registering endpoints behind NAT via captive portal. Uses FortiGate's External Captive Portal to redirect endpoint requests to FortiNAC, including IP and MAC, to form a unique session identifier during portal interaction for registration.
See the Captive Portal over NATted Infrastructure Reference Manual. Display Actual Demo License Expiration Date
FortiNAC 7.6.5 adds a 3-day grace period for ITF license expiration. Support for ECC Certificates in FortiNAC
Supports certificates using Elliptic Curve Cryptography (ECC), providing strong security with smaller key sizes. Support FortiFlex VM
In FortiNAC 7.6.5, FortiFlex provides cloud-based license entitlement for NACOS VMs, enabling purchase, activation, and subscription management through FortiFlex. This streamlines activation, entitlement management, and resource monitoring via a point-based system.
See the FortiFlex VM Reference Manual. Support User Authentication Flows in Client Certificate Attribute Option
Allows selection of attribute ranking when FortiNAC obtains user information from a certificate. The first matched attribute is used for host registration. Whitespace is now accepted in certificate common names and usernames. Allow Configuring FortiADC IP Address via CLI
In addition to built-in Backup IPs, N+1 Failover Groups now support adding a FortiADC as a server health monitor and virtual IP manager.
Note: Backup IPs and FortiADC are not meant to be used together.
See the CLI Reference Manual.
See Key Configuration on FortiNAC in the N+1 Failover Group and Load Balancing Reference Manual. Enhancements to VLAN Switch Acknowledgment for Persistent Agent.
See Persistent Agent Properties in the Administration Guide.
VLAN Switch Acknowledgment will only popup if the user is switching out of remediation. When VLAN Switch Acknowledgment is enabled, if a user cancels the acknowledgment or if the acknowledgment times out, the VLAN switch will no longer proceed if switching from remediation. A new Event-to-Alarm Mapping for "User Canceled VLAN Switch" has been added. This ensures users are prompted for VLAN switch acknowledgment again after canceling it the first time. See Events and alarms list in the Administration Guide.Integrations Support for ServiceNow CMDB Integration as MDM
The ServiceNow CMDB MDM service connector lets administrators integrate hosts stored in a ServiceNow CMDB table with those in the FortiNAC database, leveraging FortiNAC's discovery and policy enforcement for endpoints managed by MDM services.
See ServiceNOW CMDB in the MDM Reference Manual. Support for ServiceNow ITSM Integration as a Log Receiver
FortiNAC integrates with ServiceNow IT Service Management (ITSM) to automatically create ServiceNow incidents from FortiNAC alarms generated by Event > Alarm mappings.
Additional details
Usage instructions
After deploying the instance, click on Manage in AWS Console to see the running instance and public DNS address to continue the configuration of the FortiNAC. Connect to the secured Web UI via the public DNS address: https://<public DNS address>:8443. For any CLI configuration/settings, SSH is required to log into the CLI. Default login credentials are with a username of admin and empty password. You can reference the FortiNAC-VM AWS admin guide is located at: https://docs.fortinet.com/document/fortinac-f/7.6.0/aws-deployment-guide/351237/overview#_Toc178942360Â
Support
Vendor support
This is a Bring Your Own License model, before to request your instance please make sure you have the FortiNAC licensing order processed by Fortinet sales. When you have the registration steps completed, you'll receive a timely response to any technical issues as well as complete visibility on the ticket resolution progress. FortiCare Support Services include firmware upgrades, Support portal access, and associated technical resources. FortiGuard Security Services include up-to-the minute threat intelligence delivered in real time to stop the latest threats.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
VCURA Professional Services to architect, implement, configure and troubleshoot Fortinet's FortiNAC Solution
NTT and Fortinet combined threat intelligence capabilities help to identify, predict, detect, and respond to cyberthreats while supporting business innovation and managing risk.
Joy Comm as Fortinet Advanced Partner with personnel certified up to NSE 8 and Fortinet Cloud Business Partner, is able to support companies in adopting Fortinet technologies in a scalable, reliable and reproducible way, with bespoke solutions tailored for each customer needs. We are based in Italy, we operate worldwide.
Customer reviews
Telecommunications
Must Have Tool for All size of Companies
Reviewed on Apr 10, 2024
Review provided by G2
What do you like best about the product?
Excellent user experience. By implementing FortiNAC you will have good control over the clients and the tool is easy to implement.
What do you dislike about the product?
Integration requirements are challenging.
What problems is the product solving and how is that benefiting you?
You can manage the devices connected to your network and maintain a comprehensive overview of the devices. By applying compliance policies, clients that pass these policies will be permitted to connect, ensuring a secure network environment
Vikash D.
A Robust Solution for Enhanced Network Security and Access Control
Reviewed on Jan 28, 2024
Review provided by G2
What do you like best about the product?
FortiNAC excels in providing comprehensive network security and access control. Its robust features, seamless integration, and user-friendly interface make it an effective solution for safeguarding networks and managing access efficiently.
What do you dislike about the product?
Limited customization options and occasional interface complexities can be challenging. Improved flexibility and a more intuitive interface could enhance the overall user experience.
What problems is the product solving and how is that benefiting you?
FortiNAC addresses security challenges by enforcing robust access controls, identifying and responding to network threats. It enhances overall security posture, mitigates risks, and ensures a resilient network environment, providing peace of mind.
Abrar Ahmad M.
Streamlining Network Security
Reviewed on Jan 17, 2024
Review provided by G2
What do you like best about the product?
Every Network Architect need a device which is scalable for small and big enterprise.
FortiNAC is the good choice. As it can handle a large number of devices and diverse network environments. Also, helps in identifying and responding to threats in real-time.
FortiNAC is the good choice. As it can handle a large number of devices and diverse network environments. Also, helps in identifying and responding to threats in real-time.
What do you dislike about the product?
Cost consideration: The cost will be concern for smaller organization or those on a tight budget.
What problems is the product solving and how is that benefiting you?
Provides administrators with visibility into the devices connected to the network, compliance status, and other relevant information. Which helps in monitoring and analyzing network access patterns
Research
It was easy, reliable and smooth experience.
Reviewed on Jan 17, 2024
Review provided by G2
What do you like best about the product?
It gives you more control with extended approach.
What do you dislike about the product?
Nothing was bad in my experience, keep up the good work.
What problems is the product solving and how is that benefiting you?
It is helping in extended third party network control
Sophia W.
"An amazing network security platform."
Reviewed on Oct 17, 2023
Review provided by G2
What do you like best about the product?
It is one of the most advanced network security platform that handles all the work very efficiently and provides you with an amazing layer of protection to save you from modernized cybercrimes. Moreover, the implementation process is easier as compared to others and provide with real time management properties and can handle malware and identified threats in its own.
What do you dislike about the product?
Even though it has real time management tools that are very handy it does not have an advanced analysis and monitoring service which does not give you an in-depth insight of the operation handling on the website.
What problems is the product solving and how is that benefiting you?
It is an amazing network security platform that not only saves and adds a layer of protection on the networking of an organization but also manages indented threats on its own and restrict other unknown threats that may be harmful for the networking.