FortiGate: Next Generation Firewall (NGFW)
FortiGate: Next Generation Firewall (NGFW) – High threat protection performance with automatic visibility to stop attacks.
FortiGate: Next Generation Firewall (NGFW) – High threat protection performance with automatic visibility to stop malicious attacks on the network.
Overview FortiGate: Next Generation Firewall (NGFW)
FortiGate next-generation firewalls (NGFWs) utilize a purpose-built security processor and intelligence security services from Forti Guard’s AI-powered labs to provide high-rated protection, high-performance inspection of clear and encrypted text traffic. The new generation of firewalls reduce cost and complexity with full visibility into applications, users and networks and provide the best possible security. As an integral part of the Fortinet Security Fabric, new generation firewalls can communicate within Fortinet’s comprehensive security portfolio as well as third-party security solutions in a multivendor environment to share threat intelligence and improve security posture.
When companies consider how to provide comprehensive visibility and advanced layer 7 security, including threat protection, intrusion prevention, web filtering and application control, they face major hurdles that complicate managing these point products without integration and lack of visibility. Gartner predicts that by 2019.80% of corporate traffic will be encrypted and 50% of attacks targeting companies will be hidden in encrypted traffic to infiltrate networks or extract data, therefore using HTTPS checking is a must.
FortiGate: Next-Generation Firewall News
31 Okt 2019
Fortinet’s Latest Security Processor Accelerates the Best Selling Next Generation Firewall
FortiGate 60F Sets New Benchmarks for Security, Calculates Rankings, and Generates High Performance for Integrated Security and SD-WAN
19 Sep 2019
Fortinet Recognized as Leader in Gartner’s Magic Quadrant for Network Firewalls
Marks 10 consecutive times that Fortinet is in the Magic Quadrant for Network Firewalls
1 Agustus 2019
Fortinet Accelerates and Secures Cloud On-Ramp with a New Generation Firewall
Announced today, the new FortiGate Next-Generation Firewalls (NGFW) Firewall, comprising the FortiGate 1100E, FortiGate 2200E and FortiGate 3300E Series. FortiGate Next-Generation Firewall’s new e-series enables our customers to design security-driven networks and accelerate their on-line. the path to the clouds.
FortiGate: Next Generation Firewall Product Details
FortiGate’s new generation firewall offers flexible deployment from the network edge to the core, data center, internal segment, and cloud. The FortiGate enterprise firewall leverages a purpose-built security processor (SPU) that delivers scalable performance of advanced security services such as Threat Protection, SSL inspection, and extremely low latency to protect internal segments and mission critical environments.
FortiGate NGFW provides automatic visibility to cloud applications, IoT devices and automatically finds end-to-end topology views of corporate networks. FortiGate is a core part of a validated security and security structure protecting corporate networks from known and unknown attacks.
FortiGate: Next-Generation Firewalls Models and Specifications
FortiGate NGFW is available in many different models to meet your needs from entry-level hardware to ultra-high-end devices to meet the most demanding threat protection performance requirements. This ensures that the corporate campus, core data center, or internal segment, FortiGate can seamlessly fit into your environment.
