overview

Fortigate

As security architects consider how to provide comprehensive threat protection for their enterprises, including intrusion prevention, web filtering, anti-malware and application control, they face a major complexity hurdle managing these point products with no integration and lack of visibility. Gartner estimates that by 2019 80% of enterprise traffic will be encrypted and 50% of attacks targeting enterprise will be hidden in encrypted traffic.

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance including encrypted traffic. FortiGate reduces complexity with automated visibility into applications, users and network and provides security ratings to adopt security best practices. 

Product Details

FortiGate enterprise firewalls offer flexible deployments from the network edge to the core, data center, internal segment, and the Cloud. FortiGate enterprise firewalls leverages purpose-built security processors (SPUs) that delivers scalable performance of advanced security services like Threat Protection, SSL inspection, and ultra-low latency for protecting internal segments and mission critical environments.

FortiGate NGFW provides automated visibility into cloud applications, IoT devices and automatically discovers end to end topology view of the enterprise network. FortiGate is a core part of security fabric and validated security protect the enterprise network from known and unknown attacks.

BENEFITS

Features and Benefits

  • bank-notes-2448_bd66c927-7837-4dbf-bc25-d49656dfe619

    High-performance threat protection

    Industry’s highest threat protection and SSL inspection performance to protect from malware attacks hiding in encrypted traffic

  • bank-cards-2445_a1e87fce-3f73-4202-9204-4ad23d9ce522

    Validated security effectiveness

    Independently certified and continuous threat intelligence updates provide robust protection from known and unknown attacks

  • coins-2452_3800c0d7-bb74-4470-909a-e107b62b50e6

    Protect mission critical applications

    Highly scalable segmentation and ultra-low latency to protect network segments

  • pos-terminal-2470_861790a4-85dc-4da4-b645-64e5b80247d5

    Continuous risk assessment via automation

    Leverage automated workflow and auditing features to deal with scarce security staff and continuously maintain compliance posture

  • deposit-box-2465_8d0edd4a-0865-4431-b57f-e857a350022b

    Security Fabric integration

    Intelligently share threats across the entire digital attack surface to provide quick and automated protection

  • invoice-2474_16cf5270-ffa8-4c6e-b664-5b73fe167d57

    Enterprise class security management

    Deliver consistent security policy — Single pane-of-glass to manage security assets irrespective of location and form factor

Delivery

Available in

  • refresh-database-1856_a6704a77-603a-45b0-925d-41498e0fb1aa

    Appliance

  • radar-signal-727_b1dcc914-3ee5-449c-941e-d4684ee50ba3

    Virtual Machine

  • handshake-2819_4c48473b-74a8-4575-890d-e1824695a74c

    Cloud

FortiGuard Security Services for FortiGate: Next-Generation Firewalls

FortiGate NGFW receives continuous threat intelligence updates from FortiGuard Labs security services. Intrusion prevention, anti-malware, cloud sand-box, application control and web filtering protects enterprises from known and unknown advanced attacks

Application Control

Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.

Application Control is available as part of the NGFW service through the FortiGate next generation firewall and is a part of why Fortinet tied for the highest overall security effectiveness at 99.97% in the 2016 NGFW security tests from NSS Labs.

Conventional firewalls that only identify ports, protocols, and IP addresses can’t identify and control applications, but a next generation firewall can. FortiGate next gen firewalls with FortiOS and centralized management solutions offer extensive visibility into application usage in real time, as well as trends over time through views, visualizations, and reports. You can use application control to keep malicious, risky, and unwanted applications out of your network through control points at the perimeter, in the data center, and internally between network segments.

The FortiGuard Application Control Service:

Protects your organization better by blocking or restricting access to risky applications
Gives you visibility and control of thousands of applications and lets you add custom applications
Lets you fine-tune your policies based on application type via application categories
Optimizes bandwidth usage on your network by prioritizing, de-prioritizing, or blocking traffic based on application

FortiGuard Labs Global Threat Intelligence for Application Control

The intelligence delivered through the application control service comes from the global FortiGuard Labs development team. FortiGuard Labs, an industry-leading vulnerability research organization, integrates application intelligence with IPS to provide very high levels of NGFW and NGIPS security effectiveness.

