Вы находитесь на странице: 1из 131

Fortinet Product Quick Guide

January, 2013

February 18, 2013


1

Content Product Overview FortiGate/FortiWifi FortiAP FortiClient FortiAnalyzer FortiManager FortiAuthenticator FortiDDoS FortiMail FortiWeb FortiDB FortiScan FortiBalancer FortiCache FortiDNS FortiSwitch

Product Overview

Broad Product Portfolio

FortiDDoS SERVICE PROVIDER FortiGate 3000-5000 Series FortiAuthenticator

SMALL/MEDIUM ENTERPRISE FortiGate 20-1000 Series

VM

LARGE ENTERPRISE FortiGate 1000-3000 Series


FortiScan FortiManager FortiAnalyzer FortiMail FortiWeb

FortiSwitch

FortiAP

FortiDB

Fortinet Product Portfolio


FortiGate
Network Security Platform

FortiMail
Messaging Security Gateway

FortiDB
Database Security Solution

FortiDDoS
Application D/DOS Mitigator

Security
FortiAP
Wireless Access

FortiWeb
Web Application Firewall

FortiScan
Vulnerability Management

FortiAuthenticator
Access Management

FortiBalancer
Application Delivery

FortiDNS
High Performance DNS Server

FortiSwitch
Wired Access

FortiClient
Endpoint Security

FortiCache
Content Caching

FortiVoice
VoIP & IP Telephony

Network Services

FortiToken
2-Factor Authentication

FortiManager
Centralized Device Manager

FortiAnalyzer
Centralized Logging & Reporting

Management

FortiGuard
Security & Network Services

FortiCare
Support Services

FortiCloud
Hosted Services

Services

Also Available as Virtual Appliance

FortiGate/FortiWiFi

FortiGate: Integrated Architecture

Real-Time Protection

FortiGuard Updates
AV Firewall WLAN IPS VPN VoIP Web Filter Antispam DLP SSL Insp WAN Opt HA App Ctrl VM

Fully Integrated Security & Networking Technologies

Traffic Shaping Load Balancing

Hardened Platform

Specialized OS Purpose-Built Hardware FortiCare FortiGuard Labs

High Performance

Support and Services

Purpose-built to deliver overlapping, complementary security Provides both flexibility & defense-in-depth capabilities
7

Anatomy of a FortiGate

FortiCare
Standard and extended hardware, software and support packages
8x5 Enhanced: 8x5 Support, Return and Replace, Firmware Upgrades 24x7 Comprehensive: 24x7 Support, Advanced Hardware Replacement (NBD), Firmware Upgrades

Fortinet Premium Services


Enhanced SLAs and TAM

Fortinet Prof. and Consultation Services


Design and Implementation

Certification & Customized Courses


In-depth Training Sessions

Anatomy of a FortiGate

FortiGate Hardware Appliance


Purposed built high performance systems Acceleration chips Wired and Wireless Connectivity

FortiGate Virtual Appliance


UTM solution for Cloud environment

Content Processor

Network Processor

Security Processor

Anatomy of a FortiGate

FortiOS Operating Systems


Proprietary OS, eliminates vulnerabilities & issues associated with common OSes Harden and small footprint for security & efficiency Runs on flash, more reliable Nearly common feature set across all platform * Default with 10 VDOMs*
WebUI, CLI Dashboard & Statistics SNMP Monitoring Syslogging

In-box Reporting *

Email Alerts

Content Archives

SFLOW

* Available on selected models.

10

Anatomy of a FortiGate

Features & Capabilities


Available by default, no requirement for hidden charges and software upgrades
HA: A-A, A-P, Virtual cluster, weighted
Firewall VPN IPS App. Ctrl AntiVirus Web Filter

IPv6 FW + UTM Routing Protocols Wireless Controller

AntiSpam

DLP

NAC

Vuln Mgmt

Traffic Shaping

WAN opt.

Server LB

11

Anatomy of a FortiGate

FortiGuard Subscription Services


FortiGuard AntiVirus Service FortiGuard IPS Service

FortiGuard WCF Service


FortiGuard Antispam Service

Deliver real-time Automated Updates Industry Leading Threat Response Time Comprehensive Threat Library 24x7x365 Operations Power by Fortinet in-house Global Threat Research Team

12

FortiGate Small Business Devices


Security Appliances For Small/Home Offices & Small Branch Offices
High performance, feature-rich multithreat security for Branch Offices, SoHo and telecommuters

Primary Benefits:
FWF-20C FGT-20C FWF-40C FGT-40C FWF-60D FGT-60D High speed Firewall and IPSec VPN performance High Speed Application Control Accelerated IPS/AV performance

On board storage for WAN Optimization, local reporting and archiving


FWF-80C FGT-80C FG-100D Integrated WiFi on certain models

13

FortiGate Small Business Devices: Comparison


FGT-20C
Firewall (1518/512/64 byte UDP) 20 / 20 / 20 Mbps 10,000 1,000 20 Mbps 20 Mbps 12/20 Mbps 20 -

FGT-40C
200 / 200 / 200 Mbps 40,000 2,000 60 Mbps 135 Mbps 20/40 Mbps 5 100 -

FGT-60C
1/1/1 Gbps 400,000 3,000 70 Mbps 135 Mbps 20/40 Mbps 5 100 10 / 10

FGT-60D
1.5 /1.5 /1.5 Gbps 500,000 3,200 1 Gbps 200 Mbps 35 /50 Mbps 5 100 10 / 10

FGT-80C
1/1/1 Gbps 1 Mil 12,000 140 Mbps 350 Mbps 50/190 Mbps 16 100 10 / 10

FGT-100D
2500 / 1000 / 200 Mbps 2.5 Mil 22,000 450 Mbps 950 Mbps 300/700 Mbps 32 1,000 10 / 10

Concurrent Sessions
New Sessions/Sec IPSec VPN IPS (HTTP) Antivirus (Proxy/Flow) Max FortiAP Max FortiToken VDOM (Default/Max)

Storage

2GB

4GB

8GB
WiFi, Ana. Modem, Wifi + Ana. Modem, LENC, SFP, POE, ADSL

16 GB

8GB WiFi, Ana. Modem, Wifi + Ana. Modem, LENC

32GB

Variants

WiFi, LENC, ADSL

WiFi, LENC

WiFi

LENC

14

FortiGate Small Business Devices: Comparison

FWF20C

FWF40C

FWF60C

FWF60D

FWF80C FWF81CM

Thick AP
Thin AP #of WiFi radios Supported Std

1 a/b/g/n

Option 1 a/b/g/n

Option 1 a/b/g/n

Option 1 a/b/g/n

Option 1 a/b/g/n

802.11n
Max wireless association rate total SSIDs (incl. reserved)

2x2 MIMO
300Mbps 7

2x2 MIMO
300Mbps 7

2x2 MIMO
300Mbps 7

2x2 MIMO
300Mbps 7

2x3 MIMO
300Mbps 7

15

FortiGate-20C

1x GbE Copper WAN Interface Ports 4x GbE Copper Switch Ports

Hardware Performance
Firewall Throughput (1518/512/64) 20/20/20 Mbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 20 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

6 s
10,000 1,000 5,000 20 Mbps NA

12 / 20 Mbps
NA NA 20 100 NA

16

FortiWiFi-20C

1x GbE Copper WAN Interface Ports 4x GbE Copper Switch Ports

Hardware Performance
Firewall Throughput (1518/512/64) 20/20/20 Mbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 20 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

6 s
10,000 1,000 5,000 20 Mbps NA

12 / 20 Mbps
NA NA 20 100 NA

17

FortiGate-20C-ADSL

1x ADSL Interface Ports 4x GbE Copper Switch Ports

Hardware Performance
Firewall Throughput (1518/512/64) 20/20/20 Mbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 20 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

