FortiGate: Next Generation Firewall (NGFW)

High threat protection performance with automated visibility to stop attacks

Gartner 2017 Magic Quadrant for Enterprise Firewalls
Available in:
  • Appliance
  • Virtual Machine
  • Cloud

FortiGate: Next-Generation Firewall Overview

As security architects consider how to provide comprehensive threat protection for their enterprises, including intrusion prevention, web filtering, anti-malware and application control, they face a major complexity hurdle managing these point products with no integration and lack of visibility. Gartner estimates that by 2019 80% of enterprise traffic will be encrypted and 50% of attacks targeting enterprise will be hidden in encrypted traffic.

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance including encrypted traffic. FortiGate reduces complexity with automated visibility into applications, users and network and provides security ratings to adopt security best practices. 

 

Fortigate: Next-Generation News

7/17/2018: Fortinet Receives Recommended Rating in Latest NSS Labs NGFW Report, Delivers High SSL Performance Suited for Encrypted Cloud Access.  Receives Fifth Consecutive “Recommended” Rating, Blocked 100 Percent of Evasions and Achieved Minimal Performance Degradation for SSL Inspection

___________________________________________________________________________________________________

5/01/2018: The Security Risks Presented by Complex Networks.  Regardless of the industry, vertical, or market segment they compete in, your customers’ network architectures are becoming more distributed and complex.

___________________________________________________________________________________________________

2/27/2018:  Fortinet Delivers Third Generation of Network Security with the Evolution of its Security Fabric.  FortiOS 6.0 delivers more than 200 new capabilities across Security Fabric to automate security operations and protect the digital attack surface

FortiGate: Next-Generation Firewall Videos

FortiGate Next Generation Firewall with Security Fabric Demo
An Interview with John Maddison, Fortinet SVP of Products and Solutions
FortiOS 6.0 and Security Fabric Q&A with Michael Xie

FortiGate: Next-Generation Firewall Product Details

FortiGate enterprise firewalls offer flexible deployments from the network edge to the core, data center, internal segment, and the Cloud. FortiGate enterprise firewalls leverages purpose-built security processors (SPUs) that delivers scalable performance of advanced security services like Threat Protection, SSL inspection, and ultra-low latency for protecting internal segments and mission critical environments.

FortiGate NGFW provides automated visibility into cloud applications, IoT devices and automatically discovers end to end topology view of the enterprise network. FortiGate is a core part of security fabric and validated security protect the enterprise network from known and unknown attacks. 

 

Features and Benefits

high performance icon

High-performance threat protection

Industry's highest threat protection and SSL inspection performance to protect from malware attacks hiding in encrypted traffic 
icon vulnerability

Validated security effectiveness

Independently certified and continous threat intelligence updates provide robust protection from known and unknown attacks
icon benefits secure choice

Protect mission critical applications

Highly scalable segmentation and ultra-low latency to protect network segments 
icon benefits management

Continuous risk assessment via automation

Leverage automated workflow and auditing features to deal with scarce security staff and continuously maintain compliance posture 
Icon security fabric

Security Fabric integration

Intelligently share threats across the entire digital attack surface to provide quick and automated protection 
platform support icon

Enterprise class security management

Deliver consistent security policy -- Single pane-of-glass to manage security assets irrespective of location and form factor

FortiGate: Next-Generation Firewalls Models and Specifications

FortiGate NGFW is available in many different models to meet your needs ranging from entry-level hardware appliances to ultra high-end appliances to meet the most demanding threat protection performance requirements.  This ensures that enterprise campus, core data-center, or internal segments, FortiGate can fit seamlessly into your environment.  