Knowledge of the threat landscape combined with the ability to respond quickly at multiple levels is the foundation for providing effective security. Hundreds of researchers at FortiGuard Labs scour the cyber landscape every day to discover emerging threats and develop effective countermeasures to protect organizations around the world. More than 250,000 organizations globally use FortiGuard security.

Web Filtering Service

Protect your organization by blocking access to malicious, hacked, or inappropriate websites with FortiGuard Web Filtering. Web filtering is the first line of defense against web-based attacks. Malicious or hacked websites, a primary vector for initiating attacks, trigger downloads of malware, spyware, or risky content.

FortiGuard Web Filtering is the only web filtering service in the industry that is VBWeb certified for security effectiveness by Virus Bulletin. It blocked 97.7% of direct malware downloads and stopped 83.5% of malware served through all tested methods in Virus Bulletin’s 2015 VBWeb security testing. According to Virus Bulletin, Fortinet is the only vendor in the 2016 VBWeb tests confident enough in our security solution to share results in a public test.

The web filtering service is available through FortiGate next generation firewall, FortiSandbox, FortiClient, and FortiCache solutions, letting you easily see and control what websites your users are visiting.

The FortiGuard Web Filtering Service:

Improves security by blocking access to malicious and risky websites
Prevents malware downloads from malicious or hacked websites
Keeps your defense current with automatic intelligence tools, targeted threat analysis, and continuous updates
Controls access through policy-based controls with highly granular blocking and filtering
Lowers your entry and maintenance costs through device-based licensing
Customizes your implementation with the flexibility of both push and pull update options
Meets compliance requirements for both CIPA and BECTA

FortiGuard Labs Global Threat Intelligence for web filtering

Every minute of every day FortiGuard Labs processes approximately 43 million URL categorization requests and blocks 160,000 malicious websites. The web filtering service rates over 250 million websites and delivers nearly 1.5 million new URL ratings every week.

You can easily manage your protection with the ability to apply targeted and specific policies based on six major categories and nearly 80 micro-categories with ratings continuously updated via the FortiGuard Distribution Network (FDN).

FortiSandbox Cloud

Keep Advanced Threats out of Your NetworkWith advanced threats rapidly increasing in number and sophistication, a perimeter firewall is just not enough. You need security that effectively detects unknown threats to complement next-generation firewalls and other security devices in your network. FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiSandbox Cloud is fed back into preventive controls within your network—disarming the threat.

FortiSandbox Cloud as a FortiGuard service offers an alternate deployment option to the FortiSandbox hardware appliance. It delivers the same rapid detection and automated response but in the cloud. This provides unlimited flexibility to complement FortiGates in any deployment scenario such as distributed enterprise, data center, and more.

The FortiSandbox Cloud Service is available through the FortiGate next-generation firewall.

The FortiGuard FortiSandbox Cloud Service:

Earns top ratings: NSS Labs “Recommended” for breach detection and ICSA labs certified for advanced threat defense
Provides zero-day threat detection and response for the network
Eliminates management of a physical sandbox
Removes any performance limitations for threat analysis

FortiGuard Labs Global Threat Intelligence for Sandbox

FortiSandbox Cloud is powered by security intelligence from FortiGuard Labs that is continually updated to refine and evolve FortiSandbox to protect against new malware techniques. In 2015, FortiGuard Labs discovered 262 zero-day threats.

Antivirus Security Service

The best way to protect your organization is to keep malware out. Hackers use malware to:

  • Cause data breaches
  • Extort money by encrypting data and holding it for ransom
  • Expose your intellectual property
  • Disrupt business and destroy systems

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

Fortinet consistently receives superior effectiveness results in industry testing with AV Comparatives and Virus Bulletin. AV Comparatives awarded Fortinet its highest award, the Advanced+ rating for file detection and real-world protection. The 2015 VB100 Reactive and Proactive Test ranked Fortinet the security industry’s second highest business AV solution for security effectiveness.

The FortiGuard Antivirus Service:

Reduces the risk of data breach or damage caused by malware with highly effective antivirus protection delivered through multiple control points
Protects against the latest malware variants with proactive technologies able to block previously unknown threat variants
Keeps your protection up-to-date with hourly updates
Decreases management and operational costs with “set and forget” functionality
Lowers both your entry and maintenance costs with device-based licensing

FortiGuard Labs Global Threat Intelligence for Antivirus

Every minute of every day FortiGuard Labs neutralizes approximately 95,000 malware programs targeting traditional, mobile, and IoT platforms. Patented technologies enable FortiGuard Antivirus to identify thousands of current and future malware variants with a single signature – optimizing both security effectiveness and performance.