6 s
10,000 1,000 5,000 20 Mbps NA

12 / 20 Mbps
NA NA 20 100 NA

18

FortiWiFi-20C-ADSL

1x ADSL Interface Ports 4x GbE Copper Switch Ports

Hardware Performance
Firewall Throughput (1518/512/64) 20/20/20 Mbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 20 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

6 s
10,000 1,000 5,000 20 Mbps NA

12 / 20 Mbps
NA NA 20 100 NA

19

FortiGate-40C

2x GbE Copper WAN Interface Ports 5x GbE Copper Switch Ports

Hardware Performance
Firewall Throughput (1518/512/64) 200/200/200 Mbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 135 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

3 s
40,000 2,000 5,000 60 Mbps 15 Mbps

20 / 40 Mbps
NA 5 100 250 40

20

FortiWiFi-40C

2x GbE Copper WAN Interface Ports 5x GbE Copper Switch Ports

Hardware Performance
Firewall Throughput (1518/512/64) 200/200/200 Mbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 135 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

3 s
40,000 2,000 5,000 60 Mbps 15 Mbps

20 / 40 Mbps
NA 5 100 250 40

21

FortiGate-60C

2x GbE Copper WAN Interface Ports 1x GbE Copper DMZ Interface Port 5x GbE Copper Configurable Ports ExpressCard Slot

Hardware Performance
Firewall Throughput (1518/512/64) 1 / 1 / 1 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 135 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
400,000 3,000 5,000 70 Mbps 15 Mbps

20 / 40 Mbps
10 / 10 5 100 500 60

22

FortiWifi-60C

2x GbE Copper WAN Interface Ports 1x GbE Copper DMZ Interface Port 5x GbE Copper Configurable Ports ExpressCard Slot

Hardware Performance
Firewall Throughput (1518/512/64) 1 / 1 / 1 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 135 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
400,000 3,000 5,000 70 Mbps 15 Mbps

20 / 40 Mbps
10 / 10 5 100 500 60

23

FortiWifi-60CM

2x GbE Copper WAN Interface Ports 1x GbE Copper DMZ Interface Port 5x GbE Copper Configurable Ports ExpressCard Slot

Hardware Performance
Firewall Throughput (1518/512/64) 1 / 1 / 1 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 135 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
400,000 3,000 5,000 70 Mbps 15 Mbps

20 / 40 Mbps
10 / 10 5 100 500 60

24

FortiGate-60C-SFP

1x SFP WAN Slot 2x GbE Copper WAN Interface Ports 5x GbE Copper Configurable Ports

Hardware Performance
Firewall Throughput (1518/512/64) 1 / 1 / 1 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 135 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
400,000 3,000 5,000 70 Mbps 15 Mbps

20 / 40 Mbps
10 / 10 5 100 500 60

25

FortiGate-60C-POE

2 3 5

4x GbE POE+ Ports 20 x GbE POE Ports 1x GbE Management Port

Hardware Performance
Firewall Throughput (1518/512/64) 1 / 1 / 1 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 135 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
400,000 3,000 5,000 70 Mbps 15 Mbps

20 / 40 Mbps
10 / 10 5 100 500 60

26

FortiGate-60D

3 4 5

2x GbE WAN Ports 1x GbE DMZ Ports 7x GbE Ethernet Ports

Hardware Performance
Firewall Throughput (1518/512/64) 1.5 / 1.5 / 1.5 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 200 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
500,000 3,200 5,000 1 Gbps 30 Mbps

35 / 50 Mbps
10 / 10 5 100 500 60

27

FortiWiFi-60D

3 4 5

2x GbE WAN Ports 1x GbE DMZ Ports 7x GbE Ethernet Ports

Hardware Performance
Firewall Throughput (1518/512/64) 1.5 / 1.5 / 1.5 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 200 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
500,000 3,200 5,000 1 Gbps 30 Mbps

35 / 50 Mbps
10 / 10 5 100 500 60

28

FortiGate-80C

2x GbE Copper WAN Interface Ports 1x FE DMZ Interface Port 6x FE Configurable Ports ExpressCard slot

Hardware Performance
Firewall Throughput (1518/512/64) 1900/700/120 Mbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 350 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

45 s
1 Mil 12 K 5,000 140 Mbps 70 Mbps

50/190 Mbps
10/10 16 100 1,000 60

29

FortiGate-80CM

2x GbE Copper WAN Interface Ports 1x FE DMZ Interface Port 6x FE Configurable Ports ExpressCard slot

Hardware Performance
Firewall Throughput (1518/512/64) 1900/700/120 Mbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 350 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

45 s
1 Mil 12 K 5,000 140 Mbps 70 Mbps

50/190 Mbps
10/10 16 100 1,000 60

30

FortiWiFi-80CM

2x GbE Copper WAN Interface Ports 1x FE DMZ Interface Port 6x FE Configurable Ports ExpressCard slot

Hardware Performance
Firewall Throughput (1518/512/64) 1900/700/120 Mbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 350 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

45 s
1 Mil 12 K 5,000 140 Mbps 70 Mbps

50/190 Mbps
10/10 16 100 1,000 60

31

FortiGate-100D

2x GbE Copper WAN Interface Ports 1x GbE Copper DMZ Interface Port 1x GbE Copper Mgmt Interface Port 2x GbE Copper HA Interface Port 14x GbE Copper Configurable Ports 2x Shared Media interfaces pairs

Hardware Performance
Firewall Throughput (1518/512/64) 2500 / 1000 / 200 Mbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 950 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

37 s
2.5 Mil 22,000 10,000 450 Mbps 300 Mbps

300 / 700 Mbps


10 / 10 32 1,000 5,000 200

32

FortiGate-Rugged-100C

2x GbE Copper Interfaces 4x FE Copper Interfaces 4x 100Base-FX Interface (SC)

Hardware Performance
Firewall Throughput (1518/512/64) 2000 / 1000 / 180 Mbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 950 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

34 s
2.5 Mil 22,000 10,000 60 Mbps 100 Mbps

300 / 700 Mbps


10 / 10 32 1,000 5,000 200

33

FortiGate Mid-Range Devices


Mid-Range Security Appliances For Mid-Size Organizations & Large Enterprise Branch Offices
High performance multi-threat security for medium-sized enterprises and branch offices of large enterprises. Higher price/performance ratio and more interfaces than any products in their class

FGT-1240B

FGT-1000C FGT-800C FGT600C FGT300C

Primary Benefits:
High speed Firewall and IPSec VPN performance High Speed Application Control Accelerated IPS/AV performance On board storage for WAN Optimization, local reporting and archiving*
*FGT-200B requires optional HDD

FGT-200B FGT-200B-POE

34

FortiGate Mid Range Devices: Comparison

FGT-200B
Firewall (1518/512/64 byte UDP) Concurrent Sessions New Sessions/Sec IPSec VPN IPS (HTTP) Antivirus (Proxy/Flow) Max FortiAP Max FortiToken VDOM (Default/Max) Storage Variants 5/5/4 Gbps 500 K 15,000 2.5 Gbps 650 Mbps 95 / 200 Mbps 32 1,000 64 GB opt. POE ,LENC

FGT-300C
8/8/8 Gbps 2 Mil 50,000 4.5 Gbps 1.4 Gbps 200 / 550 Mbps 256 1,000 10 / 10 16 GB LENC

FG-600C
16 / 16 /16 Gbps 3 Mil 70,000 8 Gbps 3 Gbps 1.3 /1.7 Gbps 512 1,000 10 / 10 64 GB DC, LENC

FG-800C
20 / 20 / 20 Gbps 7 Mil 190,000 8 Gbps 6 Gbps 1.7 / 2.1 Gbps 512 1,000 10 / 10 64 GB -