FortiGate: Chassis-based NGFW
|FortiGate 7060E||FortiGate 7030E|
|Threat Protection||80 Gbps||Threat Protection||35 Gbps|
|SSL Inspection Throughput||79.9 Gbps||SSL Inspection Throughput||50 Gbps|
|Network Interfaces||Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28||Network Interfaces||Multiple 10 GE SFP+/SFP, 40 GE/100 GE QSFP28|
|FortiGate 7040E||FortiGate 5001E|
|Threat Protection||40 Gbps||Threat Protection||13.5 Gbps|
|SSL Inspection Throughput||50 Gbps||SSL Inspection Throughput||17 Gbps|
|Network Interfaces||Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28||Network Interfaces||2x 40GE QSFP+, 2x 10GE SFP+, 2x GE RJ45|
FortiGate: Ultra high-end NGFW
|FortiGate 6300F||FortiGate 6500F|
|Threat Protection||60 Gbps||Threat Protection||100 Gbps|
|SSL Inspection Throughput||90 Gbps||SSL Inspection Throughput||130 Gbps|
|Network Interfaces||Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45||Network Interfaces||
Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45
FortiGate: High-end NGFW
|Threat Protection||20 Gbps||Threat Protection||15 Gbps|
|SSL Inspection Throughput||32 Gbps||SSL Inspection Throughput||20 Gbps|
|Network Interfaces||10x 100GE QSFP28, 16x 10GE SFP+, 2x GE RJ45||Network Interfaces||
Multiple GE RJ45 and 10 GE SFP+ / GE SFP slots
|FortiGate 3960E||FortiGate 3100D|
|Threat Protection||13.5 Gbps||Threat Protection||13 Gbps|
|SSL Inspection Throughput||30 Gbps||SSL Inspection Throughput||22 Gbps|
|Network Interfaces||Multiple 40/100 GE QSFP+/QSFP28, 10 GE SFP+ and GE RJ45||Network Interfaces||
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45
|FortiGate 3800D||FortiGate 3000D|
|Threat Protection||13 Gbps||Threat Protection||13 Gbps|
|SSL Inspection Throughput||23 Gbps||SSL Inspection Throughput||19 Gbps|
|Network Interfaces||Multiple 100 GE CFP2, 40 GE QSFP+, 10 GE SFP+ and/or multiple GE SFP/RJ45 depending on variants||Network Interfaces||
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45
|FortiGate 3700D||FortiGate 2500E|
|Threat Protection||13 Gbps||Threat Protection||5.4 Gbps|
|SSL Inspection Throughput||24 Gbps||SSL Inspection Throughput||11.5 Gbps|
|Network Interfaces||Multiple 40 GE QSFP+, 10 GE SFP+ and GE SFP||Network Interfaces||
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45
|FortiGate 3600E||FortiGate 2200E|
|Threat Protection||30 Gbps||Threat Protection||11 Gbps|
|SSL Inspection Throughput||34 Gbps||SSL Throughput Inspection||17 Gbps|
|Network Interfaces||6x 100 GE QSFP28, 32x 25 GE SFP28, 2x GE RJ45||Network Interfaces||
4x 40GE QSFP+, 20x 10GE/25GE SFP+/SFP28, 12x GE RJ45
|FortiGate 3400E||FortiGate 2000E|
|Threat Protection||23 Gbps||Threat Protection||5.4 Gbps|
|SSL Inspection Throughput||30 Gbps||SSL Inspection Throughput||12.5 Gbps|
|Network Interfaces||4x 100 GE QSFP28, 24x 25 GE SFP28, 2x GE RJ45||Network Interfaces||
6x 10GE SFP+, , 34x GE RJ45
|FortiGate 3300E||FortiGate 1500D|
|Threat Protection||17Gbps||Threat Protection||5 Gbps|
|SSL Throughput Inspection||21 Gbps||SSL Inspection Throughput||10.5 Gbps|
|Network Interfaces||4x 40GE QSFP+, 4x 10GE RJ45, 16x 10GE/25GE SFP+/SFP28, 12x GE RJ45||Network Interfaces||
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
|FortiGate 1100E||FortiGate 1200D|
|Threat Protection||7.1 Gbps||Threat Protection||4 Gbps|
|SSL Throughput Inspection||10 Gbps||SSL Inspection Throughput||6 Gbps|
|Network Interfaces||2x40GE QSFP+, 4x25GE SFP28, 4x10GE SFP+/SFP, 8x1GE SFP, 16xGE RJ45||Network Interfaces||
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
|Threat Protection||4 Gbps|
|SSL Throughput Inspection||4 Gbps|
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45
FortiGate: Mid-range NGFW
|FortiGate 900D||FortiGate 300E|
|Threat Protection||3 Gbps||Threat Protection||3 Gbps|
|SSL Inspection Throughput||4 Gbps||SSL Throughput Inspection||3.9 Gbps|