NGFW Service

Organizations are constantly under attack. Data breaches are on the rise, driving the requirement to add more security. It’s also key to have visibility into and control over network traffic, especially at the network perimeter and between network segments.

FortiGuard NGFW service delivers proven application control and intrusion prevention (IPS) technologies to improve overall security posture. Fortinet tied for the highest overall security effectiveness at 99.97% in the 2016 NGFW security tests from NSS Labs.

Conventional firewalls only identify port, protocol, and IP addresses, but FortiGuard Application Control for FortiGate next-generation firewalls provides extensive visibility into application usage and keeps malicious and risky applications out of your network. FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices. Our combination of real-time threat intelligence updates and thousands of existing intrusion prevention rules delivers the industry’s best IPS protection.

The FortiGuard NGFW Service:

  • Protects your organization better by blocking or restricting access to risky applications
  • Gives you visibility and control of thousands of applications and lets you add custom applications
  • Improves security posture by preventing network intrusions
  • Provides real-time threat intelligence updates to battle advanced cyber threats

FortiGuard Labs Global Threat Intelligence

The intelligence delivered through the application control service comes from the global FortiGuard Labs development team. FortiGuard Labs, an industry-leading vulnerability research organization, integrates application intelligence with IPS to provide very high levels of NGFW and NGIPS security effectiveness.

FortiGuard Labs creates 1,000 new intrusion prevention rules every week and has 58,000 application control rules in its database.

Virus Outbreak Protection Service

Protection Between Signature Updates

New FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database. You will always have our very latest in malware protection.

IP Reputation & Anti-Botnet Security Service

Attack signatures change. New bots and worms constantly evolve behaviors. Compromised hosts can remain launch pads for malware indefinitely. A key part of the attack kill chain on an organization is when the threat communicates with a command & control server – either to download additional threats or to exfiltrate stolen data. IP and domain address reputation block this communication, neutralizing threats.

The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.

The anti-botnet security service is available through the FortiGate next generation firewall.

The FortiGuard Anti-botnet Service :

  • Prevents botnets and other threats from communicating with command & control servers to exfiltrate data or download malware
  • Blocks large-scale DDoS attacks from known infected sources
  • Protects against malicious sources associated with web attacks, phishing activity, web scanning, scraping, and more
  • Lowers management and operational costs with “set and forget” functionality

Fortigate Services Bundles :

  • FortiGate Enterprise Bundle
  • FortiGate UTM Bundle
  • FortiGate Advanced Threat Protection Bundle
SSL VPN feature

As organizations have grown and become more complex, secure remote access to network resources has become critical for day-to-day operations. In addition, businesses are expected to provide clients with efficient, convenient services including knowledge bases and customer portals. Employees traveling across the country or around the world require timely and comprehensive access to network resources. As a result of the growing need for providing remote/mobile clients with easy, cost-effective and secure access to a multitude of resources, the concept of a Virtual Private Network (VPN) was developed.

SSL VPNs establish connectivity using SSL, which functions at Levels 4 – 5 (Transport and Session layers). Information is encapsulated at Levels 6 – 7 (Presentation and Application layers), and SSL VPNs communicate at the highest levels in the OSI model. SSL is not strictly a Virtual Private Network (VPN) technology that allows clients to connect to remote networks in a secure way. A VPN is a secure logical network created from physically separate networks. VPNs use encryption and other security methods to ensure that only authorized users can access the network. VPNs also ensure that the data transmitted between computers cannot be intercepted by unauthorized users. When data is encoded and transmitted over the Internet, the data is said to be sent through a “VPN tunnel”. A VPN tunnel is a nonapplication oriented tunnel that allows the users and networks to exchange a wide range of traffic regardless of application or protocol.

IPSec VPN

Virtual Private Network (VPN) technology enables remote users to connect to private computer networks to gain access to their resources in a secure way. For example, an employee traveling or working from home can use a VPN to securely access the office network through the Internet.

