Skip to content Skip to navigation Skip to footer

Next-Generation Firewall (NGFW)

FortiGate NGFWs protect any edge at any scale

Gartner 2020 Magic Quadrant for Network Firewalls
Next-Generation Firewall (NGFW) banner background banner dots

Overview

FortiGate NGFWs delivers industry leading enterprise security for any edge at any scale with full visibility, and threat protection. Organizations can weave security deep into the Hybrid IT architecture, and build Security-Driven Networks to:

  1. Deliver ultra-fast security end-to-end
  2. Enable consistent real-time defense with AI/ML powered FortiGuard Services
  3. Achieve seamless user experience with Security Processing Units
  4. Improve operational efficiency and automate workflows

Delivering Enterprise Security with FortiGate Network Firewall

Fortinet NGFWs reduce cost and complexity by eliminating point products and consolidating industry-leading security capabilities. These include secure sockets layer (SSL) inspection (including TLS1.3), web filtering, and intrusion prevention (IPS) to provide full visibility and protection for any edge.

Watch Now

Fortinet Network Firewalls protect any edge at any scale with Security-Driven Networking.

Our Security-Driven Networking approach accelerates the convergence of networking and security to protect any edge, including the enterprise data center, WAN, and cloud edges—all from a single network firewall platform. Download the Fortinet Data Center Firewall Solution data sheet

 

FortiGate 1800F

The FortiGate 1800F enables high performance and dynamic Internal segmentation, and elephant flows that provide secure high-speed cloud on ramps. With high-performance IPsec encryption capabilities, enterprises can build massively scalable remote access solutions.

Learn More

FortiGate 2600F

Introducing the FortiGate 2600F Series | Next Generation Firewall

Learn More

FortiGate 4200F

The FortiGate 4200F series disrupts the network firewall marketplace with unprecedented scale and performance for next-generation firewall (NGFW) that protects hybrid and hyperscale data centers for enterprises and service providers. With VXLAN termination and re-origination, it allows enterprises to build highly scalable hybrid IT architectures.

Learn More

FortiGate 4400F

The FortiGate 4400F series introduces the world’s first Hyperscale Firewall that seamlessly enables Security-Driven Networking, manages all security risks for enterprises, and protects 5G networks. With high-port density, it offers encrypted and high-speed data center interconnects.

Learn More

FortiGate 7121F

The FortiGate 7121F series delivers industry’s highest performance for next generation firewall (NGFW) capabilities for large enterprises and service providers. With multiple high-speed interfaces, it is the first and the only NGFW that offers 400G connectivity, and a very high-port density, to provide super fast and secure data center inter-connects and high-throughput, for ideal deployments including enterprise edge, hybrid data center core, and across internal segments.

Learn More

FortiGate: Next-Generation Firewalls Models and Specifications

FortiGate NGFW is available in many different models to meet your needs ranging from entry-level hardware appliances to ultra high-end appliances to meet the most demanding threat protection performance requirements.  This ensures that enterprise campus, core data-center, or internal segments, FortiGate can fit seamlessly into your environment.  

Compare vendors and learn more about network firewall pricing

Compare Products

View by:

FortiGate: Chassis-based NGFW

Threat Protection
520Gbps
SSL Inspection Throughput
540Gbps
Interfaces
Multiple 10GE SFP+/SFP, Multiple 40GE QSFP28, Multiple 100GE QSFP28, Multiple 400GE QSFP28
Threat Protection
80 Gbps
SSL Inspection Throughput
79.9 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28
Threat Protection
40 Gbps
SSL Inspection Throughput
50 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28
Threat Protection
35 Gbps
SSL Inspection Throughput
50 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE/100 GE QSFP28
Threat Protection
13.5 Gbps
SSL Inspection Throughput
17 Gbps
Network Interfaces
2x 40GE QSFP+, 2x 10GE SFP+, 2x GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: Ultra high-end NGFW

Threat Protection
60 Gbps
SSL Inspection Throughput
90 Gbps
Network Interfaces
Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45
Threat Protection
100 Gbps
SSL Inspection Throughput
130 Gbps
Network Interfaces
Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: High-end NGFW

