Fortinet’s Network Access Control (NAC)
Available on backorder
FortiNAC is a zero-trust NAC solution that provides real-time visibility, dynamic access control, and automated threat response for all network-connected devices, integrating seamlessly with the Fortinet Security Fabric and multi-vendor infrastructure.
Compare
FortiNAC is Fortinet’s zero-trust Network Access Control (NAC) solution that enhances the Fortinet Security Fabric by delivering comprehensive visibility, granular control, and automated response for all devices and users connecting to wired and wireless networks. Designed to secure IT, IoT, OT/ICS, and IoMT environments, FortiNAC discovers and profiles devices in real time, enforces dynamic access policies, and orchestrates rapid threat containment. It supports multi-vendor environments, integrating with over 150 vendors’ network devices (switches, wireless access points, firewalls) to leverage existing infrastructure. Key features include agentless scanning, micro-segmentation, automated onboarding for BYOD and guests, and integration with FortiGate firewalls and other Security Fabric components for enhanced threat intelligence and policy enforcement. FortiNAC is ideal for organizations seeking to protect against IoT threats, ensure compliance, and simplify network access management across single or multi-site deployments.
- Architecture:
- Components:
- Control and Application Server: Handles device profiling, policy enforcement, and network orchestration. Can be deployed as a single server for smaller setups or multiple servers for scalability.
- Management Server (FNC-M-550C): Optional for managing multiple appliances in large deployments.
- Deployment Options: Hardware appliances (FNC-CA-500C, FNC-CA-600C, FNC-CA-700C), virtual machines (VMware, Hyper-V, AWS, Azure, KVM), or next-gen VMs for cloud environments.
- Scalability: Unlimited concurrent ports; servers can be stacked for increased capacity, supporting millions of devices across multi-site locations.
- Out-of-Band: Operates outside user traffic, enabling centralized management of remote locations without impacting performance.
- Components:
- Authentication:
- Protocols: 802.1X, MAC Address Bypass (MAB), Captive Portal, VPN-based authentication.
- Methods: Supports agent-based (persistent/dissolvable) and agentless scanning for device detection.
- Integrations: Active Directory, LDAP, RADIUS, SAML, and third-party IdPs for user authentication.
- Profiling:
- Methods: Up to 17 profiling techniques, including DHCP fingerprinting, TCP/UDP port scanning, SNMP, HTTP/HTTPS analysis, and passive traffic analysis via FortiGate integration.
- Capabilities: Identifies device type, OS, manufacturer, and behavior for IT, IoT, and headless devices.
- Policy Enforcement:
- Mechanisms: Dynamic VLAN steering, micro-segmentation, role-based access control, and network lockdown.
- Policies: Granular access based on user identity, device type, security posture, and location.
- Micro-segmentation: Restricts device access to specific network resources, limiting lateral movement.
- Automated Response:
- Triggers: Configurable automation policies for events like non-compliant devices, anomalous behavior, or security alerts.
- Actions: Quarantine, VLAN reassignment, port shutdown, or notifications to administrators.
- Speed: Responds in seconds to contain threats before they spread.
- Visibility:
- Real-time monitoring of all connected devices and users, with detailed dashboards and granular reporting.
- Tracks endpoint behavior, compliance status, and network access events for audit purposes.
- Integrations:
- Fortinet Security Fabric: FortiGate, FortiAP, FortiSwitch, FortiAnalyzer, FortiSIEM for enhanced visibility and threat response.
- Third-Party: Over 150 vendors (e.g., Cisco, Aruba, Juniper) for switches, APs, and firewalls; integrates with SIEM, MDM, and endpoint protection platforms via APIs.
- Fabric-Ready Partners: Example: Ordr for IoMT device management in healthcare
Related products
-
Software
Ivanti Neurons for Risk-Based Vulnerability Management
Ivanti Neurons for RBVM is a cloud-based solution that prioritizes critical vulnerabilities using risk-based scoring, threat intelligence, and automation to protect against cyber threats like ransomware while streamlining remediation.
SKU: ivanti-neurons-rbvm -
Hardware, Router
Juniper MX Series Universal Routing Platforms
- MX304: Compact 4.8 Tbps router with 1/10/25/50/100/400GbE ports. Ideal for metro edge with MPLS and Segment Routing.
- MX960: Scalable 7.5 Tbps router with 1/10/40/100GbE ports. Suits core/edge with Layer 2/3 and CGNAT.
- MX10003: Cost-effective 2.4 Tbps router with 1/10/40/100GbE ports. Built for edge/metro with MACsec and MPLS.
- MX2008: High-density 16 Tbps router with 1/10/40/100/400GbE ports. Enables edge/core services with automation.
- MX2010: Modular 40 Tbps router with 1/10/40/100/400GbE ports. Ideal for core/edge and data center interconnects.
- MX2020: Premium 80 Tbps router with 1/10/40/100/400GbE ports. Suits high-traffic core/edge with IPsec.
- MX10004: Modular 38.4 Tbps router with 1/10/25/40/100/400GbE ports. Designed for core/edge and cloud services.
- MX10008: High-density 76.8 Tbps router with 1/10/25/40/100/400GbE ports. Ideal for hyperscale data centers.
- MX10016: Premium 153.6 Tbps router with 1/10/25/40/100/400GbE ports. Suits hyperscale core/edge with MACsec.
- vMX Virtual Router: Virtual 100 Gbps router for x86/cloud. Supports Layer 2/3, MPLS, and NFV/SD-WAN.
SKU: MX series -
Router, Software
Juniper Session Smart Router
Juniper Session Smart Router (SSR) Series: Tunnel-free, application-aware SD-WAN solution with Zero Trust security. Delivers agile, secure WAN connectivity, 30–50% bandwidth savings, and AI-driven insights via Mist WAN Assurance. Scalable for SD-WAN, SD-Branch, multicloud, and IoT, it supports physical (NFX, white-box), virtual (VMware, KVM, AWS, Azure), and cloud deployments with Junos OS and advanced security (URL filtering, IDS/IPS).
SKU: SSR -
Endpoint Management, Software
Ivanti Endpoint Manager
Ivanti Endpoint Manager is a unified client management solution for discovering, managing, and securing Windows, macOS, and Linux endpoints, offering real-time visibility, automated software deployment, patch management, and compliance enforcement.
SKU: ivanti-endpoint-manager
