Next-Generation Firewall (NGFW)

High threat protection performance with automated visibility to stop attacks

Gartner 2019 Magic Quadrant for Network Firewalls
next-generation firewall

What is a Next-Generation Firewall?

Next-generation firewalls filter network traffic to protect an organization from external threats. Maintaining features of stateful firewalls such as packet filtering, VPN support, network monitoring, and IP mapping features, NGFWs also possess deeper inspection capabilities that give them a superior ability to identify attacks, malware, and other threats. Next-generation firewalls provide organizations with application control, intrusion prevention, and advanced visibility across the network. As the threat landscape continues to develop rapidly, traditional firewalls fall further behind and put your organization at risk. NGFWs not only block malware, but also include paths for future updates, giving them the flexibility to evolve with the landscape and keep the network secure as new threats arise.

     

Fortinet Recognized as a Leader in the Gartner Magic Quadrant for Network Firewalls | NGFW

Fortinet has been recognized as one of the Leaders among the 18 vendors included in the Gartner Magic Quadrant for Network Firewalls report for 2019.

Watch the video

FortiGate NGFW: Enterprise Firewalls

FortiGate NGFWs enable security-driven networking and consolidate industry-leading security capabilities such as intrusion prevention system (IPS), web filtering, secure sockets layer (SSL) inspection, and automated threat protection. Fortinet NGFWs meet the performance needs of highly scalable, hybrid IT architectures, enabling organizations to reduce complexity and manage security risks.

FortiGate NGFWs are powered by artificial intelligence (AI)-driven FortiGuard Labs and deliver proactive threat protection with high-performance inspection of both clear-text and encrypted traffic (including the industry’s latest encryption standard TLS 1.3) to stay ahead of the rapidly expanding threat landscape.

FortiGate NGFWs inspect traffic as it enters and leaves the network. These inspections happen at an unparalleled speed, scale, and performance and prevent everything from ransomware to DDoS attacks, without degrading user experience or creating costly downtime.

As an integral part of the Fortinet Security Fabric, FortiGate NGFWs can communicate within the comprehensive Fortinet security portfolio as well as third-party security solutions in a multivendor environment. To increase the speed of operations and response, they share threat intelligence, and improve security posture and automated workflow.

Gartner 2019 Magic Quadrant for Network Firewalls. 

Gartner called Fortinet a leader in the Network Firewall field.  See the full report to learn more about how other vendors compare to Fortinet.  Read the report

Learn more about our Next-Generation Firewall Solutions

Features and Benefits

Visibility Management

Full Visibility

Remove uncontrolled blind spots with SSL inspection of all encrypted flows, including TLS 1.3
defense icon

Threat Protection

Industry’s best-of-breed security with automated threat protection
Intelligently share threat information across the entire digital attack surface to provide quick and automated protection
Single console management automation, orchestration, and analytics
Independently certified and continuous threat intelligence updates provide robust protection from known and unknown attacks

FortiGate: Next-Generation Firewall News

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.

Learn More

FortiGate: Next-Generation Firewalls Models and Specifications

FortiGate NGFW is available in many different models to meet your needs ranging from entry-level hardware appliances to ultra high-end appliances to meet the most demanding threat protection performance requirements.  This ensures that enterprise campus, core data-center, or internal segments, FortiGate can fit seamlessly into your environment.  

Compare Products

FortiGate: Chassis-based NGFW

Threat Protection
80 Gbps
SSL Inspection Throughput
79.9 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28
Threat Protection
40 Gbps
SSL Inspection Throughput
50 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE QSFP+, 100 GE CFP2/QSFP28
Threat Protection
35 Gbps
SSL Inspection Throughput
50 Gbps
Network Interfaces
Multiple 10 GE SFP+/SFP, 40 GE/100 GE QSFP28
Threat Protection
13.5 Gbps
SSL Inspection Throughput
17 Gbps
Network Interfaces
2x 40GE QSFP+, 2x 10GE SFP+, 2x GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: Ultra high-end NGFW

