FortiGate: IPS
Comprehensive threat protection with a powerful intrusion prevention system
FortiGate IPS – NSS Labs Recommended Again
FortiGate IPS Overview
An intrusion prevention system (IPS) is a critical component of every network’s core security capabilities. It protects against known threats and zero-day attacks including malware and underlying vulnerabilities. Deployed inline as a bump in the wire, many IPS solutions perform deep packet inspection of traffic at wire speed, requiring high throughput and low latency.
Fortinet delivers IPS technology via the industry-validated and recognized FortiGate platform. FortiGate security processors provide unparalleled high performance, while FortiGuard Labs informs industry-leading threat intelligence, creating an IPS with proven success in protecting from known and zero-day threats. As a key component of the Fortinet Security Fabric, FortiGate IPS secures the entire end-to-end infrastructure without compromising performance.
Leading threat intelligence
Comprehensive protection against known and zero-day threats, as well as targeted attacks
Virtual patching
Protect the network level against exploitable vulnerabilities
Industry validated
Independent third-party validation for performance and security effectiveness
Proven high performance
Innovative security processor technology provides high-performance network throughput and deep security inspection
Advanced threat protection
Seamless integration with appliances or cloud services provides industry-leading sandboxing for advanced threats
Encrypted traffic blindspot
Supports the latest ciphers and standards with best-in-class performance
FortiGate IPS Product Details
The evolution in network infrastructure has led to the expansion of the attack surface for known, unknown, and zero-day threats. FortiGate IPS delivers industry-validated, consistent, and sustained performance with high security efficacy. It includes multiple inspection engines, threat intelligence feeds, and advanced threat capabilities to defend against all types of attacks. FortiGate IPS is available as part of the FortiGate platform across hybrid infrastructures with advanced analytics and policy workflows through FortiAnalyzer. FortiGate IPS offers best-of-breed IPS performance with its unique architecture and superior threat intelligence capabilities through FortiGuard Labs.
Features and Benefits
World-class Protection
Deep inspection for advanced threats, botnets, zero days and targeted attacks on the network
Industry certification
Independent third-party validation to demonstrate superior detection and best price performance
High performance
Innovative security processor (SPU) technology for high-performance network throughput and deep security inspection
Advanced threat protection
Seamless integration – appliance or cloud service – with world-class sandboxing for advanced threats
Security Fabric integration
Integration and automation with Fortinet’s broad product portfolio and partner ecosystem
Data leak protection
File protection controls to prevent sensitive data exfiltration
FortiGate IPS Models and Specifications
FortiGate IPS is available in different form factors and models to meet the needs of your environment. All models offer full FortiGate IPS functionality and can be managed across all form factors in a single FortiManager-FortiAnalyzer instance.
IPS Throughput |
120 Gbps |
Ports |
Varied |
IPS Throughput |
60 Gbps |
Ports |
Varied |
IPS Throughput |
60 Gbps |
Ports |
Varied |
IPS Throughput |
18 Gbps |
Ports |
2x 40GE QSFP+, 2x 10GE SFP+, 2x GE RJ45 |
IPS Throughput |
170 Gbps |
Ports |
4x 100GE QSFP28, 24x 25GE SFP28, 3x 10GE SFP+,2x GE RJ45 |
IPS Throughput |
110 Gbps |
Ports |
4x 100GE QSFP28, 24x 25GE SFP28, 3x 10GE SFP+,2x GE RJ45 |
IPS Throughput |
32 Gbps |
Ports |
10x 100GE QSFP28,16x 10GE SFP+, 2x GE RJ45 |