FG-1000C
20 / 20 / 20 Gbps 7 Mil 190,000 8 Gbps 6 Gbps 1.7 / 2.1 Gbps 512 3,000 10 / 250 128 GB DC

FG-1240B
40-44 / 40-44 / 38-42 Gbps 5 Mil 120,000 16-18.5 Gbps 5-8 Gbps 1.2 / 1.6 Gbps 512 3,000 10 / 250 64 GB, 384 GB opt. DC

35

FortiGate-200B

4x GbE Copper NP2 accelerated Interface Ports 4x GbE Copper Interface Ports 8x FE Configurable Ports

Hardware Performance
Firewall Throughput (1518/512/64) 5/4/2.5 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 650 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

2 s
500 K 15 K 10,000 2.5 Gbps 110 Mbps

95/200 Mbps
10/10 32 1,000 2,000 200

36

FortiGate-200B-POE

4x 10/100/1000 NP2 accelerated Interface Ports 4x 10/100/1000 Interface Ports 8x 10/100 Configurable PoE Ports

Hardware Performance
Firewall Throughput (1518/512/64) 5/4/2.5 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 650 Mbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

2 s
500 K 15 K 10,000 2.5 Gbps 110 Mbps

95/200 Mbps
10/10 32 1,000 2,000 200

37

FortiGate-300C

8x 10/100/1000 NP2 accelerated Interface Ports 2x 10/100/1000 Interface Ports Redundant DC Power connector

Hardware Performance
Firewall Throughput (1518/512/64) 8/8/8 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 1.4 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies ( System/VDOM) IPSec VPN Throughput SSL-VPN Throughput

2 s
2 Mil 50,000 10,000 4.5 Gbps 200 Mbps

200 / 550 Mbps


10 / 10 256 1,000 10,000 500

38

FortiGate-600C

16x 10/100/1000 NP4 accelerated Interface Ports 2x 10/100/1000 Interface Ports 2x Shared Media interfaces pairs 1 pair Bypass Interfaces

Hardware Performance
Firewall Throughput (1518/512/64) 16/16/16 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 4 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

7 s
3 Mil 70,000 10,000 8 Gbps 500 Mbps

1.3G / 1.7G Mbps


10/10 512 1,000 50,000 1,000

39

FortiGate-800C

12x 10/100/1000 NP4 accelerated Interface Ports 2x 10Gb SF+ slots 2x 10/100/1000 Interface Ports 4x Shared Media interfaces pairs 2 pair Bypass Interfaces

Hardware Performance
Firewall Throughput (1518/512/64) 20/20/20 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 6 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

6 s
7 Mil 190,000 10,000 8 Gbps 1 Gbps

1.7/2.1 Gbps
10/10 512 1,000 50,000 1,000

40

FortiGate-1000C

12x 10/100/1000 NP4 accelerated Interface Ports 2x 10Gb SFP+ slots 2x 10/100/1000 Interface Ports 4x Shared Media interfaces pairs 2 pair Bypass Interfaces

Hardware Performance
Firewall Throughput (1518/512/64) 20/20/20 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 6 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

6 s
7 Mil 190,000 100,000 8 Gbps 1 Gbps

1.7/2.1 Gbps
10/250 512 3,000 50,000 3,000

41

FortiGate-1240B

24x Gigabit NP4 Accelerated SFP Interface Slots 14x 10/100/1000 NP4 accelerated Interface Ports 2x 10/100/1000 Interface Ports 1x Single-Width AMC Slot

Hardware Performance
Firewall Throughput (1518/512/64) Concurrent Latency Concurrent Sessions New Sessions/Sec Firewall Policies 40/40/38 44/44/42 Gbps 7 s 5 Mil 120,000 100,000 IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens 5-8 Gbps 1.2/1.6 Gbps 10/250 512 3,000

IPSec VPN Throughput


SSL-VPN Throughput

16-18.5 Gbps
370 Mbps

Client-to-Gateway IPSec VPN Tunnels


Concurrent SSL-VPN Users (Recommended Max)

50,000
1,500

42

FortiGate 3000 Series


Security Appliances For Large Enterprises & Managed Service Providers
FG-3040B

Ideal for securing traditional highbandwidth networks, as well as virtualized, or cloud-based infrastructures. Higher price/performance ratio and more interfaces than any products in their class Primary Benefits:
Rich feature set for protecting next generation networks, including integrated IPS, application control, user-based policies, and endpoint policy enforcement On-board storage for WAN Optimization, local reporting and archiving

FG-3140B

FG-3240C

FG-3950B

Integration with FortiManager and FortiAnalyzer simplifies management, reporting and analysis for up to thousands of Fortinet devices

43

FortiGate 3000 Series: Comparison

FGT-3040B
Firewall (1518/512/64 byte UDP) Concurrent Sessions New Sessions/Sec IPSec VPN IPS (HTTP) Antivirus (Proxy/Flow) Max FortiAP Max FortiToken VDOM (Default/Max) Storage Variants 40 / 40 / 40 Gbps 5 Mil 200,000 17 Gbps 6 Gbps 2.3 / 4.5 Gbps 1,024 5,000 10 / 250 64 GB, 256 GB opt. LENC

FGT-3140B
58 / 55 /43 Gbps 10 Mil 200,000 22 Gbps 8.4 Gbps 2.3 / 4.5 Gbps 1,024 5,000 10 / 250 64 GB, 256 GB opt. LENC

FGT-3240C
40 / 40 /40 Gbps 10 Mil 200,000 17 Gbps 8 Gbps 2.6 / 5 Gbps 1,024 5,000 10 / 500 64 GB DC, LENC

FGT-3950B
20-120 / 20-120 / 20120 Gbps 20 Mil 250,000 8 50.5 Gbps 20 Gbps 4 / 15 Gbps 1,024 5,000 10 / 500 256 GB DC, LENC

44

FortiGate-3040B

10x Gigabit NP4 Accelerated SFP Interface Slots 8x 10G NP4 accelerated SFP+ Slots (2x transceivers default) 2x 10/100/1000 Interface Ports

Hardware Performance
Firewall Throughput (1518/512/64) 40/40/40 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 6 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
10 Mil 200,000 100,000 17 Gbps 500 Mbps

2.3/4.5 Gbps
10/250 1,024 5,000 64,000 22,000

45

FortiGate-3140B

2x SP2 Accelerated SFP+ Slots 10x Gigabit NP4 Accelerated SFP Interface Slots 8x 10G NP4 accelerated SFP+ Slots (2x transceivers default) 2x 10/100/1000 Interface Ports

Hardware Performance
Firewall Throughput (1518/512/64) 58/55/43 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 8.4 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
10 Mil 200,000 100,000 22 Gbps 500 Mbps

2.3/5.7 Gbps
10/250 1,024 5,000 64,000 22,000

46

FortiGate-3240C

16x Gigabit Accelerated SFP Interface Slots 12x 10G accelerated SFP+ Slots (2x transceivers default) 2x 10/100/1000 Interface Ports

Hardware Performance
Firewall Throughput (1518/512/64) 40/40/40Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 8 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
10 Mil 200,000 100,000 17 Gbps 1 Gbps

2.6/5 Gbps
10/250 1,024 5,000 64,000 30,000

47

FortiGate-3950B

2x NP4 Accelerated 10-GbE SFP+ Interfaces (2x Transceiver included) 4x NP Accelerated 1-GbE SFP Slot 2x Non-Accelerated 10/100/1000 Interfaces 5x Fortinet Mezzanine Card (FMC) Expansion Slot

Hardware Performance
Firewall Throughput (1518/512/64) 20/20/20 120/120/120 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 5-20 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
20 Mil 250,000 100,000 8 50.5 Gbps 1.2 G