|Network Interfaces||Multiple GE RJ45, GE SFP and 10 GE SFP+ slots||Network Interfaces||
Multiple GE RJ45 and GE SFP Slots
|FortiGate 800D||FortiGate 200E|
|Threat Protection||3 Gbps||Threat Protection||1.2 Gbps|
|SSL Inspection Throughput||4 Gbps||SSL Throughput Inspection||1 Gbps|
|Network Interfaces||Multiple GE RJ45, GE SFP, 10 GE SFP+ slots and bypass GE RJ45 pairs||Network Interfaces||
Multiple GE RJ45, GE SFP Slots
|FortiGate 600E||FortiGate 100F|
|Threat Protection||7Gbps||Threat Protection||1 Gbps|
|SSL Inspection Throughput||8 Gbps||SSL Throughput Inspection||1 Gbps|
|Network Interfaces||Multiple GERJ45, Multiple GE SFP, Multiple 10GE SFP+||Network Interfaces||
2 x 10GE SFP+ Slots, 18 x GE RJ45 and 8x 1GE SFP and 4x GE RJ45/SFP Shared Media Pairs
|FortiGate 500E||FortiGate 100E|
|Threat Protection||4.7 Gbps||Threat Protection||250 Mbps|
|SSL Inspection Throughput||5.7 Gbps||SSL Throughput Inspection||130 Mbps|
|Network Interfaces||Multiple GE RJ45, GE SFP and 10 GE SFP+ Slots||Network Interfaces||
Multiple GE RJ45, GE SFP Slots | PoE/+ Variants
|Threat Protection||5 Gbps|
|SSL Inspection Throughput||4.8 Gbps|
Multiple GE RJ45 and Multiple GE SFP Slots
FortiGate: Entry-level NGFW
|FortiGate 80E||FortiGate 40F|
|Threat Protection||250 Mbps||Threat Protection||600 Mbps|
|SSL Inspection Throughput||180 Mbps||SSL Throughput Inspection||310 Mbps|
|Network Interfaces||Multiple GE RJ45 | Varients with internal storage | Variants with PoE/+ interfaces||Network Interfaces||
Multiple GE RJ45 | WiFi Variants
|FortiGate 60F||FortiGate 30E|
|Threat Protection||700 Mbps||Threat Protection||150 Mbps|
|SSL Throughput Inspection||750 Mbps||SSL Throughput Inspection||160 Mbps|
|Network Interfaces||Multiple GE RJ45 | Variants with internal storage||Network Interfaces||
Multiple GE RJ45 | WiFi Variants
|FortiGate 60E||FortiGate 60D – Rugged|
|Threat Protection||200 Mbps||Threat Protection||25 Mbps|
|SSL Throughput Inspection||175 Mbps||SSL Throughput Inspection||18 Mbps|
|Network Interfaces||Multiple GE RJ45 | WiFi variants | Variants with internal storage | Variants with PoE/+ interfaces||Network Interfaces||
10x GE RJ45
|Threat Protection||160 Mbps|
|SSL Throughput Inspection||185 Mbps|
|Network Interfaces||Multiple GE RJ45 | WiFi Variants | Variants with dual radios | Variants with internal storage|
|Throughput||12 Gbps||Throughput||33 Gbps|
|vCPU||1x vCPU core, (up to) 2 GB RAM||vCPU||
8x vCPU cores, (up to) 12 GB RAM
|FortiGate-VM01, -VM01V||FortiGate-VM16, -VM16V|
|Throughput||12 Gbps||Throughput||36 Gbps|
|vCPU||1x vCPU core, (up to) 2 GB RAM||vCPU||
16x vCPU cores, (up to) 24 GB RAM
|FortiGate-VM02, -VM02V||FortiGate-VM32, -VM32V|
|Throughput||15 Gbps||Throughput||50 Gbps|
|vCPU||2x vCPU cores, (up to) 4 GB RAM||vCPU||
32x vCPU cores, (up to) 48 GB RAM
|FortiGate-VM04, -VM04V||FortiGate-VMUL, -VMULV|
Unlimited vCPU cores and RAM
4x vCPU cores, (up to) 6 GB RAM
“V” Series VMs do not include VDOM licenses by default. VDOM licenses can be added separately.
Actual performance may vary depending on the network and system configuration.
Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled.
Fortinet Customers and Partners emphasize the value-proposition of FortiGate’s Next Generation Firewall in the Gartner Peer Insights Review for Network Firewalls.
FortiGate Next-Generation Firewall offers flexible deployment from the network edge to the core, data center, internal segments, and multiple clouds, enhancing a custom built security processor (SPU) that delivers high performance from advanced security services such as threat protection, SSL inspection, IPS without fear of degradation for mission critical environments. FortiGate NGFW provides seamless integration with multiple clouds and enables the secure delivery of business applications and services.