Threat Protection
60 Gbps
SSL Inspection Throughput
90 Gbps
Network Interfaces
Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45
Threat Protection
100 Gbps
SSL Inspection Throughput
130 Gbps
Network Interfaces
Multiple 40/100 GE QSFP28, 1/10/25 GE SFP28, 1/10 GE SFP+ and GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: High-end NGFW

Threat Protection
35 Gbps
SSL Inspection Throughput
38 Gbps
Network Interfaces
Multiple 100 GE/40GE QSFP28, multiple 25GE/10 GE SFP28/SFP+, two 10GE SFP+ HA, multiple 1 GE RJ45
Threat Protection
20 Gbps
SSL Inspection Throughput
32 Gbps
Network Interfaces
10x 100GE QSFP28, 16x 10GE SFP+, 2x GE RJ45
Threat Protection
13.5 Gbps
SSL Inspection Throughput
30 Gbps
Network Interfaces
Multiple 40/100 GE QSFP+/QSFP28, 10 GE SFP+ and GE RJ45
Threat Protection
13 Gbps
SSL Inspection Throughput
23 Gbps
Network Interfaces
Multiple 100 GE CFP2, 40 GE QSFP+, 10 GE SFP+ and/or multiple GE SFP/RJ45 depending on variants
Threat Protection
13 Gbps
SSL Inspection Throughput
24 Gbps
Network Interfaces
Multiple 40 GE QSFP+, 10 GE SFP+ and GE SFP
Threat Protection
30 Gbps
SSL Inspection Throughput
34 Gbps
Network Interfaces
6x 100 GE QSFP28, 32x 25 GE SFP28, 2x GE RJ45
Threat Protection
23 Gbps
SSL Inspection Throughput
30 Gbps
Network Interfaces
4x 100 GE QSFP28, 24x 25 GE SFP28, 2x GE RJ45
Threat Protection
17Gbps
SSL Throughput Inspection
21 Gbps
Network Interfaces
4x 40GE QSFP+, 4x 10GE RJ45, 16x 10GE/25GE SFP+/SFP28, 12x GE RJ45
Threat Protection
15 Gbps
SSL Inspection Throughput
20 Gbps
Network Interfaces
Multiple GE RJ45 and 10 GE SFP+ / GE SFP slots
Threat Protection
13 Gbps
SSL Inspection Throughput
22 Gbps
Network Interfaces
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45
Threat Protection
13 Gbps
SSL Inspection Throughput
19 Gbps
Network Interfaces
Multiple 10 GE SFP+ | Multiple GE SFP and GE RJ45
Threat Protection
5.4 Gbps
SSL Inspection Throughput
11.5 Gbps
Network Interfaces
10x 10GE SFP+, 2x 10GE SFP+ bypass, 34x GE RJ45
Threat Protection
11 Gbps
SSL Throughput Inspection
17 Gbps
Network Interfaces
4x 40GE QSFP+, 20x 10GE/25GE SFP+/SFP28, 12x GE RJ45
Threat Protection
5.4 Gbps
SSL Inspection Throughput
12.5 Gbps
Network Interfaces
6x 10GE SFP+, , 34x GE RJ45
Threat Protection
9.1 Gbps
SSL Inspection Throughput
17 Gbps
Network Interfaces
Multiple 40 GE QSFP+, multiple 25GE, 10 GE SFP28/SFP+, two 10GE SFP+ HA, multiple 1 GE SFP, multiple 1 GE RJ45
Threat Protection
5 Gbps
SSL Inspection Throughput
10.5 Gbps
Network Interfaces
8x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
Threat Protection
4 Gbps
SSL Inspection Throughput
6 Gbps
Network Interfaces
4x 10GE SFP+/GE SFP, 16x GE SFP, 18x GE RJ45
Threat Protection
7.1 Gbps
SSL Throughput Inspection
10 Gbps
Network Interfaces
2x40GE QSFP+, 4x25GE SFP28, 4x10GE SFP+/SFP, 8x1GE SFP, 16xGE RJ45
Threat Protection
4 Gbps
SSL Throughput Inspection
4 Gbps
Network Interfaces
2x 10 GE SFP+, 16x GE SFP, 18x GE RJ45

Please see the product page for more information on these and many more Product features.  