FortiGate: Chassis-based NGFW

Threat Protection
80 Gbps
SSL Inspection Throughput
100 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28
Threat Protection
40 Gbps
SSL Inspection Throughput
50 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28
Threat Protection
35 Gbps
SSL Inspection Throughput
50 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE/100 GE QSFP28
Threat Protection
13.5 Gbps
SSL Inspection Throughput
17 Gbps
Network Interfaces
2x 40GE QSFP+, 2x 10GE SFP+, 2x GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: Ultra high-end NGFW

Threat Protection
60 Gbps
SSL Inspection Throughput
90 Gbps
Network Interfaces
Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45
Threat Protection
100 Gbps
SSL Inspection Throughput
130 Gbps
Network Interfaces
Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: High-end NGFW

Threat Protection
20 Gbps
SSL Inspection Throughput
32 Gbps
Network Interfaces
10x 100GE QSFP28, 16x 10GE SFP+, 2x GE RJ45
Threat Protection
13.5 Gbps
SSL Inspection Throughput
30 Gbps
Network Interfaces
Multiple 40/100 GE QSFP+/QSFP28, 10 GE SFP+ and GE RJ45
Threat Protection
13 Gbps
SSL Inspection Throughput
23 Gbps
Network Interfaces
Multiple 100 GE CFP2, 40 GE QSFP+, 10 GE SFP+ and/or multiple GE SFP/RJ45 depending on variants
Threat Protection
13 Gbps
SSL Inspection Throughput
24 Gbps
Network Interfaces
Multiple 40 GE QSFP+, 10 GE SFP+ and GE SFP
Threat Protection
15 Gbps
SSL Inspection Throughput
20 Gbps
Network Interfaces
Multiple GE RJ45 and 10 GE SFP+ / GE SFP slots
Threat Protection
13 Gbps
SSL Inspection Throughput
22 Gbps
Network Interfaces
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45
Threat Protection
13 Gbps
SSL Inspection Throughput
19 Gbps
Network Interfaces
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45
Threat Protection
5.4 Gbps
SSL Inspection Throughput
11.5 Gbps
Network Interfaces
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45
Threat Protection
5.4 Gbps
SSL Inspection Throughput
12.5 Gbps
Network Interfaces
6x 10GE SFP+, , 34x GE RJ45
Threat Protection
5 Gbps
SSL Inspection Throughput
10.5 Gbps
Network Interfaces
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
Threat Protection
4 Gbps
SSL Inspection Throughput
6 Gbps
Network Interfaces
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
Threat Protection
4 Gbps
SSL Throughput Inspection
4 Gbps
Network Interfaces
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: Mid-range NGFW

Threat Protection
3 Gbps
SSL Inspection Throughput
4 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP and 10 GE SFP+ slots
Threat Protection
3 Gbps
SSL Inspection Throughput
4 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP, 10 GE SFP+ slots and bypass GE RJ45 pairs
Threat Protection
3 Gbps
SSL Inspection Throughput
3.5 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP and 10 GE SFP+ Slots
Threat Protection
4.7 Gbps
SSL Inspection Throughput
6.8 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP and 10 GE SFP+ Slots
Threat Protection
3 Gbps
SSL Throughput Inspection
6.8 Gbps
Network Interfaces
Multiple GE RJ45 and GE SFP Slots
Threat Protection
1.2 Gbps
SSL Throughput Inspection
1 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP Slots
Threat Protection
250 Mbps
SSL Throughput Inspection
190 Mbps
Network Interfaces
Multiple GE RJ45, GE SFP Slots | PoE/+ Variants

Please see the product page for more information on these and many more Product features.  

FortiGate: Entry-level NGFW

Threat Protection
270 Mbps
SSL Inspection Throughput
300 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants
Threat Protection
250 Mbps
SSL Inspection Throughput
180 Mbps
Network Interfaces
Multiple GE RJ45 | Varients with internal storage | Variants with PoE/+ interfaces
Threat Protection
200 Mbps
SSL Throughput Inspection
175 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi variants | Variants with internal storage | Variants with PoE/+ interfaces
Threat Protection
160 Mbps
SSL Throughput Inspection
185 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants | Variants with dual radios | Variants with internal storage
Threat Protection
150 Mbps
SSL Throughput Inspection
160 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants
Threat Protection
25 Mbps
SSL Throughput Inspection
18 Mbps
Network Interfaces
10x GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGuard Security Services for FortiGate: Next-Generation Firewalls

FortiGate NGFW receives continuous threat intelligence updates from FortiGuard Labs security services. Intrusion prevention, anti-malware, cloud sand-box, application control and web filtering protects enterprises from known and unknown advanced attacks.