FortiGate NGFW provides fully automatic visibility to all internal segments, applications and network flows to detect and recover any malware and pave the way for consistent security policies regardless of asset location. FortiGate NGFW is the first vendor to offer support for the latest encryption standard called TLS 1.3 which provides a stronger security framework and makes Fortinet customers future ready.
FortiGate NGFW has been Recognized as the Leader in the Gartner Magic Quadrant for Network Firewalls. This is the 10th time Fortinet has been recognized in MQ for Network Firewall.
FortiGate NGFW has received its 6th consecutive “Recommended” rating in the NSS Labs 2019 NGFW Group Test and continues to receive positive feedback from users at Gartner Peer Insights.
Here’s what some of our customers have to say about FortiGate NGFW.
“Fortinet FortiGate is perfect for businesses of any size to protect their internal network”
Software Engineer, Knowledge Specialist, company size- $ 50 million- $ 250 million, Education Industry
“We have two firewalls, one in each data center. They are configured as active-passive. All incoming and outgoing traffic passes through them for the entire organization. This ensures that all packages to and from the user are managed and controlled. If you have an immediate need, this is a good horse. We’re not at the console every day. Mostly set it up and forget it for us. If this is what you need, it’s not a bad solution. ”
“Powerful CLI Functions, API Integration, and Advanced Features”
Security Analyst, Security and Risk Management, company size – $ 50 million – $ 250 million, service industry
“We use Enterprise Firewall at our location around 3+. This product is quite successful in terms of integration in terms of architecture. The API provided by the manufacturer allows very successful integration. Designed with integration security in mind. We can assign permissions via a role-based API. The Next Generation Firewall has a firewall feature. It includes advanced features for security. Especially our firewall and automation tool integration works smoothly. We managed to block the intelligence data we were feeding on the firewall. Performs very well in high traffic. However, the log flow is about an hour behind. The use and management of the product is not too difficult and complex. SIEM command functions and functionality include utilities for admins managing products. ”
“Easy Implementation, Simple GUI”
Network Engineer, company size – $ 500 million – $ 1 billion, Manufacturing industry
“We have been using Fortinet Firewall for some time now. We were running FortiOS 6.0.4 which performed very well. The GUI is easy to operate and we really like this product.
“Are You Thinking Of A Firewall Solution? No Need To Think Twice For FortiGate “
Server Administrators, Infrastructure and Operations, company size – $ 50 million – $ 250 million, Health industry
“FortiGate offers several sizing options to suit any size organization, from small businesses to large companies. The licensing options are also flexible, allowing organizations to choose their level of protection. Options include antivirus, web filtering, DNS filtering, application control, intrusion prevention, anti-spam, web application firewall, and SSL inspection. They also include a cloud sandbox with their offering. ”
“The Most Stable And Versatile Product with Outstanding Features And Outstanding Performance”
Project Manager, company size – $ 3 B – $ 10 B, Industry construction
“If I were to talk about my experience as a whole, I would say it is a wonderful product that can be implemented easily and is considered an integral part of the business. Very helpful in achieving our goals. This gives us an easy way to handle the system. It is undoubtedly the most reliable product. He offers great support with his efficient team providing quick responses to our questions. ”
“Top Level Performance, Top Level NGF Firewall Features”
Security Engineer, Security & Risk Management, company size- $ 50 million – $ 250 million, Service industry
“Next Generation is one of the most successful Firewall products with a Firewall feature. Antivirus engines are very successful against high-level threats. You can start the automation process by detecting the same threat through the logs. It also works in high traffic. When you finish your segmentation correctly, the visibility level will start to increase. This product has many capabilities that work, such as SSL inspection and bandwidth settings at the Application level. The product log has official support for many SIEM systems. Syslog sends and sends incoming quality. You can raise awareness in your incident response process by creating various alerts about SIEM. ”
“Fighting Cyber Threats with Peace of Mind”
Vice President, Financial Industry, company size – $ 10 billion – $ 30 billion, Finance industry
“After different Firewall POCs became available on the market, our network security team found Fort gate Firewall to be the best gadget available. FortiGate This device receives continuous threats and intelligence updates from the FG Labs security service. Intrusion prevention, anti-malware, and, application control and web filtering protect your company from both known and unknown advanced attacks. ”
Gartner Peer Insights reviews are the opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.
