Presented by:
Foad Godarzy, Sr. Director, Operational Technologies - Fortinet



Can we integrate Qulays with FortiNet?

FortiNAC integrate with Qualys scanner and can take action based on the scan result. 

When building a secure OT Architecture, what should we base ourselves on? (e.g. Purdue Model or others standards)

Purdue model and other standards/frameworks have many similarities in design and OT network architecture. If you are supposed to follow any standard or frameworks because of compliance, then that becomes your main focus. You can segment the network based on the Purdue model and apply the standard/framework requirements in each layer.

Presented by:
Michelle Balderson, Director Sales, SME Operational Technology, Canada - Fortinet
Leonardo Moreira, Business Development Engineer OT | LATAM & CAN - Fortinet



Do we need any passive sensor in the plant in order to get the communication protocols between PLC and other devices?

I believe the "passive sensor" that you mentioned are OT IDSes, like Nozomi, Claroty, Dragos and others. Those technologies are able to define a behavior baseline and generate alerts based on changes. So, if you want to be able to have east-west visibility on the same segment in your network, yes you can use it. We are not competitors, but partners and they can also integrate with Fortinet's solutions using Security Fabric.

What about the vulnerabilities, can we use Qulays with Fortinet?

Yes, we can. Qualys can integrate with FortiNAC and FortiWeb. More info about FortiNAC integration here, and Fortiweb integration here

Without passive sensor , can we see the communication between PLC and OT devices in FortiGate , as we already have Fortigate?

If traffic between the equipment is passing through the FortiGate, yes you can. You will, however, need the Industrial Security Service to provide visibility on industrial protocols. More info here: It's also good to mention that it's available on Enterprise Protection Bundle.

Where we can take the NLC training?

All training material, from NSE1 to NSE7, is available at

Can vendors providing SCADA support request remote access?

FortiGate provide remote access using tradicional IPSEC VPN, SSL VPN and SSL Portal. We also recommend using FortiToken to add MFA - Multiple Factor Authentication - to your systems.

Presented by:
Carlos Augusto, Regional Sales Manager Operational Technologies - Fortinet
Guylain Briand, Consulting Systems Engineer - Fortinet



What are the use cases for FortiNAC in an OT environment? Seeing as, implementing NAC for devices that can automatically disable OT interfaces, like HMI & PLCs, is not a viable solution.

The demonstration intended to show Micro-Segmentation, it might not be applicable in every part of a network to control access. In some part of the network FortiNAC might only be used to collect information in order to provide greater visibility and alerting of disconnect devices or new unknown device being connected.

Let's say I have layer 2 access switches and 1 layer 3 switch, that handles all the Layer 3 traffic, if I consider having the FortiNAC to do network segmentation, the FortiNAC will replace the core switch and handle all the layer 3 traffic. Is that right? 

FortiNAC will not replace any L2 or L3 device, it will leverage your existing equipment to learn, profile, alert and control access. A FortiGate could be added if you want to do the Micro-Segmentation that was presented during the demo.

What's the name of the feature, that disallows two machines to talk to each other within a same VLAN?

It will vary depending on the vendor but at Fortinet it is referred as "Access VLAN.” Another feature that can be leveraged would be Private VLAN(PVLAN) and this feature exists on many different platforms.

if i have aruba clearpass that takes care of authentication and authorization , can i still use FortiNAC to do network Segmentation ?

Absolutely, we have many customers using FortiNAC with Clearpass as a back-end RADIUS server.

Who do you define to be a site?

FortiNAC use containers and each container can contain L3, L2, AP, etc. devices. You can view a container as a site, wiring closet, function or any other logical function that better suit your need.

Do we need to install FortiNAC or is it built in FortiManager or FortiAnalyzer? Is it a separate buy other than FortiManager or FortiAnalyzer?

FortiNAC is a separate product, it is available in physical and virtual appliances.

Presented by:
Jeff Brown, Regional Sales Manager Operational Technologies - Fortinet
Leonardo Moreira, Business Development Engineer OT | LATAM & Canada - Fortinet

During this session, all questions were answered directly.