FG Application Control

Application Control

Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications.

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

Icon cloudsandbox

FortiSandbox Cloud

FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiSandbox Cloud is fed back into preventive controls within your network—disarming the threat.

FG Antivirus

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

FG Intrusion Prevention

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

Product Category Thumb SS virus outbreak

Virus Outbreak Protection Service

FortiGuard Virus Outbreak Protection Service (VOS) closes the gap between antivirus updates with FortiCloud Sandbox analysis to detect and stop malware threats discovered between signature updates before they can spread throughout an organization. OS initiates a real-time look-up to our Global Threat Intelligence database.

Product Category Thumb SS security audit

Content Disarm & Reconstruction

Fortinet’s Credential Stuffing Defense identifies login attempts using credentials that have been compromised using an always up-to-date feed of stolen credentials. Administrators can configure their supported devices to take various actions if a suspicious login is used including logging, alerts, and blocking.

FG AntiBotnet

IP Reputation & Anti-botnet Security

The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.

 

FortiGate Service Bundle Offerings:

Enterprise Protection Bundle

Protection to address today's advanced threat landscape. It delivers all FortiGuard security services available for the FortiGate including: NGFW Application Control and IPS, Web Filtering, FortiSandbox Cloud, Antivirus, Mobile Security, IP Reputation & Antibotnet, Antispam, CASB, Industrial Security, Security Rating, Virus Outbreak Protection Service, Content Disarm & Reconstruction, and core FortiCare security services with a choice of 8x5 or 24x7 support

UTM Protection Bundle

Traditional UTM security services including Antispam, Antivirus, Content Disarm & Reconstruction, FortiSandbox Cloud, NGFW Application Control and IPS, Virus Outbreak Protection, Web Filtering, and core FortiCare security services with a choice of 8x5 or 24x7 support

Advanced Threat Protection Bundle 

Core protection technologies including: Application Control, AV, Botnet IP/Domain and Mobile Malware Service, Content Disarm & Reconstruction, FortiSandbox Cloud, IPS, Virus Outbreak Protection. FortiCare security services include 24x7 support.

FortiGate: Next-Generation Firewall Demo

FortiGate Next-Generation Firewall Demo

This full working demo lets you explore the many features of our FortiGate Next-Generation Firewall (NGFW). You’ll quickly see how FortiGate allows you to enable threat protection features such as IPS, Web-Filtering, Anti-Malware, Cloud Sand-box and SSL inspection to stop known and unknown threats. FortiGate also provides the full visibility and identifies applications, users and devices to identify issues quickly and intuitively. Be sure to check out our Security Fabric features to provide end to end topology view, security ratings based on the best practices and automation to reduce complexity. 

Access the demo

Next-Generation Firewalls | NGFW | FortiGate

NSS Labs NGFW/SSL 2018 SVM and Report

NSS Labs Next Generation Firewall (NGFW) focuses on enterprise edge and internal segments along with growing need of SSL inspection. The Security Value Map (SVM) shows that FortiGate 500E achieved high cumulative blocking rate at 99.3% and the lowest TCO at $1.68 per protected Mbps. FortiGate 500E also received high SSL inspection performance and a very minimal performance degradation based on our purpose-built security processor technology. Fortinet received fifth consecutive NSS Labs NGFW “Recommended” rating showcase the consistency and commitment to customer need.

NSS Labs DCIPS 2018 SVM and Report

NSS Labs’ Data Center Intrusion Prevention Systems (DCIPS) focuses on data center environments, especially vulnerabilities commonly found in servers. The Security Value Map (SVM) shows that FortiGate IPS achieved the highest cumulative blocking rate at 98.73% and the lowest TCO at $3 per protected Mbps. Fortinet builds world-class IPS appliances and another “Recommended” IPS rating from NSS Labs proves this.