4/5-15 Gbps
10/500 1,024 5,000 64,000 25,000

48

FortiGate-3950B Modules

FMC-XD2
Firewall (1518/512/64 byte UDP) 20 / 20 /20 Gbps

FMC-XG2
18 / 17 / 4.5 Gbps

FMC-F20
20 / 20 /20 Gbps

FMC-C20
20 / 20 /20 Gbps

FMC-XH0
19 / 19 / 10.5 Gbps

IPSec VPN

8 Gbps

6 Gbps

8.5 Gbps

8.5 Gbps

16.5 Gbps

IPS (HTTP)

2.5 Gbps

4 Gbps

AV (Flow Based)

2 Gbps

20 x 10/100/100 0 Mbps FortiASICaccelerated port

4 Gbps

Network Interface

2 x 10-GbE SFP+ FortiASICaccelerated port

22 x 10GbE SFP+ FortiASICSP2 port

20 x SFP FortiASICaccelerated port

NIL

49

FortiGate 5000 Series


Security Appliances For Very Large Enterprises & Managed Service Provides
Chassis-based platforms offer maximum performance, reliability, and scalability for high-speed service provider, large enterprise or telecommunications carrier networks. Fastest chassis-based firewall in the industry Flexibility enables protection of complex, multi-tenant cloudbased security-as-a-service and infrastructure-as-a-service environments. Primary Benefits:
Native 10-GbE support for high speed requirements

ATCA-compliant architecture delivers carrier-grade performance, reliability, availability and serviceability


Chassis support two, six, or fourteen FortiGate-5000 series blades, allowing customization and scaling FG-5140B
50

Performance & Resiliency

Standard Based ATCA System Fully Redundant Hot swappable blades, power supplies and fans

5000 Series Chassis

5020
Processing Slots Max Firewall Throughput Max IPS throughput
2 80 Gbps 19.6 Gbps

5060
6 160 Gbps 39.2 Gbps

5140B
14 160 Gbps 117.6 Gbps

Max Concurrent Session


Max CPS
Performance based on ELBC with FG5001C security Blades. FG-5020 relies LACP on external switches.

59 M
420 K

118 M
840 K

354 M
2.52 M

51

Load Distribution & Virtualization


Security Blades

Most flexible chassis based solution in the market


Ease of Maintenance hot swappable components Supports full hardware redundancy Supports various Inter and Intra HA configurations Chassis Networking Blades
Service Groups

VDOMs

Clustering
Scales Traffic processing capacity linearly. Interoperates with external devices

Service Grouping
Allows various groups of FortiGate Cluster to co-exist in a single chassis

Virtualization
Facilitates virtualized security components on FortiGate blades

52

FortiGate-5001B

8x NP4 Accelerated 10-GbE SFP+ Interfaces (2x Transceiver included) 2x 10/100/1000 Interface Ports Back plane connectivity: 2x base backplane 1Gbps, 2x fabric backplane 10Gbps

Hardware Performance
Firewall Throughput (1518/512/64) 40/40/40 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 7.8 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
20 Mil 170 K 100,000 17 Gbps 530 Mbps

2/2.5 Gbps
10/500 1024 5,000 64,000 20,000

53

FortiGate-5001C

2x NP4 Accelerated 10-GbE SFP+ Interfaces (2x Transceiver included) 2x 10/100/1000 Interface Ports Back plane connectivity: 2x base backplane 1Gbps, 2x fabric backplane 40Gbps

Hardware Performance
Firewall Throughput (1518/512/64) 40/40/40 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 9.8 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
29.5 Mil 210 K 100,000 17 Gbps 850 Mbps

3/4 Gbps
10/500 1024 5,000 64,000 30,000

54

FortiGate-5101C

4x SP3 Accelerated 10-GbE SFP+ Interfaces (2x Transceiver included) 2x 10/100/1000 Interface Ports Back plane connectivity: 2x base backplane 1Gbps, 4x fabric backplane 10Gbps

Hardware Performance
Firewall Throughput (1518/512/64) 40/40/10 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 9.4 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

7 s
10 Mil 235 K 100,000 22 Gbps 970 Mbps

2/5 Gbps
10/500 1024 5,000 64,000 20,000

55

FortiSwitch-5003B

8x SFP+ slots for 10-gigabit interfaces (2x transceivers default) 2x front panel base backplane 10gigabit interfaces that connects to the base backplane channel 1x front panel base backplane 10/100/1000 interface

Hardware Performance
Switching throughput 225 Gbps

56

FortiController-5103B

10x SFP+ slots for 10GbE interfaces (2x transceivers default) 1x GbE Copper management interface

Hardware Performance
Traffic throughput Concurrent Session 60 Gbps 110 Mil New Sessions/Sec 1.26 Mil

57

FortiSwitch-5203B

8x NP4 Accelerated 10-GbE SFP+ Interfaces (2x Transceiver included) 2 x 10GbE SFP+ 1x 10/100/1000 Interface Ports

Hardware Performance
Firewall Throughput (1518/512/64) 40 Gbps IPS Throughput Antivirus Throughput (Proxy Based / Flow Based) Virtual Domains (Default / Max) Max Number of FortiAPs Max Number of FortiTokens Client-to-Gateway IPSec VPN Tunnels Concurrent SSL-VPN Users (Recommended Max) 7.8 Gbps

Concurrent Latency
Concurrent Sessions New Sessions/Sec Firewall Policies IPSec VPN Throughput SSL-VPN Throughput

4 s
20 Mil 170 K 100,000 17 Gbps 530 Mbps

2/2.5 Gbps
10/500 1024 5,000 64,000 20,000

58

FortiGate-VM

FG-VM00/ FG-VM00-XEN
vCPU (Min / Max) Network Interface (Min /Max) Memory (Min / Max) Storage Support (Min/Max) Max FortiAP VDOM (Default/Max) 1/1 2/10 512 MB / 512 MB 30 GB / 2TB 32 1/1

FG-VM01/ FG-VM01-XEN
1/1 2/10 512 MB / 1 GB 30 GB / 2TB 256 10 / 10

FG-VM02/ FG-VM02-XEN
1/2 2/10 512 MB / 3 GB 30 GB / 2TB 256 10 / 25

FG-VM04/ FG-VM04-XEN
1/4 2/10 512 MB / 4 GB 30 GB / 2TB 512 10 / 50

FG-VM08/ FG-VM08-XEN
1/8 2/10 512 MB / 12 GB 30 GB / 2TB 1,024 10/ 250

59

Transceivers
Available Slots
FG60C-SPF FG100D FG600C FG800C/1000C FG1240B 1SFP 1SFP 2 SFP 4 SFP 2 SFP+ 24 SFP

Transceivers Shipped
NIL NIL 2x Fiber SX SFP modules (1000BaseSX) 2x Fiber SX SFP modules (1000BaseSX) 2x Fiber SX SFP modules (1000BaseSX)

FG3040B
FG3140B FG3240B FG3950B FG5001B FG5001C FG5101C FG5003B
60

8 SFP+ 10 SFP
10 SFP+ 10 SFP 12 SFP+ 18 SFP 2 SFP+ 4 SFP 8 SFP+ 2 SFP+ 4 SFP+ 10 SFP+

2x SFP+ (SR 10Gbps)


2x SFP+ (SR 10Gbps) 2x SFP+ (SR 10Gbps) 2x SFP+ (SR 10Gbps) 2x SFP+ (SR 10Gbps) 2x SFP+ (SR 10Gbps) 2x SFP+ (SR 10Gbps) 2x SFP+ (SR 10Gbps)

Power Adapters & Redundant Power Supplies


Spare/Redundant Power Supplies Option FGT/FWF-20C FGT/FWF-40C, 60C FGT/FWF-80C, 60B, 50B, 30B Series FGT-200B FGT-200B-POE FGT-310B,300C FGT-311B FGT-600C, 800C FGT-620B, 621B FGT-1xxx above SP-FG20C-PA-XX SP-FG60C-PDC SP-FG80-PDC SP-FG310B-RPS FRPS-100 NIL SP-FG310B-RPS FRPS-100 Inbuilt dual PS SP-FG600C-PS (additional as option) SP-FG620B-RPS Inbuilt dual PS (hot swappable)

