下一代防火墙
FortiGate: Next-Generation Firewall Overview
As security architects consider how to provide comprehensive threat protection for their enterprises, including intrusion prevention, web filtering, anti-malware and application control, they face a major complexity hurdle managing these point products with no integration and lack of visibility. Gartner estimates that by 2019 80% of enterprise traffic will be encrypted and 50% of attacks targeting enterprise will be hidden in encrypted traffic.
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance including encrypted traffic. FortiGate reduces complexity with automated visibility into applications, users and network and provides security ratings to adopt security best practices.
FortiGate: Next-Generation News
7/17/2018: Fortinet Receives Recommended Rating in Latest NSS Labs NGFW Report, Delivers High SSL Performance Suited for Encrypted Cloud Access. Receives Fifth Consecutive “Recommended” Rating, Blocked 100 Percent of Evasions and Achieved Minimal Performance Degradation for SSL Inspection
7/31/2018: Fortinet Announces Enhancements to Our Security Services Portfolio. Defending against the ever-expanding threat landscape requires real-time threat research and intelligence. Enhancing our subscription services to provide this crucial resource, we are announcing two critical changes.
2/27/2018: Fortinet Delivers Third Generation of Network Security with the Evolution of its Security Fabric. FortiOS 6.0 delivers more than 200 new capabilities across Security Fabric to automate security operations and protect the digital attack surface
FortiGate: Next-Generation Firewall Product Details
FortiGate enterprise firewalls offer flexible deployments from the network edge to the core, data center, internal segment, and the Cloud. FortiGate enterprise firewalls leverages purpose-built security processors (SPUs) that delivers scalable performance of advanced security services like Threat Protection, SSL inspection, and ultra-low latency for protecting internal segments and mission critical environments.
FortiGate NGFW provides automated visibility into cloud applications, IoT devices and automatically discovers end to end topology view of the enterprise network. FortiGate is a core part of security fabric and validated security protect the enterprise network from known and unknown attacks.
Features and Benefits
High-performance threat protection
Industry's highest threat protection and SSL inspection performance to protect from malware attacks hiding in encrypted traffic
Validated security effectiveness
Independently certified and continuous threat intelligence updates provide robust protection from known and unknown attacks
Protect mission critical applications
Highly scalable segmentation and ultra-low latency to protect network segments
Continuous risk assessment via automation
Leverage automated workflow and auditing features to deal with scarce security staff and continuously maintain compliance posture
Security Fabric integration
Intelligently share threats across the entire digital attack surface to provide quick and automated protection
Enterprise class security management
Deliver consistent security policy -- Single pane-of-glass to manage security assets irrespective of location and form factor
FortiGate: Next-Generation Firewalls Models and Specifications
FortiGate NGFW is available in many different models to meet your needs ranging from entry-level hardware appliances to ultra high-end appliances to meet the most demanding threat protection performance requirements. This ensures that enterprise campus, core data-center, or internal segments, FortiGate can fit seamlessly into your environment.
FortiGate: Chassis-based NGFW
Threat Protection |
80 Gbps |
SSL Inspection Throughput |
100 Gbps |
Network Interfaces |
Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28 |
Threat Protection |
40 Gbps |
SSL Inspection Throughput |
50 Gbps |
Network Interfaces |
Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28 |
Threat Protection |
35 Gbps |
SSL Inspection Throughput |
50 Gbps |
Network Interfaces |
Multiple 10 GE SFP+/SFP, 40 GE/100 GE QSFP28 |
Threat Protection |
13.5 Gbps |
SSL Inspection Throughput |
17 Gbps |
Network Interfaces |
2x 40GE QSFP+, 2x 10GE SFP+, 2x GE RJ45 |
Please see the product page for more information on these and many more Product features.
FortiGate: Ultra high-end NGFW
Threat Protection |
60 Gbps |
SSL Inspection Throughput |
90 Gbps |
Network Interfaces |
Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45 |
Threat Protection |
100 Gbps |
SSL Inspection Throughput |
130 Gbps |
Network Interfaces |
Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45 |
Please see the product page for more information on these and many more Product features.
FortiGate: High-end NGFW
Threat Protection |
20 Gbps |
SSL Inspection Throughput |
32 Gbps |
Network Interfaces |
10x 100GE QSFP28, 16x 10GE SFP+, 2x GE RJ45 |
Threat Protection |
13.5 Gbps |
SSL Inspection Throughput |
30 Gbps |
Network Interfaces |
Multiple 40/100 GE QSFP+/QSFP28, 10 GE SFP+ and GE RJ45 |
Threat Protection |
13 Gbps |
SSL Inspection Throughput |
23 Gbps |
Network Interfaces |
Multiple 100 GE CFP2, 40 GE QSFP+, 10 GE SFP+ and/or multiple GE SFP/RJ45 depending on variants |
Threat Protection |
13 Gbps |
SSL Inspection Throughput |
24 Gbps |
Network Interfaces |
Multiple 40 GE QSFP+, 10 GE SFP+ and GE SFP |
Threat Protection |
15 Gbps |
SSL Inspection Throughput |
20 Gbps |
Network Interfaces |
Multiple GE RJ45 and 10 GE SFP+ / GE SFP slots |
Threat Protection |
13 Gbps |
SSL Inspection Throughput |
22 Gbps |
Network Interfaces |
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45 |
Threat Protection |
13 Gbps |
SSL Inspection Throughput |
19 Gbps |
Network Interfaces |
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45 |
Threat Protection |
5.4 Gbps |
SSL Inspection Throughput |
11.5 Gbps |
Network Interfaces |
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45 |
Threat Protection |
5.4 Gbps |
SSL Inspection Throughput |
12.5 Gbps |
Network Interfaces |
6x 10GE SFP+, , 34x GE RJ45 |
Threat Protection |
5 Gbps |
SSL Inspection Throughput |
10.5 Gbps |
Network Interfaces |
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45 |
Threat Protection |
4 Gbps |
SSL Inspection Throughput |
6 Gbps |
Network Interfaces |
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45 |
Threat Protection |
4 Gbps |
SSL Throughput Inspection |
4 Gbps |
Network Interfaces |
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45 |
Please see the product page for more information on these and many more Product features.
FortiGate: Mid-range NGFW
Threat Protection |
3 Gbps |
SSL Inspection Throughput |
4 Gbps |
Network Interfaces |
Multiple GE RJ45, GE SFP and 10 GE SFP+ slots |
Threat Protection |
3 Gbps |
SSL Inspection Throughput |
4 Gbps |
Network Interfaces |
Multiple GE RJ45, GE SFP, 10 GE SFP+ slots and bypass GE RJ45 pairs |
Threat Protection |
3 Gbps |
SSL Inspection Throughput |
3.5 Gbps |
Network Interfaces |
Multiple GE RJ45, GE SFP and 10 GE SFP+ Slots |
Threat Protection |
4.7 Gbps |
SSL Inspection Throughput |
6.8 Gbps |
Network Interfaces |
Multiple GE RJ45, GE SFP and 10 GE SFP+ Slots |
Threat Protection |
3 Gbps |
SSL Throughput Inspection |
6.8 Gbps |
Network Interfaces |
Multiple GE RJ45 and GE SFP Slots |
Threat Protection |
1.2 Gbps |
SSL Throughput Inspection |
1 Gbps |
Network Interfaces |
Multiple GE RJ45, GE SFP Slots |
Threat Protection |
250 Mbps |
SSL Throughput Inspection |
190 Mbps |
Network Interfaces |
Multiple GE RJ45, GE SFP Slots | PoE/+ Variants |
Please see the product page for more information on these and many more Product features.
FortiGate: Entry-level NGFW
Threat Protection |
270 Mbps |
SSL Inspection Throughput |
300 Mbps |
Network Interfaces |
Multiple GE RJ45 | WiFi Variants |
Threat Protection |
250 Mbps |
SSL Inspection Throughput |
180 Mbps |
Network Interfaces |
Multiple GE RJ45 | Varients with internal storage | Variants with PoE/+ interfaces |
Threat Protection |
200 Mbps |
SSL Throughput Inspection |
175 Mbps |
Network Interfaces |
Multiple GE RJ45 | WiFi variants | Variants with internal storage | Variants with PoE/+ interfaces |
Threat Protection |
160 Mbps |
SSL Throughput Inspection |
185 Mbps |
Network Interfaces |
Multiple GE RJ45 | WiFi Variants | Variants with dual radios | Variants with internal storage |
Threat Protection |
150 Mbps |
SSL Throughput Inspection |
160 Mbps |
Network Interfaces |
Multiple GE RJ45 | WiFi Variants |
Threat Protection |
25 Mbps |
SSL Throughput Inspection |
18 Mbps |
Network Interfaces |
10x GE RJ45 |
Please see the product page for more information on these and many more Product features.
FortiGuard Security Services for FortiGate: Next-Generation Firewalls
FortiGate NGFW receives continuous threat intelligence updates from FortiGuard Labs security services. Intrusion prevention, anti-malware, cloud sand-box, application control and web filtering protects enterprises from known and unknown advanced attacks.
应用控制
可对您的用户正在运行的应用程序获得无可比拟的实时可见性,并轻松执行您可接受的使用策略,从而提供安全性并满足合规要求。通过 FortiGuard 应用控制,您可以快速创建策略来允许、拒绝或限制对应用程序或整个类别的应用程序的访问。
FortiSandbox 云
FortiSandbox 云服务是一个高级威胁检测解决方案,能够执行动态分析来提前识别未知的恶意软件。FortiSandbox 云生成的可执行威胁情报会反馈到防火墙网络安全策略配置中,进行威胁阻断。

