Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • IOT Deployment Guide

    Home FortiNAC-F 7.6.0 IOT Deployment Guide
    7.6.0
    7.6.0
    7.4.0
    7.2.0

    Deployment Overview

    Deployment Overview

    The rapid rise in IoT devices has introduced significant challenges for network security. Many of these devices are being deployed across networks in an unsupervised and uncontrolled manner. Without proper network visibility, administrators are vulnerable to potential security breaches.

    Key to securing networks is the identification of all devices, categorizing them, and applying appropriate access control policies based on their characteristics. These steps not only prevent unauthorized access but also reduce the complexity of managing a network manually.

    The main problems are twofold: (1) IoT devices introduce new vulnerabilities into the network, and (2) the sheer number of these devices—particularly in environments like hospitals or educational institutions—makes manual identification impractical. Can network administrators realistically manage this influx of devices by manually adding each one? What if you could automatically profile devices and enforce security policies based on those profiles?

    FortiNAC (Network Access Control) offers a solution by providing visibility and control over every device on the network. With FortiNAC, administrators can identify devices by vendor and type, and segment the network to prevent unauthorized access to sensitive areas. This approach simplifies the administrator’s workload and enhances network security.

    FortiNAC continuously monitors the network for new devices and authenticates them based on predefined policies. This ensures that only authorized devices connect to the network and comply with the organization's security standards, streamlining the process while maintaining robust protection.

    Four ways that FortiNAC helps

    • Device profiling: FortiNAC automatically identifies and profiles devices as they connect to the network, giving IT teams a complete view of all devices on the network.

    • Access control: FortiNAC enforces access policies based on the device type, user identity, location, and other factors, ensuring that only authorized devices and users can access the network.

    • Threat detection: FortiNAC detects and alerts IT teams to any suspicious activity on the network, including unauthorized devices, unusual behavior, and potential threats.

    • Network segmentation: FortiNAC allows IT teams to segment the network based on device type, location, and other factors, limiting the spread of threats and reducing the risk of data breaches.

    About this guide: learn by example

    This guide should help you understand FortiNAC by bringing you through a specific use case. Specifically, you will learn configuration examples for how FortiNAC can provide control for IOT/OT.

    This guide can also be applied in many types of network topologies. It presents one of possibly many ways to deploy FortiNAC. It may also omit specific steps where readers must make design decisions to further configure their devices. It is recommended that readers also review supplementary material found in the FortiNAC documentation library.

    Note: the FortiNAC can manage devices remotely, but that’s not a requirement for deploying the FortiNAC in the same Layer 2 network of the Managed Devices.

    Intended Audience

    The IT/IOT/IIOT Deployment guide is intended for:

    • Customers with network environments with a mix of network device vendors

    • System administrators who face problems with the vast number of IoT and OT devices

    No high level of knowledge is necessary to follow this guide.

    First time users

    Users looking to set up their FortiNAC for the first time should follow the steps in the Deployment Guide.

    For more in-depth detail, see the Administration Guide, whose table of contents mirrors the FortiNAC GUI.

    Previous
    Next

    Deployment Overview

    Deployment Overview

    The rapid rise in IoT devices has introduced significant challenges for network security. Many of these devices are being deployed across networks in an unsupervised and uncontrolled manner. Without proper network visibility, administrators are vulnerable to potential security breaches.

    Key to securing networks is the identification of all devices, categorizing them, and applying appropriate access control policies based on their characteristics. These steps not only prevent unauthorized access but also reduce the complexity of managing a network manually.

    The main problems are twofold: (1) IoT devices introduce new vulnerabilities into the network, and (2) the sheer number of these devices—particularly in environments like hospitals or educational institutions—makes manual identification impractical. Can network administrators realistically manage this influx of devices by manually adding each one? What if you could automatically profile devices and enforce security policies based on those profiles?

    FortiNAC (Network Access Control) offers a solution by providing visibility and control over every device on the network. With FortiNAC, administrators can identify devices by vendor and type, and segment the network to prevent unauthorized access to sensitive areas. This approach simplifies the administrator’s workload and enhances network security.

    FortiNAC continuously monitors the network for new devices and authenticates them based on predefined policies. This ensures that only authorized devices connect to the network and comply with the organization's security standards, streamlining the process while maintaining robust protection.

    Four ways that FortiNAC helps

    • Device profiling: FortiNAC automatically identifies and profiles devices as they connect to the network, giving IT teams a complete view of all devices on the network.

    • Access control: FortiNAC enforces access policies based on the device type, user identity, location, and other factors, ensuring that only authorized devices and users can access the network.

    • Threat detection: FortiNAC detects and alerts IT teams to any suspicious activity on the network, including unauthorized devices, unusual behavior, and potential threats.

    • Network segmentation: FortiNAC allows IT teams to segment the network based on device type, location, and other factors, limiting the spread of threats and reducing the risk of data breaches.

    About this guide: learn by example

    This guide should help you understand FortiNAC by bringing you through a specific use case. Specifically, you will learn configuration examples for how FortiNAC can provide control for IOT/OT.

    This guide can also be applied in many types of network topologies. It presents one of possibly many ways to deploy FortiNAC. It may also omit specific steps where readers must make design decisions to further configure their devices. It is recommended that readers also review supplementary material found in the FortiNAC documentation library.

    Note: the FortiNAC can manage devices remotely, but that’s not a requirement for deploying the FortiNAC in the same Layer 2 network of the Managed Devices.

    Intended Audience

    The IT/IOT/IIOT Deployment guide is intended for:

    • Customers with network environments with a mix of network device vendors

    • System administrators who face problems with the vast number of IoT and OT devices

    No high level of knowledge is necessary to follow this guide.

    First time users

    Users looking to set up their FortiNAC for the first time should follow the steps in the Deployment Guide.

    For more in-depth detail, see the Administration Guide, whose table of contents mirrors the FortiNAC GUI.

    Previous
    Next