FortiGate: IPS

Comprehensive threat protection with a powerful intrusion prevention system

FortiGate IPS – NSS Labs Recommended Again
web product icon ips

FortiGate IPS Overview

NSS NGIPS

An intrusion prevention system (IPS) is a critical component of every network’s core security capabilities. It protects against known threats and zero-day attacks including malware and underlying vulnerabilities. Deployed inline as a bump in the wire, many solutions perform deep packet inspection of traffic at wire speed, requiring high throughput and low latency.

Fortinet delivers this technology via the industry-validated and recognized FortiGate platform. FortiGate security processors provide unparalleled high performance, while FortiGuard Labs informs industry-leading threat intelligence, which creates a proven success in protecting from known and zero-day threats. As a key component of the Fortinet Security Fabric, FortiGate IPS secures the entire end-to-end infrastructure without compromising performance.

 

FortiGate IPS: Protect Against Known and Zero-day Threats | Intrusion Prevention System

Fortinet’s FortiGate offers a comprehensive security driven network platform that delivers an industry validated solution to the enterprises. Purpose built for enterprises and designed to deliver superior security efficacy and the industry’s best IPS performance. Powered by the AI/ML driven threat intelligence from FortiGuard Labs.

Watch the video

FortiGate IPS Product Details

The evolution in network infrastructure has led to the expansion of the attack surface for known, unknown, and zero-day threats. It delivers industry-validated, consistent, and sustained performance with high security efficacy. It includes multiple inspection engines, threat intelligence feeds, and advanced threat capabilities to defend against all types of attacks. It is available as part of the FortiGate platform across hybrid infrastructures with advanced analytics and policy workflows through FortiAnalyzer. Its best-of-breed performance offers unique architecture and superior threat intelligence capabilities through FortiGuard Labs.

 

Features and Benefits

 

FortiGuard Labs

Leading threat intelligence

Comprehensive protection against known and zero-day threats, as well as targeted attacks
Virtual Patch

Virtual patching

Protect the network against exploitable vulnerabilities
top rate icon

Industry validated

Independent third-party validation for performance and security effectiveness
icon benefits spu

High performance

Innovative security processor technology provides high-performance network throughput and deep security inspection
icon sandbox

Advanced threat protection

Seamless integration – appliance or cloud service – with world-class sandboxing for advanced threats
Icon security fabric

Security Fabric integration

Integration and automation with Fortinet’s broad product portfolio and partner ecosystem
Data Protection

Encrypted traffic blindspot

Supports the latest ciphers and standards with best-in-class performance

FortiGate IPS Models and Specifications

FortiGate IPS is available in different form factors and models to meet the needs of your environment. All models offer full FortiGate IPS functionality and can be managed across all form factors in a single FortiManager-FortiAnalyzer instance.