FortiGate: Mid-range NGFW

Threat Protection
3 Gbps
SSL Inspection Throughput
4 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP and 10 GE SFP+ slots
Threat Protection
3 Gbps
SSL Inspection Throughput
4 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP, 10 GE SFP+ slots and bypass GE RJ45 pairs
Threat Protection
7Gbps
SSL Inspection Throughput
8 Gbps
Network Interfaces
Multiple GERJ45, Multiple GE SFP, Multiple 10GE SFP+
Threat Protection
4.7 Gbps
SSL Inspection Throughput
5.7 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP and 10 GE SFP+ Slots
Threat Protection
5 Gbps
SSL Inspection Throughput
4.8 Gbps
Network Interfaces
Multiple GE RJ45 and Multiple GE SFP Slots
Threat Protection
3 Gbps
SSL Throughput Inspection
3.9 Gbps
Network Interfaces
Multiple GE RJ45 and GE SFP Slots
Threat Protection
1.2 Gbps
SSL Throughput Inspection
1 Gbps
Network Interfaces
Multiple GE RJ45, GE SFP Slots
Threat Protection
1 Gbps
SSL Throughput Inspection
1 Gbps
Network Interfaces
2 x 10GE SFP+ Slots, 18 x GE RJ45 and 8x 1GE SFP and 4x GE RJ45/SFP Shared Media Pairs
Threat Protection
250 Mbps
SSL Throughput Inspection
130 Mbps
Network Interfaces
Multiple GE RJ45, GE SFP Slots | PoE/+ Variants

Please see the product page for more information on these and many more Product features.  

FortiGate: Entry-level NGFW

Threat Protection
900 Mbps
SSL Inspection Throughput
715 Mbps
Ports
Multiple GE RJ45, GE SFP Slots, ByPass Variants
Threat Protection
250 Mbps
SSL Inspection Throughput
180 Mbps
Network Interfaces
Multiple GE RJ45 | Varients with internal storage | Variants with PoE/+ interfaces
Threat Protection
700 Mbps
SSL Throughput Inspection
750 Mbps
Network Interfaces
Multiple GE RJ45 | Variants with internal storage
Threat Protection
200 Mbps
SSL Throughput Inspection
175 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi variants | Variants with internal storage | Variants with PoE/+ interfaces
Threat Protection
160 Mbps
SSL Throughput Inspection
185 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants | Variants with dual radios | Variants with internal storage
Threat Protection
600 Mbps
SSL Throughput Inspection
310 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants
Threat Protection
150 Mbps
SSL Throughput Inspection
160 Mbps
Network Interfaces
Multiple GE RJ45 | WiFi Variants
Threat Protection
25 Mbps
SSL Throughput Inspection
18 Mbps
Network Interfaces
10x GE RJ45

Please see the branch office firewall product page for more information on these and many more Product features.  

Virtual Machines

Throughput
12 Gbps
vCPU
1x vCPU core, (up to) 2 GB RAM
Throughput
12 Gbps
vCPU
1x vCPU core, (up to) 2 GB RAM
Throughput
15 Gbps
vCPU
2x vCPU cores, (up to) 4 GB RAM
Throughput
28 Gbps
vCPU
4x vCPU cores, (up to) 6 GB RAM
Throughput
33 Gbps
vCPU
8x vCPU cores, (up to) 12 GB RAM
Throughput
36 Gbps
vCPU
16x vCPU cores, (up to) 24 GB RAM
Throughput
50 Gbps
vCPU
32x vCPU cores, (up to) 48 GB RAM
vCPU
Unlimited vCPU cores and RAM

“V” Series VMs do not include VDOM licenses by default.  VDOM licenses can be added separately.

Actual performance may vary depending on the network and system configuration.