61

FortiOS 5

62

Supported Platform
FG/FWF-20C FG/FWF-40C FG/FWF-60C FG-100D FG200B(POE) FG300C FG/FWF-80C(M) FG-110/111C

Desktop

Mid Range

FG310/311B FG-600C FG-620/621B

FG800C FG1000C FG1240B

3000 Series

FG-3016B FG-3040B FG-3140B


FG-5001A-SW/DW

FG-3240C* FG-3810A FG-3950/51B


FG-5001B/C FG-5101C

5000 Series

VM
FortiGate-VM
63

VM64
* Available on patch release

Feature Matrix for Desktop Models


FortiOS 5.0.1 Client Reputation* Device Identification Identity Based Policies SSL VPN SSL Inspection SSL Offloading Endpoint Control SSH Proxy Traffic Shaping DLP Fingerprint VLAN WAN Opt. / Web Cache Wireless Controller Vulnerability Scan
FG/FWF-20C Series FG/FWF-40C Series FG/FWF-60C/D Series FG/FWF-80C Series

CLI CLI CLI -

CLI CLI -

-**

64

** Requires FMG/FAZ, FortiCloud for Monitoring, available in near future ** To be available in future patch release, requires hardware revision with local storage

Feature Matrix for Desktop Models


FortiOS 5.0.1 HA Ping Server Remote Server DNS Server Explicit Proxy Dynamic Routing VDOM
FG/FWF-20C Series FG/FWF-40C Series FG/FWF-60C/D Series FG/FWF-80C Series

CLI CLI -

CLI CLI CLI -

65

Services, Licenses & Subscriptions


BOLD: New Offerings

Included with FortiGate DNS Service DDNS Service NTP Service 2 FortiTokenMobile License* 10 FortiClient Endpoint License* 10 VDOMs License FortiCloud Service (trial)*

+ FortiTokenMobile License + Endpoint License** + VDOM License** + FortiCloud Storage Top-up + SMS Top-up

FortiCare Subscription Required Geography Updates BYOD Signatures Updates USB Modem DB Updates Vulnerability Scan Signature Updates Firmware Update

*Registration Required ** Available on selected Models

66

Services, Licenses & Subscriptions


BOLD: New Offerings

FortiGuard AV Subscription
Botnet IP reputation DB FortiGuard Analytics Service Proxy & Flow based AV signatures

FortiGuard Web Filter Subscription


DNS Based Web Categories Filtering Proxy & Flow based Web Categories DB

FortiGuard IPS Subscription


IPS Signature Updates Application Control Signature Updates

FortiGuard Anti-spam Subscription


Anti-spam Services

67

FortiAP

68

FortiAP Product Family


3x3:3
Dual Radio Dual Band
Resiliency Throughput

FAP-320B FAP-223B FAP-222B

FAP-221B
FAP-220B

2x2:2
Performance

1x1:1

Single Radio

FAP-210B

FAP-11C

FAP-112B

Personal
69

Outdoor

Indoor

FortiAP-11C

2 x FE Interface

Hardware Performance
Target Environment Number of Antenna Number of Radio Tx / RX Stream (802.11n) Indoor 1 Internal 1 1x1 MIMO, 65 Mbps Simultaneous SSIDs Max Transmission Power PoE Support 16 (14 for client access, 2 for monitoring) 17 dBm (50mW) 802.3af

70

FortiAP-112B

2 x FE Interface

Hardware Performance
Target Environment Number of Antenna Number of Radio Tx / RX Stream (802.11n) Indoor/Outdoor 1 Internal 1 1x1 MIMO, 65 Mbps Simultaneous SSIDs Max Transmission Power PoE Support 8(7 for client access, 1 for monitoring) 24 dBm (250mW) 802.3af

71

FortiAP-221B

1 x GbE Copper Interface

Hardware Performance
Target Environment Number of Antenna Number of Radio Tx / RX Stream (802.11n) Indoor 4 Internal 2 2x2 MIMO with Dual Spatial streams, 600 Mbps Total Simultaneous SSIDs Max Transmission Power PoE Support 8(7 for client access, 1 for monitoring) 17 dBm (50mW) N.A

72

FortiAP-223B

1 x GbE Copper Interface

Hardware Performance
Target Environment Number of Antenna Number of Radio Tx / RX Stream (802.11n) Indoor 4 external 2 2x2 MIMO with Dual Spatial streams, 600 Mbps Total Simultaneous SSIDs Max Transmission Power PoE Support 16 (14 for client access, 2 for monitoring) 17 dBm (50mW) 802.3af

73

FortiAP-320B

2 x GbE Copper Interface

Hardware Performance
Target Environment Number of Antenna Number of Radio Tx / RX Stream (802.11n) Indoor 6 Internal 2 3x3 MIMO with 3 spatial streams, 900 Mbps Total Simultaneous SSIDs Max Transmission Power PoE Support 16 (14 for client access, 2 for monitoring) 24 dBm (250mW) 802.3af / 802.3at

74

FortiAP-Antennas

Specification

Compatible AP

FAP-222B Point to point antenna for 5Ghz bridging with N/R connectors. Mount Kit sold separately FAN-M22.

Type
Accessories

FAN-612N/R

Specification

Compatible AP Type

FAP-222B Directional 120 degree outdoor panel antenna Includes two 120cm Cables with N connector. Mount Kit sold separately FAN-22.

FAN-500N

Accessories

75

Hardware Overview FortiAP (Local)


FAP-112B Wall mount, Ceiling Mount, indoor/outdoo r 1 FAP-210B FAP-220B FAP221B/223B* Smoke Detector Form Factor 2 1) 2.4 Ghz b/g/n 2) 2.4/5GHz a/b/g/n concurrent 802.3af 2x2 Dual stream, 600Mbps 4 internal 4 external* FAP-222B FAP-320B

Form Factor

Wall mount, Ceiling Mount

Wall mount, Ceiling Mount

Outdoor

Wall mount, Ceiling Mount

Radio

1 1) 2.4 or 5Ghz, switchable b/g/n or a/n 802.3af 1x2, Single stream, 300 Mbps 2 internal

2 1) 2.4 Ghz b/g/n 2) 2.4/5GHz a/b/g/n concurrent 802.3af 2x2 Dual stream, 600Mbps 4 internal

2 1) 2.4 Ghz b/g/n 2) 5GHz a/n concurrent

2 1) 2.4 Ghz b/g/n 2) 2.4/5GHz a/b/g/n concurrent 802.3af 3x3 Triple stream, 900Mbps 6 internal

Bands

2.4 Ghz b/g/n

PoE Rx / Tx Antennas Ethernet Interfaces

802.3af 1x1, Single stream, 65 Mbps 1 internal 2x FE

802.3at 2x2 Dual stream, 600Mbps 4 external

1x GbE Copper

1x GbE Copper

1x GbE Copper

1x GbE Copper

2x GbE Copper

76

Hardware Overview FortiAP (Remote)


FAP-11C

Schedule Form Factor Radio Bands PoE Rx / Tx Antennas Ethernet Interfaces

Q4/12 Desktop 1 2.4 Ghz b/g/n NA 1x1, Single stream, 65 Mbps 1 internal 1x FE WAN 1x FE LAN