Chassis IPS
IPS Throughput
120 Gbps
Ports
Varied
IPS Throughput
60 Gbps
Ports
Varied
IPS Throughput
60 Gbps
Ports
Varied
IPS Throughput
18 Gbps
Ports
2x 40GE QSFP+, 2x 10GE SFP+, 2x GE RJ45
Ultra high-end IPS
IPS Throughput
170 Gbps
Ports
4x 100GE QSFP28, 24x 25GE SFP28, 3x 10GE SFP+,2x GE RJ45
IPS Throughput
110 Gbps
Ports
4x 100GE QSFP28, 24x 25GE SFP28, 3x 10GE SFP+,2x GE RJ45
High-end IPS
IPS Throughput
50 Gbps
Ports
Multiple 100 GE/40GE QSFP28, multiple 25GE/10 GE SFP28/SFP+, two 10GE SFP+ HA, multiple 1 GE RJ45
IPS Throughput
32 Gbps
Ports
10x 100GE QSFP28,16x 10GE SFP+, 2x GE RJ45
IPS Throughput
30 Gbps
Ports
6x 100GE QSFP28, 16x 10GE SFP+, 2x GE RJ45
IPS Throughput
30 Gbps
Ports
4x 100GE CFP2, 4x 40GE QSFP+ 8x 10GE SFP+, 2x GE RJ45
IPS Throughput
28 Gbps
Ports
4x 40GE QSFP+, 20x 10GE SFP+/GE SFP, 8x SFP+, 2x GE RJ45
IPS Throughput
55 Gbps
Network Interfaces
6x100GE/40GE QSFP28, 30x10GE SFP/SFP+, 2xGE RJ45
IPS Throughput
44 Gbps
Network Interfaces
4x100GE/40GE QSFP 28, 22x10GE SFP/SFP+, 2xGE RJ45
IPS Throughput
TBD
Network Interfaces
4x 40GE QSFP+, 16x 25GE SFP28 / 10GE SFP+, 14x GE RJ45, 4X 10GE RJ45
IPS Throughput
26 Gbps
Ports
48x 10GE SFP+/GE SFP, 2x GE RJ45
IPS Throughput
22 Gbps
Ports
32x 10GE SFP+/GE SFP, 2x GE RJ45
IPS Throughput
23 Gbps
Ports
16x 10GE SFP+/GE SFP, 2x GE RJ45
IPS Throughput
11.5 Gbps
Ports
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45
IPS Throughput
TBD
Network Interfaces
4x 40GE QSFP+, 20x 25GE SFP28 / 10GE SFP+, 14x GE RJ45
IPS Throughput
11.5 Gbps
Ports
6x 10GE SFP+, 34x GE RJ45
IPS Throughput
18 Gbps
Network Interfaces
4x 40GE QSFP+ 12x 25GE SFP28 / 10GE SFP+, 2x 10GE SFP+ HA 8x GE SFP 18x GE RJ45
IPS Throughput
13 Gbps
Ports
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
IPS Throughput
6.8 Gbps
Ports
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
IPS Throughput
12.5 Gbps
Network Interfaces
2x40GE QSFP+ 4x25GE SFP28, 4x10GE SFP+/SFP, 8x1GE SFP, 18xGE RJ45
IPS Throughput
6 Gbps
Ports
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45
Mid-range IPS
IPS Throughput
4.2 Gbps
Ports
2x 10 GE SFP+, 8x GE SFP, 4x GE RJ45 Bypass, 22x GE RJ45
IPS Throughput
10 Gbps
Ports
8x1GE RJ45, 8x1GE SFP, 2x10G SFP+
IPS Throughput
5.2 Gbps
Ports
2x 10 GE SFP+, 10x GE RJ45, 8x GE SFP
IPS Throughput
7.8 Gbps
Ports
16x 1GE RJ45, 16x 1GE SFP
IPS Throughput
5 Gbps
Ports
18x GE RJ45, 16x GE SFP
IPS Throughput
2.2 Gbps
Ports
18x GE RJ45, 4x GE SFP
IPS Throughput
2.6 Gbps
Ports
26 1GE, 4 1GE Shared Media, 2 10GE
Threat Protection
250 Mbps
SSL Throughput Inspection
130 Mbps
Network Interfaces
Multiple GE RJ45, GE SFP Slots | PoE/+ Variants
FortiAnalyzer
Devices/VDOMs (maximum)
150
GB/Day of Logs
100
Collector Sustained Rate (logs/sec)
4500
Devices/VDOMs (maximum)
200
GB/Day of Logs
200
Collector Sustained Rate (logs/sec)
9000
Devices/VDOMs (maximum)
2000
GB/Day of Logs
600
Collector Sustained Rate (logs/sec)
27000
Devices/VDOMs (maximum)
2000
GB/Day of Logs
1000
Collector Sustained Rate (logs/sec)
45000
Devices/VDOMs (maximum)
4000
GB/Day of Logs
3000
Collector Sustained Rate (logs/sec)
60000
Devices/VDOMs (maximum)
10000
GB/Day of Logs
5000
Collector Sustained Rate (logs/sec)
90000
Devices/VDOMs (maximum)
10000
GB/Day of Logs
8300
Collector Sustained Rate (logs/sec)
150000
FortiManager
Devices/VDOMs (maximum)
30
GB/Day of Logs
2
Storage Capacity
8 TB
Devices/VDOMs (maximum)
100
GB/Day of Logs
2
Storage Capacity
12 TB
Devices/VDOMs (maximum)
300
GB/Day of Logs
2
Storage Capacity
24 TB
Devices/VDOMs (maximum)
1200
GB/Day of Logs
2
Storage Capacity
36 TB
Devices/VDOMs (maximum)
4000
GB/Day of Logs
10
Storage Capacity
48 TB
FortiGate IPS, FortiAnalyzer and FortiManager virtual machines are all supported on VMware vSphere, Citrix Xen Server, Xen, KVM, and Microsoft Hyper-V.

FortiGate IPS
IPS Throughput
1 Gbps
Ports
Up to 10
IPS Throughput
1.5 Gbps
Ports
Up to 10
IPS Throughput
3 Gbps
Ports
Up to 10
IPS Throughput
6 Gbps
Ports
Up to 10
IPS Throughput
12 Gbps
Ports
Up to 10
IPS Throughput
19 Gbps
Ports
Up to 10
FortiAnalyzer IPS
Devices/VDOMs (maximum)
10000
GB/Day of Logs
1
Storage Capacity
500 GB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+1
Storage Capacity
+500 GB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+5
Storage Capacity
+3 TB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+25
Storage Capacity
+10 TB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+100
Storage Capacity
+24 TB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+500
Storage Capacity
+48 TB
Devices/VDOMs (maximum)
10000
GB/Day of Logs
+2000
Storage Capacity
+100 TB
FortiManager IPS
Devices/VDOMs (maximum)
10
GB/Day of Logs
1
Storage Capacity
100 GB
Devices/VDOMs (maximum)
+10
GB/Day of Logs
2
Storage Capacity
200 GB
Devices/VDOMs (maximum)
+100
GB/Day of Logs
5
Storage Capacity
1 TB
Devices/VDOMs (maximum)
+1000
GB/Day of Logs
10
Storage Capacity
4 TB
Devices/VDOMs (maximum)
+ 5000
GB/Day of Logs
25
Storage Capacity
8 TB
Devices/VDOMs (maximum)
+ 10000
GB/Day of Logs
50
Storage Capacity
16 TB