Performance metrics were observed using a DELL R740 (CPU Intel Xeon Platinum 8168 2.7 GHz, Intel X710 network adapters), running FOS v5.6.3. Tested with VMware vSphere 6.5 Enterprise Plus. SR-IOV is enabled.

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.

Learn More

Fortinet Customers and Partners emphasize the value-proposition of FortiGate Next-Generation Firewalls in Gartner Peer Insights Reviews for Network Firewalls.

FortiGate Next-Generation Firewalls offer flexible deployments from the network edge to the core, data center, internal segments, and to multiple clouds, leveraging purpose-built security processors (SPUs) that deliver high performance of advanced security services like threat protection, SSL inspection, IPS without fearing degradation for mission-critical environments. FortiGate NGFW provide seamless integration with multiple clouds and allow secure delivery of business applications and services.

FortiGate NGFW provides automated and full visibility into all internal segments, applications, and network flows to detect and remediate any malware and pave the way for consistent security policies irrespective of the location of assets. FortiGate NGFW was the first vendor to offer the support for the latest standard of encryption called TLS 1.3 that provides a stronger security framework and make Fortinet customers future ready.

FortiGate NGFW has received 6th consecutive “Recommended” rating in NSS Labs 2019 NGFW Group Test and continue to earn positive feedback from users on Gartner Peer Insights.

Here is what some of our customers had to say about FortiGate NGFW.

 

★★★★★
“Great Product That Is Full Of Features With An Intuitive UI”

“Great product that is full of features with an intuitive UI. It is a one stop shop for most of our perimeter security needs.”

– CIO, Finance

★★★★★
“Rule Creation And Assignation Is Very Simple, You'll Love NGFW And The Ease Of Use”

“Fortigate NGFW has enough features to enable any company with the latest technology. It can be used for many purposes, and the integration with the ecosystem is fantastic. NGFW also allows you to create and customize policies based on roles, locations, and departments. Your system administrators will love the easy to use of this tool.”

– Analyst, Healthcare

★★★★★
“If You Deploy And Install It, Immediately Forget About Intrusions And Attack Attempts”

“Fortinet is undoubtedly synonymous with success, stability, solidity and quality. Since we implemented the Fortigate solutions in the company with an NGFW scenario (i.e. new generation firewall) we immediately appreciated all that this firewall had more to offer than the previous one, navigation and management of individual rules (or even massively ) is very orderly and intuitive, the performances are truly amazing compared to the cost of the individual devices, they have an excellent failover protocol and they natively support the active-active mode of the high availability feature so as to perform autonomously and transparently load balancing the load.”

– Head Of Cybersecurity, Services

★★★★★
“Comprehensive And Stable Product For Protection”

“This product provides comprehensive protection from web filtering to Data Lake with good performance. Its deployment process is so easy and less source usage is one of the best features. You can define rules fast and run the scenarios. We can say that this product is very stable.”

– Industrial Engineer, Manufacturing

★★★★★
“Best Protection Against Advanced Threats !!”

“Fortigate provides best protection against Advanced threats, we have been using fortigate very long time as our primary Perimeter firewall, which works fine for us, helps to connect all our branch network with head-office. Also provides us with secure-remote access facility via VPN connections. implementation is not much hard, i think our team completed with in two hours time. lot of great features are there. Real time traffic monitoring are VPN client creation are really helpful for any type of organizations. Very user friendly interface. not difficult for beginners also. overall our experience with fortigate is very good.”

– Consultant, Finance

★★★★★
“Fortinet Has Done The Job, ROI Has Come True For Our Investment And With Lower Opex”

“Fortinet solution has been a great platform for our IT security, branches communication, network segmentation and VPN administration.”

– IT Manager, Finance

★★★★★
“Fortigate NG Firewall, very good for use in Education Sector K1-12 based on my experience”

“Easy to deploy and migration, Firewall rule is not messy if compare to the previous product i ever use such as iptable. GUI management is simple, easy to undestand i spend only 3hour to setup the same scenario to my previous firewall. one more thing, its very very stable, i can run one month without reboot at all.