Instead of remotely logging on to a private network using an unencrypted and unsecure Internet connection, the use of a VPN ensures that unauthorized parties cannot access the office network and cannot intercept any of the information that is exchanged between the employee and the office.

It is also common to use a VPN to connect the private networks of two or more offices

Enterprise (ENT) bundle now includes:

CASB – providing visibility, compliance, data security and threat protection for your cloud-based services.

Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks

Security Rating Service – this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers.

The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes:

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiSandbox Cloud
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction
  • CASB
  • Security Rating
  • Industrial Security Service
  • FortiCare
UTM bundle now includes:

Threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes:

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Antispam
  • FortiCare

The FortiGuard Advantage:

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization.
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
Advanced Threat Protection Bundle includes:

the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes:

  • NGFW Application Control
  • IPS
  • Antivirus
  • Botnet
  • IP/Domain Reputation
  • Mobile Security
  • Web Filtering
  • Virus Outbreak Protection
  • Content Disarm & Reconstruction

The FortiGuard Advantage:

  • FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization.
  • Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
  • Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
Services Table
Services Advanced Threat Protection
(ATP)
Unified Protection
(UTM)
Enterprise Protection
(ENN)
A la Carte Protection
Threat Intelligence Services
Industrial Security Services
Security Rating
CASB
Web Filtering
Antivirus
Sandboxing
IPS
Antispam
Internet DB
IP Reputation
Application Control

Models and Specifications

Entry-level NGFW

FortiGate 30E

  • Threat
    protection Throughput
  • 150 Mbps
  • SSL Inspection
    Throughput
  • 160 Mbps
  • Network
    Interfaces
  • Multiple GE RJ45
    Wifi Variants

FortiGate 50E

  • Threat
    protection Throughput
  • 160 Mbps
  • SSL Inspection
    Throughput
  • 185 Mbps
  • Network
    Interfaces
  • Multiple GE RJ45
    WiFi Variants
    Variants with dual radios
    Variants with internal storage

FortiGate 60E

  • Threat
    protection Throughput
  • 200 Mbps
  • SSL Inspection
    Throughput
  • 175 Mbps
  • Network
    Interfaces
  • Multiple GE RJ45
    Wifi Variants
    Variants with internal Storage
    | Variants with
    PoE/+interfaces

FortiGate 60D - Rugged

  • Threat
    protection Throughput
  • 25 Mbps
  • SSL Inspection
    Throughput
  • 18 Mbps
  • Network
    Interfaces
  • 10x GE RJ45

FortiGate 80E

  • Threat
    protection Throughput
  • 250 Mbps
  • SSL Inspection
    Throughput
  • 180 Mbps
  • Network
    Interfaces
  • Multiple GE RJ45
    Variants with internal
    Storage | Variants with
    PoE/+interfaces

FortiGate 90E

  • Threat
    protection Throughput
  • 270 Mbps
  • SSL Inspection
    Throughput
  • 300 Mbps
  • Network
    Interfaces
  • Multiple GE RJ45
    Wifi Variants
Mid-range NGFW

FortiGate 200E

  • Threat
    protection Throughput
  • 1.2 Gbps
  • SSL Inspection
    Throughput
  • 1 Gbps
  • Network
    Interfaces
  • Multiple GE RJ45, GE SFP Slots

Compare Industry NGFW

FortiGate 300E

  • Threat
    protection Throughput
  • 3 Gbps
  • SSL Inspection
    Throughput
  • 6.8 Gbps
  • Network
    Interfaces
  • Multiple GE RJ45, and GE SFP Slots

Compare Industry NGFW

FortiGate 500E

  • Threat
    protection Throughput
  • 4.7 Gbps
  • SSL Inspection
    Throughput
  • 6.8 Gbps
  • Network
    Interfaces
  • Multiple GE RJ45, GE
    SFP and 10 GE SFP +
    Slots

Compare Industry NGFW

FortiGate 600D

  • Threat
    protection Throughput
  • 3 Gbps
  • SSL Inspection
    Throughput
  • 3.5 Gbps
  • Network
    Interfaces
  • Multiple GE RJ45
    GE SFP and 10 GE SFP+
    Slots

FortiGate 800D

  • Threat
    protection Throughput
  • 3 Gbps
  • SSL Inspection
    Throughput
  • 4 Gbps
  • Network
    Interfaces
  • Multiple GE RJ45
    GE SFP and 10 GE SFP+
    Slots and bypass GE RJ45 pairs