IPS Throughput |
30 Gbps |
Ports |
6x 100GE QSFP28, 16x 10GE SFP+, 2x GE RJ45 |
IPS Throughput |
30 Gbps |
Ports |
4x 100GE CFP2, 4x 40GE QSFP+ 8x 10GE SFP+, 2x GE RJ45 |
IPS Throughput |
28 Gbps |
Ports |
4x 40GE QSFP+, 20x 10GE SFP+/GE SFP, 8x SFP+, 2x GE RJ45 |
IPS Throughput |
55 Gbps |
Network Interfaces |
6x100GE/40GE QSFP28, 30x10GE SFP/SFP+, 2xGE RJ45 |
IPS Throughput |
44 Gbps |
Network Interfaces |
4x100GE/40GE QSFP 28, 22x10GE SFP/SFP+, 2xGE RJ45 |
IPS Throughput |
TBD |
Network Interfaces |
4x 40GE QSFP+, 16x 25GE SFP28 / 10GE SFP+, 14x GE RJ45, 4X 10GE RJ45 |
IPS Throughput |
26 Gbps |
Ports |
48x 10GE SFP+/GE SFP, 2x GE RJ45 |
IPS Throughput |
22 Gbps |
Ports |
32x 10GE SFP+/GE SFP, 2x GE RJ45 |
IPS Throughput |
23 Gbps |
Ports |
16x 10GE SFP+/GE SFP, 2x GE RJ45 |
IPS Throughput |
11.5 Gbps |
Ports |
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45 |
IPS Throughput |
TBD |
Network Interfaces |
4x 40GE QSFP+, 20x 25GE SFP28 / 10GE SFP+, 14x GE RJ45 |
IPS Throughput |
11.5 Gbps |
Ports |
6x 10GE SFP+, 34x GE RJ45 |
IPS Throughput |
18 Gbps |
Network Interfaces |
4x 40GE QSFP+ 12x 25GE SFP28 / 10GE SFP+, 2x 10GE SFP+ HA 8x GE SFP 18x GE RJ45 |
IPS Throughput |
13 Gbps |
Ports |
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45 |
IPS Throughput |
6.8 Gbps |
Ports |
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45 |
IPS Throughput |
12.5 Gbps |
Network Interfaces |
2x40GE QSFP+ 4x25GE SFP28, 4x10GE SFP+/SFP, 8x1GE SFP, 18xGE RJ45 |
IPS Throughput |
6 Gbps |
Ports |
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45 |
IPS Throughput |
4.2 Gbps |
Ports |
2x 10 GE SFP+, 8x GE SFP, 4x GE RJ45 Bypass, 22x GE RJ45 |
IPS Throughput |
10 Gbps |
Ports |
8x1GE RJ45, 8x1GE SFP, 2x10G SFP+ |
IPS Throughput |
5.2 Gbps |
Ports |
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP |
IPS Throughput |
7.8 Gbps |
Ports |
16x 1GE RJ45, 16x 1GE SFP |
IPS Throughput |
5 Gbps |
Ports |
18x GE RJ45, 16x GE SFP |
IPS Throughput |
2.2 Gbps |
Ports |
18x GE RJ45, 4x GE SFP |
IPS Throughput |
2.6 Gbps |
Ports |
26 1GE, 4 1GE Shared Media, 2 10GE |
Threat Protection |
250 Mbps |
SSL Throughput Inspection |
130 Mbps |
Network Interfaces |
Multiple GE RJ45, GE SFP Slots | PoE/+ Variants |
Devices/VDOMs (maximum) |
150 |
GB/Day of Logs |
100 |
Collector Sustained Rate (logs/sec) |
4500 |
Devices/VDOMs (maximum) |
200 |
GB/Day of Logs |
200 |
Collector Sustained Rate (logs/sec) |
9000 |
Devices/VDOMs (maximum) |
2000 |
GB/Day of Logs |
600 |
Collector Sustained Rate (logs/sec) |
27000 |
Devices/VDOMs (maximum) |
2000 |
GB/Day of Logs |
1000 |
Collector Sustained Rate (logs/sec) |
45000 |
Devices/VDOMs (maximum) |
4000 |
GB/Day of Logs |
3000 |
Collector Sustained Rate (logs/sec) |
60000 |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
5000 |
Collector Sustained Rate (logs/sec) |
90000 |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
8300 |
Collector Sustained Rate (logs/sec) |
150000 |
Devices/VDOMs (maximum) |
30 |
GB/Day of Logs |
2 |
Storage Capacity |
8 TB |
Devices/VDOMs (maximum) |
100 |
GB/Day of Logs |
2 |
Storage Capacity |
12 TB |
Devices/VDOMs (maximum) |
300 |
GB/Day of Logs |
2 |
Storage Capacity |
24 TB |
Devices/VDOMs (maximum) |
1200 |
GB/Day of Logs |
2 |
Storage Capacity |
36 TB |
Devices/VDOMs (maximum) |
4000 |
GB/Day of Logs |
10 |
Storage Capacity |
48 TB |
IPS Throughput |
1 Gbps |
Ports |
Up to 10 |
IPS Throughput |
1.5 Gbps |
Ports |
Up to 10 |
IPS Throughput |
3 Gbps |
Ports |
Up to 10 |
IPS Throughput |
6 Gbps |
Ports |
Up to 10 |
IPS Throughput |
12 Gbps |
Ports |
Up to 10 |
IPS Throughput |
19 Gbps |
Ports |
Up to 10 |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
1 |
Storage Capacity |
500 GB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+1 |
Storage Capacity |
+500 GB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+5 |