Next-Generation Firewall Use Cases
Reducing complexity by consolidating products to save costs is a major concern for many companies. Equally important is ensuring secure access to resources from private and public clouds without fear of encrypted malware. Achieving granular visibility of devices, users, real-time threat information, and automation is critical to ensuring that attacks are handled in a timely manner.
Consolidation of products and services to reduce complexity. With FortiGuard Labs’ industry-leading threat protection and services, you can reduce costs and maximize your return on investment (ROI).
Encrypted Cloud Access
Get comprehensive visibility and policy controls by checking all types of traffic, from clear text to encrypted ones, and implementing intrusion prevention system (IPS) protection.
Visibility and Automation
Get access to network and security events for contextual visibility, and simplify operations with automated processes.
Intent-based Segmentation Use Cases
Intention-based segmentation allows network operators to create domains or security segments based on business intent. Intention-based segmentation is the ability to implement threat protection wherever it is needed, both on-premises and in all cloud instances, to reduce risk, achieve compliance and protect business critical applications.
Reduce Attack Surface
Effectively manage attack vectors with microsurgery, industry-leading threat protection, and FortiGuard Labs services.
Compliance with regulations
Meets compliance and regulatory requirements, such as PCI DSS, PII, HIPPA, and GDPR.
Access Trusted Applications
Improve your security posture by securing business applications and implementing adaptive access controls.
FortiGuard Security Services for FortiGate: Next-Generation Firewalls
Industry Leading AI-driven Protection and Intelligence
FortiGate next-generation firewalls (NGFWs) are the backbone for a security-driven network. Given the mission-critical role these play in any environment, Fortinet fortifies our leading NGFW’s with best-in-class security, support, and cloud-based automation and management.
Read on to find out how Fortinet subscriptions and services can help you get the most out of your FortiGate NGFW’s:
Effective best-in-class security requires timely, global intelligence combined with fast decision-making and response across all critical vectors. Fortinet offers proven and one of the most certified artificial intelligence-driven protection available in the market today powered by FortiGuard Labs.
For customers implementing FortiGates as NGFWs, here’s how FortiGuard subscriptions can help:
- Application Control: Fortinet boasts one of the largest applications database to safeguard your organization from risky application and allows you visibility and control of applications running in your network
- Intrusion Prevention: Stop unwanted attempts to access your network that target vulnerabilities and configuration gaps. We block over 10 million intrusion attempts per minute.
- Advanced Threats: Stop malicious files and payloads moving into your network with FortiGuard’s leading advanced malware, antivirus, and sandboxing capabilities. We stop over 35,000 malicious files per minute.
World-class Global Support and Professional Services
Mission critical security-driven networks deserve the best support available. FortiCare provides 24×7 support options to help keep your FortiGates up and running. We also have services to help you recover in the rare moments when bigger bumps seem to come out of nowhere such as our Premium RMA options with 4-hour replacements.
Want faster resolution? Choose our Advanced Support option.
Need help to get going with new deployments and integrations? FortiCare can do it, too, with Professional Services and Resident Engineers! Contact Sales to find out how.
- 24×7 Support
- Advanced Support
- Premium RMA
- Professional Service & Resident Engineer
Cloud-based Management, Visibility, and Operations
Delivering world-class security is not all that we do! We can help our customers lower their total cost of ownership (TCO) and simplify day-to-day security operations through our FortiOps services, which provide cloud-based management, visibility, and automation across their Fortinet Security Fabric.
- Centralized Management
- Security Analytics & Event Management
- Visibility & Control for SaaS Applications
- SD-WAN Monitoring
- SD-WAN VPN Overlay
- Keep it simple and save some money too! Choose the Unified Protection Bundle for your FortiGates that includes 24×7 FortiCare, all the FortiGuard Services you see here, and more. Therefore, Customers looking to also lower their TCO can add FortiOps options a-la-carte or order the Enterprise Protection Bundle for the most comprehensive and cost-effective protection and operations for their NGFW.
- Don’t forget to add FortiCare Advanced Support and Premium RMA for the fastest way to recover from unexpected bumps. We have global team of experts standing by to assist you and global depots to get you parts fast!