FortiGate 900D

  • Threat
    protection Throughput
  • 3 Gbps
  • SSL Inspection
    Throughput
  • 4 Gbps
  • Network
    Interfaces
  • Multiple GE RJ45
    GE SFP and 10 GE SFP+
    Slots
High-end

FortiGate 2500E

  • Threat
    protection Throughput
  • 5.4 Gbps
  • SSL Inspection
    Throughput
  • 11.5 Gbps
  • Network
    Interfaces
  • 10x 10GE SFP+, 2x
    10GE SFP+bypass,
    34x GE RJ45

FortiGate 3000D

  • Threat
    protection Throughput
  • 13 Gbps
  • SSL Inspection
    Throughput
  • 19 Gbps
  • Network
    Interfaces
  • Multiple 10 GE SFP+
    Multiple GE SFP and GE RJ45

FortiGate 3100D

  • Threat
    protection Throughput
  • 13 Gbps
  • SSL Inspection
    Throughput
  • 22 Gbps
  • Network
    Interfaces
  • Multiple 10 GE SFP+
    Multiple GE SFP and GE RJ45

FortiGate 3200D

  • Threat
    protection Throughput
  • 15 Gbps
  • SSL Inspection
    Throughput
  • 20 Gbps
  • Network
    Interfaces
  • Multiple GE RJ45 and
    10 GE SFP+/ GE
    SFP slots

FortiGate 3700D

  • Threat
    protection Throughput
  • 13 Gbps
  • SSL Inspection
    Throughput
  • 24 Gbps
  • Network
    Interfaces
  • Multiple 40 GE
    QSFP+, 10 GE SFP+
    and GE SFP

FortiGate 3800D

  • Threat
    protection Throughput
  • 13 Gbps
  • SSL Inspection
    Throughput
  • 23 Gbps
  • Network
    Interfaces
  • Multiple 100 GE
    CFP2. 40 GE QSFP+,
    10 GE SFP+ and/or
    Multiple GE SFP/ RJ45
    depending on variants

FortiGate 3960E

  • Threat
    protection Throughput
  • 13.5 Gbps
  • SSL Inspection
    Throughput
  • 30 Gbps
  • Network
    Interfaces
  • Multiple 40-100 GE
    QSFP+/QSFP28, 10
    GE SFP+and GE
    RJ45

FortiGate 3980E

  • Threat
    protection Throughput
  • 20 Gbps
  • SSL Inspection
    Throughput
  • 32 Gbps
  • Network
    Interfaces
  • 10x 100GE QSFP28,
    16x 10GE SFP+,2x
    GE RJ45
Ultra high-end NGFW

FortiGate 6300F

  • Threat
    protection Throughput
  • 60 Gbps
  • SSL Inspection
    Throughput
  • 90 Gbps
  • Network
    Interfaces
  • Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45

Compare Industry NGFW

FortiGate 6500F

  • Threat
    protection Throughput
  • 100 Gbps
  • SSL Inspection
    Throughput
  • 130 Gbps
  • Network
    Interfaces
  • Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45
Chassis-based NGFW

FortiGate 5001E

  • Threat
    protection Throughput
  • 13.5 Gbps
  • SSL Inspection
    Throughput
  • 17 Gbps
  • Network
    Interfaces
  • 2x 40GE QSFP+, 2x 10GE SFP+, 2x GE RJ45

FortiGate 7030E

  • Threat
    protection Throughput
  • 35 Gbps
  • SSL Inspection
    Throughput
  • 50 Gbps
  • Network
    Interfaces
  • Multiple 10 GE SFP+/SFP, 40 GE/100 GE QSFP28

FortiGate 7040E

  • Threat
    protection Throughput
  • 40 Gbps
  • SSL Inspection
    Throughput
  • 50 Gbps
  • Network
    Interfaces
  • Multiple 10 GE SFP+/SFP, 40 GE/100 GE CFP2/QSFP28

FortiGate 7060E

  • Threat
    protection Throughput
  • 80 Gbps
  • SSL Inspection
    Throughput
  • 100 Gbps
  • Network
    Interfaces
  • Multiple 10 GE SFP+/SFP, 40 GE/100 GE CFP2/QSFP28