77

FortiAP Power Adaptors


Power Supply Type Power supply shipped with unit Yes - Integrated power plug Yes - Proprietary PoE injector and AC adaptor Yes Yes No (Spare) Power supply order SKU SP-FAP220B-PA-<Country Suffix> SP-FAP220B-PA-<Country Suffix> SP-FAP221B-PA + SP-ADAPTORPLUG-01<Country Suffix> SP-FAP221B-PA + SP-ADAPTORPLUG-01<Country Suffix> SP-FAP222B-PA (includes PoE injector) + SP-ADAPTORPLUG-01-<Country Suffix> SP-FG20C-PA-<country suffix> GPI-115 Support Yes Yes Yes

FAP-11C FAP-112B FAP-210B FAP-220B FAP-221B

AC PoE Proprietary PoE 8-2.11af PoE 8-2.11af PoE 8-2.11af

FAP-223B
FAP-222B FAP-320B

PoE 8-2.11af
PoE 8-2.11at/POE Proprietary PoE 8-2.11at

No
Yes - Proprietary PoE+ injector and AC adaptor No

Yes
Yes

78

FortiClient

79

Introducing FortiClient

Endpoint Security & Control


Comprehensive end-point protection & security enforcement

Multifunctional Host Security


Flexibility in deployment Fully integrated features, reduce needs for multiple client solutions

End Point Control


Enforce compliance and security policies on mobile hosts

Centralized Logging and Reporting


Via FortiGate for enterprise requirements

80

FortiClient V5.0

New in 4.0 MR3


Windows
IPSec SSL 2FA Anti-Virus Web Filtering Application Firewall WAN Optimization Vulnerability Scanning

Mac OSX

iOS
-

Andriod
-

Off-net Config Sync.


Logging (via FortiGate) Central Management

81

FortiAnalyzer

82

Introducing FortiAnalyzer

Centralized Reporting & Analysis


Logging, reporting and analysis from multiple Fortinet devices

Aggregated Logging
Singular View of all Fortinet Devices Built-in Content Archiving Malicious File Quarantine

Centralized Reporting
Predefined Summary & Device Reports Hundreds of Customizable Charts & Graphs

Analysis & Event Correlation


Vulnerability Assessment Network & Log Analysis

Scalable Solution
Hardware and VM Versions Available Collector/Analyzer Modes for Large Deployments High Performance Logs/Sec Processing Support for Internal or External SQL Databases

83

FortiAnalyzer Series
FortiAnalyzer
GB/Day

FAZ-200D
5 18 Mil 200 150 4 1x 1 TB

FAZ-400C
15 55 Mil 625 200 4 1x 2 TB

FAZ-1000C
25 85 Mil 1,000 2,000 4 1x 2TB (8 TB Max) Yes, requires optional drives (RAID 0,1,10)

FAZ-2000B
75 260 Mil 3,000 2,000 6 2x 2TB (12 TB Max) Yes, (RAID 0, 1, 5, 10, 50)

FAZ-4000B
150 520 Mil 6,000 2,000 2 2 6x 1TB (24 TB Max) Yes, (RAID 0, 1, 5, 6, 10, 50, 60)

Sessions/Day
Max Log rate Max. Devices/ADOM s
10/100/100 ports 1 GbE SFP Storage capacity

RAID support

No

No

84

FortiAnalyzer-VM Series
FortiAnalyzer
GB/Day Sessions/Day Max Log rate Max. Devices/ADOMs

FAZ-VMBASE
1 3.5 Mil -

FAZ-VMGB1
+1 3.5 Mil -

FAZ-VMGB5
+5 18 Mil -

FAZ-VMGB25
+25 85 Mil -

FAZ-VMGB100
+100 360 Mil -

Storage capacity
RAID Support

200 GB
-

+200 G
-

+1 TB
-

+ 8 TB
-

+16 TB
-

85

FortiManager

86

Introducing FortiManager

Centralized Management
Tools that effectively manage any size Fortinet security infrastructure, from a few to thousands of appliances Administrative Domains (ADOMs)
Enables the primary admin to create Virtual Management Domains containing devices for other administrators to monitor and manage

Locally Hosted Security Content


Allows administrators better control over security content updates and provides improved response time for rating databases. Run a local copy of AV, IPS, URL, A/S signature databases.*

Hierarchical Objects & Policy Management


Create Global Objects and Policies Assign to ADOM or groups of ADOMS Create device configuration templates to quickly configure a new Fortinet appliance

Web Portal SDK


JSON-based API allows MSSPs to offer administrative web portals to customers

* Capabilities varied by Models

87

FortiManager Series
FortiManager
Max. Devices

FMG-200D
30

FMG-400C
300

FMG-1000C
800

FMG-3000C
5,000

FMG-5001A
4,000

Max. ADOMs
Max. Web Portals Max. Portal Users Interfaces Storage capacity Locally Hosted Security Content

30
4x GbE Copper 1x 1 TB AV, IPS, VM, WF, AS

300
4x GbE Copper 1x 1 TB AV, IPS, VM, WF, AS

800
800 800 4x GbE Copper 1x 2TB AV, IPS, VM, WF, AS

5,000
5,000 5,000 4x GbE Copper, 2x SFP 2x 2TB AV, IPS, VM, WF, AS

4,000
4,000 4,000 2x GbE Copper 1x 80 GB AV, IPS, VM, WF, AS

88

FortiManager-VM Series
FortiManager
Max. Devices Max. ADOMs (default/Max) Max. Web Portals Max. Portal Users

FMG-VMBase
10

FMG-VM10-UG
+10

FMG-VM100-UG
+100

FMG-VM1000-UG
+1,000

FMG-VM5000-UG
+5,000

FMG-VMU-UG
Unlimited

10
10 10

+10
+10 +10

+100
+100 +100

+1,000
+1,000 +1,000

+5,000
+5,000 +5,000

Unlimited
Unlimited Unlimited

Max. Virtual NICs (Min/Max)


Storage capacity (Min/Max)

1/4

80 GB / 2 TB

89

FortiAuthenticator

90

Introducing FortiAuthenticator

Authentication Server
Identity Management, User Access Control and multi-factor identification
Authentication and Authorization
RADIUS, LDAP, 802.1X

Two Factor Authentication


FortiToken Tokenless, via SMS and email

Certificate Management
X.509 Certificate Signing, Certificate Revocation Remote Device / Unattended Authentication

FortiToken
Issuing CA

Fortinet Single Sign on


Active Directory Polling RADIUS Integration
LDAP User Database

FortiAuthenticator

91

FortiAuthenticator Series
FortiAuthenticator
Max. Local Users Max. Remote Users Max. FortiTokens Max. NAS Devices Max. User Groups Max. CA Certificates Max. User Certificates Interfaces Storage Capacity

FAC-200D
500 500 500 50 25 2 500 4x 10/100/1000 Gbps 1 x 1 TB

FAC-400C
2,000 2,000 2,000 200 50 10 500 4x 10/100/1000 Gbps 1 x 1 TB

FAC-1000C
10,000 10,000 10,000 1,000 500 50 2,000 4x 10/100/1000 Gbps 1 x 1 TB

FAC-3000B
20,000 20,000 20,000 2,000 2,000 250 200,000 4x 10/100/1000 Gbps 1 x 1 TB

92

FortiAuthenticator-VM Series
FortiAuthenticator
Max. Local Users Max. Remote Users Max. FortiTokens Max. NAS Devices Max. User Groups Max. CA Certificates Max. User Certificates Interfaces (Min/Max) Storage Capacity (Min Max)