Virus Outbreak Protection Service
FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

Content Disarm & Reconstruction
Content Disarm & Reconstruction (CDR) strips all active content from files in real-time, creating a flat sanitized file. All active content is treated as suspect and removed. CDR processes all incoming files, deconstructs them, and removes all elements that do not match firewall policies.
IP 信誉 & 反僵尸安全服务
FortiGuard IP 信誉服务从 Fortinet 分布式威胁传感器网络、CERT、MITRE、进行合作的竞争对手以及其他全球资源收集恶意来源 IP 数据,合力提供关于敌对来源的最新威胁情报。有来自分布式网络网关近乎实时的情报,再结合 FortiGuard Labs 的世界级研究,组织可得到更安全的保护并对攻击实施主动拦截。
Our Enterprise (ENT) bundle now includes:
- CASB - providing visibility, compliance, data security and threat protection for your cloud-based services.
- Industrial Security Service protection – SCADA (supervisory control and data acquisition) and ICS (industrial control systems). These signatures address attacks against critical infrastructure and manufacturing industries, where we are seeing frequent and sophisticated cyberattacks.
- Security Rating Service - this service performs checks against your fabric-enabled network and provides scoring and recommendations to your operation teams. The subsequent scorecard can be used to gauge adherence to various internal and external organizational polices, standards, and regulations requirements, including providing a ranking of your firm against industry peers.
The FortiGuard Enterprise (ENT) Protection bundle is designed to address today’s advanced threat landscape. The Enterprise Bundle consolidates the comprehensive protection needed to protect and defend against all cyberattack channels from the endpoint to the cloud. Including the technologies needed to address today’s challenging OT, compliance, and management concerns. The Enterprise Bundle offers the most comprehensive protection overall. The Enterprise Bundle includes:
- NGFW Application Control
- IPS
- Antivirus
- Botnet
- IP/Domain Reputation
- Mobile Security
- Web Filtering
- Antispam
- FortiSandbox Cloud
- Virus Outbreak Protection
- Content Disarm & Reconstruction
- CASB
- Security Rating
- Industrial Security Service
- FortiCare
The FortiGuard Unified Protection Bundle (UTM) is our traditional Unified Threat Management security bundle. The Unified Protection Bundle extends threat protection across the entire digital attack surface, providing industry-leading defense against sophisticated attacks. The UTM bundle has you covered for web and email-based attacks. The UTM bundle delivers the best package available for a unified threat protection offering. The UTM Bundle includes:
- NGFW Application Control
- IPS
- Antivirus
- Botnet
- IP/Domain Reputation
- Mobile Security
- Web Filtering
- Antispam
- FortiSandbox Cloud
- Virus Outbreak Protection
- Content Disarm & Reconstruction
- FortiCare
The FortiGuard Advantage:
- FortiGuard processes over 69 million websites every hour, providing up-to-the-minute reputation and categorization.
- Prevent malicious downloads and browser hijacking attacks with top-rated web filtering (VBWeb Verified)
- Improved email productivity through superior spam prevention validated with 3rd party independent testing (VBSpam + Verified)
The FortiGuard Advanced Threat Protection (ATP) bundle provides the foundational security needed to protect and defend against known and unknown cyber threats. The Advanced Threat Protection bundle includes:
- NGFW Application Control
- IPS
- Antivirus
- Botnet
- IP/Domain Reputation
- Mobile Security
- FortiSandbox Cloud
- Virus Outbreak Protection
- Content Disarm & Reconstruction
- FortiCare 24*7
Service | Advanced Threat Protection (ATP) |
Unified Protection (UTM) |
Enterprise Protection (ENT) |
A La Carte Protection |
Threat Intelligence Service |
✔ |
|||
Industrial Security Service |
✔ |
✔ |
||
Security Rating |
✔ |
✔ |
||
CASB |
✔ |
✔ |
||
Web Filtering |
✔ | ✔ |
✔ |
|
Antivirus + Sandboxing |
✔ |
✔ |
✔ |
✔ |
IPS |
✔ |
✔ |
✔ |
✔ |
Antispam |
✔ |
✔ |
||
Internet DB |
✔ |
✔ |
✔ |
|
IP Reputation |
✔ |
✔ |
✔ | |
Application Control |
✔ |
✔ |
✔ |
Solution Guides
Case Studies
Data Sheets
下一代防火墙
- FortiGate 7000E Series Data Sheet
- FortiGate 5000 Series Data Sheet
- FortiGate 3900E Series Data Sheet
- FortiGate 3800D Series Data Sheet
- FortiGate 3700D Data Sheet
- FortiGate 3200D Data Sheet
- FortiGate 3100D Data Sheet
- FortiGate 3000D Data Sheet
- FortiGate 2500E Data Sheet
- FortiGate 2000E Data Sheet
- FortiGate 1500D Data Sheet
- FortiGate 1200D Data Sheet
- FortiGate 1000D Data Sheet
- FortiGate 900D Data Sheet
- FortiGate 800D Data Sheet
- FortiGate 600D Data Sheet
- FortiGate 500E系列 技术参数表
- FortiGate 300E系列 技术参数表
- FortiGate 200E系列 技术参数表
- FortiGate 100E系列 技术参数表
- FortiGate 90E系列 技术参数表
- FortiGate/FortiWiFi 90D-POE Data Sheet
- FortiGate 80E 系列 技术参数表
- FortiGate/FortiWiFi 60E系列 技术参数表
- FortiGate/FortiWiFi 60E-DSL Data Sheet
- FortiGate 60D Data Sheet
- FortiGate/FortiWiFi 50E系列 技术参数表
- FortiGate/FortiWiFi 30E系列 技术参数表
- FortiGate/FortiWiFi 30E-3G4G Data Sheet
- FortiGate Rugged Series Data Sheet
- Fortinet Product Matrix
FortiGate: Next-Generation Firewall Demo