Storage Capacity |
+3 TB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+25 |
Storage Capacity |
+10 TB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+100 |
Storage Capacity |
+24 TB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+500 |
Storage Capacity |
+48 TB |
Devices/VDOMs (maximum) |
10000 |
GB/Day of Logs |
+2000 |
Storage Capacity |
+100 TB |
Devices/VDOMs (maximum) |
10 |
GB/Day of Logs |
1 |
Storage Capacity |
100 GB |
Devices/VDOMs (maximum) |
+10 |
GB/Day of Logs |
2 |
Storage Capacity |
200 GB |
Devices/VDOMs (maximum) |
+100 |
GB/Day of Logs |
5 |
Storage Capacity |
1 TB |
Devices/VDOMs (maximum) |
+1000 |
GB/Day of Logs |
10 |
Storage Capacity |
4 TB |
Devices/VDOMs (maximum) |
+ 5000 |
GB/Day of Logs |
25 |
Storage Capacity |
8 TB |
Devices/VDOMs (maximum) |
+ 10000 |
GB/Day of Logs |
50 |
Storage Capacity |
16 TB |
FortiGate IPS, FortiAnalyzer and FortiManager virtual machines are all available on Amazon Web Services and Microsoft Azure. In addition, FortiGate IPS is also available on Oracle Cloud, IBM Cloud and Google Cloud Platform.
Amazon Web Service
- FortiGate IPS (free trial)
- FortiGate IPS (BYOL)
- FortiAnalyzer (free trial)
- FortiAnalyzer (BYOL)
- FortiManager (BYOL)
Microsoft Azure
Oracle Cloud
IBM Cloud
Google Cloud Platform
FortiGuard Service for FortiGate IPS
FortiGate IPS is the primary user of the FortiGuard Intrusion Prevention service, but your detection, control and security posture are greatly improved with any combination of the following FortiGuard services, many of which are included in the FortiGuard bundles.
Effective best-in-class security requires timely, global intelligence combined with fast decision-making and response across all critical vectors. Fortinet offers proven and one of the most certified artificial intelligence-driven protection available in the market today powered by FortiGuard Labs.
For customers implementing FortiGates as NGFWs, here’s how FortiGuard subscriptions can help:
- Application Control: Fortinet boasts one of the largest applications database to safeguard your organization from risky application and allows you visibility and control of applications running in your network
- Intrusion Prevention: Stop unwanted attempts to access your network that target vulnerabilities and configuration gaps. We block over 10 million intrusion attempts per minute.
- Advanced Threats: Stop malicious files and payloads moving into your network with FortiGuard’s leading advanced malware, antivirus, and sandboxing capabilities. We stop over 35,000 malicious files per minute.
FortiGuard
Industry Leading AI-driven Protection and Intelligence
FortiCare
World-class Global Support and Professional Services
Mission critical security-driven networks deserve the best support available. FortiCare provides 24x7 support options to help keep your FortiGates up and running. We also have services to help you recover in the rare moments when bigger bumps seem to come out of nowhere such as our Premium RMA options with 4-hour replacements.
Want faster resolution? Choose our Advanced Support option.
Need help to get going with new deployments and integrations? FortiCare can do it, too, with Professional Services and Resident Engineers! Contact Sales to find out how.
FortiGuard Service Bundles for FortiGate
Enterprise Protection Bundle
Protection to address today's advanced threat landscape. It delivers all FortiGuard security services available for the FortiGate including: NGFW Application Control and IPS, Web Filtering, FortiCloud Sandbox, Antivirus, Mobile Security, IP Reputation & Antibotnet, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.
UTM Protection Bundle
Traditional UTM security services including NGFW Application Control and IPS, Web Filtering, Antivirus, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.
Threat Protection Bundle
Core protection technologies including: Application Control, IPS, AV, Botnet IP/Domain and Mobile Malware Service. FortiCare security services include 24x7 support.
You can find more information here.
FortiGate IPS Resources
Data sheets
Fuse Community
FortiGate IPS Demo
Try out FortiGate IPS for yourself and see all of the detection capabilities and incident monitoring possible in this world-class IPS solution.
FortiGate IPS Certification
NSS Labs Next Generation Intrusion Prevention Systems (NGIPS) 2019
NSS Labs’ Next Generation Intrusion Prevention Systems (NGIPS) focuses on security effectiveness and TCO for NGIPS solutions across selected vendors tested. The Security Value Map (SVM) shows that FortiGate NGIPS achieved a cumulative blocking rate of 99.18% for FortiGate 100F and the lowest TCO at $2 per protected Mbps. Fortinet builds world-class NGIPS appliances that requires highest possible performance, best of breed security and having another “Recommended” IPS rating from NSS Labs is just another proof point.
NSS Labs NGIPS 2018 SVM and Report
NSS Labs’ NGIPS test is the most extensive IPS test, including several tests not conducted for DCIPS, such as live drive-by-exploits (100% block rate for Fortinet), exploits against web target types, application ID and evasions (also 100% block rate for Fortinet). The FortiGate 500E and FortiGate 3000D are world-class IPS appliance, achieving “Recommended” status again with an overall Exploit block rate of 99.5% for FortiGate 500E and 99.6% for FortiGate 3000D.
- NSS Labs 2018 NGIPS SVM
- NSS Labs 2018 NGIPS Test Report FortiGate 500E
- NSS Labs 2018 NGIPS Test Report FortiGate 3000D
NSS Labs DCIPS 2018 SVM and Report
NSS Labs’ Data Center Intrusion Prevention Systems (DCIPS) focuses on data center environments, especially vulnerabilities commonly found in servers. The Security Value Map (SVM) shows that FortiGate IPS achieved the highest cumulative blocking rate at 98.73% and the lowest TCO at $3 per protected Mbps. Fortinet builds world-class IPS appliances and another “Recommended” IPS rating from NSS Labs proves this.
NSS Labs DCSG 2017 SVM and Report
NSS Labs’ DCSG test is a comprehensive Data Center Security Gateway (DCSG) test, including several tests to measure relevant security effectiveness and Intrusion Prevention (IPS) performance using live exploits including “weaponized” exploits (97.9% and 98% block rate respectively for Fortinet FortiGate 7060E and FortiGate 3000D) and resistance to evasion techniques (100% block rate for Fortinet). The FortiGate 7060E and 3000D both achieved “Recommended” status, with a leading combination of Security Effectiveness and Value per protected Megabit Per Second (Mbps) in the NSS Labs Security Value Map (SVM).
- NSS Labs 2017 DCSG SVM
- NSS Labs 2017 DCSG Test Report FortiGate 3000D
- NSS Labs 2017 DCSG Test Report FortiGate 7060E
NSS Labs Breach Prevention Systems (BPS) Test 2017
NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO
NSS Labs DCIPS 2016 SVM
NSS Labs’ Data Center Intrusion Prevention System (DCIPS) report is the industry’s most comprehensive test to date with their Security Value Map revealing that Fortinet’s FortiGate 3000D earned the highest ratings for Security Effectiveness, blocking 99.9 percent of exploits, and TCO (Total Cost of Ownership) per protected Mbps (Megabit per second).
NSS Labs 2015 Next Generation IPS Test
In 2015, NSS Labs conducted a group test of next generation IPS solutions to assess their abilities to identify both the applications and the users on their internal networks, protect the enterprise user against threats/exploits, and catch sophisticated attacks while producing as few false positives as possible. Demonstrating 99% effectiveness and superior value, Fortinet FortiGate earned the NSS Labs Recommendation.
ICSA Labs Certified: Antivirus, Corporate Firewall, IPsec, NIPS, SSL-TLS, and Web Application Firewall
FortiGate and FortiWeb products are evaluated against ICSA criteria in 6 popular Certification programs. ICSA Labs manages and sponsors security consortia that provides a forum for intelligence sharing among the leading vendors of security products. In addition, ICSA Labs publishes surveys, security industry studies, and buyer's guides for computer security products.