FortiGate IPS, FortiAnalyzer and FortiManager virtual machines are all available on Amazon Web Services and Microsoft Azure. In addition, FortiGate IPS is also available on Oracle Cloud, IBM Cloud and Google Cloud Platform.

Amazon Web Service

Microsoft Azure

Oracle Cloud

IBM Cloud

Google Cloud Platform

FortiGuard Service for FortiGate IPS

FortiGate IPS is the primary user of the FortiGuard Intrusion Prevention service, but your detection, control and security posture are greatly improved with any combination of the following FortiGuard services, many of which are included in the FortiGuard bundles.

View FortiGuard Labs Services and Bundles.

Effective best-in-class security requires timely, global intelligence combined with fast decision-making and response across all critical vectors. Fortinet offers proven and one of the most certified artificial intelligence-driven protection available in the market today powered by FortiGuard Labs.

For customers implementing FortiGates as NGFWs, here’s how FortiGuard subscriptions can help:

  • Application Control: Fortinet boasts one of the largest applications database to safeguard your organization from risky application and allows you visibility and control of applications running in your network
  • Intrusion Prevention: Stop unwanted attempts to access your network that target vulnerabilities and configuration gaps. We block over 10 million intrusion attempts per minute.
  • Advanced Threats: Stop malicious files and payloads moving into your network with FortiGuard’s leading advanced malware, antivirus, and sandboxing capabilities. We stop over 35,000 malicious files per minute.

FortiGuard

Industry Leading AI-driven Protection and Intelligence

FortiCare

World-class Global Support and Professional Services

Mission critical security-driven networks deserve the best support available.  FortiCare provides 24x7 support options to help keep your FortiGates up and running.  We also have services to help you recover in the rare moments when bigger bumps seem to come out of nowhere such as our Premium RMA options with 4-hour replacements. 

Want faster resolution?  Choose our Advanced Support option.

Need help to get going with new deployments and integrations?  FortiCare can do it, too, with Professional Services and Resident Engineers!  Contact Sales to find out how.

   

FortiGuard Service Bundles for FortiGate

Enterprise Protection Bundle

Protection to address today's advanced threat landscape. It delivers all FortiGuard security services available for the FortiGate including: NGFW Application Control and IPS, Web Filtering, FortiCloud Sandbox, Antivirus, Mobile Security, IP Reputation & Antibotnet, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.

UTM Protection Bundle

Traditional UTM security services including NGFW Application Control and IPS, Web Filtering, Antivirus, Antispam, and core FortiCare security services with a choice of 8x5 or 24x7 support.

Threat Protection Bundle

Core protection technologies including: Application Control, IPS, AV, Botnet IP/Domain and Mobile Malware Service. FortiCare security services include 24x7 support. 

You can find more information here.

FortiGate IPS Resources

FortiGate IPS Demo

Try out FortiGate IPS for yourself and see all of the detection capabilities and incident monitoring possible in this world-class IPS solution.

FortiGate IPS Certification

 

NSS Labs Next Generation Intrusion Prevention Systems (NGIPS) 2019

NSS Labs’ Next Generation Intrusion Prevention Systems (NGIPS) focuses on security effectiveness and TCO for NGIPS solutions across selected vendors tested. The Security Value Map (SVM) shows that FortiGate NGIPS achieved a cumulative blocking rate of 99.18% for FortiGate 100F and the lowest TCO at $2 per protected Mbps. Fortinet builds world-class NGIPS appliances that requires highest possible performance, best of breed security and having another “Recommended” IPS rating from NSS Labs is just another proof point.

NSS Labs Next Generation Intrusion Prevention Systems (NGIPS) 2019

 

NSS Labs NGIPS 2018 SVM and Report

NSS Labs’ NGIPS test is the most extensive IPS test, including several tests not conducted for DCIPS, such as live drive-by-exploits (100% block rate for Fortinet), exploits against web target types, application ID and evasions (also 100% block rate for Fortinet). The FortiGate 500E and FortiGate 3000D are world-class IPS appliance, achieving “Recommended” status again with an overall Exploit block rate of 99.5% for FortiGate 500E and 99.6% for FortiGate 3000D.

