Fortinet white logo
Fortinet white logo
7.2.0

Deployment Overview

Deployment Overview

The rapid rise in IoT devices has introduced significant challenges for network security. Many of these devices are being deployed across networks in an unsupervised and uncontrolled manner. Without proper network visibility, administrators are vulnerable to potential security breaches.

Key to securing networks is the identification of all devices, categorizing them, and applying appropriate access control policies based on their characteristics. These steps not only prevent unauthorized access but also reduce the complexity of managing a network manually.

The main problems are twofold: (1) IoT devices introduce new vulnerabilities into the network, and (2) the sheer number of these devices—particularly in environments like hospitals or educational institutions—makes manual identification impractical. Can network administrators realistically manage this influx of devices by manually adding each one? What if you could automatically profile devices and enforce security policies based on those profiles?

FortiNAC (Network Access Control) offers a solution by providing visibility and control over every device on the network. With FortiNAC, administrators can identify devices by vendor and type, and segment the network to prevent unauthorized access to sensitive areas. This approach simplifies the administrator’s workload and enhances network security.

FortiNAC continuously monitors the network for new devices and authenticates them based on predefined policies. This ensures that only authorized devices connect to the network and comply with the organization's security standards, streamlining the process while maintaining robust protection.

Four ways that FortiNAC helps

  • Device profiling: FortiNAC automatically identifies and profiles devices as they connect to the network, giving IT teams a complete view of all devices on the network.

  • Access control: FortiNAC enforces access policies based on the device type, user identity, location, and other factors, ensuring that only authorized devices and users can access the network.

  • Threat detection: FortiNAC detects and alerts IT teams to any suspicious activity on the network, including unauthorized devices, unusual behavior, and potential threats.

  • Network segmentation: FortiNAC allows IT teams to segment the network based on device type, location, and other factors, limiting the spread of threats and reducing the risk of data breaches.

About this guide: learn by example

This guide should help you understand FortiNAC by bringing you through a specific use case. Specifically, you will learn configuration examples for how FortiNAC can provide control for IOT/OT.

This guide can also be applied in many types of network topologies. It presents one of possibly many ways to deploy FortiNAC. It may also omit specific steps where readers must make design decisions to further configure their devices. It is recommended that readers also review supplementary material found in the FortiNAC documentation library.

Note: the FortiNAC can manage devices remotely, but that’s not a requirement for deploying the FortiNAC in the same Layer 2 network of the Managed Devices.

Intended Audience

The IT/IOT/IIOT Deployment guide is intended for:

  • Customers with network environments with a mix of network device vendors

  • System administrators who face problems with the vast number of IoT and OT devices

No high level of knowledge is necessary to follow this guide.

First time users

Users looking to set up their FortiNAC for the first time should follow the steps in the Deployment Guide.

For more in-depth detail, see the Administration Guide, whose table of contents mirrors the FortiNAC GUI.

Deployment Overview

Deployment Overview

The rapid rise in IoT devices has introduced significant challenges for network security. Many of these devices are being deployed across networks in an unsupervised and uncontrolled manner. Without proper network visibility, administrators are vulnerable to potential security breaches.

Key to securing networks is the identification of all devices, categorizing them, and applying appropriate access control policies based on their characteristics. These steps not only prevent unauthorized access but also reduce the complexity of managing a network manually.

The main problems are twofold: (1) IoT devices introduce new vulnerabilities into the network, and (2) the sheer number of these devices—particularly in environments like hospitals or educational institutions—makes manual identification impractical. Can network administrators realistically manage this influx of devices by manually adding each one? What if you could automatically profile devices and enforce security policies based on those profiles?

FortiNAC (Network Access Control) offers a solution by providing visibility and control over every device on the network. With FortiNAC, administrators can identify devices by vendor and type, and segment the network to prevent unauthorized access to sensitive areas. This approach simplifies the administrator’s workload and enhances network security.

FortiNAC continuously monitors the network for new devices and authenticates them based on predefined policies. This ensures that only authorized devices connect to the network and comply with the organization's security standards, streamlining the process while maintaining robust protection.

Four ways that FortiNAC helps

  • Device profiling: FortiNAC automatically identifies and profiles devices as they connect to the network, giving IT teams a complete view of all devices on the network.

  • Access control: FortiNAC enforces access policies based on the device type, user identity, location, and other factors, ensuring that only authorized devices and users can access the network.

  • Threat detection: FortiNAC detects and alerts IT teams to any suspicious activity on the network, including unauthorized devices, unusual behavior, and potential threats.

  • Network segmentation: FortiNAC allows IT teams to segment the network based on device type, location, and other factors, limiting the spread of threats and reducing the risk of data breaches.

About this guide: learn by example

This guide should help you understand FortiNAC by bringing you through a specific use case. Specifically, you will learn configuration examples for how FortiNAC can provide control for IOT/OT.

This guide can also be applied in many types of network topologies. It presents one of possibly many ways to deploy FortiNAC. It may also omit specific steps where readers must make design decisions to further configure their devices. It is recommended that readers also review supplementary material found in the FortiNAC documentation library.

Note: the FortiNAC can manage devices remotely, but that’s not a requirement for deploying the FortiNAC in the same Layer 2 network of the Managed Devices.

Intended Audience

The IT/IOT/IIOT Deployment guide is intended for:

  • Customers with network environments with a mix of network device vendors

  • System administrators who face problems with the vast number of IoT and OT devices

No high level of knowledge is necessary to follow this guide.

First time users

Users looking to set up their FortiNAC for the first time should follow the steps in the Deployment Guide.

For more in-depth detail, see the Administration Guide, whose table of contents mirrors the FortiNAC GUI.