NSS Labs DCSG 2017 SVM and Report

NSS Labs’ DCSG test is a comprehensive Data Center Security Gateway (DCSG) test, including several tests to measure relevant security effectiveness and Intrusion Prevention (IPS) performance using live exploits including “weaponized” exploits (97.9% and 98% block rate respectively for Fortinet FortiGate 7060E and FortiGate 3000D) and resistance to evasion techniques (100% block rate for Fortinet). The FortiGate 7060E and 3000D both achieved “Recommended” status, with a leading combination of Security Effectiveness and Value per protected Megabit Per Second (Mbps) in the NSS Labs Security Value Map (SVM).

NSS Labs NGFW 2017 SVM

FortiGate 3200D and 600D enterprise firewalls both offer a winning combination of security effectiveness, performance, and value, earning Fortinet its fourth consecutive NSS Labs NGFW Recommended rating. Fortinet excelled in continuous live testing, blocking 99.71% of exploits used in active attack campaigns every day and delivered the highest performance scores with 18.5 Gbps throughput and an average latency of 4.6 microseconds, regardless of packet size and including real-world traffic processing.

NSS Labs Breach Prevention Systems (BPS) Test 2017

NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO.

NSS Labs NGFW 2016 SVM

NSS Labs’ Next Generation Firewall (NGFW) real-world testing reveals that Fortinet delivers a winning combination of security, network performance, and total cost of ownership (TCO). Fortinet was nearly perfect; scoring 99.6% in overall security effectiveness. The FortiGate 3200D was rated by NSS at 19 Gbps, 37% above its data sheet specifications, with excellent TCO where the value increased based on actual performance compared to the claimed specifications.

NSS Labs 2015 Next Generation IPS Test

In 2015, NSS Labs conducted a group test of next generation IPS solutions to assess their abilities to identify both the applications and the users on their internal networks, protect the enterprise user against threats/exploits, and catch sophisticated attacks while producing as few false positives as possible. Demonstrating 99% effectiveness and superior value, Fortinet FortiGate earned the NSS Labs Recommendation.

FortiGate: Next-Generation Firewall Alliance Partners

For a complete list of all the Alliance partners go to www.fortinet.com/fabricready.

 

Below is a list of current FortiGate Next-Generation Firewall Alliance Partners:

AlgosSec
AlgosSec

The leading provider of business-driven security management solutions, AlgoSec helps over 1,500 enterprises align security with their business processes, to make their organizations more agile, secure and compliant.

Amazon Web Services
Amazon Web Services

AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.

Solution brief

Learn more on the Fortinet-AWS alliance

Arista
Arista

Arista Networks was founded to pioneer and deliver software-driven cloud networking solutions for large data center storage and computing environments.

Solution brief

Cisco
Cisco

Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected.

FireMon
FireMon

FireMon solutions deliver continuous visibility into and control over network security infrastructure, policies, and risk.

Google Cloud Platform
Google Cloud Platform

Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. Fortinet provides critical firewalling, advanced security and scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.

Solution brief

IBM
IBM

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.

Nozomi Networks
Nozomi Networks

Nozomi Networks is a leading provider of real-time visibility, advanced monitoring capabilities, and strong security for industrial control networks supporting critical infrastructure. Nozomi has been deployed in some of the largest industrial installations, providing some of the fastest return-on–investment in the industry.

Nuage Networks
Nuage Networks

Nuage Networks, a Nokia Corp subsidiary, brings a unique combination of groundbreaking technologies and unmatched networking expertise to the enterprise and telecommunications industries.

Solution brief

Oracle
Oracle

Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.

Solution brief

Tufin
Tufin

Tufin leads the Security Policy Orchestration market, enabling enterprises to centrally manage, visualize, and control security policies across hybrid cloud and physical network environments.

VMware
VMware

VMware is a global leader in cloud infrastructure and business mobility.