NSS Labs IPS 2018

NSS Labs DCIPS 2018 SVM and Report

NSS Labs’ Data Center Intrusion Prevention Systems (DCIPS) focuses on data center environments, especially vulnerabilities commonly found in servers. The Security Value Map (SVM) shows that FortiGate IPS achieved the highest cumulative blocking rate at 98.73% and the lowest TCO at $3 per protected Mbps. Fortinet builds world-class IPS appliances and another “Recommended” IPS rating from NSS Labs proves this.

NSS Labs DCSG 2017 SVM and Report

NSS Labs’ DCSG test is a comprehensive Data Center Security Gateway (DCSG) test, including several tests to measure relevant security effectiveness and Intrusion Prevention (IPS) performance using live exploits including “weaponized” exploits (97.9% and 98% block rate respectively for Fortinet FortiGate 7060E and FortiGate 3000D) and resistance to evasion techniques (100% block rate for Fortinet). The FortiGate 7060E and 3000D both achieved “Recommended” status, with a leading combination of Security Effectiveness and Value per protected Megabit Per Second (Mbps) in the NSS Labs Security Value Map (SVM).

NSS Labs Breach Prevention Systems (BPS) Test 2017

NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO

NSS Labs DCIPS 2016 SVM

NSS Labs’ Data Center Intrusion Prevention System (DCIPS) report is the industry’s most comprehensive test to date with their Security Value Map revealing that Fortinet’s FortiGate 3000D earned the highest ratings for Security Effectiveness, blocking 99.9 percent of exploits, and TCO (Total Cost of Ownership) per protected Mbps (Megabit per second).

NSS Labs 2015 Next Generation IPS Test

In 2015, NSS Labs conducted a group test of next generation IPS solutions to assess their abilities to identify both the applications and the users on their internal networks, protect the enterprise user against threats/exploits, and catch sophisticated attacks while producing as few false positives as possible. Demonstrating 99% effectiveness and superior value, Fortinet FortiGate earned the NSS Labs Recommendation.

ICSA Labs Certified: Antivirus, Corporate Firewall, IPsec, NIPS, SSL-TLS, and Web Application Firewall

FortiGate and FortiWeb products are evaluated against ICSA criteria in 6 popular Certification programs. ICSA Labs manages and sponsors security consortia that provides a forum for intelligence sharing among the leading vendors of security products. In addition, ICSA Labs publishes surveys, security industry studies, and buyer's guides for computer security products.

FortiGate IPS Alliance Partners

FortiGate IPS provides integration with many leading IT vendors as part of the Fortinet Security Fabric.  Below is a list of current Product Alliance Partners:

FortiGate IPS FAQs

Does Fortinet really build IPS technology?

Although better known for firewalls, Fortinet has built IPS products for more than 10 years, participating in NSS Labs IPS testing for the past few years and receiving “recommended” ratings with detection and blocking scores better than many of the traditional IPS vendors. Choose the IPS form factor that suits you best – either standalone IPS or IPS integrated into the firewall.

How is FortiGate IPS different from IPS offered by other firewall vendors?

IPS products that are bolted on to firewall platforms are usually an afterthought and tend to be a massive performance burden. It is not uncommon to see more than 80% performance degradation when turning IPS inspection on in many firewalls. FortiGate IPS and FortiGate firewalls were part of the inspection path from the beginning, designed with parallel path processing in all form factors and having the benefits of Security Processing Units (SPU) in hardware form. This is why FortiGate IPS was capable of 131 Gbps throughput as verified by NSS Labs on the FortiGate IPS 7060E. Value and IPS performance are not an issue for FortiGate IPS. 

How are IPS and Firewalls different?

Fundamentally, a firewall is tasked with access control, based on a set of access rules. IPS is tasked with content inspection. While both try to keep bad traffic out of your network, they go about it in different ways. Firewalls can usually determine whether a network flow should be allowed into the network by discerning the application type and user information. This often requires only inspecting the first few packets in a flow or even just the packet headers. This is a good thing, making firewall inspection very efficient. In contrast, IPS needs to inspect the entire flow, in order to determine if the payload or intent of the flow is malicious. That can mean inspecting every packet or even inspection across multiple flows to fully examine payload. This is a lot more work and while firewall and IPS functions can absolutely reside on the same appliance, do not let your IPS capability be strangled by a platform that is only optimized to look for application type or user.

Can Firewalls and IPS be managed together?

Absolutely yes. FortiGate IPS and FortiGate firewalls (and several other Fortinet technologies) are managed by the same central management system – FortiManager and FortiAnalyzer – often sharing the same settings and configurations. In fact, this central management system extends across environments seamlessly with a single-pane-of-glass, from hardware to virtual machines to public cloud instances.