Fortinet a Top 3 vendor for Enterprise Firewall Gartner Enterprise Firewall Magic Quadrant December 2011

Overview Gartner published its Enterprise Firewall Magic Quadrant, December 2011, an annual report that assesses the state of the network security firewall market as it applies to large enterprise. In this report, Fortinet improved its position on both the ability to execute and completeness of vision axes. Fortinets vision is to offer the highest performing integrated security appliances in the market. In 2002, we pioneered multithreat security appliances, and have been very successful. That said, Fortinets vision (multi-function security, named UTM by IDC for unified threat management) doesnt mirror Gartners definition of the enterprise markets. Nonetheless, Gartner positioned Fortinet as one of the top 3 vendors in the enterprise firewall market given our solid execution and that Next Generation Firewall is a merely a subset of a unified threat management product. High-Level Analysis Fortinet continues to get positive reviews for the delivery of new features and products, and as clients report easy deployments. Fortinet has a large R&D team and uses this to consistently deliver the most sophisticated technology and outmaneuver competitors that often rely on OEM arrangements. This has enabled Fortinet to maintain roadmap agility, get to market quickly with both new features and features that are fully console-integrated, and better integrate features without relying on other companies. This also has enabled Fortinet to expand its portfolio of non-firewall network security offerings, which provides increasing cross-selling opportunities. Fortinet continues to increase its wins against the larger firewall incumbents, and it gained additional footholds in emerging areas, such as in-the-cloud firewalls and with
Fortinet Confidential - Fortinet and Authorized Partners Only

carriers/ISPs where high-end performance is required. Fortinet is price-competitive, especially when using multiple virtual domains, and appliance reliability is reported as very high. Fortinet has invested substantially in obtaining and completing certifications and testing suites (Common Criteria, Federal Information Processing Standard [FIPS], NSS Labs and ICSA Labs) that appeal to a wide array of customers. Fortinet firewalls have high-end performance from purpose-built hardware and a wide model range (more than 20 appliance models), including bladed appliances for large enterprises and carriers, as well as SMB and branch office solutions. Although many competitors are increasing their reliance on Intel for their future performance gains, Fortinet (much as in its software development) maintains control of its own dual processors one application-specific integrated circuit (ASIC) for network security operations and the second for content inspection. The Advanced Mezzanine Card (AMC) expansion slot options for the enterprise-class models include an onboard security ASIC with additional ports and a hard drive providing investment preservation without having to resort to only appliance replacement, like many competitors. The AMC port options also minimize appliance replacement by allowing upgrades without replacing the whole box.

Overall enterprises look at integrated firewalls, IPS, VPN and URL filtering to solve a problem of visibility and control regardless of IDC or Gartner definition, Fortinet in all analyst reports demonstrates clear leadership in vision, execution and market share.

Fortinet Confidential - Fortinet and Authorized Partners Only

Gartner Report: Response The Gartner Enterprise Firewall Magic Quadrant December 2011 includes strength and challenges for every vendor. In it, Gartner calls out several Fortinet strengths. Gartner: Where Fortinet was shortlisted but not selected in enterprises, the management capabilities were most often listed as the reason. However, where aggressive console use is not required, or where multiple firewalls share the same policy, the Fortinet console is highly competitive. Fortinet: We have always been focused on providing the most powerful security products in the industry, as well as strived to ensure the installation and configuration is both simple to use and provides a rich feature set for advanced deployment requirements. In addition, the FortiManager product continues to improve, providing a scalable and simple to use central management solution for thousands of appliances, virtual appliances and endpoints. FortiGate has two major improvements for the FortiManager, which includes the MR2 and MR3 releases to enhance usability, scalability, and capabilities for centralized management.

Gartner: Post-sales service and support do not win Fortinet selections over competitors; however, support and enterprise sales have been steadily improving in the enterprise, especially for premium-level support. Fortinet: Our attention to enterprise-class support capabilities is ongoing. Within the past year, we have added head count, recruited partners, and made significant monetary investment in our global support group and programs. Today we have 24/7 call center support, 4 hour RMA, and on-site technical account managers on a global scale.

Gartner: Fortinet does not have a dedicated NGFW, but instead presents its UTM product, expecting a subset to be used. Fortinet's marketing that is focused on using UTM for enterprises undervalues Fortinet's enterprise offerings and steers away larger customers. Fortinet has historically defined enterprises as 500 users about half the number used by Gartner and competitors. The UTM messaging also has enterprises excluding Fortinet from NGFW shortlists, even when the necessary capabilities (such as application control) are present. Fortinet: The FortiOS/FortiGate is able to address each Gartner NGFW requirements plus more. According to Gartner NGFW definition, the listed the following requirements: Support in-line bump in the wire configuration without disrupting network operations Act as a platform for network traffic inspection and network security policy
Fortinet Confidential - Fortinet and Authorized Partners Only

enforcement, with the following minimum features: Standard first-generation firewall capabilities: Use packet filtering, network address translation, stateful protocol inspection, VPN capabilities and so on. Integrated rather than merely co-located network intrusion prevention: Support vulnerability facing signatures and threat facing signatures. The IPS interaction with the firewall should be greater than the sum of the parts, such as providing a suggested firewall rule to block an address that is continually loading the IPS with bad traffic. This exemplifies that, in the NGFW, it is the firewall correlates rather than the operator having to derive and implement solutions across consoles. Having high quality in the integrated IPS engine and signatures is a primary characteristic. Integration can include features such as providing suggested blocking at the firewall based on IPS inspection of sites only providing malware. Application awareness and full stack visibility: Identify application and enforce network security policy at the application layer independent of port and protocol versus protocol, port, and services. Extra-firewall intelligence: Bring information from source outside the firewall to make improved blocking decisions, or have an optimized blocking rule base. Examples include using directory integration to tie blocking to user identity, or having blacklists and white lists of addresses. Support upgrades paths for integration of new information feeds and new techniques to address future threats.

Gartner: Fortinet does not have a strong third-party security vendor ecosystem compared with the major enterprise firewall incumbents. Fortinet: We have working relationship with a number of strategic and technology partners. Strategic Partners http://www.fortinet.com/partners/alliance s/strategicpartners.html Technology Partners http://www.fortinet.com/partners/alliance s/technologypartners.html If you have further questions and concerns about this report, please contact Rodney Mock at rmock@fortinet.com or +1 408 235-7700 x304.
Fortinet Confidential - Fortinet and Authorized Partners Only
Legal Note: Copyright 2011 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Nothing herein is a contractually binding warranty or commitment. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.