FortiGate Next-Generation Firewall Demo
This full working demo lets you explore the many features of our FortiGate Next-Generation Firewall (NGFW). You’ll quickly see how FortiGate allows you to enable threat protection features such as IPS, Web-Filtering, Anti-Malware, Cloud Sand-box and SSL inspection to stop known and unknown threats. FortiGate also provides the full visibility and identifies applications, users and devices to identify issues quickly and intuitively. Be sure to check out our Security Fabric features to provide end to end topology view, security ratings based on the best practices and automation to reduce complexity.
Access the demo下一代防火墙 | NGFW | FortiGate
NSS Labs NGFW/SSL 2018 SVM and Report
NSS Labs Next Generation Firewall (NGFW) focuses on enterprise edge and internal segments along with growing need of SSL inspection. The Security Value Map (SVM) shows that FortiGate 500E achieved high cumulative blocking rate at 99.3% and the lowest TCO at $2.00 per protected Mbps. FortiGate 500E also received high SSL inspection performance and a very minimal performance degradation based on our purpose-built security processor technology. Fortinet received fifth consecutive NSS Labs NGFW “Recommended” rating showcase the consistency and commitment to customer need.
- NSS Labs 2018 NGFW Security Value Map (SVM)
- NSS Labs 2018 NGFW Test Report – FortiGate 500E
- NSS Labs 2018 SSL/TLS Test Report – FortiGate 500E
NSS Labs NGFW 2018 Comparative Reports
NSS Labs NGFW Comparative reports provide detailed comparison of all 10 participated vendors for security, performance and total cost of ownership (TCO). With these reports, you can compare Fortinet’s outstanding results with Palo Alto Networks, Checkpoint, Cisco and many other vendors. In several areas, Fortinet showcased the best results:
- High SSL Inspection Performance with industry's least performance degradation
- Fortinet delivered 100% block rate for live exploits
- Fortinet showcased highest value among all vendors
- NGFW performance is 30% better than claimed in data sheet
- Fortinet delivered best ultra-low latency across different packet sizes
Security - NGFW Comparative Report
Performance - NGFW Comparative Report
TCO - NGFW Comparative Report
SVM - NGFW Comparative Report
NSS Labs DCIPS 2018 SVM and Report
NSS Labs’ Data Center Intrusion Prevention Systems (DCIPS) focuses on data center environments, especially vulnerabilities commonly found in servers. The Security Value Map (SVM) shows that FortiGate IPS achieved the highest cumulative blocking rate at 98.73% and the lowest TCO at $3 per protected Mbps. Fortinet builds world-class IPS appliances and another “Recommended” IPS rating from NSS Labs proves this.
NSS Labs DCSG 2017 SVM and Report
NSS Labs’ DCSG test is a comprehensive Data Center Security Gateway (DCSG) test, including several tests to measure relevant security effectiveness and Intrusion Prevention (IPS) performance using live exploits including “weaponized” exploits (97.9% and 98% block rate respectively for Fortinet FortiGate 7060E and FortiGate 3000D) and resistance to evasion techniques (100% block rate for Fortinet). The FortiGate 7060E and 3000D both achieved “Recommended” status, with a leading combination of Security Effectiveness and Value per protected Megabit Per Second (Mbps) in the NSS Labs Security Value Map (SVM).
- NSS Labs 2017 DCSG SVM
- NSS Labs 2017 DCSG Test Report FortiGate 3000D
- NSS Labs 2017 DCSG Test Report FortiGate 7060E
NSS Labs NGFW 2017 SVM
FortiGate 3200D and 600D enterprise firewalls both offer a winning combination of security effectiveness, performance, and value, earning Fortinet its fourth consecutive NSS Labs NGFW Recommended rating. Fortinet excelled in continuous live testing, blocking 99.71% of exploits used in active attack campaigns every day and delivered the highest performance scores with 18.5 Gbps throughput and an average latency of 4.6 microseconds, regardless of packet size and including real-world traffic processing.
- NSS Labs NGFW Test Report FortiGate 3200D
- NSS Labs NGFW Test Report FortiGate 600D
- NSS Labs 2017 NGFW Security Value Map SVM
NSS Labs Breach Prevention Systems (BPS) Test 2017
NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO.
NSS Labs NGFW 2016 SVM
NSS Labs’ Next Generation Firewall (NGFW) real-world testing reveals that Fortinet delivers a winning combination of security, network performance, and total cost of ownership (TCO). Fortinet was nearly perfect; scoring 99.6% in overall security effectiveness. The FortiGate 3200D was rated by NSS at 19 Gbps, 37% above its data sheet specifications, with excellent TCO where the value increased based on actual performance compared to the claimed specifications.
NSS Labs 2015 Next Generation IPS Test
In 2015, NSS Labs conducted a group test of next generation IPS solutions to assess their abilities to identify both the applications and the users on their internal networks, protect the enterprise user against threats/exploits, and catch sophisticated attacks while producing as few false positives as possible. Demonstrating 99% effectiveness and superior value, Fortinet FortiGate earned the NSS Labs Recommendation.
FortiGate: Next-Generation Firewall Alliance Partners
For a complete list of all the Alliance partners go to www.fortinet.com/fabricready.
Below is a list of current FortiGate Next-Generation Firewall Alliance Partners:

The leading provider of business-driven security management solutions, AlgoSec helps over 1,500 enterprises align security with their business processes, to make their organizations more agile, secure and compliant.

AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.
Learn more on the Fortinet-AWS alliance

Arista Networks was founded to pioneer and deliver software-driven cloud networking solutions for large data center storage and computing environments.

Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected.

FireMon solutions deliver continuous visibility into and control over network security infrastructure, policies, and risk.

Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. Fortinet provides critical firewalling, advanced security and scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.
- Fortinet – IBM Security AppScan Solution Brief
- Fortinet – IBM Security QRadar Solution Brief
- Fortinet FortiGate and IBM QRadar Deployment Guide
- FortiGate App For IBM QRadar Technical Solution Guide
- Fortinet - IBM Resilient Technical Deployment Guide
- Learn more about the Fortinet-IBM Security Alliance

Nozomi Networks is a leading provider of real-time visibility, advanced monitoring capabilities, and strong security for industrial control networks supporting critical infrastructure. Nozomi has been deployed in some of the largest industrial installations, providing some of the fastest return-on–investment in the industry.

Nuage Networks, a Nokia Corp subsidiary, brings a unique combination of groundbreaking technologies and unmatched networking expertise to the enterprise and telecommunications industries.

Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.

Tufin leads the Security Policy Orchestration market, enabling enterprises to centrally manage, visualize, and control security policies across hybrid cloud and physical network environments.

VMware is a global leader in cloud infrastructure and business mobility.