– CTO, Education

★★★★★
“Very useful NGFW solution”

“It's very easy to use, installation and operation. Totally web based GUI meets your needs. If you need some detailed configuration you can use CLI over web page or SSH connection. Configuration pages responds quickly. You can use firewall, IPS, antivirus, web filtering, DNS filtering, application filtering and HTTPS inspection features easily.”

– Network & Security Engineer, Finance

★★★★★
“A complete and versatile security platform and carrier class expertise by Fortinet”

“Fortinet provides a broad set of security solution that ranges from state of the art UTM firewall to managed secure wifi and OTP services, this allowed us to implement quickly new services, leveraging devices already deployed in our network infrastructure. Moreover, availability of feature parity virtual appliances enable smooth transition towards SDN/NFV transformation.”

– Senior Data Network Designer, Communications

★★★★★
“Firewall implementation with analyzer”

“get visibility into your firewall rules and optimise them to get the best out of your firewall. Automate firewall rule administration and perform in depth impact analysis.”

– Manager, Communications

★★★★★
“A Well Built Solution For The Protection Of Any Organization”

“Best experience we have had with a firewall was with FortiGate. It provides countless, important features from simplest ones, such as Anti Virus, web filtering, to more advanced features, such as Data Leak Prevention (DLP) and Internet Content Adaptation Protocol (ICAP). As a firewall it can provide protection from the internet as well as among different different networks. It has few pricing options that covers all the different size organizations and has an efficient 24 hour support crew to solve any issue that the customer might face. To list some of the popular features of this famous firewall, it provides virtual private network (VPN) capability, network access controlling, identification and notification while accessing or downloading potentially harmful, complete control over the network traffic based on applications or users, anti spam, SSL inspection, DNS filtering, intrusion prevention and provides a comprehensive overview of the network traffic.”

– Analyst, Services

 
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.

Next-Generation Firewall Use Cases

Reducing complexity by consolidating products to save costs is a top concern for many enterprises. Equally important is ensuring secure access of resources from private and public clouds without the fear of encrypted malware. Achieving granular visibility of devices, users, real-time threat information, and automation are paramount to ensuring that attacks are handled in a timely manner.  

Reduce Complexity

Consolidate products and services to reduce complexity. With industry-leading threat protection and FortiGuard Labs services, you can reduce costs and maximize your return on investment (ROI).

Encrypted Cloud Access

Achieve comprehensive visibility and policy controls by inspecting all types of traffic, from clear-text to encrypted, and implement intrusion prevention system (IPS) protection.

Visibility and Automation

Gain access to network and security events for contextual visibility, and simplify operations with automated processes.

Intent-based Segmentation Use Cases

Intent-based segmentation allows network operators to create security domains or segments based in accordance with business intent. Intent-based segmentation is the ability to deploy threat protection wherever it is needed, both on-premises and in all cloud instances, to reduce risk, achieve compliance, and protect business-critical applications.

Reduce Attack Surface

Effectively manage attack vectors with microsegments, industry-leading threat protection, and FortiGuard Labs services.

Regulatory Compliance

Meet compliance and regulatory requirements, such as PCI DSS, PII, HIPPA, and GDPR.

Trusted Application Access

Improve your security posture by securing business applications and implementing adaptive access control.

FortiGuard Security Services for FortiGate: Next-Generation Firewalls

FortiGate next-generation firewalls (NGFWs) are the backbone for a security-driven network.  Given the mission-critical role these play in any environment, Fortinet fortifies our leading NGFW's with best-in-class security, support, and cloud-based automation and management. 

Read on to find out how Fortinet subscriptions and services can help you get the most out of your FortiGate NGFW's:

Effective best-in-class security requires timely, global intelligence combined with fast decision-making and response across all critical vectors. Fortinet offers proven and one of the most certified artificial intelligence-driven protection available in the market today powered by FortiGuard Labs.

