Fortinet black logo

Deployment Overview

Copy Link
Copy Doc ID 96267918-200d-11e9-b6f6-f8bc1258b856:702688
Download PDF

Deployment Overview

While IoT devices have increased in popularity in recent years, this boon comes with problems. Many of these devices are entering networks while networks are not properly protected against them. Identifying the type of device and applying the proper protection tends to be a painfully manual process.

The problems are (1) the new vulnerabilities that IoT devices bring into a network, and (2) the large number of new IoT devices that environments such as hospitals or colleges face on a daily basis. Can network administrators be expected to manually identify and add each new device, even in smaller environments? What if you could profile device types and then, for that device, specify the protective action so that protective action is automated?

The FortiNAC (NAC stands for “Network Access Control”) provides visibility and control. With a FortiNAC, you will be able to see every device on your network, and classify them by vendor and type. By segmenting your network, FortiNAC can also prevent devices from accessing sensitive networks. FortiNAC-empowered network administrators should see their work simplified, made easier and more secure.

FortiNAC works by continuously monitoring the network for new devices and authenticating them based on predefined policies. This ensures that only authorized devices are allowed to connect to the network and that they comply with the organization's security policies.

Four ways that FortiNAC helps

  • Device profiling: FortiNAC automatically identifies and profiles devices as they connect to the network, giving IT teams a complete view of all devices on the network.

  • Access control: FortiNAC enforces access policies based on the device type, user identity, location, and other factors, ensuring that only authorized devices and users can access the network.

  • Threat detection: FortiNAC detects and alerts IT teams to any suspicious activity on the network, including unauthorized devices, unusual behavior, and potential threats.

  • Network segmentation: FortiNAC allows IT teams to segment the network based on device type, location, and other factors, limiting the spread of threats and reducing the risk of data breaches.

About this guide: learn by example

This guide should help you understand FortiNAC by bringing you through a specific use case. Specifically, you will learn configuration examples for how FortiNAC can provide control for IOT/OT.

This guide can also be applied in many types of network topologies. It presents one of possibly many ways to deploy FortiNAC. It may also omit specific steps where readers must make design decisions to further configure their devices. It is recommended that readers also review supplementary material found in the FortiNAC documentation library.

Note: the FortiNAC can manage devices remotely, but that’s not a requirement for deploying the FortiNAC in the same Layer 2 network of the Managed Devices.

Intended Audience

The IT/IOT/IIOT Deployment guide is intended for:

  • Customers with network environments with a mix of network device vendors

  • System administrators who face problems with the vast number of IoT and OT devices

No high level of knowledge is necessary to follow this guide.

First time users

Users looking to set up their FortiNAC for the first time should follow the steps in the Deployment Guide.

For more in-depth detail, see the Administration Guide, whose table of contents mirrors the FortiNAC GUI.

Deployment Overview

While IoT devices have increased in popularity in recent years, this boon comes with problems. Many of these devices are entering networks while networks are not properly protected against them. Identifying the type of device and applying the proper protection tends to be a painfully manual process.

The problems are (1) the new vulnerabilities that IoT devices bring into a network, and (2) the large number of new IoT devices that environments such as hospitals or colleges face on a daily basis. Can network administrators be expected to manually identify and add each new device, even in smaller environments? What if you could profile device types and then, for that device, specify the protective action so that protective action is automated?

The FortiNAC (NAC stands for “Network Access Control”) provides visibility and control. With a FortiNAC, you will be able to see every device on your network, and classify them by vendor and type. By segmenting your network, FortiNAC can also prevent devices from accessing sensitive networks. FortiNAC-empowered network administrators should see their work simplified, made easier and more secure.

FortiNAC works by continuously monitoring the network for new devices and authenticating them based on predefined policies. This ensures that only authorized devices are allowed to connect to the network and that they comply with the organization's security policies.

Four ways that FortiNAC helps

  • Device profiling: FortiNAC automatically identifies and profiles devices as they connect to the network, giving IT teams a complete view of all devices on the network.

  • Access control: FortiNAC enforces access policies based on the device type, user identity, location, and other factors, ensuring that only authorized devices and users can access the network.

  • Threat detection: FortiNAC detects and alerts IT teams to any suspicious activity on the network, including unauthorized devices, unusual behavior, and potential threats.

  • Network segmentation: FortiNAC allows IT teams to segment the network based on device type, location, and other factors, limiting the spread of threats and reducing the risk of data breaches.

About this guide: learn by example

This guide should help you understand FortiNAC by bringing you through a specific use case. Specifically, you will learn configuration examples for how FortiNAC can provide control for IOT/OT.

This guide can also be applied in many types of network topologies. It presents one of possibly many ways to deploy FortiNAC. It may also omit specific steps where readers must make design decisions to further configure their devices. It is recommended that readers also review supplementary material found in the FortiNAC documentation library.

Note: the FortiNAC can manage devices remotely, but that’s not a requirement for deploying the FortiNAC in the same Layer 2 network of the Managed Devices.

Intended Audience

The IT/IOT/IIOT Deployment guide is intended for:

  • Customers with network environments with a mix of network device vendors

  • System administrators who face problems with the vast number of IoT and OT devices

No high level of knowledge is necessary to follow this guide.

First time users

Users looking to set up their FortiNAC for the first time should follow the steps in the Deployment Guide.

For more in-depth detail, see the Administration Guide, whose table of contents mirrors the FortiNAC GUI.