Overview
Visibility, Zero Trust Access, and Incident Response for Connected Assets and Users FortiNAC™ continues to be a cutting-edge network access control solution, enabling organizations to enforce network access policies and assure adherence to security protocols in light of increasingly sophisticated threats. It provides a comprehensive snapshot of all devices and users on the network, facilitating granular control of access based on user roles, device types, network locations, and now the behavioral patterns of devices and users. The solution's capability now extends beyond automated onboarding of new endpoints; it incorporates real-time threat intelligence and continuous risk assessment of devices, leveraging machine learning and AI technologies from FortiGuard Services. Given the rising prominence of BYOD (Bring Your Own Device) and IoT (Internet of Things), FortiNAC's continuous monitoring and immediate remediation of non-compliant devices have become even more crucial. Moreover, FortiNAC's integration goes beyond third-party security solutions; it integrates with a wide range of cloud-based platforms and DevOps tools to ensure seamless and secure network operations in hybrid IT environments. FortiNAC leverages its integration with FortiAnalyzer to gain deep insight into network security posture, encompassing realtime visibility, predictive analytics, and more robust compliance reporting. With FortiNAC, organizations can more effectively secure their network against unauthorized access, potential threats, and increasingly, the insider threats, aligning with the emerging Zero Trust security model that emphasizes "never trust, always verify".
Highlights
- Granular Visibility Across the Network for Every Device and User, the FortiNAC leverages AI and machine learning from FortiGuard Security Services to provide detailed profiling of devices, including headless devices and IoT assets on your network. This profiling incorporates multiple information sources, behavior patterns, and real-time threat intelligence to accurately identify and assess what is on your network.
- Seamless Integration and Control Across Diverse Environments, with the power of micro-segmentation and Zero Trust policies, FortiNAC allows for configuration changes on switches and wireless products from an extended range of vendors. It amplifies the reach of the Security Fabric across multi-cloud, hybrid IT, and heterogeneous environments, implementing "never trust, always verify" principles.
- Automated Responsiveness, the FortiNAC reacts to network events in real-time to contain threats before they spread, utilizing a broad and customizable set of automation policies. Leveraging AI, these policies can instantly trigger configuration changes and remediation actions when targeted behavior or anomalies are observed, aligning with the Zero Trust model's dynamic and proactive approach.
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Additional AWS infrastructure costs
Type | Cost |
|---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
Please bring your own license
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
What's new in FortiNAC F 7.6 CentOS Support No Longer Available Version F 7.6 and greater does not support FortiNAC appliances running the CentOS operating system. Customers with CentOS FortiNAC appliances must migrate to the new FortiNAC-F servers to upgrade to version F 7.6 or greater. Contact sales to obtain the new FortiNAC-F appliances (FNC-CAX-xx/FNC-MX-xx/FortiNAC-CA-xxF). For additional information regarding the migration process, refer to the following documentation under the Admin Guide section of the Document Library:
CentOS to FortiNAC-OS VM Migration: CA Servers
CentOS to FortiNAC-OS VM Migration: Separate C + A Servers
CentOS to FortiNAC-OS Hardware Migration: CA Servers
Access Point Management No Longer Available The Access Point Manager functionality has been removed as of FortiNAC version F 7.6. Customers using this feature must move to an alternative solution prior to upgrade. For details, see KB article Access Point Management Removed in Version F 7.6
Check Point VPN Integration Enable enforcement of endpoint posture for users and machines connected through Check Point VPN. This includes both SSL and remote access VPNs. The feature will ensure that both user login and machine compliance are validated, similar to existing support for Cisco ASA, FortiGate and Palo Alto Networks.
See the following reference manuals:
Check Point VPN Integration - Central mode (977261)
Check Point VPN integration - Local Mode (936094)
Machine authentication FortiNAC supports Machine Authentication with RBAC based on compute groups in the Active Directory (AD). (1026125)
If the client (host) is in one group inside LDAP, after the group is synced to FortiNAC, the group will be renamed as group_host. If the user selects "group_host" for group attribute, the host will be added to that group_host automatically.
See the Machine Authentication cookbook.
Limit maximum number of concurrent sessions FortiNAC able to limit the maximum number of user concurrent sessions. (1013495)
See Maximum concurrent sessions in the administration guide.
RADIUS Enhancements TEAP support for RADIUS Clients (1021352)
TLS 1.3 supported in Local RADIUS Local Servers configuration. (1029125)
See Configure local server in the administration guide.
Palo Alto Integration enhancements Support to send Single Sign On (SSO) Tags to Palo Alto Network devices for non-VPN environments. (1026144) (1016612).
See the Palo Alto Networks Integration guide.
FortiNAC-F Core Enhancements (FortiNAC Manager and CA ) Cluster Custom health check (1026141) Assess the health of a CA using certain health check types (i.e. protocols) like ICMP, TCP, and TCP Echo.
See Custom Health Check in the FortiNAC Manager Guide.
Cluster Management FortiNAC Manager Cluster Management provides users a central access service to view or modify information from multiple CA's. FortiNAC Managers work together to manage the same CA's so that information is processed timely and effectively for larger environments.
Caution Important: Upgrading to 7.6.0 replaces High Availability (HA) configurations with Cluster Management. This affects FortiNAC Manager HA pairs only. Customers should review the 7.6.0 Release Notes prior to upgrade.
See Cluster Management in the FortiNAC Manager Guide.
FortiNAC CA (Control & Application) Management See CA Management in the FortiNAC Manager Guide.
N+1 Failover FortiNAC-M functions as a manager to manage the N+1 Failover Groups (defined as one secondary server for one or more primary servers), enabling N+M high availability for CAs.
See the N+1 Failover Reference Guide.
Note: CAs configured for High Availability are still supported.
New Internal DHCP Server KEA DHCP (1026154)
FortiNAC now uses KEA DHCP as internal server for dynamically assigning addresses to isolated hosts.
See the Cookbook for the PXE boot use case.
GUI enhancements Service Connectors GUI Enhancement (1024138)
Created OT categories for Nozomi and Claroty
See the updated MDM/OT guide.
7.6 UI/UX Rewrite of the Actions Views (1035739)
FortiNAC New Portal Configuration (1016389)
New Portal Configuration UI design with a modernized look, unified with FortiGuest.
High Availability: Secondary Server UI now available in standby
SSL certificate installation (0877961) - See Certificate Management
Config Wizard settings - See Config Wizard
Additional details
Usage instructions
After deploying the instance, click on Manage in AWS Console to see the running instance and public DNS address to continue the configuration of the FortiNAC. Connect to the secured Web UI via the public DNS address: https://<public DNS address>:8443. For any CLI configuration/settings, SSH is required to log into the CLI. Default login credentials are with a username of admin and empty password. You can reference the FortiNAC-VM AWS admin guide is located at: https://docs.fortinet.com/document/fortinac-f/7.6.0/aws-deployment-guide/351237/overview#_Toc178942360
Support
Vendor support
This is a Bring Your Own License model, before to request your instance please make sure you have the FortiNAC licensing order processed by Fortinet sales. When you have the registration steps completed, you'll receive a timely response to any technical issues as well as complete visibility on the ticket resolution progress. FortiCare Support Services include firmware upgrades, Support portal access, and associated technical resources. FortiGuard Security Services include up-to-the minute threat intelligence delivered in real time to stop the latest threats.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