FortiGate IPS Alliance Partners
FortiGate IPS provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current Product Alliance Partners:
The leading provider of business-driven security management solutions, AlgoSec helps over 1,500 enterprises align security with their business processes, to make their organizations more agile, secure and compliant.
Attivo Networks is an award-winning innovator in cyber security defense. As the leader in deception-based threat detection technology, Attivo empowers continuous threat management using dynamic deceptions for the real-time detection, analysis, and accelerated response to cyber incidents.
Centrify is the leader in securing enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile, and on-premises.
FireMon solutions deliver continuous visibility into and control over network security infrastructure, policies, and risk.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.
- Fortinet – IBM Security AppScan Solution Brief
- Fortinet – IBM Security QRadar Solution Brief
- Fortinet FortiGate and IBM QRadar Deployment Guide
- FortiGate App For IBM QRadar Technical Solution Guide
- Fortinet - IBM Resilient Technical Deployment Guide
- Learn more about the Fortinet-IBM Security Alliance
Nozomi Networks is a leading provider of real-time visibility, advanced monitoring capabilities, and strong security for industrial control networks supporting critical infrastructure. Nozomi has been deployed in some of the largest industrial installations, providing some of the fastest return-on–investment in the industry.
- Solution brief
- Fortinet FortiGate and Nozomi Networks Guardian Deployment Guide
- Fortinet FortiSIEM and Nozomi Networks CMDB Deployment Guide
- ICS Security Overview & Integration Video
- Fortinet-Nozomi integration demo
ServiceNow makes work better. Our applications automate, predict, digitize and optimize business processes across IT, Customer Service, Security Operations, HR and more, for a better enterprise experience.
Tufin leads the Security Policy Orchestration market, enabling enterprises to centrally manage, visualize, and control security policies across hybrid cloud and physical network environments.
UBiqube is a vendor-agnostic provider of end-to-end network and security orchestration solutions. UBiqube’s MSActivator™ is a multi-tenant software framework enabling the design, automation, and management of services over hybrid communication infrastructures (SDN/NFV/IoT).
FortiGate IPS FAQs
Does Fortinet really build IPS technology?
Although better known for firewalls, Fortinet has built IPS products for more than 10 years, participating in NSS Labs IPS testing for the past few years and receiving “recommended” ratings with detection and blocking scores better than many of the traditional IPS vendors. Choose the IPS form factor that suits you best – either standalone IPS or IPS integrated into the firewall.
How is FortiGate IPS different from IPS offered by other firewall vendors?
IPS products that are bolted on to firewall platforms are usually an afterthought and tend to be a massive performance burden. It is not uncommon to see more than 80% performance degradation when turning IPS inspection on in many firewalls. FortiGate IPS and FortiGate firewalls were part of the inspection path from the beginning, designed with parallel path processing in all form factors and having the benefits of Security Processing Units (SPU) in hardware form. This is why FortiGate IPS was capable of 131 Gbps throughput as verified by NSS Labs on the FortiGate IPS 7060E. Value and IPS performance are not an issue for FortiGate IPS.
How are IPS and Firewalls different?
Fundamentally, a firewall is tasked with access control, based on a set of access rules. IPS is tasked with content inspection. While both try to keep bad traffic out of your network, they go about it in different ways. Firewalls can usually determine whether a network flow should be allowed into the network by discerning the application type and user information. This often requires only inspecting the first few packets in a flow or even just the packet headers. This is a good thing, making firewall inspection very efficient. In contrast, IPS needs to inspect the entire flow, in order to determine if the payload or intent of the flow is malicious. That can mean inspecting every packet or even inspection across multiple flows to fully examine payload. This is a lot more work and while firewall and IPS functions can absolutely reside on the same appliance, do not let your IPS capability be strangled by a platform that is only optimized to look for application type or user.
Can Firewalls and IPS be managed together?
Absolutely yes. FortiGate IPS and FortiGate firewalls (and several other Fortinet technologies) are managed by the same central management system – FortiManager and FortiAnalyzer – often sharing the same settings and configurations. In fact, this central management system extends across environments seamlessly with a single-pane-of-glass, from hardware to virtual machines to public cloud instances.