Call a Specialist Today! (02) 9388 1741
Free Delivery! Free Delivery!

FortiNAC Control and Application next-gen VM Server
Security for networks with IoT

Fortinet FortiNAC

Available in AWS Marketplace

Fortinet Products
FortiNAC Control and Application extended VM
FortiNAC Control and Application eXtended VM Server (VMWare or Hyper-V or AWS or Azure or KVM) (Running FortiNAC-OS).
#FNC-CAX-VM
List Price: $6,021.00
Our Price: Request a Quote

Click here to jump to pricing!

Please Note: All Prices are Inclusive of GST

Overview:

Visibility, Zero Trust Access and Incident Response for Connected Assets and Users

FortiNAC™ continues to be a cutting-edge network access control solution, enabling organizations to enforce network access policies and assure adherence to security protocols in light of increasingly sophisticated threats. It provides a comprehensive snapshot of all devices and users on the network, facilitating granular control of access based on user roles, device types, network locations, and now the behavioral patterns of devices and users.

The solution’s capability now extends beyond automated onboarding of new endpoints; it incorporates real-time threat intelligence and continuous risk assessment of devices, leveraging machine learning and AI technologies from FortiGuard Services. Given the rising prominence of BYOD (Bring Your Own Device) and IoT (Internet of Things), FortiNAC’s continuous monitoring and immediate remediation of non-compliant devices have become even more crucial.

Moreover, FortiNAC’s integration goes beyond third-party security solutions; it integrates with a wide range of cloud-based platforms and DevOps tools to ensure seamless and secure network operations in hybrid IT environments. FortiNAC leverages its integration with FortiAnalyzer to gain deep insight into network security posture, encompassing realtime visibility, predictive analytics, and more robust compliance reporting. With FortiNAC, organizations can more effectively secure their network against unauthorized access, potential threats, and increasingly, the insider threats, aligning with the emerging Zero Trust security model that emphasizes “never trust, always verify”

Features

Granular Visibility Across the Network for Every Device and User

FortiNAC leverages AI and machine learning from FortiGuard Security Services to provide detailed profiling of devices, including headless devices and IoT assets on your network. This profiling incorporates multiple information sources, behavior patterns, and real-time threat intelligence to accurately identify and assess what is on your network.


Seamless Integration and Control Across Diverse Environments

With the power of micro-segmentation and Zero Trust policies, FortiNAC allows for configuration changes on switches and wireless products from an extended range of vendors. It amplifies the reach of the Security Fabric across multi-cloud, hybrid IT, and heterogeneous environments, implementing “never trust, always verify’ principles.


Automated Response

FortiNAC reacts to network events in real-time to contain threats before they spread, utilizing a broad and customizable set of automation policies. Leveraging AI, these policies can instantly trigger configuration changes and remediation actions when targeted behavior or anomalies are observed, aligning with the Zero Trust model’s dynamic and proactive approach.


Key Highlights

  • Implement dynamic network scanning to classify and analyze device behaviors using continuous, automated techniques
  • Maintain an updated inventory of all network devices, including BYOD, IoT, OT, and IoMT
  • Continuously assess risks for every endpoint using real-time threat intelligence and behavioral patterns
  • Adopt Zero Trust architecture for better device security and simplified management
  • Integrate with various third-party network tools ensuring compatibility
  • Relay real-time contextual data to SIEM, improving incident response. Ensure always-on identity checks and follow least privilege access, reinforcing the Zero Trust approach

Highlights:

Granular Device Visibility

The essence of securing a dynamic, ever-evolving network lies in comprehending its makeup. FortiNAC leverages AI and machine learning from FortiGuard Security Services, goes beyond merely “seeing” everything on the network—it comprehends and analyzes. It scans your network to discover every user, application, and device. Using a variety of techniques—it profiles each element based on observed behavior, real-time threat intelligence, as well as tapping into FortiGuard’s IoT Services, a cloud-based database for identification lookups

Scanning can be active or passive, utilizing permanent agents, dissolvable agents, or agentless approaches. Moreover, FortiNAC can evaluate a device against pre-approved profiles, noting any discrepancies or software updates required to patch vulnerabilities. With FortiNAC, the network isn’t just known—it’s understood, assessed, and continually monitored.

Besides recognizing the entire network, FortiNAC’s advanced visibility incorporates passive traffic analysis, leveraging Fortinet FortiGate appliances as sensors to identify anomalous behavior patterns. These patterns can indicate a potential compromise, triggering real-time alerts for the SOC team and aligning with the proactive threat containment approach integral to the Zero Trust model.


Network Security and Intelligent Segmentation

After successful classification of devices and user identification, FortiNAC now integrates advanced segmentation techniques to ensure only authorized users and devices have access to requisite resources, thus preventing unauthorized intrusion. Through its progressive rolebased network access control, FortiNAC allows for strategic network segmentation by logically grouping similar data and applications, limiting access to a particular set of users or devices. This strategy effectively confines a compromised device, thereby inhibiting its ability to traverse the network and inflict damage on other resources. FortiNAC not only fortifies the protection of sensitive data and vital assets but also ensures adherence to internal, industrial, and government regulations and mandates


Device Integrity Verification and Malware Prevention

FortiNAC emphasizes on the importance of device integrity prior to network connection, significantly reducing the risk and potential spread of malicious software. As a device attempts to join the network, FortiNAC assesses its configuration for compliance. Any non-compliant configuration is promptly managed; for instance, the device may be allocated to an isolated or restricted access VLAN, devoid of any access to corporate resources. This feature has become increasingly relevant with the rise of IoT devices and remote work trends, ensuring a secure and controlled network environment.


Intelligent Monitoring and Automated Reaction

FortiNAC proactively supervises the network continuously, examining endpoints to verify their compliance with predefined profiles. Leveraging modern security tactics, FortiNAC rescreens devices to prevent any possible bypassing of network access security via MAC-address spoofing. Further, FortiNAC is equipped to identify irregularities in traffic patterns, a vital feature considering the growing complexities in network usage patterns with the rise of cloud and edge computing. This passive anomaly detection function operates symbiotically with FortiGate appliances. Upon recognizing a compromised or susceptible endpoint as a potential risk, FortiNAC promptly instigates an automated reaction, quarantining the endpoint in realtime, furthering its commitment to maintaining a secure and controlled network environment.


FortiGate Sessions View

The FortiGate Sessions view adds the ability to accept netflow data from third party devices. Flows from other devices would also show up in this view.

Fortinet FortiNAC


Security Fabric Integrations

FortiNAC integrates with multiple Fortinet products such as FortiGate, FortiSIEM, FortiAnalyzer, FortiEDR, and FortiDeceptor. The Security Rules are triggered by syslog/snmp messages from the other Fortinet products as shown below.

Fortinet FortiNAC

Integration:

Extensive integration with desktop security software, directories, network infrastructure, and third-party security systems provides unparalleled visibility and control across the network environment.

The FortiNAC family integrates

  • More than 3000 devices with unique MIB OIDs
  • More than 2000 models including switches, access points, and network controllers
  • More than 90 vendors in networking, security, and communication industries with the following vendor and models as examples
    • Network Infrastructure: Adtran, Aerohive, AlaxalA Networks, Alcatel-Lucent, Allied Telesis, Alteon, APC, Apple, APRESIA Systems, Avaya, Brocade/Foundry Networks/Ruckus, Cisco/Meraki, D-Link, Extreme/Enterasys/Siemens, H3C, HP/Colubris/3Com/Aruba, Intel, Juniper, NEC, Riverbed/Xirrus, and SonicWall

    • Security Infrastructure: CheckPoint, Cisco/SourceFire, Cyphort, FireEye, Juniper/ Netscreen, Qualys, Sonicwall, Tenable

    • Authentication and Directory Services: RADIUS — Cisco ACS, Free RADIUS, Microsoft IAS, LDAP — Google SSO, Microsoft Active Directory, OpenLDAP

    • Operating Systems: Android, Apple MAC OSX and iOS, Linux, Microsoft Windows

    • Endpoint Security Applications: Authentium, Avast, AVG, Avira, Blink, Bullguard, CA, ClamAV, Dr. Web, Enigma, ESET, F-Prot, F-Secure, G Data, Intego, Javacool, Lavasoft, Lightspeed, McAfee, Microsoft, MicroWorld, Norman, Norton, Panda, PC Tools, Rising, Softwin, Sophos, Spyware Bot, Sunbelt, Symantec, Trend Micro, Vexira, Webroot SpySweeper, Zone Alarm

    • Mobile Device Management: AirWatch, Google GSuite, MaaS360, Microsoft InTune, Mobile Iron, XenMobile, JAMF, Nozomi Networks


Deployment Options

Easy Deployment

FortiNAC is a flexible and scalable solution that spans from mid-size to very large enterprise deployments. There are three elements to the FortiNAC solution.


High Availability

FortiNAC offers High Availability for disaster recovery to ensure redundancy. This state is achieved through active and passive instances where the passive (backup) becomes active when the main is no longer functioning normally. FortiNAC Manager can manage multiple high availability clusters distributed throughout the network as needed.


Centralized Architecture

FortiNAC is an ‘out of band’ solution, meaning it does not sit in-line of user traffic. This architecture allows FortiNAC to be deployed centrally and manage many remote locations. Visibility, control, and response are achieved by integrating with, and leveraging the capabilities of, the network infrastructure. Control can be applied at the point of connection, at the very edge of the network while security device integrations allow FortiNAC to process security alerts and treat them as triggers for automated threat mitigation through customizable work flows.

Fortinet FortiNAC

Data collection is gathered from multiple sources using a variety of methods. SNMP, CLI, RADIUS, SYSLOG, API and DHCP fingerprints can all be used to achieve the detailed end-toend visibility necessary to create a truly secure environment.

Fortinet FortiNAC

Licensing:

FortiNAC Licensing

FortiNAC offers flexible deployment options based on the level of coverage and functionality desired.


Base License

The BASE license level provides easy, one-step IoT security solution to close pressing endpoint security gaps by seeing all endpoint devices on the network, automating authorization, and enabling micro-segmentation and network lockdown. The BASE license level is appropriate for organizations that need to secure IoT and headless devices, and enable network lockdown with dynamic VLAN steering, but do not require more advanced user/network controls or automated threat response.


Plus License

The PLUS license level builds on all the functionality of BASE with enhanced visibility and more advanced Network Access Controls and automated provisioning for users, guests, and devices as well as reporting and analytics. The reporting and analytics can greatly assist in providing audit documentation of compliance. The PLUS license level is appropriate for organizations that want complete endpoint visibility and a granular control, but do not require automated threat response.


Pro License

The PRO license level provides the ultimate in visibility, control and response. PRO license offers real-time endpoint visibility, comprehensive access control, and automated threat response and delivers contextual information with triaged alerts. The PRO license level is appropriate for organizations that want complete endpoint visibility, a flexible NAC solution with granular controls, as well as accurate event triage and real-time automated threat response.


Services

FortiCare Services

As your business rapidly evolves, it is critical to advance your security capabilities as well. Often though, you do not have expertise within your organization to deploy, operate, and maintain these new capabilities or are up against tight deadlines to implement change. We understand this challenge and help thousands of organizations every year tackle this problem with FortiCare Services.

Our experts provide accelerated implementation of your technology, reliable assistance through advanced support, and proactive care to ensure your success with Fortinet investment. No matter the size or location of your organization, we are ready to provide you with an elevated experience to help you achieve your business goals with superior security and performance.


FortiCare Support

A FortiCare Support contract entitles you not only to receive updates to the FortiNAC firmware, but also receive two important feeds.

FortiNAC LICENSE TYPES BASE PLUS PRO
Visibility Network Network Discovery
Rouge Identification
Device Profiling & Classification
Endpoint Enhanced Visiblity
Anomaly Detection
MDM Integration
Persistent Agent
User Authentication
Captive Portal
Automation / Control Network Access Policies
IoT Onboarding with Sponsor
Rouge Device Detection & Restriction
Firewall Segmentation
BYOD / Onboarding
Guest Management
Endpoint Compliance
Web & Firewall Single Sign-on
Incident Response Event Correlation
Extensible Actions & Audit Trail
Alert Criticality & Routing
Guided Triage Workflows
Integrations Inbound Security Events
Outbound Security Events
REST API
Reporting

Specifications:

VM OS SKU Ports in the Network Target Environment CPU Reference vCPU Qty Memory (GB) Disk (GB)
FortiNAC-OS
FNC-CAX-VM
Up to 5 000 Small Intel Xeon E-2278 GE 3.3 GHz 8C/16T 8 16 100
Up to 15 000 Medium AMD Milan EPYC 7413 2.65 GHz 24C/48T 24 32 100
Up to 25 000 Large AMD Milan EPYC 7543P 2.8 GHz 32C/64T 32 96 100
FNC-MX-VM Up to 50 CA Servers Large AMD Milan EPYC 7413 2.65 GHz 24C/48T 24 32 100

Documentation:

Download the FortiNAC Data Sheet (PDF).

It appears you don't have a PDF plugin for this browser. No biggie... you can click here to download the PDF file.

Pricing Notes:

Fortinet Products
FortiNAC Control and Application extended VM
FortiNAC Control and Application eXtended VM Server (VMWare or Hyper-V or AWS or Azure or KVM) (Running FortiNAC-OS).
#FNC-CAX-VM
List Price: $6,021.00
Our Price: Request a Quote
FortiNAC Manager extended VM
FortiNAC Manager eXtended VM Server (VMware or Hyper-V or AWS or Azure or KVM) (Running FortiNAC-OS)
#FNC-MX-VM
List Price: $6,021.00
Our Price: Request a Quote