Fortinet FortiToken 200 hardware token
Mfg # FTK-200-50
CDW # 2904911
Know your gear
The FortiToken-200 allows organizations to deploy a two-factor authentication solution. It is an easy-to-use, one-time password (OTP) token that reduces the risk of compromise created by alternative single-factor authentication systems relying on, for example, static passwords. The FortiToken enables administrators with the need for two-factor authentication to offer enhanced security for both remote and on-premise users. The FortiToken-200 ensures that only authorized individuals access your organization's sensitive information - enabling business, protecting your data, lowering IT costs, and boosting user productivity.
Enhance your purchase
Fortinet FortiToken 200 hardware token is rated
4.00 out of
5 by
2.
Rated 5 out of
5 by
Sikhumbuzo Mthombeni from
Ease of administration, durable, and is capable of performing solid RADIUS authentications
What is our primary use case?
We use Fortinet FortiToken when a client requires it.
The FortiToken from Fortinet is primarily used for VPN authentication. That is one of the most common use cases. VPN authentication as well as two-factor authentication on VPN. In addition, two-factor authentication is required for administration access to the FortiGates.
In the rare case where the FortiAuthenticator is separate, they use it as a directory for the enterprise. It can also be used for other applications such as Microsoft. External applications and, on occasion, customer applications that use RADIUS.
What is most valuable?
I believe FortiToken is the simplest to implement. However, there is no difference in terms of features other than multi-factor authentication. It's very basic.
Ease of administration, which is not always a feature, but the ease of administration, token importing, and exporting, is why FortiToken has been considered as a multi-factor authentication solution.
What needs improvement?
FortiToken could be made much more flexible. They're doing very well now. I think having two-factor authentication on their firewalls for administration, as well as being able to use them for VPN access for MFA, was a great idea. However, in terms of a broader base of support, I believe their support for SAML, for example, could be greatly improved. OAuth, SAML, and other protocols that are more geared toward cloud-based applications, in my opinion.
I would like to see complete OAuth support. Also, if they can support it from a SaaS (Software as a Service) or cloud platform, that would be great.
For how long have I used the solution?
I have been working with Fortinet FortiToken for four or five years.
There are two kinds of customers. There are clients for whom we only implement and clients for whom we manage. Where we have a managed service with the client, we keep them on the most recent version, which is N-1.
What do I think about the stability of the solution?
Fortinet FortiToken is very durable and stable.
What do I think about the scalability of the solution?
If you don't use the VM solution, it's not very scalable because, from a hardware point of view, you almost have to buy hardware and do a full replacement. From that perspective, I wouldn't say it's scalable. But, again, if you're using your VM you would have to rebuild your VM.
I wouldn't go so far as to say it's not scalable. However, when it comes to the number of users, it is very scalable in terms of being able to cater to a small environment of five users versus 100,000. But, in my opinion, when you have to migrate as your environment grows, it's not very scalable. It is, but it is difficult to import and export through it.
The number of users we have is probably in the region of 20 or 25.
It would be on a daily basis because you have to log on all the time, especially now that you're remote. And MFA is required by the majority of our company or clients.
How are customer service and support?
I work with Fortinet support on a regular basis.
In terms of support, Fortinet is one of the better vendors. However, they face significant challenges when it comes to getting a response. When you log a support call, getting the response you want is always a problem. It's almost as if you're being passed from one engineer to the next, and it's extremely difficult to articulate the problem and get a response.
Which solution did I use previously and why did I switch?
I don't use them myself, we are integrators. A few clients use Fortinet FortiAuthenticator, Fortinet FortiToken, McAfee Total Protection for Data Loss Prevention, Trend Micro Integrated Data Loss Prevention, and GTB Technologies Inspector, but they use FortiToken specifically. I believe I added RSA Authentication Manager, followed by Cisco, Jira.
How was the initial setup?
The initial setup is extremely simple. The FortiAuthenticator and FortiToken are unquestionably the simplest multi-factor authentication solution to implement.
It takes two to three hours to get it up and running. But, the biggest challenge is always the user element, where you have to get users to install the application and communicate with them. That can take you a lot of time depending on the size of your organization and the level of technological sophistication of your end users.
That would require a significant amount of time. But the initial setup, which is to set up the FortiAuthenticator, import the tokens and integrate that with, the FortiGates, is very simple and doesn't take long.
What other advice do I have?
Yes, absolutely, I would recommend this solution, especially for clients performing standard RADIUS authentications, because I believe they're quite solid. I believe where it becomes more difficult is with open authentication protocols such as SAML and OAuth. Fortinet has a long way to go in this area.
I would rate Fortinet FortiToken an eight out of ten.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2022-02-27T00:00:00-05:00
Rated 5 out of
5 by
reviewer1393488 from
The cost of ownership is lower than most solutions, but support could resolve issues faster
What is our primary use case?
FortiToken is a second-factor authentication solution mapped to the on-prem firewall. Any user who connects to the firewall for VPN uses the token for authentication. Our client is the end-user, and we manage it for them. We acquired FortiToken five years ago and additional tokens every year since then. The token is just a piece of hardware, so there's nothing to be refreshed over there.
How has it helped my organization?
FortiToken helps us meet compliance requirements where applications or any authentication needs to use two factors. In addition to a password, there has to be a second factor for authentication.
What is most valuable?
FortiToken is available in a soft or hard token factor, so there's some flexibility in that. Beyond that, I would say it is a stable solution that has worked for us.
What needs improvement?
Usually, there are operational issues for tokens, but problems have been minimal.
For how long have I used the solution?
We have been using FortiToken for at least five years.
What do I think about the stability of the solution?
FortiToken is a stable problem. We haven't had any issues.
What do I think about the scalability of the solution?
If you are able to predict your scale, you can buy a box that will scale up to your projected requirement. Of course, it is not endless. If you're growing beyond what you had forecasted, you'll need to buy a bigger box or change solutions. Right now, we have at least 6,000 users.
How are customer service and support?
Fortinet support has some room for improvement. It has taken a long time to resolve some issues or find a workaround.
How was the initial setup?
We didn't see any major issues setting up FortiToken. It doesn't take more than two or three weeks. A lot of that was logistics because the initial deployment was done with 5,000 tokens distributed across a wide geographical range. We don't have a dedicated team for FortiToken. The team handling all the firewalls also manages this solution.
What about the implementation team?
There was a Fortinet partner which was involved in setting it up.
What's my experience with pricing, setup cost, and licensing?
FortiToken's price is optimal for us, but India is a price-sensitive market, so a lower price would definitely help. Overall, it's cheaper than other solutions. Of course, we evaluated it five years back, and I haven't checked to see its current market position, but one reason we adopted FortiToken is its lower cost of ownership relative to other solutions we evaluated.
What other advice do I have?
I rate Fortinet FortiToken seven out of 10. I recommend it depending on the use case. It's a good option if you need a stable product that can. It meets all the requirements for scalability, security, and reliability.
Which deployment model are you using for this solution?
On-premises
Disclaimer: My company has a business relationship with this vendor other than being a customer:
Date published: 2022-02-25T00:00:00-05:00