Fortinet FortiNAC CA-600F

Fortinet FortiNAC CA-600F

The FortiNAC CA-600F is a high-performance Network Access Control (NAC) appliance engineered to deliver broad network visibility, advanced Zero Trust access enforcement, and automated security response across medium to large enterprise environments. It provides continuous discovery, classification, and policy enforcement for all connected assets including IT, IoT, OT, and BYOD and integrates deeply into the Fortinet Security Fabric for coordinated threat containment and response.

What It Does

FortiNAC helps organisations:

• Maintain an up-to-date inventory of all devices and users on the network

• Profile and classify endpoints using AI-enhanced techniques

• Enforce dynamic access policies based on user identity, device type, behavior, and risk posture

• Detect anomalies and non-compliant devices in real time

• Automate remediation and containment actions to mitigate threats

• Relay contextual information to SIEM and analytics platforms for incident response

Granular Visibility and Device Profiling

FortiNAC leverages AI and machine learning from FortiGuard Services to provide detailed device and user profiling. It uses a combination of active and passive scanning, agent and agentless techniques, and behavioral analysis to accurately identify endpoints, including headless and IoT devices. Device discovery and profiling help security teams understand what is on the network and how devices are behaving over time, enabling risk-based access decisions.

Zero Trust Access and Intelligent Segmentation

FortiNAC extends Zero Trust principles by continuously evaluating device integrity and enforcing least-privilege access before and during network connectivity. After successful classification, it applies segmentation controls that restrict devices to only the resources they are permitted to access, helping to prevent lateral movement and contain threats.

Key enforcement capabilities include:

• Role-based access control

• Dynamic VLAN assignment and policy enforcement

• Micro-segmentation based on device profiles

• Integration with firewall policies and network infrastructure

Automated Threat Response

FortiNACs automation engine reacts to network events in real time by triggering predefined workflows when suspicious behavior or anomalies are detected. Automated actions can include quarantining devices, adjusting access policies, and generating alerts for security teams. This capability helps reduce time to respond and limits potential impact.

FortiNAC integrates with multiple Fortinet and third-party products such as FortiGate, FortiSIEM, FortiAnalyzer, FortiClient EMS, FortiSwitch, FortiAP, and FortiExtender to leverage broader security context and enforcement mechanisms throughout the network.

Third-Party Ecosystem Integration

FortiNAC supports extensive integration with networking and security systems from other vendors. It interfaces with device management systems, directory services, authentication platforms, mobile device management (MDM) solutions, and endpoint security tools to enhance visibility and control across heterogeneous environments.

Deployment Options

FortiNAC is an out-of-band NAC solution that collects contextual data from network infrastructure rather than inspecting all network traffic inline. Deployment models include physical appliances, virtual machines, and cloud hosted instances.

FortiNAC supports:

• Hardware appliances for standalone or large deployments

• Virtual appliances on common hypervisors

• Cloud marketplace deployment options

High availability options include active/passive failover and N+1 failover group configurations for distributed environments requiring redundancy.

Licensing

FortiNAC licensing is offered in multiple tiers to match organisational needs:

PLUS License

Provides endpoint visibility, advanced access control, automated provisioning for users and devices, guest onboarding, and reporting capabilities.

PRO License

Builds on PLUS with automated threat response, event correlation, guided workflows, contextual alerting, and deeper integrations.

Licenses are available as perpetual or subscription models, scaled by the number of concurrent managed endpoints.

Hardware Specifications (CA-600F)

The FortiNAC CA-600F is a 1U rack-mount appliance designed for medium environments.

• CPU: AMD EPYC 7413, 24 cores, 2.65GHz base frequency

• Memory: 32GB DDR4

• Storage: 2 x 960GB SSDs

• Network Interfaces: 1 x GbE RJ45 and 4 x 10GbE SFP+

• RAID: Software RAID1

• Power: Hot-plug 1+1 redundant PSU

• Cooling: 5 system fans

Capacity and Performance

The CA-600F supports up to 30,000 managed endpoints and provides high performance for policy enforcement, anomaly detection, guest services, and API operations. It can scale to handle larger RADIUS and authentication loads, network flow analysis, and integration with multiple security systems across distributed sites.

Ideal Use Cases

FortiNAC CA-600F is well suited for:

• Medium to large enterprise networks

• Healthcare and manufacturing environments with significant IoT/OT presence

• Campus networks and multi-building deployments

• Networks requiring automated threat containment and Zero Trust enforcement

• Hybrid cloud and distributed branch architectures

View data sheet: FortiNAC Data Sheet