Threat Protection
75 Gbps
SSL Inspection Throughput
70 Gbps
Network Interfaces
Multiple 100 GE/40GE QSFP28, multiple 25GE/10 GE SFP28/SFP+, two 25G SFP28 / 10GE SFP+ HA, multiple 1 GE RJ45
Threat Protection
45 Gbps
SSL Inspection Throughput
50 Gbps
Network Interfaces
Multiple 100 GE/40GE QSFP28, multiple 25GE/10 GE SFP28/SFP+, two 10GE SFP+ HA, multiple 1 GE RJ45
Threat Protection
20 Gbps
SSL Inspection Throughput
32 Gbps
Network Interfaces
10x 100GE QSFP28, 16x 10GE SFP+, 2x GE RJ45
Threat Protection
13.5 Gbps
SSL Inspection Throughput
30 Gbps
Network Interfaces
Multiple 40/100 GE QSFP+/QSFP28, 10 GE SFP+ and GE RJ45
Threat Protection
13 Gbps
SSL Inspection Throughput
24 Gbps
Network Interfaces
Multiple 40 GE QSFP+, 10 GE SFP+ and GE SFP
Threat Protection
30 Gbps
SSL Inspection Throughput
34 Gbps
Network Interfaces
6x 100 GE QSFP28, 32x 25 GE SFP28, 2x GE RJ45
Threat Protection
57 Gbps
SSL Inspection Throughput
64 Gbps
Interfaces
Multiple 25GE/10GE SFP25/SFP+ Multiple 100GE/40GE QSFP28
Threat Protection
25 Gbps
SSL Inspection Throughput
30 Gbps
Network Interfaces
4x 100 GE QSFP28, 24x 25 GE SFP28, 2x GE RJ45
Threat Protection
17Gbps
SSL Throughput Inspection
21 Gbps
Network Interfaces
4x 40GE QSFP+, 4x 10GE RJ45, 16x 10GE/25GE SFP+/SFP28, 12x GE RJ45
Threat Protection
15 Gbps
SSL Inspection Throughput
20 Gbps
Network Interfaces
Multiple GE RJ45 and 10 GE SFP+ / GE SFP slots
Threat Protection
13 Gbps
SSL Inspection Throughput
22 Gbps
Network Interfaces
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45
Threat Protection
13 Gbps
SSL Inspection Throughput
19 Gbps
Network Interfaces
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45
Threat Protection
17 Gbps
SSL Throughput Inspection
20 Gbps
Network Interfaces
4x 100GE QSFP28, 16x 25GE SFP28 / 10GE SFP+, 16x10GE RJ45
Threat Protection
5.4 Gbps
SSL Inspection Throughput
11.5 Gbps
Network Interfaces
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45
Threat Protection
11 Gbps
SSL Throughput Inspection
17 Gbps
Network Interfaces
4x 40GE QSFP+, 20x 10GE/25GE SFP+/SFP28, 12x GE RJ45
Threat Protection
5.4 Gbps
SSL Inspection Throughput
12.5 Gbps
Network Interfaces
6x 10GE SFP+, , 34x GE RJ45
Threat Protection
9.1 Gbps
SSL Inspection Throughput
17 Gbps
Network Interfaces
Multiple 40 GE QSFP+, multiple 25GE, 10 GE SFP28/SFP+, two 10GE SFP+ HA, multiple 1 GE SFP, multiple 1 GE RJ45
Threat Protection
5 Gbps
SSL Inspection Throughput
10.5 Gbps
Network Interfaces
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
Threat Protection
4 Gbps
SSL Inspection Throughput
6 Gbps
Network Interfaces
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
Threat Protection
7.1 Gbps
SSL Throughput Inspection
10 Gbps
Network Interfaces
2x40GE QSFP+, 4x25GE SFP28, 4x10GE SFP+/SFP, 8x1GE SFP, 16xGE RJ45
Threat Protection
4 Gbps
SSL Throughput Inspection
4 Gbps
Network Interfaces
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: Mid-range NGFW

Threat Protection
3 Gbps
SSL Inspection Throughput
4 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP and 10 GE SFP+ slots
Threat Protection
7Gbps
SSL Inspection Throughput
8 Gbps
Network Interfaces
Multiple GERJ45, Multiple GE SFP, Multiple 10GE SFP+
Threat Protection
5 Gbps
SSL Inspection Throughput
4.8 Gbps
Network Interfaces
Multiple GE RJ45 and Multiple GE SFP Slots
Threat Protection Throughput
3 Gbps
SSL Throughput Inspection
4 Gbps
Network Interfaces
Multiple GE RJ45, Multiple GE SFP, Multiple 10GE SFP+
Threat Protection
1 Gbps
SSL Throughput Inspection
1 Gbps
Network Interfaces
2 x 10GE SFP+ Slots, 18 x GE RJ45 and 8x 1GE SFP and 4x GE RJ45/SFP Shared Media Pairs

Please see the product page for more information on these and many more Product features.  