FAC-VM Base
100 100 200 10 10 5 100

FAC-VM100-UG
+100 +100 +200 +10 +10 +5 +100

FAC-VM1000-UG
+1,000 +1,000 +2,000 +100 +100 +50 +1,000

FAC-VM10000-UG
+10,000 +10,000 +20,000 +1,000 +1,000 +500 +10,000

FAC-VM100000-UG
+100,000 +100,000 +200,000 +10,000 10,000 +500 +100,000

1/4
60 GB / 2 TB

93

FortiDDOS

94

Introducing FortiDDoS

Hardware Accelerated DDoS Defense Intent Based Protection


Rate Based Detection
High performance protection using ASIC

ISP 1
FortiDDoS

Web Hosting Center

Self Learning Baseline


Ease Maintenance Maintain appropriate protection dynamically

Signature Free Defense


Hardware based protection

Firewall

Inline Full Transparent Mode


No MAC address changes

ISP 2
Legitimate Traffic Malicious Traffic

Granular Protection
Multiple thresholds to detect subtle changes and provide rapid mitigation

95

FortiDDoS Series
FortiDDoS
Throughput (Full Duplex)

FDD-100A
1 Gbps

FDD-200A
2 Gbps

FDD-300A
3 Gbps

Simultaneous Connections
Session Setup/Teardown Latency Virtual Instances

1 Mil
100,000 / Second 26 s 8 2 LAN Interfaces (Copper/SFP), 2 WAN Interfaces (Copper/SFP) 1x 1TB No

2 Mil
200,000 / Second 26 s 8 4 LAN Interfaces (Copper/SFP), 4 WAN Interfaces (Copper/SFP) 2x 1TB Yes

3 Mil
300,000 / Second 26 s 8 6 LAN Interfaces (Copper/SFP), 6 WAN Interfaces (Copper/SFP) 2x 1TB Yes

Interfaces

Storage Capacity (Min Max) RAID Support

96

FortiMail

97

Introducing FortiMail

Messaging Security
Advanced antispam and antivirus filtering capabilities, with extensive quarantine and archiving capabilities.

Specialized messaging security system


Advanced, bi-directional filtering prevents spread of spam, viruses, phishing, worms, and spyware

Mail Servers

Flexible deployment options


Transparent, Gateway, and Server modes that adapts to organizational needs and budget

FortiMail

Identity based encryption


Secure, encrypted communication

Email archiving
On-box archiving facilitates policy and regulatory compliance requirements

98

FortiMail Series
FortiMail
Email Domains Server Mode Mailboxes Email Routing (Msg/hr, 3KB) FortiGuard Antispam+AV (Msg/hr, 3KB)

FML-200D
50 200 200,000

FML-400C
500 1,000 400,000

FML-2000B
5,000 3,000 1.5 Mil

FMG-3000C
5,000 3,000 2.0 Mil

FAZ-5002B
10,000 3,000 2.3 Mil

175,000

320,000

1.2 Mil

1.6 Mil

2.0 Mil

10/100/100 ports
Storage capacity Form Factor

4 1x 1TB Desktop

4 2x 1TB Rack mount, 1RU

6 2x 12TB (Opt. 6TB) Rack Mount, 2RU

4 2x 1TB (Opt. 6TB) Rack Mount, 2RU

3 1x 146GB ATCA Blade

99

FortiMail-VM Series
FortiMail
Email Domains Server Mode Mailboxes Email Routing (Msg/hr, 3KB) FortiGuard Antispam+AV (Msg/hr, 3KB)

FML-VM01
50 200 90,000

FML-VM02
500 1,000 265,000

FML-VM04
5,000 3,000 1.32 Mil

FMG-VM08
5,000 3,000 1.76 Mil

77,000

185,400

1.05 Mil

1.4 Mil

Max vCPU supported


Max vNICs Storage capacity (Min/Max) Memory required (Min/Max)

1 4 50 GB / 1 TB 1 GB / 2 GB

2 4 50 GB / 1 TB 1 GB / 4 GB

4 4 50 GB / 2 TB 1 GB / 6 GB

8 4 50 GB / 2 TB 1 GB / 12 GB

100

FortiWeb

101

Introducing FortiWeb

Web Application Security


Web application firewall to protect, balance, and accelerate web applications.

Web Application Firewall


Aids in PCI DSS 6.6 compliance Protection against OWASP Top 10 Application layer DDoS protection Auto Learn security profiles Geo IP data analysis and security

Web Application Servers

Web Vulnerability Scanner


Scans, analyzes and detects web application vulnerabilities

FortiWeb

Application Delivery
Assures availability and accelerates performance of critical web applications

SQL Injection, XSS

102

FortiWeb Series
FortiWeb
Throughput Max HTTP transactions / Sec Latency 10/100/1000 ports 1GbE-SX ports

FWB-400C
100 Mbps 10,000 Sub-ms 4 -

FWB-1000C
500 Mbps 27,000 Sub-ms 2 + 2 Bypass -

FWB-3000C
1 Gbps 40,000 Sub-ms 4 + 2 Bypass 2 (FWB-3000CFSX)

FWB-4000C
2 Gbps 70,000 Sub-ms 4 + 2 Bypass 2

Storage capacity
Form Factor

1x 1 TB
Rack mount, 1RU

1x 1 TB
Rack Mount, 2RU

2x 1 TB (Opt. 6 TB)
Rack Mount, 2RU

2x 1 TB (Opt. 6 TB)
Rack Mount, 2RU

103

FortiWeb-VM Series
FortiWeb
Throughput Max HTTP transactions / Sec Max vCPU Supported Memory required (Min) Storage capacity (Min)

FWB-VM02
100 Mbps 8,000 2

FWB-VM04
500 Mbps 24,000 4 1 GB 40 GB

FWB-VM08
1 Gbps 36,000 8

104

FortiDB

105

Introducing FortiDB

Database Security and Compliance


Database Activity Monitoring and Vulnerability Assessment solution that allows quick and easy implementation of internal IT control frameworks for database activity monitoring, IT audit and regulatory compliance

Database Activity Monitoring (DAM)


Real-time monitoring of key users and critical transactions User Activity Base lining Block database attacks in real time FortiDB

Vulnerability Assessment
Sensitive data discovery in databases Vulnerability scanning with remediation advice Deployment options:
Sniffer, Native Audit and Agents

Policy Driven Controls


Automated process of establishing IT controls

Database Servers

Database Audit and Compliance


For compliance and forensics analysis purpose

106

FortiDB Series
#Licensed DB Instances FortiDB 400B FortiDB 1000C FortiDB 2000B 10 30 60 DB Supported
DB2 UDB V8 (VA only), DB2 UDB V9.x (VA only), DB2 UDB V9.5 MS SQL Server 2000, MS SQL Server 2005, MS SQL Server 2008 Oracle 10 gR1 (VA only), Oracle 10gR2, Oracle 11g Sybase ASE 12.5 (VA only), Sybase ASE 15.x, MySQL 5.1

107

FortiScan

108

Introducing FortiScan

Vulnerability and Compliance Management


Comprehensive end-point vulnerability & asset management
Network Discovery and Asset Management
Baseline network discovery Manage assets and policy based end point control

Comprehensive Vulnerability Assessment and Management


Both Network and Agent based technologies supported

Patch and Configuration Management


Benchmarking against best practice deployment

Alert, Remediation & Audit Management


Reducing security issue resolution effort

FortiScan

109

FortiScan Series

FortiScan Max Assets

FSC-3000C 20,000

FSC-VMBase 100

FSC-VM100-UG +100

FSC-VM1000-UG +1,000

FSC-VM5000-UG +5,000

FSC-VM20000-UG +20,000

110

FortiBalancer

111

Introducing FortiBalancer

Application Delivery Controllers


Optimize the availability, user experience, performance and scalability of mobile, cloud and enterprise application delivery from anywhere-to-anywhere.

Application Availability
Layer 2/3/4 and 7 load balancing techniques Application session persistence Proxy and transparent modes Global Server Load Balancing (GSLB) for geographic resilience Link Load Balancing

Web Application Servers

Application Acceleration
TCP Optimization Memory based content caching Data compression SSL Offload and acceleration

Application Interoperability
Implementation Guides for Microsoft Exchange, Lync, SAP etc.
112

FortiBalancer Series
FortiBalancer
Throughput Max Connections Layer 7 RPS SSL TPS SSL Throughput Total Interfaces FBL-400 2 Gbps 1 Mil 140,000 7,500 1 Gbps 4x GbE Copper FBL-1000 4 Gbps 4 Mil 230,000 13,500 1.6 Gbps 8x GbE Copper, 2x GbE SFP Single/Dual FBL-2000 10 Gbps 8 Mil 1.15M 22,500 5 Gbps 12x GbE Copper, 4x GbE SFP Dual FBL-3000 30 Gbps 16 Mil 2M 45,000 10 Gbps 4x 10GbE, 16x GbE Copper, 4x GbE SFP Dual

Power Supply

Single

113

FortiCache

114

Introducing FortiCache

Web Caching Appliance


Reduce the cost and impact of downloaded content, while increasing performance and end-user satisfaction by improving the speed of access

Web Content Caching


High performance content caching Explicit or Transparent proxy cache FortiGuard Web Filtering
FortiGuard Network

Video Caching
Broad CDN Support Detects same video ID when content comes from different CDN hosts Supports seek forwards and backwards in video, detectd preceding adverts

Integrated FortiGuard Web Filtering

Internet

FortiCache

WN Optimization
Bandwidth optimisation across congested WAN Links Interoperates with FortiGate

115

FortiCache Series
FortiCache
Throughput Total Interfaces Storage Capacity

FCH-400C
80Mbps 4x GbE Copper 1x 1 TB

FCH-1000C
200 Mbps 4x GbE Copper 1x 2 TB (4 TB Max)

FCH-3000C
500 Mbps 4x GbE Copper, 2x GbE SFP 4x 1 TB (6 TB Max)

116

FortiDNS

117

Introducing FortiDNS

Secure Caching DNS Server


Robust caching DNS server that improves security and performance

Secure Caching DNS


High performance caching DNS server with focus on DNS Security Randomised Transaction ID UDP Source Port Randomization Case Query Randomisation Active spoofing detection switches user to TCP when under threat. Discard unsolicited answers Limit per user resources (queries per second) to prevent DoS Monitor top users and blacklist Futureproof with support for DNSSEC and IPv6

FortiDNS

DHCP Server
High performance DHCP server with resource friendly high availability

118

FortiDNS Series

FortiDNS

FNS-400C

FNS-1000C

Total Interfaces Max Queries per Second Max DNS Clients Storage Capacity

4x GbE Copper 30,000 10,000 1x 1TB

4x GbE Copper 60,000 10,000 1x 1TB

119

FortiSwitch

120

Introducing FortiSwitch
Access level Gigabit Switches with with ease of use and low cost of ownership
FSW-80-POE

Outstanding price, performance, and scalability to organizations with diverse operational needs.

FSW-124B-POE

Primary Benefits:
FSW-224B-POE High Port Density Integrated Power Over Ethernet Connect Access Points, Peripherals, Cameras, Phones

FSW-324-POE

Create an integrated, secure network


FSW-248B-DPS

FSW-548B
121

FortiSwitch-80-POE

4x GbE Copper Ports 4x GbE PoE Ports

Hardware Performance
Switch Capacity MAC Address Storage Management Target application 16 Gbps 2000 unmanaged Installation of up to 4 wireless FAPs VLANs Supported Total Link Aggregation Group PoE Power Budget Fortified Switch N/A 3 62 W No

122

FortiSwitch-124B-POE

12x FE Ports 12x FE PoE Ports 2x pairs Shared GbE ports

Hardware Performance
Switch Capacity MAC Address Storage Network Latency (64bytes) 8.8 Gbps 8,000 <20 s VLANs Supported Total Link Aggregation Group PoE Power Budget 64 3 100 W

123

FortiSwitch-224B-POE

4x GbE POE+ Ports 16x GbE POE Ports 4x pairs Shared (POE) GbE ports

Hardware Performance
Switch Capacity MAC Address Storage Management Target Application 48 Gbps 8,000 CLI and Web Converged LAN Edge VLANs Supported Total Link Aggregation Group PoE Power Budget Fortified Switch 512 8 180 W No

124

FortiSwitch-324B-POE

4x with GbE POE+ 16x with GbE POE 4x pairs Shared (POE) GbE ports 1x GbE Copper Mgmt Port

Hardware Performance
Switch Capacity MAC Address Storage Management Fortified Switch (UAL) 48 Gbps 8,000 CLI & FOS Yes with FOS 5.0.1 VLANs Supported Total Link Aggregation Group PoE Power Budget Target Application 256 8 180 W Secure LAN Edge Convergence

125

FortiSwitch-248B-DPS

48x 1GbE Ports 4x SFP+ 10G slots

Hardware Performance
Switch Capacity MAC Address Storage Management Fortified Switch (UAL) 176Gbps 32,000 CLI & FOS No VLANs Supported Total Link Aggregation Group Redundant Power Supply Target Application 4096 8 Yes Datacenter Top of Rack or Enterprise LAN edge

126

FortiSwitch-548B

48x 1/10G SFP+ Slots

Hardware Performance
Switch Capacity MAC Address Storage Management Fortified Switch (UAL) 960 Gbps 128,000 CLI & FOS No VLANs Supported Total Link Aggregation Group Dual Power Supply 256 8 Yes DataCenter Top of Rack or Enterprise LAN Aggregation

127

FortiSwitch Series
FSW-124BPOE
1 RU

FSW-80-POE Form Factor FE Ports


Desktop -

FSW-224POE
1RU 24x GbE Copper (incl. 24 PoE) 4 180W Web & CLI DB9 No

FSW-248BDPS
1 RU -

FSW-324BPOE
1RU 24x GbE Copper (incl. 20 PoE, 4 PoE+) 2 185W CLI only RJ45 No

FSW-548B
1RU -

24 (incl. 12x PoE)

GbE Ports

8x GbE Copper (incl. 4x PoE)

48x GbE Copper

10G SFP+ Slots Shared Media Port Pair Power Budget Management Serial console L3 option

62 W None No

2 100W Web only No

4 (1G/10G) Web & CLI RJ45 No

48 (1G/10G) Web & CLI RJ45 No

128

Introducing FortiToken

2 factor Authentication Token


Oath Compliant Time Based Hardware One Time Password Token

Supports Strong Authentication


IPSEC VPN SSL VPN Administrative Login Captive Web Portal 802.1x Authentication Web Application Access SSO

Authentication Platforms
FortiGate (FOS4.3 and later) FortiAuthenticator (FAC 1.4 and later)

Secure Seed Delivery Options


Online Via FortiGuard Encrypted file on CD (FTK-200S) In-house Seed Provisioning Tool (special order)

129

Introducing FortiToken Mobile

2 factor Authentication Token on Mobile Devices


Oath Compliant Time Based Hardware One Time Password Soft Token

Highly Secure
Pin Protected App Device Binding Brute Force Protection Dynamic Seed Generation Encrypted Seed Storage

Authentication Platforms
FortiGate (FOS5.0 Beta 5 and later) FortiAuthenticator (FAC 1.4 and later)

Broad Device Support


iOS (iPhone, iPad, iPod Touch) Android BlackBerry (TBD)

130

Change Log
July 2012 Upgrade 60C/80C/110C/111C specifications Comparison Table Update Add FS-124-PoE Add FG3950B Modules Table August 2012 Corrected FortiDDOS numbers September 2012 Hardware Feature Icons October 2012 Remove FortiGate-One Add new products FG-60C-POE, FCLTR5103, FGR-100C & FAPs November 2012 Update FG100D Add FortiOS5 December 2012 Add FAC200D January 2013 Update info with V5 values Add 20C-ADSL, 5001C, FG/FWF-60D, new FortiSwitches

131