Fortinet FortiNAC 500
Security for networks with IoT
Sorry, this product is no longer available, please contact us for a replacement.
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Click here to jump to pricing!
Overview:
FortiNAC is Fortinet’s network access control solution that enhances the Security Fabric with visibility, control, and automated response for everything that connects to the network. FortiNAC provides protection against IoT threats, extends control to third-party devices, and orchestrates automatic responses to a wide range of networking events.
Visibility Across the Network for Every Device and User
FortiNAC provides detailed profiling of even headless devices on your network using multiple information and behavior sources to accurately identify what is on your network.
Extend Control of the Network to Third-Party Products
Implement micro-segmentation policies and change configurations on switches and wireless products from more than 70 vendors. Extend the reach of the Security Fabric in heterogeneous environments.
Automated Responsiveness
React to events in your network in seconds to contain threats before they spread. FortiNAC offers a broad and customizable set of automation policies that can instantly trigger configuration changes when the targeted behavior is observed.
Device Visibility
Fundamental to the security of a constantly changing network is an understanding of its makeup. FortiNAC sees everything on the network providing complete visibility. FortiNAC scans your network to discover every user, application, and device. With up to 18 different techniques, FortiNAC can then profile each element based on observed characteristics and responses. Scanning can be done actively or passively and can utilize permanent agents, dissolvable agents, or no agents. Additionally, FortiNAC can asses a device to see if it matches approved profiles, noting the need for software updates to patch vulnerabilities. With FortiNAC deployed, the entire network is known.
In addition to knowing the entire network, FortiNAC’s enhanced visibility can also use passive traffic analysis to identify devices on the network by integrating Fortinet’s FortiGate appliances. This provides another level of identity to ensure accurate classification.
Dynamic Network Control
Once the devices are classified and the users are known, FortiNAC enables detailed segmentation of the network to enable devices and users access to necessary resources while blocking non-related access. FortiNAC uses dynamic role-based network access control to logically create network segments by grouping applications and like data together to limit access to a specific group of users or devices. In this manner, if a device is compromised, its ability to travel in the network and attack other assets will be limited. FortiNAC helps to protect critical data and sensitive assets while ensuring compliance with internal, industry, and government regulations and mandates.
Ensuring the integrity of devices before they connect to the network minimizes risk and the possible spread of malware. FortiNAC validates a device’s configuration as it attempts to join the network. If the configuration is found to be non-compliant, the device can be handled appropriately such as by an isolated or limited access VLAN.
Automated Response
FortiNAC will monitor the network on an ongoing basis, evaluating endpoints to ensure they conform to their profile. FortiNAC will rescan devices to ensure MAC-address spoofing does not bypass your network access security. Additionally, FortiNAC can watch for anomalies in traffic patterns. This passive anomaly detection works in conjunction with FortiGate appliances. Once a compromised or vulnerable endpoint is detected as a threat, FortiNAC triggers an automated response to contain the endpoint in real-time.
Key Highlights
- Agent and agentless scanning of the network for detection and classification of devices
- Create an inventory of all devices on the network
- Assess risk of every endpoint on the network
- Centralized Architecture for easier deployment and management
- Extensive support for third-party network devices to ensure effectiveness with existing network infrastructure
- Automate onboarding process for a large number of endpoints, users, and guests
- Enforce dynamic network access control and enable network segmentation
- Reduce containment time from days to seconds
- Event reporting to SIEM with detailed contextual data to reduce investigation time
Licensing:
FortiNAC offers flexible deployment options based on the level of coverage and functionality desired.
- The BASE license level provides easy, one-step IoT security solution to close pressing endpoint security gaps by seeing all endpoint devices on the network, automating authorization, and enabling micro-segmentation and network lockdown. The BASE license level is appropriate for organizations that need to secure IoT and headless devices, and enable network lockdown with dynamic VLAN steering, but do not require more advanced user/network controls or automated threat response.
- The PLUS license level builds on all the functionality of BASE with enhanced visibility and more advanced Network Access Controls and automated provisioning for users, guests, and devices as well as reporting and analytics. The reporting and analytics can greatly assist in providing audit documentation of compliance. The PLUS license level is appropriate for organizations that want complete endpoint visibility and a granular control, but do not require automated threat response.
- The PRO license level provides the ultimate in visibility, control and response. PRO license offers real-time endpoint visibility, comprehensive access control, and automated threat response and delivers contextual information with triaged alerts. The PRO license level is appropriate for organizations that want complete endpoint visibility, a flexible NAC solution with granular controls, as well as accurate event triage and realtime automated threat response.