FortiGate: Entry-level NGFW

Threat Protection
900 Mbps
SSL Inspection Throughput
715 Mbps
Network Interfaces
Multiple GE RJ45, GE SFP Slots, ByPass Variants
Threat Protection
250 Mbps
SSL Inspection Throughput
180 Mbps
Network Interfaces
Multiple GE RJ45 | Varients with internal storage | Variants with PoE/+ interfaces
Threat Protection
700 Mbps
SSL Throughput Inspection
630 Mbps
Network Interfaces
Multiple GE RJ45 | Variants with internal storage
Threat Protection
500 Mbps
SSL Throughput Inspection
460 Mbps
Network Interfaces
3 x GE RJ45, 2x shared media ports
Threat Protection
200 Mbps
SSL Throughput Inspection
175 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi variants | Variants with internal storage | Variants with PoE/+ interfaces
Threat Protection
160 Mbps
SSL Throughput Inspection
185 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants | Variants with dual radios | Variants with internal storage
Threat Protection
600 Mbps
SSL Throughput Inspection
310 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants
Threat Protection
150 Mbps
SSL Throughput Inspection
160 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants

Please see the branch office firewall product page for more information on these and many more Product features.  

Virtual Machines

Throughput
12 Gbps
vCPU
1x vCPU core, (up to) 2 GB RAM
Throughput
12 Gbps
vCPU
1x vCPU core, (up to) 2 GB RAM
Throughput
15 Gbps
vCPU
2x vCPU cores, (up to) 4 GB RAM
Throughput
28 Gbps
vCPU
4x vCPU cores, (up to) 6 GB RAM
Throughput
33 Gbps
vCPU
8x vCPU cores, (up to) 12 GB RAM
Throughput
36 Gbps
vCPU
16x vCPU cores, (up to) 24 GB RAM
Throughput
50 Gbps
vCPU
32x vCPU cores, (up to) 48 GB RAM
vCPU
Unlimited vCPU cores and RAM

“V” Series VMs do not include VDOM licenses by default.  VDOM licenses can be added separately.

Actual performance may vary depending on the network and system configuration.

Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled.

Threat Protection
100Gbps
IPS
170Gbps
SSL Inspection
110Gbps
Firewall Throughput
239Gbps
New Session / Second
3M
IPsec VPN Throughput
160Gbps
Threat Protection
60Gbps
IPS
110Gbps
SSL Inspection
66Gbps
Firewall Throughput
239Gbps
New Session / Second
2M
IPsec VPN Throughput
96Gbps
Threat Protection
75Gbps
IPS
94Gbps
SSL Inspection
86Gbps
Firewall Throughput
1.15Tbps
New Session / Second
1M/10M1
IPsec VPN Throughput
310Gbps
Threat Protection
45Gbps
IPS
52Gbps
SSL Inspection
50Gbps
Firewall Throughput
800Gbps
New Session / Second
1M/7M1
IPsec VPN Throughput
210Gbps
Threat Protection
30Gbps
IPS
55Gbps
SSL Inspection
34Gbps
Firewall Throughput
240Gbps
New Session / Second
950k
IPsec VPN Throughput
140Gbps
Threat Protection
25Gbps
IPS
44Gbps
SSL Inspection
30Gbps
Firewall Throughput
240Gbps
New Session / Second
850k
IPsec VPN Throughput
140Gbps
Threat Protection
17Gbps
IPS
24Gbps
SSL Inspection
20Gbps
Firewall Throughput
198Gbps
New Session / Second
1M/2M1
IPsec VPN Throughput
55Gbps
Threat Protection
9.1Gbps
IPS
13Gbps
SSL Inspection
17Gbps
Firewall Throughput
198Gbps
New Session / Second
750k/2M1
IPsec VPN Throughput
55Gbps

1 Hyperscale License

View by:

Fortinet is proud to announce that, for the second consecutive year, we have been recognized as a Customers’ Choice in the April 2021 Gartner Peer Insights ‘Voice of the Customer’: Network Firewalls report.

The Gartner Peer Insights Customers’ Choice is a recognition of vendors in this market by verified end-user professionals, taking into account both the number of reviews and the overall user ratings. To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate. 

As an integral part of the Fortinet Security Fabric, our FortiGate Next-Generation Firewalls (NGFWs) enable a Security-driven Networking approach to protect any network edge and any user at scale, while ensuring high performance. And powered by Fortinet’s custom built Security Processing Units (SPUs), FortiGate NGFWs offer the industry’s highest security compute rating.

With FortiGate NGFWs, organizations can:  

Manage internal  and external  security  risks: FortiGate NGFWs provide complete visibility into applications, threats, and networks to keep operations running and ensure business continuity. Further, network-based segmentation stops lateral threats and protects against application vulnerabilities with enhanced AI/ML powered by FortiGuard services to thwart cyberattacks.  

Achieve  optimal ROI through consolidation: FortiGate NGFWs seamlessly converge and accelerate networking and multiple security functions into a single solution to reduce cost and optimize user experience. 

Improve operational efficiency: Fortinet’s Fabric Management Center streamlines operations across Security Fabric and extends beyond to 400+ ecosystem integrations with a consolidated view to simplify enterprise-wide workflows.