For customers implementing FortiGates as NGFWs, here’s how FortiGuard subscriptions can help:

  • Application Control: Fortinet boasts one of the largest applications database to safeguard your organization from risky application and allows you visibility and control of applications running in your network
  • Intrusion Prevention: Stop unwanted attempts to access your network that target vulnerabilities and configuration gaps. We block over 10 million intrusion attempts per minute.
  • Advanced Threats: Stop malicious files and payloads moving into your network with FortiGuard’s leading advanced malware, antivirus, and sandboxing capabilities. We stop over 35,000 malicious files per minute.

FortiGuard

Industry Leading AI-driven Protection and Intelligence

FortiCare

World-class Global Support and Professional Services

Mission critical security-driven networks deserve the best support available.  FortiCare provides 24x7 support options to help keep your FortiGates up and running.  We also have services to help you recover in the rare moments when bigger bumps seem to come out of nowhere such as our Premium RMA options with 4-hour replacements. 

Want faster resolution?  Choose our Advanced Support option.

Need help to get going with new deployments and integrations?  FortiCare can do it, too, with Professional Services and Resident Engineers!  Contact Sales to find out how.

Delivering world-class security is not all that we do! We can help our customers lower their total cost of ownership (TCO) and simplify day-to-day security operations through our FortiOps services, which provide cloud-based management, visibility, and automation across their Fortinet Security Fabric.

FortiOps

Cloud-based Management, Visibility, and Operations

Pro-Tips

  • Keep it simple and save some money too! Choose the Unified Protection Bundle for your FortiGates that includes 24x7 FortiCare, all the FortiGuard Services you see here, and more. Customers looking to also lower their TCO can add FortiOps options a-la-carte or order the Enterprise Protection Bundle for the most comprehensive and cost-effective protection and operations for their NGFW.
  • Don’t forget to add FortiCare Advanced Support and Premium RMA for the fastest way to recover from unexpected bumps. We have global team of experts standing by to assist you and global depots to get you parts fast!

Resources

Fuse Community


Product Demo

This full working demo lets you explore the many features of our FortiGate Next-Generation Firewall (NGFW). You’ll quickly see how FortiGate allows you to enable threat protection features such as IPS, Web-Filtering, Anti-Malware, Cloud Sand-box and SSL inspection to stop known and unknown threats. FortiGate also provides the full visibility and identifies applications, users and devices to identify issues quickly and intuitively. Be sure to check out our Security Fabric features to provide end to end topology view, security ratings based on the best practices and automation to reduce complexity. 

NSS Labs Next Generation Intrusion Prevention Systems (NGIPS) 2019

NSS Labs’ Next Generation Intrusion Prevention Systems (NGIPS) focuses on security effectiveness and TCO for NGIPS solutions across selected vendors tested. The Security Value Map (SVM) shows that FortiGate NGIPS achieved a cumulative blocking rate of 99.18% for FortiGate 100F and the lowest TCO at $2 per protected Mbps. Fortinet builds world-class NGIPS appliances that requires highest possible performance, best of breed security and having another “Recommended” IPS rating from NSS Labs is just another proof point.

NSS Labs Next Generation Intrusion Prevention Systems (NGIPS) 2019

 

NSS Labs 2019 NGFW Group Test Results


With these reports, you can see Fortinet’s NGFW strong performance results that were conducted with new traffic mix (70% HTTPS + 30% HTTP) . Fortinet’s NGFW demonstrated high NGFW/SSL performance and low TCO.

Please review the comparative reports to learn more:

 

NSS Labs Breach Prevention Systems (BPS) Test 2019

NSS Labs BPS focuses on both detecting and blocking of exploits, advanced malware, and evasions which is critical in reducing the risk of breaches. This test helps emphasize the importance in the automation of the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Breach Protection tested solution consists of FortiSandbox, FortiGate, and FortiClient integrated together, earned a Recommended award by achieving an overall Security Effectiveness of 97.8% and offering the lowest 3-year TCO.