| FortiNAC LICENSE TYPES | BASE | PLUS | PRO | ||
|---|---|---|---|---|---|
| Visibility | Network | Network Discovery | ✔ | ✔ | ✔ |
| Rouge Identification | ✔ | ✔ | ✔ | ||
| Device Profiling & Classification | ✔ | ✔ | ✔ | ||
| Endpoint | Enhanced Visiblity | ✔ | ✔ | ✔ | |
| Anomaly Detection | ✔ | ✔ | ✔ | ||
| MDM Integration | ✔ | ✔ | ✔ | ||
| Persistent Agent | ✔ | ✔ | |||
| User | Authentication | ✔ | ✔ | ||
| Captive Portal | ✔ | ✔ | |||
| Automation / Control | Network Access Policies | ✔ | ✔ | ✔ | |
| IoT Onboarding with Sponsor | ✔ | ✔ | ✔ | ||
| Rouge Device Detection & Restriction | ✔ | ✔ | ✔ | ||
| Firewall Segmentation | ✔ | ✔ | ✔ | ||
| BYOD / Onboarding | ✔ | ✔ | |||
| Guest Management | ✔ | ✔ | |||
| Endpoint Compliance | ✔ | ✔ | |||
| Web & Firewall Single Sign-on | ✔ | ✔ | |||
| Incident Response | Event Correlation | ✔ | |||
| Extensible Actions & Audit Trail | ✔ | ||||
| Alert Criticality & Routing | ✔ | ||||
| Guided Triage Workflows | ✔ | ||||
| Integrations | Inbound Security Events | ✔ | |||
| Outbound Security Events | ✔ | ||||
| REST API | ✔ | ✔ | |||
| Reporting | ✔ | ✔ | ✔ | ||
Specifications:
| FNC-M-550C | FNC-CA-600C | FNC-CA-500C | FNC-CA-700C | |
|---|---|---|---|---|
| System | ||||
| CPU | Intel Xeon Silver 4110 2.1 G, 8C/16T, 9.6 GT/s, 11M Cache, Turbo, HT (85W) DDR4-2400 (Qty 2) | Intel Xeon E3-1220 v5 3.0 GHz, 8M cache, 4C/4T, Turbo (Qty 1) | Intel Xeon Gold 6132 2.6 G, 14C/28T, 10.4 GT/s, 19M Cache, Turbo, HT (140W) DDR4-2666 (Qty 2) | |
| Memory | 8 GB RDIMM, 2666 MT/s, Single Rank (Qty 4) | 8 GB UDIMM, 2400 MT/s, ECC (Qty 2) | 8 GB RDIMM, 2666 MT/s, Single Rank (Qty 12) | |
| Hard Disk | 1TB 7.2K RPM SATA 6 Gbps 2.5in Hot-plug Hard Drive (Qty 2) | 1TB 7.2K RPM SATA 6 Gbps 3.5in Hot-plug Hard Drive RAID1 (Qty 2) | 600 GB 15K RPM SAS 12 Gbps 2.5in Hot-plug Hard Drive (Qty 2) | |
| Optical Drive | None Required | DVD ROM SATA Internal (Qty 1) | None required | |
| BMC | iDRAC9 Express, integrated (Qty 1) | iDRAC8 Express (Qty 1) | iDRAC9 Express, integrated (Qty 1) | |
| Network Interface | Broadcom 5720 QuadPort 4x 1 GB Ethernet, RJ45 | 4x 10/100/1000 Ethernet, RJ45 | Broadcom 5720 QuadPort 4x 1 GB Ethernet, RJ45 (Qty 1) | |
| RAID Card | PERC H330 Integrated RAID Controller (Qty 1) | PERC H330 Integrated RAID Controller (Qty 1) | PERC H730P+ RAID Controller, 2 GB Cache (Qty 1) | |
| RAID Configuration | RAID 1 | RAID 1 | RAID 1 | |
| Console Access | None | Front LCD Panel | No LCD Panel | |
| Form Factor | 1U Rack mountable | 1U Rack mountable | 1U Rack mountable | |
| Dimensions | ||||
| Height x Width x Length (inches) | 1.68 x 18.9 x 29.73 | 1.68 x 17.08 x 24.60 | 1.68 x 18.9 x 29.73 | |
| Height x Width x Length (mm) | 42.8 x 482.4 x 755.12 | 42.8 x 434.0 x 625.0 | 42.8 x 482.4 x 755.12 | |
| Weight | 43.056 lbs (19.76 kg) | 43.87 lbs (19.9 kg) | 43.056 lbs (19.76 kg) | |
| Environment | ||||
| Power Supply | Dual 550W Hot Plug Power Supply | Dual 350W Hot Plug Power Supplies | Dual 750W AC power supplies | |
| Input Power | 100-240V AC Autoranging | 100-240V AC Autoranging | 100–240V AC, Autoranging | |
| Input Current | 6.25 A | 3.0 A | 6.25 A | |
| Cooling | 7 fans | 4 fans | 7 fans | |
| Panel Display | No LCD | 20 Char LCD | No LCD | |
| Heat Dissipation | 2559 BTU/hr | 1357.1 BTU/hr | 2559 BTU/hr | |
| Operation Temperature Range | 50–95°F (10–35°C) | 50–95°F (10–35°C) | 50–95°F (10–35°C) | |
| Storage Temperature Range | -40–149°F (-40–65°C) | 40–149°F (-40–65°C) | 40–149°F (-40–65°C) | |
| Humidity (Operating) Humidity (Non-operating) |
10–80% non-condensing 5–95% non-condensing |
10–80% non-condensing 5–95% non-condensing |
10–80% non-condensing 5–95% non-condensing |
|
| Certification | ||||
| Safety | Certified as applicable by Product Safety authorities worldwide, including United States (NRTL), Canada (SCC), European Union (CE). | |||
| Electromagnetic (EMC) | Certified as applicable by EMC authorities worldwide, including United States (FCC), Canada (ICES), European Union (CE). | |||
| Materials | Certified as applicable by Materials authorities worldwide, including European Union (ROHS) and China (ROHS). | |||
Documentation:
Download the Fortinet FortiNAC Datasheet (PDF).