Here is a small sampling of the top reviews posted by Fortinet customers on the Gartner Peer Insights website*:

★★★★★
"Stable and Reliable Firewall" —  Cloud Infrastructure Engineer  in the  Finance Industry, Firm Size: 50M-250M USD
Overall user rating: 5/5 stars
"We use FortiGate in our company's HQ and many of the branches across the country. For a company that deals mainly with sensitive customers data, we needed to make sure that our networks are protected by the best firewall solution that's available (also thanks to Gartner reviews)." 

★★★★★
Tons Of Value in a Small Package—  Director  of  IT  in the  Retail IndustryFirm Size: 500M-1B USD
Overall user rating: 5/5 stars
"We decided to deploy the full Fortinet network stack including FortiGate 60E's to all 90+ of our retail locations. We further deployed FortiGate 200E's in HA pairs to all datacenter locations. These UTM appliances are some of the best and most feature rich I have ever used." 

★★★★★
Delivered What We Were Looking For— VP, Deputy CIO in the Finance Industry, Firm Size: 1B-3B USD
Overall user rating: 5/5 stars
“Our experience with implementing this solution has been very satisfactory. We went with Fortinet for price and simplicity and have received what we were looking for." 

★★★★★
"Strong Firewall Solution That Protects Your Business Systems" — Programmer  in the  Finance Industry, Firm Size: 50M – 250M USD 
Overall user rating: 5/5 stars

"Very easy to implement and configure, especially if you already have other Fortinet products in your network they all bind in to the one "security fabric" and provide a great overview of all your network devices and events in your network. Also the price is superb for such product."

★★★★★
"NGFW That Needs To Be In Your Company" — PHP Backend Developer  in the Finance Industry, Firm Size: 50M – 250M USD 
Overall user rating: 5/5 stars
"FortiGate NGFW is the main guard of our IT infrastructure. All network goes through it. It can easily handle all our traffic. Now, most of the employees are working from home so VPN is getting hit really bad, but that is not a problem for FortiGate."

Faster time to activation is key in supporting the pace of digital innovation. FortiGuard market-leading, AI-enabled Security-as-a-Service capabilities are designed from the ground up to seamlessly work together to provide context-aware security policy and coordinated real-time attack prevention. Flexible consumption options are available across networks, endpoints, and clouds.

FortiGuard AI-enabled Security-As-A-Services

FortiGuard Security-As-A-Service Offering for Networks

Mix and match security capabilities to fit your diverse set of use cases across the organization. Attach services to the desired product across hardware, virtual machine, and as-a-service models. Our flexible purchasing options mean you can choose between a-la-cart services, optimized bundles for network-centric use cases, or go all in with our Enterprise Agreement.

Find out more here

View by:

Fuse Community


Data Sheets

Next-Generation Firewall (NGFW)

FortiGate: Next-Generation Firewall Alliance Partners

For a complete list of all the Alliance partners go to www.fortinet.com/fabricready.

Below is a list of current FortiGate Next-Generation Firewall Alliance Partners:

Product Demo

This full working demo lets you explore the many features of our FortiGate Next-Generation Firewall (NGFW). You’ll quickly see how FortiGate allows you to enable threat protection features such as IPS, Web-Filtering, Anti-Malware, Cloud Sand-box and SSL inspection to stop known and unknown threats. FortiGate also provides the full visibility and identifies applications, users and devices to identify issues quickly and intuitively. Be sure to check out our Security Fabric features to provide end to end topology view, security ratings based on the best practices and automation to reduce complexity. 

Features and Benefits

Visibility Protection

Full Visibility and Protection

Stop Ransomware, Command & Control with SSL inspection (including TLS1.3) and automated threat protection.
Consolidate and concurrently run IPS, web & video filtering, DNS security services to reduce costs and manage all risks. 
Deliver seamless user experience and security to the hybrid workforce with Zero Trust Network Acess (ZTNA).
Build ultra-scalable Security-Driven Networks to meet escalating business demands.
Share actionable threat intelligence across the entire attack surface to build a consistent end-to-end security posture. 
Build large-scale and efficient operations with an easy-to-use centralized management console.

FortiGate NGFW Use Cases

As network edges explode,  you need effective security everywhere.  With FortiGate, you can: 

security driven networking | security fabric

Security-Driven Networking

Traditional security strategies can’t keep up with the challenges of your expanding attack surface – from remote work, to mobility, to multi-cloud networks. Fortinet Security-Driven Networking addresses these challenges by tightly integrating network infrastructure with security architecture, meaning your network will remain secure as it scales and changes.

FortiGate: Next-Generation Firewall News

CRN’s 2020 Products Of The Year

Fortinet is accelerating data center security performance with its seventh-generation network processor—the NP7—which made its first appearance in the company’s FortiGate 1800 firewall earlier this year.