 

NSS Labs NGFW/SSL 2018 SVM and Report

NSS Labs Next Generation Firewall (NGFW) focuses on enterprise edge and internal segments along with growing need of SSL inspection. The Security Value Map (SVM) shows that FortiGate 500E achieved high cumulative blocking rate at 99.3% and the lowest TCO at $2.00 per protected Mbps. FortiGate 500E also received high SSL inspection performance and a very minimal performance degradation based on our purpose-built security processor technology. Fortinet received fifth consecutive NSS Labs NGFW “Recommended” rating showcase the consistency and commitment to customer need.

NSS labs 2018 SVM diagram

NSS Labs NGFW 2018 Comparative Reports

NSS Labs NGFW Comparative reports provide detailed comparison of all 10 participated vendors for security, performance and total cost of ownership (TCO). With these reports, you can compare Fortinet’s outstanding results with Palo Alto Networks, Checkpoint, Cisco and many other vendors. In several areas, Fortinet showcased the best results:  

  • High SSL Inspection Performance with industry's least performance degradation
  • Fortinet delivered 100% block rate for live exploits
  • Fortinet showcased highest value among all vendors
  • NGFW performance is 30% better than claimed in data sheet
  • Fortinet delivered best ultra-low latency across different packet sizes

Security - NGFW Comparative Report

Performance - NGFW Comparative Report

TCO - NGFW Comparative Report

SVM - NGFW Comparative Report

NSS Labs DCIPS 2018 SVM and Report

NSS Labs’ Data Center Intrusion Prevention Systems (DCIPS) focuses on data center environments, especially vulnerabilities commonly found in servers. The Security Value Map (SVM) shows that FortiGate IPS achieved the highest cumulative blocking rate at 98.73% and the lowest TCO at $3 per protected Mbps. Fortinet builds world-class IPS appliances and another “Recommended” IPS rating from NSS Labs proves this.

NSS Labs DCSG 2017 SVM and Report

NSS Labs’ DCSG test is a comprehensive Data Center Security Gateway (DCSG) test, including several tests to measure relevant security effectiveness and Intrusion Prevention (IPS) performance using live exploits including “weaponized” exploits (97.9% and 98% block rate respectively for Fortinet FortiGate 7060E and FortiGate 3000D) and resistance to evasion techniques (100% block rate for Fortinet). The FortiGate 7060E and 3000D both achieved “Recommended” status, with a leading combination of Security Effectiveness and Value per protected Megabit Per Second (Mbps) in the NSS Labs Security Value Map (SVM).

NSS Labs NGFW 2017 SVM

FortiGate 3200D and 600D enterprise firewalls both offer a winning combination of security effectiveness, performance, and value, earning Fortinet its fourth consecutive NSS Labs NGFW Recommended rating. Fortinet excelled in continuous live testing, blocking 99.71% of exploits used in active attack campaigns every day and delivered the highest performance scores with 18.5 Gbps throughput and an average latency of 4.6 microseconds, regardless of packet size and including real-world traffic processing.

NSS Labs Breach Prevention Systems (BPS) Test 2017

NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO.

NSS Labs NGFW 2016 SVM

NSS Labs’ Next Generation Firewall (NGFW) real-world testing reveals that Fortinet delivers a winning combination of security, network performance, and total cost of ownership (TCO). Fortinet was nearly perfect; scoring 99.6% in overall security effectiveness. The FortiGate 3200D was rated by NSS at 19 Gbps, 37% above its data sheet specifications, with excellent TCO where the value increased based on actual performance compared to the claimed specifications.

NSS Labs 2015 Next Generation IPS Test

In 2015, NSS Labs conducted a group test of next generation IPS solutions to assess their abilities to identify both the applications and the users on their internal networks, protect the enterprise user against threats/exploits, and catch sophisticated attacks while producing as few false positives as possible. Demonstrating 99% effectiveness and superior value, Fortinet FortiGate earned the NSS Labs Recommendation.

FortiGate: Next-Generation Firewall Alliance Partners

For a complete list of all the Alliance partners go to www.fortinet.com/fabricready.

Below is a list of current FortiGate Next-Generation Firewall Alliance Partners: