Fortinet产品手册

美国FORTINET 公司系列产品技术手册V4.0版2004年7月北京办事处地址:北京市海淀区中关村南大街２号数码大厦Ｂ座９０３室　邮编１０００８６　电话：（010）8251 2622 传真：（010）8251 2630网站：Fortinet 内部资料2004年目 录1． 公司介绍.................................................................................................................................................................4 1.1 公司背景............................................................................................................................................................4 1.2 产品简介............................................................................................................................................................4 1.3 关键技术............................................................................................................................................................4 1.4 总裁介绍............................................................................................................................................................5 1.5 业务范围 (5)2. 产品系列介绍 (6)2.1 F ORTI G ATE -50A................................................................................................................................................7 2.2 F ORTI G ATE -60...................................................................................................................................................7 2.3 F ORTI G ATE -100.................................................................................................................................................7 2.4 F ORTI G ATE -200.................................................................................................................................................8 2.5 F ORTI G ATE -300.................................................................................................................................................8 2.6 F ORTI G ATE -400.................................................................................................................................................9 2.7 F ORTI G ATE -500.................................................................................................................................................9 2.8 F ORTI G ATE -800...............................................................................................................................................10 2.9 F ORTI G ATE -1000............................................................................................................................................10 2.10 F ORTI G ATE -3000............................................................................................................................................10 2.11 F ORTI G ATE -3600............................................................................................................................................11 2.12 F ORTI G ATE -4000............................................................................................................................................12 2.13 F ORTI G ATE -5000............................................................................................................................................13 2.14 F ORTI M ANAGER 系统. (13)3. 产品功能和特点 (14)3.1 病毒防火墙新理念........................................................................................................................................14 3.2 F ORTI G ATE 系列.............................................................................................................................................14 3.3 基于网络的防病毒........................................................................................................................................15 3.4 分区域安全管理的特色...............................................................................................................................15 3.5 VPN 功能..........................................................................................................................................................15 3.6 防火墙功能.....................................................................................................................................................16 3.7 独特的内容过滤.............................................................................................................................................16 3.8 基于网络IDS 的/IDP 功能.............................................................................................................................16 3.9 VPN 远程客户端软件....................................................................................................................................17 3.10F ORTI ASIC F 技术和ORTI OS 操作系统 (17)3.10.1 高性能并行处理................................................................................................17 3.10.2 实时体系结构...................................................................................................17 3.10.3 实时内容级智能................................................................................................17 3.10.4 提供分区间安全的虚拟系统支撑.......................................................................18 3.10.5 高可用性(HA)...................................................................................................18 3.11 F ORTI G ATE 提供整体解决方案. (18)4.FORTIGATE 防火墙典型应用方案..................................................................................................................19 4.1 中小型企业防火墙应用...............................................................................................................................19 4.2 中大型企业防火墙应用...............................................................................................................................20 4.3 分布型企业防火墙应用...............................................................................................................................21 4.4 校园网安全部署应用....................................................................................................................................22 5. 销售许可证和认证证书. (23)5.1 公安部硬件防火墙销售许可证..................................................................................................................23 5.2公安部病毒防火墙销售许可证 (23)5.3中国信息安全产品测评认证中心 (24)5.4计算机世界推荐产品奖 (24)5.5中国 (24)5.6ICSA认证证书 (25)5.7在美国获奖 (26)6.技术支持方式 (27)6.1北京办事处技术支持 (27)6.1.1 技术支持、售后服务及人员培训 (27)6.1.2 服务组织结构 (27)6.1.3 技术咨询和培训 (27)6.2F ORTI P ROTECT防护服务中心 (27)6.3F ORT P ROTECT安全防护小组 (28)6.4F ORTI P ROTECT推进式网络 (28)7.说明 (29)7.1附件：公司与产品介绍资料 (29)7.2联系我们 (29)Fortinet 内部资料2004年1．公司介绍1.1 公司背景美国Fortinet(飞塔)公司是新一代的网络安全设备的技术引领厂家。

FortiGate® Multi-Threat SecurityFirewall • VPN • Antivirus • Intrusion Prevention • Antispam • Web Filtering • Traffic Shapingfound on should be consulted for the most updated specifications.performance may vary depends on network traffic and environment.Managing & Analyzing • Secure Messaging • Database & Web Security• Endpoint Security Software • Security and Support ServicesCopyright© 2010 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may affect performance results, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600.BRO103-R27-201101S e c u r i t y • P e r f o r m a n c e • C o s t • F l e x i b i l i t yF o r t i n e t ® i s t h e p i o n e e r a n d l e a d i n g p r o v i d e r o f i n t e g r a t e d n e t w o r k s e c u r i t y s o l u t i o n s t h a t p r o t e c t y o u r n e t w o r k a g a i n s t t o d a y ’s c o n s t a n t l y c h a n g i n g t h r e a t s . F o r t i n e t p r o v i d e s s o l u t i o n s f o r t h e w o r l d 's l a r g e s t o r g a n i z a t i o n s , l i k e l a r g e e n t e r p r i s e s a n d s e r v i c e p r o v i d e r s , t o s m a l l o f f i c e s w i t h 25 u s e r s —a n d e v e r y s i z e i n b e t w e e n . U n l i k e p r o v i d e r s o f p o i n t p r o d u c t s , F o r t i n e t o f f e r s a n i n n o v a t i v e s e c u r i t y p l a t f o r m t h a t i n c o r p o r a t e s t h e e s s e n t i a l s e c u r i t y a p p l i c a t i o n s a n d s e r v i c e s r e q u i r e d t o e n a b l e a s a f e a n d c l e a n c o m m u n i c a t i o n s e n v i r o n m e n t r e g a r d l e s s o f s i z e . F o r t i n e t d e l i v e r s•B e t t e r s e c u r i t y b y p r o v i d i n g a c o m p r e h e n s i v e m u l t i -t h r e a t s e c u r i t y s o l u t i o n • H i g h e r p e r f o r m a n c e t h r o u g h A S IC -a c c e l e r a t i o n •L o w e r t o t a l c o s t o f o w n e r s h i p (O p E x a n d C a p E x ) b y i n t e g r a t i n g b e s t -o f -b r e e d s e c u r i t y a p p l i c a t i o n s i n t o a s i n g l e d e v i c eF o r t i n e t p r o t e c t i o n s o l u t i o n s i n c l u d e a r a n g e o f h i g h -e n d c h a s s i s b a s e d s y s t e m s , a p p l i a n c e -b a s e d s o l u t i o n s , a n d m a n a g e m e n t a n d r e p o r t i n g t o o l s . T h e s e c a p a b i l i t i e s a l l o w o u r c u s t o m e r s t o c o s t -e f f e c t i v e l y p r o t e c t t h e i r c r i t i c a l a s s e t s w h i l e d e l i v e r i n g u n p a r a l l e l e d f l e x i b i l i t y i n d e p l o y m e n t .F o r t i n e t i s t h e o n l y u n i f i e d s e c u r i t y s o l u t i o n s p r o v i d e r t h a t o w n s a l l o f i t s t e c h n o l o g y . F o r t i n e t s o l u t i o n s w e r e b u i l t f r o m t h e g r o u n d u p b y F o r t i n e t t o i n t e g r a t e m u l t i p l e l e v e l s o f s e c u r i t y p r o t e c t i o n —i n c l u d i n g f i r e w a l l , a n t i v i r u s , i n t r u s i o n p r e v e n t i o n , V P N , s p y w a r e p r e v e n t i o n , W e b f i l t e r i n g , a n t i s p a m a n d t r a f f i c s h a p i n g —p r o v i d i n g c u s t o m e r s a w a y t o p r o t e c t a g a i n s t m u l t i p l e t h r e a t s t o d a y a n d i n t o t h e f u t u r e .C o n t a c t y o u r A u t h o r i z e d F o r t i P a r t n e r o r v i s i t w w w .f o r t i n e t .c o m /p a r t n e r s t o f i n d a F o r t i P a r t n e r n e a r y o u .F o r t i n e t I n c o r p o r a t e d | 1090 K i f e r R o a d , S u n n y v a l e , C A 94086 U S A T e l +1-408-235-7700 F a x +1-408-235-7737 | w w w .f o r t i n e t .c o m /s a l e sF o r t i O S ™ O p e r a t i n g S y s t e m : D e v e l o p e d f o r S e c u r i t yF o r t i n e t ’s F o r t i O S w a s d e v e l o p e d w i t h s e c u r i t y a n d p e r f o r m a n c e a s t o p p r i o r i t i e s . F o r t i O S f e a t u r e s f u l l r o u t i n g (BG P , O S P F , R I P ), c o m p l e t e l o g g i n g a n d a u d i t i n g c a p a b i l i t i e s f o r f o r e n s i c a n a l y s i s , g r a n u l a r V i r t u a l S e c u r i t y D o m a i n (V D O M ) s u p p o r t , a n d a c o m p l e t e c o m m a n d l i n e i n t e r f a c e (C L I ). N o t h i r d p a r t y s o f t w a r e a p p l i c a t i o n s a r e i n c l u d e d t h a t c o u l d l e a d t o a v u l n e r a b i l i t y . I t i s C o m m o n C r i t e r i a C e r t i fi e d E A L 4+ a n d F e d e r a l I n f o r m a t i o n P r o c e s s i n g S t a n d a r d (F I P S ) 140-2 v a l i d a t e d .F o r t iG u a r d ® S e c u r i t y S e r v i c e sT h e F o r t i G u a r d N e t w o r k i s a c o m b i n a t i o n o f p e o p l e a n d t e c h n o l o g y w h i c h e n h a n c e t h e v a l u e o f F o r t i n e t s o l u t i o n s . O v e r 100 m e m b e r s s t r o n g , t h e F o r t i G u a r d G l o b a l T h r e a t R e s e a r c h T e a m e n s u r e t h a t F o r t i G u a r d S e c u r i t y S u b s c r i p t i o n S e r v i c e s a r e a l w a y s u p -t o -d a t e a n d p r o v i d i n g p r o t e c t i o n f r o m t h e l a t e s t t h r e a t s . D e l i v e r i n g t h e l a t e s t s e c u r i t y c o n t e n t i s t h e F o r t i G u a r d D i s t r i b u t i o n N e t w o r k , w h i c h i s c o m p r i s e d o f g e o g r a p h i c a l l y d i s p e r s e d s y s t e m s w h i c h c a n o p t i o n a l l y p u s h u p d a t e s t o F o r t i n e t d e v i c e s a n y w h e r e i n t h e w o r l d w i t h i n m i n u t e s.T h e F o r t i G a t e ® f a m i l y o f m u l t i -t h r e a t s e c u r i t y a p p l i a n c e s r a n g e i n p e r f o r m a n c e a n d p h y s i c a l f e a t u r e s t o m e e t n e t w o r k r e q u i r e m e n t s o f a l l s i z e s a n d t o p o l o g i e s . A d d i t i o n a l l y , F o r t i n e t d e l i v e r s a c o m p l e t e l i n e o f p r o d u c t e x t e n s i o n s t h a t e n a b l e n e t w o r k m a n a g e r s t o c o n t r o l , m o n i t o r , a n d o p e r a t e n e t w o r k s s i m p l y a n d p o w e r f u l l y :•F o r t i A n a l y z e r ™ A p p l i a n c e s —C e n t r a l i z e d l o g g i n g a n d r e p o r t i n g t h a t s e c u r e l y a g g r e g a t e s a n d a n a l y z e s l o g d a t a f r o m m u l t i p l e F o r t i n e t p r o d u c t s •F o r t i M a n a g e r ™ A p p l i a n c e s —C e n t r a l i z e d c o m m a n d a n d c o n t r o l , c o n fi g u r a t i o n m a n a g e m e n t a n d m o n i t o r i n g s o l u t i o n •F o r t i M a i l ™ A p p l i a n c e s —A n e n t e r p r i s e -c l a s s f a m i l y o f s p e c i a l i z e d e m a i l s e c u r i t y s o l u t i o n s p r o v i d i n g a n t i s p a m a n d a n t i v i r u s p r o t e c t i o nT h e F o r t i A S I C ™ A d v a n t a g eT h e F o r t i A S I C p r o c e s s o r i s t h e f o u n d a t i o n o f F o r t i n e t ’s u n i q u e t e c h n o l o g y . F o r t i A S I C s u s e a n i n t e l l i g e n t , p r o p r i e t a r y c o n t e n t s c a n n i n g e n g i n e t h a t a c c e l e r a t e s c o m p u t e -i n t e n s i v e a c t i o n s . T h e y a l s o c o n t a i n a c c e l e r a t i o n a l g o r i t h m s f o r e n c r y p t i o n s o t h a t F o r t i G a t e s e c u r i t y d e v i c e s c a n p e r f o r m a n t i v i r u s s c a n n i n g o n V P N t u n n e l s , e n s u r i n g c l e a n a n d c o n t r o l l e d c o m m u n i c a t i o n s . C o u p l i n g o u r c u s t o m A S I C w i t h p r o p r i e t a r y n e t w o r k p r o c e s s o r a c c e l e r a t i o n , F o r t i n e t ’s s e c u r i t y s y s t e m s d e l i v e r i m p r o v e d s e c u r i t y , e x t r e m e p e r f o r m a n c e , a n d a c o m p e l l i n g t o t a l c o s t o f o w n e r s h i p.P r o d u c t M a t r i x。

FortiGate NIDS GuideFortiGate NIDS指南FortiGate 用户手册第四卷版本2.50 MR22003年8月6日© Copyright 2003 美国飞塔有限公司版权所有。

本手册中所包含的任何文字、例子、图表和插图，未经美国飞塔有限公司的许可，不得因任何用途以电子、机械、人工、光学或其它任何手段翻印、传播或发布。

FortiGate NIDS 指南版本2.50 MR22003年8月8日注册商标本手册中提及的产品由他们各自的所有者拥有其商标或注册商标。

服从规范FCC Class A Part 15 CSA/CUS请访问以获取技术支持。

请将在本文档或任何Fortinet技术文档中发现的错误信息或疏漏之处发送到techdoc@。

目录概述 (1)NIDS 模块 (1)使用NIDS检测模块检测入侵企图 (1)使用NIDS预防模块预防入侵 (1)使用NIDS响应模块管理消息 (2)NIDS检测和预防特性 (2)拒绝服务(DoS)攻击 (2)嗅探 (2)权利提升 (3)NIDS躲避 (3)关于本文档 (3)2.50版中的新增内容 (3)文档约定 (4)Fortinet的文档 (5)Fortinet技术文档的注释 (5)客户服务和技术支持 (6)检测攻击 (7)特征组 (7)特征举例 (9)一般配置步骤 (11)NIDS常规配置 (11)选择要监视的网络接口 (11)禁用NIDS (11)配置校验和检验 (12)选择一个特征组 (12)查看特征列表 (12)启用和禁用NIDS攻击特征 (13)更新攻击定义 (14)创建用户定义的特征 (15)创建用户自定义的特征 (15)用户定义特征提示 (17)常规配置步骤 (17)用户定义特征的语法 (17)语法约定 (17)完整的特征语法 (17)特征语法的细节 (19)管理用户定义的特征 (24)上载用户定义特征列表 (24)下载用户定义特征列表 (24)FortiGate NIDS 指南iii预防攻击 (25)一般配置步骤 (26)启用NIDS攻击预防 (26)启用NIDS预防特征 (27)配置特征临界值 (31)配置syn淹没特征值 (32)举例：NIDS配置 (33)预防TCP和UDP攻击 (33)管理NIDS消息 (37)记录攻击消息日志 (37)配置FortiGate设备发送报警邮件 (38)启用FortiGate设备发送入侵报警邮件功能 (38)定制报警邮件消息 (39)减少NIDS攻击日志和邮件消息的数量 (39)自动减少消息 (39)术语表 (41)索引 (43)iv美国飞塔有限公司FortiGate NIDS 指南版本2.50 MR2概述FortiGate NIDS是一个实时的网络入侵探测器，它使用攻击定义库库检测和预防各种各样的可疑的网络数据流和基于网络的直接攻击。

CASE STUDY“Riverside’s doctors and colleagues are continually impressed with our ability to quickly address the latest security challenges using Fortinet.”– Erik DevineChief Security OfficerR i vers i de HealthcareIntroductionHealthcare providers are migrating from large, independent stand-alone organizations to complex new ecosystems with Provider Organizations, affiliated physician groups, labs, and others involved in both the provisioning of care, and the collection of vast amounts of information from patients. Health Information Exchanges (HIEs) are evolving and more affordable transfer of clinical information and other types of data are increasing. Healthcare, as we know it, is changing quickly.Besides the changes in coverage and insurance, a variety of technology initiatives are mandated by new regulations. Healthcare providers will soon be required to provide communication and collaboration platforms that allow seamless integration among the various stakeholders. These changes in information flows, along withan explosion of digital content that needs to be stored and shared, are driving the need for a secure IT platform through which hospitals can support collaboration and information exchange. The network and IT security are now the core components of any healthcare organization.The move toward more patient-centric care and decentralized monitoring means providers, patients, and payers need to access information that originates outside the hospital setting. The trends toward personalized medicine, prevention, and wellness mean stakeholders need to connect information from various points within the healthcare value chain – from providers, laboratories, payers, and patients. At some point in the not too distant future, this will include informationon diet, purchases and training regimens, as well as results. The more this private DetailsCustomer Name:Riverside Healthcare Industry: HealthcareLocation: IllinoisBusiness Impactnn Unified protection across 17 facilities nn Centralized administrationand monitoringnn Removed throughput and bandwidth constraintsnn Facilitated secure, remote access for VPN-SSL users Deploymentnn FortiGatesnn FortiAnalyzernn FortiManagernn FortiMailnn FortiDDOSnnFortiAuthenticator Riverside Healthcareinformation is opened to outside entities, the greaterthe opportunity for malicious content to infiltrate these systems or for pertinent data to be leaked, intentionally or accidentally.There are healthcare systems that have embracedthese new changes. These organizations understandthe importance of security and have taken significantsteps to ensure that existing systems and campuses can communicate securely while keeping the patient and payee data secure. Riverside Healthcare is one of the organizations ahead of the curve. This paper will show how Riverside Healthcare is using Fortinet technologies to effectively defend the network, and the information residing on networked devices, from a wide variety of threats. Riverside HealthcareRiverside Healthcare is a fully integrated healthcare system serving the needs of patients throughout the counties of Kankakee, Iroquois, Will, Grundy, and beyond. Riverside Healthcare is composed of four separate entities: Riverside Medical Center is located in Kankakee, Illinois, and is part of Riverside HealthCare, a fully integrated healthcare system. Riverside Medical Center is a 312-bed hospital that provides a full scope of inpatient and outpatient care. Riverside is a nationally recognized, award-winning hospital with leading programs in heart care, cancer care, neurosurgery, and orthopedics. It is the area’s only Magnet®Recognized hospital and has been named a 100 Top Hospital seven times. Riverside also operates and supports 16 community, primary, and specialty health centers throughout the region.Riverside Senior Life Communities offer many optionsfor the area’s senior population. These include independent living communities, assisted living and state-of-the-art memory care/Alzheimer’s communities, skilled and intermediate care nursing, as well as rehabilitation services for short and long-term needs.Oakside Corporation operates the Riverside Health Fitness Center and also coordinates community counseling programs, pharmacy, health equipment sales and leasing, and home health care.Riverside Healthcare Foundation raises funds for the health system for use in facility construction and repair, new equipment acquisition, community health care education initiatives, and clinical research.Riverside Health Fitness Center is a 70,000-square-foot, medically based fitness center owned and operatedby Riverside Healthcare. This is a world-class center that reflects Riverside’s commitment to improving the health and fitness of the community.Challenges Faced by Riverside Healthcare There was a time where disruption was the key goal of hackers, and hospitals were not seen as valuable targets. Cyber criminals in 2016 are no longer interested in causing a nuisance, but use attacks for financial gain. Today a complete medical profile of a individual is worth 10 times that of just a credit card number, making hospitals’ data a highly coveted target. Ransomwear has become a rising threat to health care. The threats to healthcare organizations are more complex, and cyber criminals continue to improve their techniques. As threats become more malicious, IT administrators must address the challenges that come from malware entering the network. Unfortunately, there are numerous challenges today that make securing the network a daunting task.The Requirement to Have MoreOpen NetworksThe original model of network security was focused on protecting the network from the outside using firewalls and other traditional security devices. With the popularity of social media applications like Facebook and Twitter and the requirement to provide easy access to data to partners and patients, the potential for an accidental malware incident increases significantly. All it takes is a single click and malware can then exploit vulnerabilities in applications and download malicious programs, such as key loggers, to steal user names and passwords and private data. Unfortunately, the most common applications and file formats are the ones with the greatest chance of exploit.Increasing Interest in BYODChanges in the devices used by employees in the healthcare industry places the endpoint at greater risk. The use of mobile devices – tablets, laptops, and smartphones – is commonplace in the modern hospital, and the need to secure data from the Internet all the way to the endpointis the key concern today. Mobile employees can increase their productivity and improve patient care by allowing data entry remotely. Mobile connectivity is also a key strategy for many CIOs. CIOs are increasingly interested in implementing mobile applications and wireless connections withinhospitals. Security is a significant concern as these mobile devices connect to the network. The need to protect patient data residing on and being transmitted by these devices will increase in importance.Maintaining Compliance and RegulationsEmbracing new technologies to improve the quality, flow, and safety of patient information is a critical issue for hospitals. Government regulations such as the Health Insurance Portability and Accountability Act (HIPAA) andthe Health Information Technology for Economic and Clinical Health (HITECH) Act are helping to guide hospitals in the proper implementation of new technologies. HIPAA was created to guarantee patient protection and privacy. HITECH contains incentives related to healthcare technology and how information is flowed through an infrastructure.It contains specific incentives designed to accelerate the adoption of electronic health record (EHR) systems among providers. The adoption of electronic health records is expected to increase the amount of security required under HIPAA and increases the potential legal liability and fees for not remaining within compliance.Healthcare organizations are increasingly also subject to other regulatory requirements typically associated with other verticals – requirements such as the Payment Card Industry Data Security Standard (PCI DSS), various National Institute of Standards and Technology (NIST) guidelines, and guidelines from the Food and Drug Administration (FDA). Increasing Collaboration between Patients, Employees, and Outside NetworksAnother challenge within the healthcare industry results from the increased expectation of collaboration from patients, employees, and outside networks. Recent trends in healthcare have led to a proliferation of healthcare content, and modern healthcare depends upon the reliable, rapid, and secure exchange of this information throughout a large healthcare organization. The criticality of this information, and the fact that it needs to be available to different stakeholders throughout the hospital as well as to othersin the healthcare value chain outside the hospital, make a shared platform essential to effective hospital operations.To adhere to evidence-based medicine, information needs to be consolidated from diverse sources such as third-party databases, standard protocols, physician visits, medical imaging data, clinical trials, literature references, transcriptions, prescriptions written, etc. In addition, the information needs to be viewed and vetted by various individuals, including primary care physicians, specialty clinicians, administrative personnel, employers, financial services, and claims processors to collaborate to determine appropriate care protocols, medication administration,and standard operating procedures. There is a need fora collaborative workspace that can enable distributed individuals and teams to work together more efficiently and effectively toward enhancing their existing systems.In addition to increased information exchange between healthcare providers, there is also an increase in information exchange between hospitals and their patients. The shift toward more preventative care means ongoing monitoring and outreach to push information and treatment out to patients, and to bring information in from patients. Hospitals are using web-based platforms for these interactions, as well as expanding the content they are providing to patients prior to arrival at the hospital, during treatment, and asfollow-ups to various procedures or medications that havebeen provided.Security Without Compromiseat Riverside HealthcareThe role of the network in your business strategy is more important than ever, and ensuring it’s both fast and secure is critical to your success. Having the right security woven throughout your network can make the difference between running a smooth, safe network or being the latest security breach news headline.Fortinet is the only company with security solutions for network, endpoint, application, data center, cloud, and access designed to work together as an integrated and collaborative security fabric. This also means we are the only company that can truly provide you with a powerful, integrated end-to-end security solution across the entire attack surface along any point along the kill chain.Simply deploying security end to end is not enough. These solutions must work together to form a cooperative fabric, spanning the entire network, linking different security sensors and tools together to collect, coordinate, and respond to any potential threat. And it must do this wherever it occurs, in real time, with no network slowdownsAn Industry-Leading, Next-Generation FirewallFortinet firewall technology combines ASIC-accelerated stateful inspection with an arsenal of integrated application security engines to quickly identify and block complex threats.Intrusion PreventionFortinet IPS offers a wide range of features that can be used to monitor and block malicious network activity, including predefined and custom signatures, protocol decoders, out-of-band mode (or one-arm IPS mode), packet logging, and IPS sensors.Anti-malware/AntivirusFortinet antivirus technology combines advanced signature and heuristic detection engines to provide multi-layered, real-time protection against both new and evolving virus, spyware, and other types of malware attacks in web, email, and file transfer traffic. FortiASIC Content Processors, integrated into FortiGate and FortiWiFi products, accelerate both signature scanning and heuristics/anomaly detection for protection against viruses, while delivering performance that scales from entry-level appliances to multi-gigabit core network or data center platforms.Fortinet’s Security Fabric Includes All of the Key Capabilities Your Organization Needs for a Truly Complete Solution:Scalable: Protects the enterprise from IoT to the cloudSecure: Global and local threat intelligence and mitigation information is shared between products for faster protectionAware: The fabric behaves as a single entity regarding policy and logging, enabling end-to-end segmentation for better protection against advanced threatsActionable: Big data cloud systems correlate threat and network data to deliver real-time, actionable threat intelligenceOpen: Well-defined, open APIs allow leading technology partners to become part of the fabricThe Power to Secure ApplicationsNext to the availability of services, data is the next critical component for healthcare organizations. A loss of datacan mean a violation of compliance mandates, the lossof sensitive patient data, and most importantly, the lossof patient trust. Fortinet provides granular protection ofan organization’s most sensitive data through a variety of controls including:Application ControlWeb 2.0 applications, such as Facebook, Twitter, and Skype are increasing the volume and complexity of network traffic, and expose organizations to a new generation of web-based threats and malware. Fortinet Application Control leverages one of the largest application signature databases available – the FortiGuard Application Control Database. This allows for the control of more than 2,200 different web-based applications, software programs, network services, and network traffic protocols. FortiGuard Services deliver regularly scheduled updates to FortiGate consolidated security appliances, ensuring that Fortinet Application Control always has the latest signatures available.Fortinet provides extremely granular control around these applications. For any recognized application, Fortinet can control access to that application or behavior within the application (for example, chatting within Facebook) and can provide this granular control by user, group, time of day, and numerous other criteria.Data Loss PreventionData loss events continue to increase every year, resulting in fines, penalties, and loss of revenue for companies worldwide. Many data loss events are caused by trusted employees who frequently send sensitive data into untrusted zones, either intentionally or by accident. Fortinet DLP uses sophisticated pattern-matching techniques and user identity to detect and prevent unauthorized communication of sensitive information and files through the network perimeter. Fortinet DLP features include fingerprinting of document files and document file sources, multiple inspection modes (proxy and flow-based), enhanced pattern matching, and data archiving.The Power to BYODFinally, the mobile client itself is at risk from attack when off the home network. Fortinet secures mobile clients – laptops, smartphones, and tablets – protecting end users while they are travelling or simply working from outside the office. Fortinet has solutions aimed at the endpoint itself that allow for protection of mobile devices and encrypted communications from any location.Web Content FilteringIntegrated into all FortiGate and FortiWiFi appliances and FortiClient endpoint security agents, Fortinet Web Filtering technology gives the option to explicitly allow websites, or to pass web traffic uninspected both to and from known-good websites in order to accelerate traffic flows. Users can receive real-time updates from FortiGuard Web Filtering Services to determine the category and rating of a specific URL. You can also easily add websites or URLs to the local URL filtering list using both text and regular expressions.SSL and IPSEC VPNWith the number of threats accelerating, securecommunications between enterprise networks, businesses and partners, and corporations and mobile workers is now more important than ever. Data breaches, information leaks, and infected networks and systems are costing corporations and government agencies billions of dollars every year.“Fortinet has allowed me to address the latest compliance requirements and implement new IT services while lowering costs through consolidation.”– Eric DevineCSO, Riverside HealthEndpoint ProtectionThe Fortinet FortiClient endpoint security solutions provide anytime, anywhere endpoint security for network endpoints. When used in connection with FortiGate appliances,FortiClient provides a range of security features to protect the network and ensure policy compliance. Fortinet also has mobile One-Time Password applications available for both Android and iOS to provide strong authentication.ConclusionModern healthcare organizations like Riverside HealthCare are contending with a brave new world of requirements around regulatory compliance and openness. Providing security is not enough to enable these new complex environments. The security vendor must support an ever-changing set of requirements while providing continuous, user-level access controls.Fortinet’s breadth of products, constant security updates, and overall lowered TCO has allowed Riverside HealthCare to securely deliver cutting-edge IT services to its caregivers and patients while ensuring that all information stays secure. Fortinet’s ability to provide an end-to-end solution allows Riverside to focus on delivering new and innovative servicesinstead of worrying about its vulnerability to new attacks.Copyright © 2016 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, GLOBAL HEADQUARTERS Fortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +/salesEMEA SALES OFFICE 905 rue Albert Einstein Valbonne06560, Alpes-Maritimes, FranceTel +33 4 8987 0500APAC SALES OFFICE 300 Beach Road 20-01The Concourse Singapore 199555Tel: +65.6513.3730LATIN AMERICA SALES OFFICE Paseo de la Reforma 412 piso 16Col. Juarez C.P . 06600 México D.F.Tel: 011-52-(55) 5524-8428。

The ultimate combination of proactive mitigation, advanced threat visibility and comprehensive reporting.§Secure virtual runtime environment exposes unknown threats §Unique multi-layer prefilters aid fast and effective threat detection §Rich reporting provides full threat lifecycle visibility§Inspection of many protocols in one appliance simplifies deployment and reduces cost §Integration and automation with Fortinet threat prevention products enhances rather than duplicates security infrastructure §Independent testing and certification validates effectivenessengine, queries to cloud-based threat databases and OS-independent simulation with acode emulator, followed by execution in the full virtual runtime environment. Once a malicious code is detected, granular ratings along with key threat intelligence is available, a signature is dynamically created for distribution to integrated products and full threat information is optionally shared with FortiGuard Labs for the update of global threat databases.Actionable InsightAll classifications — malicious and high/medium/low risk — are presented within an intuitive dashboard. Full threat information from the virtual execution — including system activity, exploit efforts, web traffic, subsequent downloads, communication attempts and more — is available in rich logs and reports.DATA SHEETFortiSandbox ™Multi-layer proactive threat mitigationFortiGuard Security ServicesFortiCare Worldwide 24x7 SupportFortinet Security Fabric/sf2 DATA SHEET: FortiSandbox ™ADVANCED THREAT PROTECTION FRAMEWORKPrevent AttacksFortinet next generation firewalls, secure email gateways, web application firewalls, endpoint security and similar solutions use security such as antivirus, web filtering, IPS, and other traditional security techniques to quickly and efficiently prevent known threats from impacting an organization.Detect and Analyze ThreatsFortiSandbox and other advanced detection techniques step in to detect “Zero-day” threats and sophisticated attacks, delivering risk ratings and attack details necessary for remediation.Mitigate Impact and Improve ProtectionIn a Fortinet solution, detection findings can be used to trigger prevention actions to ensure the safety of resources and data until remediation is in place. Finally, the entire security ecosystem updates to mitigate any impact from future attacks through the strong, integrated threat intelligence research and services ofFortiGuard Labs.FORTINET SECURITY FABRICThe most effective defense against advanced targeted attacks is founded on a cohesive and extensible protection framework. The Fortinet framework uses security intelligence across an integrated solution of traditional and advanced security tools for network, application and endpoint security, and threat detection to deliver actionable, continuously improving protection.Fortinet integrates the intelligence of FortiGuard Labs into FortiGate next generation firewalls, FortiMail secure email gateways, FortClient endpoint security, FortiSandbox advanced threat detection, and other security products to continually optimize and improve the level of security delivered to organizations with a Fortinet solution.Fortinet is the only company with security solutions for network, endpoint, application, data center, cloud, and access designed to work together as an integrated and collaborative security fabric. Simply deploying security end to end is not enough. These solutions must work together to form a cooperative fabric that can scale to cover the entire network, with different security sensors and toolsthat are aware of each other and operate as a single entity, even when sourced from multiple vendors. Further components must collect, coordinate, and respond to any potential threat in real-time with actionable intelligence. This is where FortiSandbox and the broader Advanced Threat Protection solution set fits.3DATA SHEET: FortiSandbox ™DEPLOYMENT OPTIONSStandaloneThis deployment mode relies on inputs from spanned switch ports or network taps. It may also include administrators’ on-demand file uploads using the GUI. It is the most suitable infrastructure for adding protection capabilities to existing threat protection systems from various vendors.IntegratedVarious Fortinet products, namely FortiGate, FortiMail, FortiWeb and FortiClient can intercept and submit suspicious content to FortiSandbox when they are configured to interact with FortiSandbox. The integration will also provide timely remediation and reporting capabilities to those devices.* Not applicable to FortIWebDistributedThis deployment is attractive for organizations that have distributed environments, where FortiGates are deployed in the branch offices and submit suspicious files to a centrally-located FortiSandbox. This setup yields the benefits of lowest TCO and protects against threats in remote locations.File and URL SubmissionFortiSandboxOn-Demand InputEasy DeploymentFortiSandbox supports inspection of many protocols in one unified solution, thus simplifies network infrastructure and operations. Further, it integrates with FortiGate as a new capability within your existing security framework.The FortiSandbox is the most flexible threat analysis appliance in the market as it offers various deployment options for customers’ unique configurations and requirements. Organizations can also have all three input options at the same time.4 DATA SHEET: FortiSandbox ™FEATURES SUMMARYFEATURESAV Engine§Applies top-rated (95%+ Reactive and Proactive) AV Scanning. Serves as an efficient pre-filter.Cloud Query§Real-time check of latest malware information §Access to shared information for instant malware detectionCode Emulation§Quickly simulates intended activity §OS independent and immune to evasion/obfuscationFull Virtual Sandbox§Secure run-time environment for behavioral analysis/rating§Exposes full threat lifecycle informationCall Back Detection§Identifies the ultimate aim, call back andexfiltrationMulti-tiered file processing optimizes resource usage thatimproves security, capacity and performanceFile Submission input: FortiGate, FortiClient, FortiMail, FortiWeb File Status Feedback and Report: FortiGate, FortiClient, FortiMail, FortiWeb Dynamic Threat DB update: FortiGate, FortiClient, FortiMail – Periodically push dynamic DB to registered entities. – File checksum and malicious URL DB Update Database proxy: FortiManager Remote Logging: FortiAnalyzer, syslog serverWeb-based API with which users can upload samples to scan indirectly Bit9 end point software integrationAdvanced Threat ProtectionVirtual OS Sandbox: – Concurrent instances– OS type supported: Windows XP , Windows 7, Windows 8.1, Windows 10 and Android – Anti-evasion techniques: sleep calls, process and registry queries– Callback Detection: malicious URL visit, Botnet C&C communication and attacker traffic from activated malware – Download Capture packets, Original File, Tracer log and ScreenshotFile type support: .7z, .ace, .apk, .arj, .bat, .bz2, .cab, .cmd, .dll, .doc, .docm, .docx, .dot, .dotm, .dotx, .exe, .gz, .htm, html, .htmnojs, .jar, .js, .kgb, .lnk, .lzh, .msi, .pdf, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .ps1, .rar, .rtf, .sldm, .sldx, .swf, .tar, .tgz, .upx, url, .vbs, WEBLink, .wsf, .xlam, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xz, .z, .zipProtocols/applications supported:– Sniffer mode: HTTP , FTP , POP3, IMAP , SMTP , SMB – I ntegrated mode with FortiGate: HTTP , SMTP , POP3, IMAP , MAPI, FTP , IM and their equivalent SSL encrypted versions– Integrated mode with FortiMail: SMTP , POP3, IMAP – Integrated mode with FortiWeb: HTTP – Integrated mode with ICAP Client: HTTP Customize VMs with support file types support Isolate VM image traffic from system trafficNetwork threat detection in Sniffer Mode: Identify Botnet activities and network attacks, malicious URL visit Scan SMB/NFS network share and quarantine suspicious files. Scan can be scheduled Scan embedded URLs inside document files Integrate option for third partyYara rulesOption to auto-submit suspicious files to cloud service for manual analysis and signature creation Option to forward files to a network share for further third-party scanning Files checksum whitelist and blacklist optionURLs submission for scan and query from emails and filesMonitoring and ReportReal-Time Monitoring Widgets (viewable by source and time period options): Scanning result statistics, scanning activities (over time), top targeted hosts, top malware, top infectious urls, top callback domains Drilldown Event Viewer: Dynamic table with content of actions, malware name, rating, type, source, destination, detection time and download path Logging — GUI, download RAW log fileReport generation for malicious files: Detailed reports on file characteristics and behaviors – file modification, process behaviors, registry behaviors, network behaviors, vm snapshot, behavior chronology chart Further Analysis: Downloadable files — Sample file, Sandbox tracer logs, PCAP capture and Indicators in STIX format5Dashboard widgets — real-time threat statusFile Analysis ToolsReports with captured packets, original file, tracer log and screenshot provide rich threat intelligence and actionable insight after files are examined. This is to speed up remediation and updated protection.RemediationFortinet’s ability to uniquely integrate various products with FortiSandbox offers automatic protection with incredibly simple setup. Once a malicious code is determined, the analyzer will develop and forward the dynamically generated signature to all registered devices and clients. These devices then examine subsequent files against the latest DB.FortiGuard LabsFile submission for analysis, results returned12a 3a Optionally share analysis with FortiGuard3b Quarantine devices, block traf fi c by fi rewall2b fi le or device by2c 2d QueryMitigate4Update6 AV Scanning (Files/Hour)Hardware dependent–Number of VMs4 to 54 (Upgrade via appropriate licenses)–* Based on the assumption that 1 blade will be used as master in HA-cluster mode. ** By adding 3 more SAM-3500D nodes to the same chassis.*** 8 Windows VM licenses included with hardware, remaining 48 sold as an upgrade license.FortiSandbox 1000D FortiSandbox 3000DFortiSandbox 3500DFortiSandbox 3000EGLOBAL HEADQUARTERS Fortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +/salesEMEA SALES OFFICE 905 rue Albert Einstein Valbonne 06560Alpes-Maritimes, France Tel: +33.4.8987.0500APAC SALES OFFICE 300 Beach Road 20-01The Concourse Singapore 199555Tel: +65.6395.2788LATIN AMERICA SALES OFFICE Sawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430 Sunrise, FL 33323United StatesTel: +1.954.368.9990Copyright© 2016 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary and may be significantly less effective than the metrics stated herein. Network variables, different network environments and other conditions may negatively affect performance results and other metrics stated herein. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet and any such commitment shall be limited by the disclaimers in this paragraph and other limitations in the written contract. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests, and in no event will Fortinet be responsible for events or issues that are outside of its reasonable control. Notwithstanding anything to the contrary, Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.FST -PROD-DS-FSAFSA-DAT -R18-201609DATA SHEET: FortiSandbox ™1 GE SFP SX Transceiver Module FG-TRAN-SX 1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots.1 GE SFP LX Transceiver ModuleFG-TRAN-LX 1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots.10 GE SFP+ Transceiver Module, Short Range FG-TRAN-SFP+SR 10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots.10 GE SFP+ Transceiver Module, Long RangeFG-TRAN-SFP+LR10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots.INTEGRATION MATRIXFSA Appliance and VMFile Submission *FortiOS V5.0.4+FortiClient for Windows OS V5.4+FortiMail OS V5.1+FortiWeb OS V5.4+File Status Feedback *FortiOS V5.0.4+FortiClient for Windows OS V5.4+FortiMail OS V5.1+FortiWeb OS V5.4+File Detailed Report *FortiOS V5.4+FortiClient for Windows OS V5.4+FortiMail OS V5.1+–Dynamic Threat DB Update*FortiOS V5.4+FortiClient for Windows OS V5.4+FortiMail OS V5.3+FortiWeb OS V5.4+FortiSandbox CloudFile Submission *FortiOS V5.2.3+–FortiMail OS V5.3+FortiWeb OS 5.5.3+File Status Feedback *FortiOS V5.2.3+–FortiMail OS V5.3+FortiWeb OS 5.5.3+File Detailed Report *FortiOS V5.2.3+–––Dynamic Threat DB Update*FortiOS V5.4+–FortiMail OS V5.3+FortiWeb OS 5.5.3+*some models may require CLI configurationORDER INFORMATION。

Fortinet技术白皮书Version 5.02006.03目录1．公司介绍 (5)2．产品定位 (5)2.1产品理念 (5)2.2产品概述 (6)2.3系统结构 (6)3．功能列表 (7)4．FORTIGATE系列性能 (9)4.1F ORTI G A TE-50A (9)4.2F ORTI G A TE-60 (9)4.3F ORTI W I F I-60 (10)4.4F ORTI G A TE-100 (10)4.5F ORTI G A TE-100A (10)4.6F ORTI G A TE-200 (11)4.7F ORTI G A TE-200A (11)4.8F ORTI G A TE-300 (11)4.9F ORTI G A TE-300A (12)4.10F ORTI G ATE-400 (12)4.11F ORTI G ATE-400A (13)4.12F ORTI G ATE-500 (13)4.13F ORTI G ATE-500A (13)4.14F ORTI G ATE-800 (14)4.15F ORTI G ATE-800F (14)4.16F ORTI G ATE-1000A/FA2 (15)4.17F ORTI G ATE-3000 (15)4.18F ORTI G ATE-3600 (16)4.19F ORTI G ATE-5020 (16)4.20F ORTI G ATE-5050 (17)4.21F ORTI G ATE-5140 (17)4．其他产品 (19)4.1F ORTI M ANAGER－集中安全管理平台 (19)4.2F ORTI C LIENT－主机安全软件 (19)4.3F ORTI A NALYZER－集中日志报告系统 (19)4.4F ROTI R EPORTER －安全分析报告软件 (19)4.5F ORTI M AIL －高性能邮件安全平台 (19)5．FORTIGUARD 安全服务系统 (21)5.1F ORTI P ROTECT －全球安全防护服务体系 (21)5.3F ORTI G UARD入侵检测和防御服务 (21)5.4F ORTI G UARD W EB内容过滤服务 (21)5.5F ORTI G UARD反垃圾邮件服务 (21)6. FORTINET产品特色 (21)6.1F ORTINET提供了网络安全的整体解决方案 (21)6.2F ORTINET产品技术领先 (22)6.3F ORTINET产品功能齐全 (22)6.4F ORTINET产品线完善 (22)6.5F ORTI G A TE产品应用面广适合各种领域 (22)6.6F ORTINET设计的ASIC独特 (22)6.7F ORTI G A TE作为防病毒网关产品支持多种I NTERNET协议 (22)6.8F ORTI G A TE支持中文管理界面 (22)6.9F ORTINET有高端产品适合运营服务供应商应用 (23)6.10F ORTINET服务体系完善 (23)6.11F ORTI G ATE产品性价比高 (23)6.12F ORTINET产品可以为企业带来良好的投资回报率 (23)6.13F ORTINET产品在中国得到广泛应用 (23)6.14F ORTINET获得多项国家权威机构论证证书和销售许可证 (23)6.15F ORTINET产品在中国业界获得多项奖项 (23)7．竞争分析 (25)1.F ORTI G ATE作为防火墙产品与其它同类产品相比优势突出 (25)2.F ORTINET在网络安全市场上竞争对手甚少 (25)3．F ORTINET公司引领统一威胁管理市场潮流 (25)4．市场需要UTM的理由 (25)8. 销售许可 (26)9．典型应用 (27)9.1中小型企业防火墙应用 (27)9.2中大型企业防火墙应用 (28)9.3分布型企业防火墙应用 (28)9.4校园网络安全部署应用 (29)10．成功案例 (30)10.1应用案例1 (30)10.2应用案例2 (30)10.3应用案例3 (31)10.4应用案例4 (32)10.5应用案例5 (32)10.6应用案例6 (33)10.7应用案例7 (34)11．核心技术 (37)11.1技术要点 (37)11.2病毒防火墙新理念 (37)11.3基于网络的IDP功能 (37)11.4集成VPN的安全网关 (37)11.5ASIC加速和实时操作系统 (37)11.6独特的内容过滤 (38)11.7动态威胁防御系统 (38)11.8分区域安全管理 (38)12．技术支持 (39)1．公司介绍美国Fortinet(飞塔)公司是新一代网络安全防御技术的前锋，引导着网络信息安全发展的潮流。

Security OperationsUniversalSASE SecureNetworkingThe Fortinet Security Fabric: Cybersecurity, Everywhere You Need ItSecuring people, devices, and data everywhereStrong Growth in Annual Billings and ProfitabilitySource: Fortinet estimates based on recent analyst research.Technological LeadershipNearly 3x more patents than comparable network security companiesA Large and Growing Total Available MarketTotal addressable market of $125B growing to $199B by 2027GAAP OPERATING MARGINQ3 2023REVENUE BY REGIONQ3 2023BILLINGS BY SEGMENTHighly Diversified Across Regions and Segments■AMERICAS ■EMEA ■APAC■HIGH-END ■MIDRANGE ■ENTRY-LEVEL40.9%38.4%20.7%26.9%27.7%45.4%Source: U.S. Patent Office, as of September 30, 2023U .S . P a t e n t sSecure Networking $62B949BILLINGSF ortinet: Making Possible a Digital World You Can Always TrustCorporate Social ResponsibilityFor over 20 years, Fortinet has been a driving force in the evolution of cybersecurity and networking and security convergence. Our network security solutions are the most deployed, most patented, and among the most validated in the industry. Our broad, complementary portfolio of cybersecurity solutions is built from the ground up with integration and automation in mind, enabling more efficient, self-healing operations and a rapid response to known and unknown threats.Sustainability is central to our company vision: making possible a digital world you can always trust, which is essential and fundamental to achieving just and sustainable societies. Our corporate social responsibility mission is to deliver on that vision by innovating sustainable security technologies, diversifying cybersecurity talent, and promoting responsible business across our value chain.Mission: to secure people, devices, and data everywhereFounded: October 2000Headquarters: Sunnyvale, CAFortinet IPO (FTNT): November 2009 Member: Dow Jones Sustainability IndexNASDAQ 100 and S&P 500:Only cybersecurity company in bothLearn more at /CSROur CommitmentsInnovating for a Safe Internet•Cybersecurity risks to society •Information security and privacyRespecting the Environment•Product environmental impacts •Climate changeGrowing an Inclusive Cybersecurity Workforce•Diversity, equity, and inclusion •Cybersecurity skills gapPromoting Responsible Business•Business ethics•Responsible product useFY22 ImpactPledge: Reach Net ZeroBy 2030 across scopes one and two emissions from Fortinet’s owned facilities worldwide.less power consumption over industry-standard CPU88%reduction in space occupation 233%average reduction on product energy consumption 166%boxes shipped with 100% biodegradable packaging500,000+B ased on new models of 2022 FortiGate F series (compared to equivalent models from previous generation). FortiGate 4200/4400F series vs. E series.Fortinet Dev and SupportHeadquarters Dev Center Support Center Centers of Excellence3The Fortinet Security FabricMore External Forces than Ever Are Driving Security DecisionsInfrastructure Is More Complex, Leaving It Vulnerable to AttackIn an era when external forces exert unprecedented influence on cybersecurity decisions, you face challenges beyond your control every day. Navigating a dynamic business landscape demands vigilance against evolving cybersecurity threats and the ability to respond quickly.41.6BIoT devices now connected.IDC: Worldwide IDC Forecast90%of enterprises will experiencea security incident related to the edge network by 2026.Gartner: 2022 Strategic Roadmap for Edge (IoT) Networking84%of companies are hybrid.Forbes: Remote Work Statistics and Trends125+distributed applications are used by enterprises.2022 Gartner: Market Guide for SaaS Management Platforms4Fortinet Q4/2023The Fortinet Security Fabric: Our AI-Driven Platform ApproachWithin our unified platform, three solutions redefine cybersecurity, helping you to respond to an ever-evolving cybersecurity landscape to meet constantly accelerating business needs. The solution to simplifying complex networks, distributed users, and hybrid applications is the convergence and consolidation of security, all with flexible consumption models to make buying easy.The Purpose-Built ASIC AdvantageFortinet’s ASIC-based security processing units (SPUs) radicallyincrease the speed, scale, efficiency, and value of Fortinet solutions while greatly improving user experience, reducing footprint and power requirements. From branch and campus to data center solutions, SPU-powered Fortinet appliances deliver superior Security Compute Ratings versus industry alternatives.Security Compute Ratings are benchmarks that compare the performance metrics of Fortinet SPU-based next-generation firewalls to similarly priced solutions from vendors that utilize generic processors for networking and security.Network Processor 7 NP7Network processors operate in-line to deliver unmatched performance for network functions and hyperscale for stateful firewall functions.Content Processor 9 CP9As a co-processor to the main CPU, content processors offload resource-intensive processing and drive content inspection to accelerate security functions.Security Processor 5 SP5The security processor consolidates network andcontent processing, delivering fast application identification, steering, and overlay performance.5The Fortinet Security FabricThe FortiGate 120G delivers the industry’s best price-to-performance ratio compared to the industry average with 13 times the firewall throughput. It is also on average 95% more cost-effective to operate per gig. A powerfulsolution for secure and seamless application access from any device, theFG-120G also delivers twice the threat protection compared to competitive models. Its exceptional performance stems from the groundbreaking Security Processing Unit 5 (SP5) ASIC, offering industry-leading, AI-powered threat protection, scalability, and cost efficiency.Convergence of Networking and Security into One PlatformUnified management of hybrid mesh firewalls and WLAN/LAN equipment, powered by FortiOS, along with FortiGuard AI-Powered Security Services, extends protection across the entire network. Unified security, simplified operations, and improved visibility deliver better control and a more reliable network.New Product Spotlight: FortiGate 120G Series6Fortinet Q4/2023DeployBuild RunApplication SecurityTestingCloud-Native FWServiceWAFaaS WorkloadProtectionGlobal Server LoadBalancingCloud-NativeProtectionApplication SecurityTestingWAF / WAAP WorkloadProtectionApplication DeliveryControllerCloud FabricEcosystemCloud-NativeFortiDevSec FortiGate VM FortiWeb FortiEDR FortiADCFortiDevSec FortiGate CNF FortiWeb Cloud FortiEDR FortiGSLB FortiCNP Multi-CloudData Center andPrivate CloudVirtual NGFW,SD-WANFortiSASESSEFortiGateSD-WANZero Trust | Digital ExperienceRemote UsersCampusSecure Internet AccessSecure SaaS AccessSecure Private AccessSecure the DataSecure the Applications and APIsSecure the NetworkCustomerResponsibilityCloudWAFCloudFirewall%InternetSaaSPublic CloudPrivate CloudData Center Universal SASE Secures Access and Protects Networks, Applications, and Data on Any CloudFortinet’s Universal Secure Access Service Edge (SASE) combines six of the most critical networking and security technologies seamlessly delivered via cloud and accelerated hardware, delivering unified management and better security.Secure applications across clouds with consistent security to reduce overhead and complexity. You will also gain faster threat response and can take advantage of flexible consumption models.Consistent Security for Applications That Can Live Anywhere7The Fortinet Security FabricOT Security PlatformFortiSOARN e t w o r k sE ma i l A p p l i c a t i o n sI n f ra s t r u c t u r eA tt a c k S u r f a c e E n d p o i n t sEASM DRPS Threat Research Pen TestingSATNGFW SEG WAF EPP VMSEDR NDR SIEM FAZThreat Analytics Deception SandboxFortinet Managed ServicesFortiMDR, FortiGuard SOCaaS, Readiness, and Response+SOAR XDRFortinet Partner EcosystemFortiReconFortiSIEM FortiAnalyzerFortiNDR FortiDeceptor FortiMail API FortiSandboxFortiEDR XDRFortiWeb Threat AnalyticsWestlands Advisory 2023 IT/OT Network Protection Platforms Navigator TMReportWestlands Advisory has identified Fortinet as the lone Leader in its Platforms Navigator (quadrant). We are the only vendor that achieved leader status in the report.•OT network and security experience •Commitment to OT cybersecurity •Key strengthsOT Security Platform Extends the Security FabricDetect and Respond to Sophisticated Cyberthreats FasterOur consolidated security operations solution, built on AI andautomation, offers the broadest attack surface coverage and cyber kill chain coverage to accelerate incident detection and containment, as well as investigation and response across your entire infrastructure.Our OT security portfolio extends industrial-class Security Fabric capabilities to cyber-physical systems in factories, plants, remote locations, and ships.Fortinet Q4/20238Founded in 2002, FortiGuard Labs is Fortinet’s elite cybersecurity threat intelligence and research organization. Partnering with law enforcement agencies, government organizations, and security vendor alliances worldwide to fight emerging global security risks, FortiGuard Labs maintains real-time threat intelligence and innovative prevention tactics and tools across the Fortinet Security Fabric in three key categories: FortiGuard Labs: Industry-Leading Threat IntelligenceTrusted ML and AIStop unknown threats faster with a powerful combination of actionable local learning and AI and ML models on large-scale, cloud-driven data lakes.Threat Hunting andOutbreak AlertsAchieve faster remediation withalerts, analysis and detection,prevention and remediationtools, including outbreaks. Real-Time ThreatIntelligenceAchieve a proactive securityposture through continuoussecurity updates based on in-house research and collaboration.Global Leadershipand CollaborationThis rich set of industry-leading security capabilities has been unified into one security framework to deliver coordinated, context-aware policy for hybrid deployments across networks, endpoints, and clouds. These services continually assess risk and automatically adjust prevention to counter known and unknown threats in real time.Market-Leading Security-as-a-ServiceML-enabled security, deployed close to the protected assets, powered by FortiGuard Labs.Coordinated Real-TimePreventionContinuous risk assessment andautomatic response to counter knownand unknown threats. Consistent Context-AwarePolicyCentralized detection and preventiondelivered from the cloud and built forhybrid environments.FortiGuard AI-Powered Security ServicesThe Engage Partner Program helps partners build a highly differentiated security practice by leveraging Fortinet solutions to drive customer success. Our global partner program is driven by three concepts:Growth Through Technology DifferentiationOur broad portfolio is integrated into an automated, high-performance platform that spans endpoints, networks, remote workers, and clouds.Fortinet leverages a global network of trusted advisors our customers can rely on to secure digital acceleration and strategically drive business growth.Our Global Partner Commitment100,000+ACTIVE PARTNERSBusiness Success with Proven CredibilityOur technology innovation and industry-leading threat intelligence, alongside customer ratings and independent analyst reports, validate and differentiate partner offerings.Long-Term, Sustained GrowthThe Engage Partner Program provides sales, marketing, and executive support so partners can grow successful relationships. With growth drivers like specializations built into the program, we provide solutions that are driving market demand, ensuring partners are positioned for success.Training and Education Programspartnerships help increase access to our certifications. Our Academic Partner program works with institutions in 98 countries and territories, while our Education Outreach program reaches a diverse population, including women, minorities, veterans, and otherFortinet is recognized as a Leader in two Gartner® Magic Quadrant™ Reports.Copyright © 2023 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Certain offerings mentioned herein may not be generally available, and Fortinet reserves the right to change, modify, transfer or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.Revision: Q3 / 2023 v1 November 22, 2023 12:29 PMVisit /customers to see how our customers benefit from Fortinet solutionsand the Fortinet Security Fabric.in 13 different countries.consulting firms in the world.LATAMHQ: NAM。

MANUAL DE USO DE FORTINET (DISTRIBUCIÓNINDEPENDIENTE)José Manuel Redondo López (Departamento de Informática)Universidad de Oviedo“Nautilus” v1.0 (2022)CONTENIDOUsando la VPN de Uniovi desde cualquier sistema operativo (Nivel 2) (2)Instalación (2)Configuración inicial (6)Conexión (8)Posibles errores (10)El servicio de Acceso Remoto (VPN) de nuestra universidad nos permite acceder desde Internet a recursos que hay conectados en la red corporativa. Una vez establecida la conexión, el ordenador de usuario estará virtualmente ubicado en la red de la Universidad. Adicionalmente, todo el tráfico generado por el dispositivo del usuario cuyo destino esté dentro de la red de la Universidad, se enviará en un formato cifrado, de manera que nadie podrá ver su contenido, aunque estemos enviándolo por Internet. La conexión de acceso remoto (VPN) permite:∙Conectarse desde Internet a ordenadores situados en la red de la Universidad de Oviedo.∙Acceder a las Bases de Datos de la Biblioteca Universitaria (dichas Bases de Datos son de uso restringido y sólo se puede acceder a ellas desde dentro de la red de la Universidad).∙Acceder a Publicaciones Periódicas, también restringidas al uso dentro de la Universidad.¿Por qué es mejor usar VPN que otras soluciones que son más sencillas de entender como exponer a Internet un escritorio remoto o RDP (puerto 3389)? Porque con escritorios remotos se han dado multitud de problemas de seguridad e intrusiones en el pasado principalmente debidos a dos motivos:1.Debilidad de las claves de entrada en sesión, que las hace vulnerables a ataques de fuerzabruta, por ejemplo. Con esto cualquier persona ajena a la universidad podrá entrar a nuestra máquina y usarla para atacar otros sistemas internos o robar nuestra información.2.Vulnerabilidades conocidas: No hace demasiado tiempo RDP tuvo una vulnerabilidadconocida muy grave que permitía a cualquiera ejecutar comandos en la máquina destino sin ni siquiera entrar en sesión de esta, quedando la máquina completamente expuesta. La única forma de librarse de estas vulnerabilidades es estar muy al día con las actualizaciones y que no seamos víctima de una antes de que el parche se pueda instalar.Por estos motivos, requerir una conexión a la VPN de Uniovi antes de poder acceder al escritorio remoto de nuestros equipos es una medida de seguridad adicional que nos garantiza que solo personas autorizadas por la Universidad para entrar en la VPN podrán hacer intentos de conexión al mismo. Gracias a la incorporación del 2FA, la probabilidad de que sea una cuenta robada ha disminuido muy significativamente. En general esta política debe aplicarse no solo con el escritorio remoto, sino con cualquier servicio que necesitemos ofrecer desde alguna máquina de la Universidad. Esto quiere decir que debemos limitar al máximo (o no usar) las solicitudes de apertura perimetral que ofrece la Universidad a máquinas de su red: https://sic.uniovi.es/atencionusuario/administradoresEl servicio VPN necesita la instalación de un cliente específico, y ésta se encuentra documentada aquí: https:///sites/PortaldeSoftwareCorporativo/SitePages/Acceso‐Remoto.aspx . No obstante, en esta actividad vamos a describir el uso del cliente Fortinet VPN, que es el que se necesita para utilizar sistemas operativos distintos de Windows o MacOS, como Android, IOS o Linux.InstalaciónLo primero que debemos hacer es descargarnos el cliente correspondiente a nuestro sistema operativo de esta dirección: https:///support/product‐downloads. De todos los productos disponibles, es necesario elegir FortiClient VPN.Aquí el comportamiento cambiará en función del sistema operativo que tengamos. Para Windows, por ejemplo, simplemente debemos instalar el cliente y reiniciar el sistema operativo para comenzar a usarlo. En el caso de Linux, todo depende del sistema gráfico que tengamos instalado y las funcionalidades que tenga implementadas.Instalación con un GUI “completo” como GnomePor ejemplo, en el caso de Gnome (GUI por defecto de Ubuntu 18.04+) veremos este dialogo al descargar. En el vemos que se nos ofrece la opción de instalar el software directamente o la de guardarlo para instalarlo posteriormente. Se recomienda la segunda, puesto que se han detectado casos en los que la instalación directa da un error relativo al formato del fichero descargado.Hecha la descarga, simplemente haciendo clic derecho sobre el archivo podremos usar la opción de“Abrir con instalar software”.Lo cual nos abre la interfaz gráfica de instalación de paquetes, donde solo tenemos que darle a instalarpara continuar.Instalación con un GUI “ligero” como XFCE4Si nuestra máquina Linux tiene un GUI ligero es posible que ciertas opciones de instalación gráfica depaquetes no estén disponibles, por lo que tenemos que hacer una instalación más bien manual. Antesde empezar, hay que destacar que se han detectado casos en los que el cliente, aunque se instalecorrectamente y haga todo el proceso de conexión hasta el final, no llega a establecer la VPN en unLinux con XFCE4, por lo que se recomienda el uso de Gnome o similar para evitar posibles problemas. En cualquier caso, al descargar el fichero tenemos este dialogo, donde no se nos ofrece la instalación, sino la apertura del fichero del paquete descargado (que es un archivo comprimido con una estructura interna especial) o su descarga. En nuestro caso solo nos es útil la segunda:Los GUIs ligeros no instalan algunos paquetes para disminuir su uso de recursos y en este caso nos falta uno que el cliente de Fortigate VPN necesita, libappindicator1. Por ello, debemos proceder a su instalación con apt install libappindicator1. Vemos que en este caso nos da un error de dependencias que podemos reparar simplemente con sudo apt –fix‐broken install, con lo que se volverá a instalar la librería necesaria.Hecho esto, ya podemos instalar el paquete con sudo dpkg ‐i <fichero descargado de la web deSi todo es correcto, tendríamos que ver esta pantalla y ya podemos proceder a la configuración inicial.Configuración inicialUna vez instalado el cliente de Fortigate VPN, podemos acceder a él mediante el menú de programas del sistema operativo (Accesorios en la imagen) o bien mediante un icono que nos aparecerá en la barra de menú superior del mismo. En cualquier caso se abrirá la pantalla de bienvenida donde tendremos que aceptar el acuerdo de licencia para usar el programa.Hecho esto, ya estamos en disposición de configurar nuestra conexión de VPN con la opción “Configure VPN” del programa.Los parámetros para una conexión a nuestra universidad son principalmente dos. El nombre de la conexión puede ser el que queramos:∙Remote Gateway: portalfn.uniovi.es∙Activar “Enable Single Sign On (SSO) for VPN Tunnel”Hecho esto, salvamos la configuración y ya podemos usar una conexión con ese nombre en adelante.Ahora ya podemos iniciar la conexión pulsando en el botón “SAML Login”. Si nos hemos equivocado al configurar la conexión o queremos cambiar algo, podemos pulsar en el botón de las tres rayashorizontales para volver a la pantalla anterior.ConexiónUna vez iniciemos la conexión, se nos preguntará en primer lugar por nuestro identificador de laUniversidad de Oviedo (incluyendo el @uniovi.es).Ahora debemos introducir nuestra password de la Intranet para continuarSi la clave es correcta, ahora nos pedirá que introduzcamos el código del sistema 2FA que hayamos introducido (tradicionalmente el que nos llega por SMS al móvil) para poder continuar. Si es correcto, veremos este dialogo de confirmación al que debemos darle OK para conectar (NOTA: este dialogo no parece que se muestre en sistemas Windows).Si todo es correcto, deberíamos ver esta pantalla de información que nos muestra nuestra IP dentro de la VPN, el tiempo que llevamos conectados y el tráfico de datos enviados y recibidos a / desde la red de Uniovi. Pulsando en “Desconectar” interrumpiremos nuestra conexión VPN.A modo de curiosidad, en línea de comandos podemos ver cómo mientras la VPN está activa tenemos un nuevo interfaz de red virtual creado, a través del cual se envían los datos a la red de la Universidad.Posibles errores¿Qué pasa si no he activado aún el 2FA?Para usar la VPN es necesario tener el 2FA activo, ya que ahora es obligatorio para toda la Universidad. Si aún no lo hubiéramos hecho por cualquier motivo, al introducir correctamente la clave de nuestro usuario se nos notificaría esto, que es lo que nos permite establecer el método 2FA que usaremos en adelante.En la pantalla siguiente podemos dar un nº de teléfono donde se nos enviará un SMS o una llamada para verificar nuestra identidad.Si elegimos enviar un mensaje de texto, ahora deberíamos recibir uno en el teléfono indicado e introducirlo en la siguiendo pantallaSi lo introducimos correctamente habremos configurado satisfactoriamente el 2FA para este servicioy todos los de Uniovi que lo requieran en adelante.Otros erroresEl servicio VPN no está disponible para personas que ya no tienen ninguna vinculación con laUniversidad de Oviedo (antiguos empleados o estudiantes, por ejemplo), y en ese caso se muestra elsiguiente error. Si consideras que es un error, debes hablar con el Causi para que lo puedan arreglar.En determinados sistemas operativos, una vez que se ha introducido la clave y el 2FA correctamente el cliente se queda parado en esta pantalla y nunca termina de avanzar.En estos casos, se cierra la ventana “Working” y se intenta otra vez desde la ventana de conexión y ya se puede establecer la conexión.。

BROCHUREFortinet Receives Broad Industry Analyst Recognitions Fortinet Solutions Recognized as Innovative and Industry LeadingIntroductionAt Fortinet, innovation is at the heart of everything we do. We understand that the threat landscape changes quickly and that security companies must innovate even faster to protect our customers. We have a proven track record of innovating the best security products on the market, reflected in our unparalleled number of awards and recognitions.Fortinet delivers high-performance network security solutions that protectnetworks, users, and data worldwide from today’s continually evolving threats. Our broad portfolio of top-rated solutions and centralized management enables security consolidation and delivers a simplified, end-to-end security infrastructure. Security, SD-WAN, and ZTNA are in high demand as work gets more distributed and business accelerates digital transformation. An increasing number of vendors entering the market with security, ZTA, and SD-WAN solutions all promote their solutions as best in class and industry leading. Fortinet has broadly patented all the fundamental elements of modern-day network security. This includes the convergence of networking and security, endpoint protection, SD-WAN, ZTNA, NAC, switches, SASE, and other aspects of the Fortinet Security Fabric platform.We believe that having analyst recognition and endorsement validates our innovation efforts and customer satisfaction.The challenge for today’s CISOs and IT purchasing teams is to validate vendors’ claims and identify which vendor’s solution truly shines when compared with those of the same kind. Luckily, an important data point they can rely on is the unbiased evaluation from industry experts who take a comprehensive look at key solution providers. Industry analysts are one set of these experts, and they evaluate specific technologies, solutions, vendors, and industry segments, reviewing all aspects of the solutions, market demand and needs, and provided their expert unbiased opinions.Fortinet is actively engaged with industry analysts and experts, openly communicating on our products and solutions as we seek their evaluations and analyses. We believe that having analyst recognition and endorsement validates our innovation efforts and customer satisfaction.Fortinet Engages With Top-tier Industry AnalystsWe have broadened our industry analyst engagement to include top-tier research firms in the security segment. Following are the major research companies we engage with and their key analysis tools and reports.GartnerA $4.1 billion company and a member of the S&P 500, Gartner has a global reach, working with businesses in more than 100 countries. With nearly 16,000 associates in 90+ offices globally, Gartner has over 40 years’ experience providing objective insight and expert guidance to enterprises and their executives worldwide, enabling faster, smarter decisions.Flagship research: Gartner’s flagship research includes Market Guides and 100+ Gartner Magic Quadrants, a standard for objective market analysis covering more than 800 technology and technology service vendors.Frost & SullivanFor 60 years, Frost & Sullivan has helped companies identify, plan, and capture growth opportunities around the world. With a team of experts based in 45 global offices, Frost & Sullivan generates intelligence spanning 10 industries, 35 sectors, and 300 markets using a powerful understanding of how value chains operate on a global level. In addition, it has over 1,000 experts who have covered virtually every industry and trend for decades.Flagship research: The Frost Radar is a robust analytical tool, which valuates companies across two key indices: their focus on continuous innovation and their ability to translate their innovations into consistent growth.IDCFounded in 1964, IDC is a wholly-owned subsidiary of International Data Group (IDG, Inc.), the world’s leading tech media, data and marketing services company. With more than 1,100 analysts worldwide, IDC offers global, regional, and local expertiseon technology and industry opportunities and trends in over 110 countries. IDC’s analysis and insight helps IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives.Flagship research: MarketScape is one of the ICT industry’s premier vendor assessment tools, providing in-depth quantitative and qualitative technology market assessments of ICT vendors for a wide range of technology markets.ForresterForrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering vendors to put the customer at the center of everything they do: leadership, strategy, and operations.Flagship research: Forrester produces several flagship reports including Waves, Now Tech, and New Tech reports. The Forrester Wave™ is a guide for buyers considering their purchasing options in a technology marketplace. To offer an equitable process for all participants, Forrester follows a publicly available methodology, which we apply consistently across all participating vendors.What are the key elements for evaluation?Each analyst firm has different criteria for how they evaluate vendors for their flagship research reports. The common threads that each uses include a combination of input from vendors, customer references, and insights from customer inquiry. Validation ResultsSummaryUnderstanding industry trends, technology, and solutions from analyst research can help CISOs and IT purchase decision-makers choose the security solution best suited for their needs. Choosing analyst firms with experience covering the respective technology areas for an extended period will give the best insight as they look for trends over time when evaluating the performance of a vendor and its solutions.Leveraging analyst reports and expert validation as a reference when evaluating vendors and their solutions, combining their insights with independent testing and certification through independent testing organizations like ICSA, AV-Comparatives, Virus Bulletin, and others will help enterprises choose the right solutions for their organizations. Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.December 31, 2021 11:01 AM。

FortiGate ® Multi-Threat SecurityFirewall • VPN • Antivirus • Intrusion Prevention • Antispam • Web Filtering • Traffic ShapingAntivirus performance is measured based on HTTP traffic with 32Kbyte file attachments. FW &IPS performance is measured base on UDP traffic with 512 byte packet size. Actual performance may vary depends on network traffic and environment.This document is provided as a convenient comparison of Fortinet products and services. The datasheet for any product or service can be found on should be consulted for the most updated specifications.MSSP AND LARGE ENTERPRISE SYSTEMSProduct (ChassisFirewall Throughput (512 ByteIPSec VPN Throughput Concurrent Sessions Sessions Per Sec Antivirus Throughput Intrusion Prevention Throughput Number of VDOMs Network InterfacesChassis Slots / Max # of Blades Power Source Recommended # of Blades Max Fabric Blades FortiGate-5140 Chassis Up to 480 Gbps Up to 204 Gbps Up to 132 M Up to 1152 K Up to 18 Gbps Up to 60 Gbps Up to 3000See modules below 14 / 14DC / AC 122FortiGate-5060 Chassis Up to 240 Gbps Up to 102 Gbps Up to 66 M Up to 576 K Up to 9 Gbps Up to 30 Gbps Up to 1500See modules below 6 / 6DC / AC 62FortiGate-5050 Chassis Up to 110 Gbps Up to 42.5 Gbps Up to 10 M Up to 250 K Up to 2.5 Gbps Up to 20 Gbps Up to 1250See modules below 5 / 5DC / AC 52FortiGate-5020 Chassis Up to 44 Gbps Up to 17 Gbps Up to 4 M Up to 100 K Up to 1 Gbps Up to 8 Gbps Up to 500See modules below2 / 2AC2FortiGate-5001B40 Gbps 17 Gbps 11 M 96 K 1.5 Gbps 5 Gbps Up to 2508 10GbE SFP+ and 210/100/100 Port with 64GB local storageFortiGate-5001A-SW / DW(with AMC 2 Gbps(13 / 22 Gbps800 Mbps (7 / 8.5 Gbps 2 M 50 K 500 Mbps 2 Gbps (4 GbpsUp to 250 2 GbE 10/100/1000 port and Double- or Single-Width AMC slot. Supports 10GbE modules.FortiGate-5005FA2 5 Gbps 800 Mbps 1.2 M 30 K 300 Mbps 3 Gbps Up to 250 6 GbE SFP ports and 2 FortiASIC-accelerated SFP portsFortiGate-5001SX and FortiGate-5001FA2 4 Gbps600 Mbps1.2 M20 K250 Mbps2 GbpsUp to 2505001SX: 4-GbE SFP , 4-GbE 10/100/10005001FA2: 2 GbE SFP , 4 GbE 10/100/1000, and 2 FortiASIC-accelerated SFP ports FortiSwitch-5003B FortiSwitch-5003A FortiSwitch-5003 Switch Fabric Blades FortiSwitch-5003B and FortiSwtich-5003A delivers high availability 10GbE switching for FortiGate-5140, -5060 and -5050 chassis. Each FortiGate-5001A requires a 10GbE Rear Transition Module (RTM for switching across the backplane fabric. FortiSwitch-5003 delivers high availability switching across the high-speed chassis backplane fabric.FortiSwitch-5003B : 9-10GbE SFP+, 2-GbE 10/100/100 (MgntFortiSwitch-5003A : 9-10GbE SFP+, 2-GbE 10/100/100 (MgmtFortiSwitch-5003 : 3-GbE 10/100/1000, 1-GbE 10/100/1000 (MgmtRTM-XB2 or RTM-XD2: 10 GbE Rear Transition Module for FG-5000 Series FortiController-5208 Load Balancing Fabric Delivers high-bandwidth load balancing for antivirus and intrusion prevention applications.2-10GbE XFP , 8-GbE SFP , 1-GbE 10/100/1000 (MgmtENTERPRISE APPLIANCESProductFirewall Throughput (512 ByteIPSec VPN Throughput Concurrent Sessions Sessions Per Sec Antivirus Throughput Intrusion Prevention Throughput 10/100 Interface GbE Interface SFP Interface SFP+ (10GbEInterface Modular Ex-pansion Slots Base Sys-tem Storage Hot-Swappable Power Supplies VDOMs(MaxFortiGate-3950B / 3951B (with FMC20 Gbps(120/100 Gbps8 Gbps(48/40 Gbps10 M 175 K 1.5 Gbps (12.5/10 Gbps02(100/80 4(100/80 2 (12/10 5 / 4 FMC, 0 / 4 FSM 0 / 64 GB Yes Up to 250FortiGate-3810A (with AMC7 Gbps (55 Gbps 1 Gbps (23 Gbps 2 M 40 K 500 Mbps 4 Gbps 0820 2 SW and 2 DW AMC 0Yes Up to 250FortiGate-3600A (with AMC 6 Gbps (10 Gbps800 Mbps (3.8 Gbps 1.1 M 40 K 400 Mbps 3 Gbps 0820 1 SW AMC 0Yes Up to250FortiGate-3040B 40 Gbps 16 Gbps 4 M 100 K 1.2 Gbps 5 Gbps 02108 4 FSM 64 GB Yes Up to 250FortiGate-3016B (with AMC16 Gbps (20 Gbps12 Gbps (15 Gbps 1.1 M 25K 300 Mbps 2 Gbps 02160 1 SW AMCYes Up to 250FortiGate-1240B (with AMC40 Gbps (44 Gbps16 Gbps (18.5 Gbps 2 M 100 K 900 Mbps 1.5 Gbps 016240 1 SW AMC and 6 FSM 64 GB Yes Up to 25FortiGate-800 / 800F 1 Gbps 200 Mbps 800 K 10 K 150 Mbps 600 Mbps 4 4 / 0 - 800F 0 / 4 - 800F 0No 0No10FortiGate-621B / 621B-DC 16 Gbps 12 Gbps 1 M 25 K 350 Mbps 1 Gbps 02000No 64 GB Opt. Ext. Red. AC Power 10FortiGate-620B / 620B-DC (with AMC16 Gbps (20 Gbps12 Gbps (15 Gbps 1 M 25 K 350 Mbps 1 Gbps 020 (2400 1 SW AMC 0Opt. Ext. Red. AC Power10FortiGate-310B / 310B-DC FortiGate-311B (with AMC8 Gbps (12 Gbps 6 Gbps (9 Gbps600 K 20 K 160 Mbps 800 Mbps 01000 1 SW AMC 2 FSM (311B 1 x 64 GB (311BYes Opt. (310B Yes (311B10FortiGate-200B / 200B-POE 5 Gbps 2.5 Gbps 500 K 15 K 95 Mbps 500 Mbps 8800 1 FSM 0No 10FortiGate-224B / 200A150 Mbps70 Mbps400 K4 K30 Mbps100 Mbps26 / 80 / 2NoNo10SMB/ROBO/SOHO APPLIANCESProductFirewall Throughput (512 ByteIPSec VPN Throughput Concurrent Sessions Sessions Per Sec Antivirus Throughput Intrusion Prevention Throughput Switch/LAN Inter-faces WAN Interfaces Wireless Interfaces Other InterfacesVDOMs (MaxFortiGate-110C / 111C 500 Mbps 100 Mbps 400 K 10 K 65 Mbps 200 Mbps 8 FE 2 GbE No USB, COM, 64 GB SSD (111C10FortiGate Voice-80C 500 Mbps 100 Mbps 400 K 10 K 65 Mbps 200 Mbps 8 FE 2 GbE No4 FXO, Concurrent Calls: 2010FortiWiFi Voice-80CS 500 Mbps 100 Mbps 400 K 10 K 65 Mbps 200 Mbps6 / 1 FE DMZ 2 GbE 802.11 a/b/g/n Concurrent Calls: 2010FortiGate-82C 350 Mbps 80 Mbps 100 K 5 K 50 Mbps 100 Mbps 0 4 GbE No1TB Storage & 3 open slots10FortiGate-80C / 80CM FortiWiFi-80CM / 81CM 350 Mbps 80 Mbps 100 K 5 K 50 Mbps 100 Mbps 6 / 1 FE DMZ 2 GbE FW-80CM/ 81CM WiFi a/b/g/n ExpressCard Slot, Modem (80/81CM, 32 GB SSD (81CM10FortiGate-60C FortiWiFi-60C 1 Gbps 70 Mbps 80 K 3 K 20 Mbps 60 Mbps 5 GbE / 1 FE DMZ 2 FE FW-60C a/b/g/n ExpressCard Slot, 4 GB storage, 1 USB-A and 1 USB-B port, POE-Powered (FW-60C10FortiGate-50B / 51B FortiWiFi-50B 50 Mbps 48 Mbps 25 K 2 K 19 Mbps 30 Mbps 3 FE 2 FE FW-50B WiFi b/g POE-Powered (FortiWiFi, USB, COM, 32GB SSD (51B10FortiGate/WiFi-30B 30 Mbps5 Mbps5K1K5 Mbps10 Mbps3 /4 FE1 FEFW-30B WiFi b/gUSB, COMExpansion ModulesAdvanced Mezzanine Card (AMC Modules[Double-Width (DW Mo dules:] • ADM-XD4: 4-port 10GbE FortiASIC Module • ADM-XB2: 2-port 10GbE FortiASIC Module • ADM-XE2: 2-port 10GbE Security Processing Module • ADM-FB8: 8-port GbE FortiASIC Module • ADM-FE8: 8-port GbE Security Processing Module[Single-Width (SW Modules:] • ASM-FB4: 4-port GbE FortiASIC Module • ASM-CE4: 4-port GbE Security Processing Module • ASM-S08: 80 GB Hard Disk Storage Module • ASM-CX4: 4-port GbE TX By-Pass Module • ASM-FX2: 2-port GbE SX By-Pass Module • ASM-ET4: 4-port T1/E1 WAN ModuleFortinet Mezzanine Card (FMC Modules• FMC-XD2: 2-port 10GbE Firewall Module • FMC-XG2: 2-port 10GbE IPS Module • FMC-C20: 20-port 1GbE Firewall Module with RJ45 interface • FMC-F20: 20-port 1GbE Firewall Module with SFP interfaceManaging & Analyzing • Secure Messaging • Database & Web Security• Endpoint Security Software • Security and Support ServicesCopyright© 2010 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may betrademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may affect performance results, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600. BRO103-R27-201101MANAGEMENT, ANALYSIS, & REPORTING APPLIANCESPRODUCT10/100/1000 Ethernet10/100 EthernetBase System Storage Capacity Administration DomainAdministrative Web PortalsWeb Portal Users (MaxLocal Hosted Security Content Hardware Form FactorNetwork Devices (MaxFortiClient Devices Model Restrictions Redundant PowerFortiManager-5001A 2080 GB 1001004,000AV, IPS, VM, WF, AS ATCA Blade 4,000100,000None Yes FortiManager-3000C 4 and 2 SFP0 2 TB 2001004,000AV, IPS, VM, WF, AS Rack Mount (2-RU5,000120,000NoneYes FortiManager-1000C 40 1 TB 5050500AV, IPS, VM, WF, AS Rack Mount (1-RU80025,000FG-5000 Series No FortiManager-400B 40 500 GB 1010200AV, IPS, VM Rack Mount (1-RU20010,000FG-5000 Series No FortiManager-100C 21 1 TB1010200AV, IPS, VM Desktop 202,500FG-5000 Series No PRODUCT10/100/1000 Ethernet 10/100 EthernetBase System Storage Capacity Network De-vices (MaxFortiClient Agents (MaxCentralized QuarantineNumber of Hard DrivesRAID Storage Management Data Receive Rate Log Perf.(Logs / SecRecommended Device Redundant PowerFortiAnalyzer-4000B 2 and 2 SFP0 6 TB 2,000No Restriction Yes 6 (Plus 18 Optional0, 1, 5, 6, 10, 50, 6024 Mbps Up to 6,000 All Models Yes FortiAnalyzer-2000B 60 2 TB 2,000No Restriction Yes 2 (Plus 4 Optional 0, 1, 5, 10, 5012 Mbps Up to 3,000 All Models Yes FortiAnalyzer-1000C 40 1 TB 2,000No Restriction Yes 1 (Plus 3 OptionalOpt - 0, 1, 10 4 Mbps Up to 1,000 All Models No FortiAnalyzer-400B 40500 GB 2002000Yes 1 (Plus 1 OptionalOpt - 0, 1 2 Mbps Up to 500All Models No FortiAnalyzer-100C 21 1 TB100100Yes 1N/A800 Kbps Up to 200 All Models No SECURE MESSAGING APPLIANCESPRODUCT 10/100/1000 Ethernet10/100 EthernetBase System Storage Capacity RAID Storage Management Email DomainsPolicies (Do-main/SysServer Mode MailboxesHardware Form FactorProfiles (Do-main / SysEmail Routing (Mgs / HrAntispam (Mgs / HrRedundant PowerFortiMail-5001A 2080 GB N/A 10,0001,500 / 7,5003,000ATCA Blade 50 / 600 1.4 Million 1.3 Million Yes FortiMail-3000C 4 and 2 SFP0 2 x 1 TB 0, 1, 5, 10, 505,0001,500 / 7,5003,000Rack Mount (2-RU50 / 600 1.3 Million 1.3 Million Yes FortiMail-2000B 60 2 x 1 TB 0, 1, 5, 10, 505,0001,500 /7,5003,000Rack Mount (2-RU50 / 600 1.1 Million 1.1 Million Yes FortiMail-400B 40500 GB Opt - 0,1500600 / 3,0001,000Rack Mount (1-RU50 / 200264,600234,000No FortiMail-100C 21 1 TBN/A 5060 / 300200Desktop50 / 6090,00085,000NoDATABASE and WEB SECURITY APPLIANCESPRODUCT 10/100/1000 Ethernet# Database InstancesBase System Storage Capacity Total Storage Capacity Redundant Power Database Support / Asset Agent LicensesRepository Database SupportFortiDB-2000B 460 1 TB 6 TB (OptYes DB2 UDB V8, DB2 UDB V9; Microsoft SQL Server 2000, Microsoft SQL Server 2005; Oracle 8.1.6, Oracle 8.1.7.4, Oracle9.2.0.x, Oracle 10.2.0.x, Oracle 11.1.0.x; Sybase ASE 12.5.4, Sybase ASE 15.0.2Apache Derby 10.x, DB2 UDB v9, Microsoft SQL Server 2005, Oracle 10gR2, PostgreSQL 8.3FortiDB-1000C 430 1 TB 2 TB (OptNo FortiDB-400B 410500 GB 1 TB (OptNo PRODUCT 10/100/1000 EthernetThroughput (HTTPBase System Storage Capacity Total Storage Capacity Redundant Power Max HTTP Trans / sec Comprehensive WAF and XML Security FeaturesOther FeaturesFortiWeb-3000C 6 1 Gbps 2 TB 6 TB (OptYes 40,000XML schema validation and expression limiting, WSDL Vertifca-tion, Form Field Tampering Validation and others SSL and XML ecnryption and co-processing, Content base Routing.FortiWeb-1000C 4500 Mbps 1 TB 2 TB (OptNo 27,000FortiWeb-400B4100 Mbps500 GB1 TB (OptNo10,000SWITCHING PLATFORMSPRODUCT 10/100/1000 Ethernet10 GbE Ports Throughput (MaxPoE PortsPoE Power BudgetMAC Address Storage VLAN SupportedLink Agg Group Size Total Link Agg Groups Layer 2 / Layer 3 Swtich Switch Type Redundant Power FortiSwitch-248B 48 4 (SFP+176 Gbps 0N/A 32,000512Up to 8 ports 8Layer 2 Managed No FortiSwitch-80-PoE82 Gbps4 - 802.3af62 W2,000N/AN/AN/ALayer 2UnmanagedNoENDPOINT SECURITY SOFTWAREPRODUCTPersonal Firewall IPSec VPN Antivirus & AntiSpyware WANOptimization Intrusion Prevention Email Antispam FortiManager Management Web Content Filtering Address Book Protection SMS Filtering & Antispam Supported PlatformsFortiClient - Windows Yes Yes Yes Yes Yes Yes Yes Yes No No Window 7, Vista, XP , 2000, Server 08, 03, 64 and 32 bit FortiMobile - Symbian Yes No Yes No No No Yes No No Yes SymbianOS S60 7/8/9FortiMobile - WinMobileNoYesYesNoNoNoYesNoYesYesWindows Mobile 2003/SE, 5, 6FORTIGUARD SECURITY SUBSCRIPTION SERVICESINTEGRATED WIRELESS SECURITY AND ACCESS SOLUTIONSProduct AV IPS AS WF VM AC DB AV = AntivirusIPS = Intrusion Preven-tionAS = Antispam WF = Web Filtering VM = Vulnerability Management (including Compliance Benchmark-ingAC = Application control DB = Database SecurityProduct Freq - Radio 1Freq - Radio 2Ethernet Port # of SSIDs POE FortiGate Yes Yes Yes Yes Yes Yes No FortiAP-210B 802.11 b/g/n or a/n (Selectable- 1 x10/100/1007 - client, 1 - monitoring Yes(802.3 afFortiAnalyzer No No No No Yes No No FortiAP-220B802.11 b/g/n or a/n (Selectable802.11 b/g/n1 x10/100/100014 - client, 2 - monitoringYes(802.3 afFortiClient Yes No Yes Yes No Yes No FortiDB No No No No No No Yes FORTIGUARD ANALYSIS AND MANAGEMENT SERVICEFortiMail Yes No Yes No No No No FortiGuard Analysis and Management Service is licensed per device. All FortiGate systems are supported.FortiScanNoNoNoNoYesNoNoYearly Plan available10 GB Storage Quota per license. Multple licenses can be combined to increase storage.S e c u r i t y • P e r f o r m a n c e • C o s t • F l e x i b i l i t yF o r t i n e t ® i s t h e p i o n e e r a n d l e a d i n g p r o v i d e r o f i n t e g r a t e d n e t w o r k s e c u r i t y s o l u t i o n s t h a t p r o t e c t y o u r n e t w o r k a g a i n s t t o d a y ’s c o n s t a n t l y c h a n g i n g t h r e a t s . F o r t i n e t p r o v i d e s s o l u t i o n s f o r t h e w o r l d 's l a r g e s t o r g a n i z a t i o n s , l i k e l a r g e e n t e r p r i s e s a n d s e r v i c e p r o v i d e r s , t o s m a l l o f f i c e s w i t h 25 u s e r s —a n d e v e r y s i z e i n b e t w e e n . U n l i k e p r o v i d e r s o f p o i n t p r o d u c t s , F o r t i n e t o f f e r s a n i n n o v a t i v e s e c u r i t y p l a t f o r m t h a t i n c o r p o r a t e s t h e e s s e n t i a l s e c u r i t y a p p l i c a t i o n s a n d s e r v i c e s r e q u i r e d t o e n a b l e a s a f e a n d c l e a n c o m m u n i c a t i o n s e n v i r o n m e n t r e g a r d l e s s o f s i z e . F o r t i n e t d e l i v e r s•B e t t e r s e c u r i t y b y p r o v i d i n g a c o m p r e h e n s i v e m u l t i -t h r e a t s e c u r i t y s o l u t i o n • H i g h e r p e r f o r m a n c e t h r o u g h A S IC -a c c e l e r a t i o n •L o w e r t o t a l c o s t o f o w n e r s h i p (O p E x a n d C a p E x b y i n t e g r a t i n g b e s t -o f -b r e e d s e c u r i t y a p p l i c a t i o n s i n t o a s i n g l e d e v i c eF o r t i n e t p r o t e c t i o n s o l u t i o n s i n c l u d e a r a n g e o f h i g h -e n d c h a s s i s b a s e d s y s t e m s , a p p l i a n c e -b a s e d s o l u t i o n s , a n d m a n a g e m e n t a n d r e p o r t i n g t o o l s . T h e s e c a p a b i l i t i e s a l l o w o u r c u s t o m e r s t o c o s t -e f f e c t i v e l y p r o t e c t t h e i r c r i t i c a l a s s e t s w h i l e d e l i v e r i n g u n p a r a l l e l e d f l e x i b i l i t y i n d e p l o y m e n t .F o r t i n e t i s t h e o n l y u n i f i e d s e c u r i t y s o l u t i o n s p r o v i d e r t h a t o w n s a l l o f i t s t e c h n o l o g y . F o r t i n e t s o l u t i o n s w e r e b u i l t f r o m t h e g r o u n d u p b y F o r t i n e t t o i n t e g r a t e m u l t i p l e l e v e l s o f s e c u r i t y p r o t e c t i o n —i n c l u d i n g f i r e w a l l , a n t i v i r u s , i n t r u s i o n p r e v en t i o n , V P N , s p y w a r e p r e v e n t i o n , W e b f i l t e r i n g , a n t i s p a m a n d t r a f f i c s h a p i n g —p r o v i d i n g c u s t o m e r s a w a y t o p r o t e c t a g a i n s t m u l t i p l e t h r e a t s t o d a y a n d i n t o t h e f u t u r e .C o n t a c t y o u r A u t h o r i z e d F o r t i P a r t n e r o r v i s i t w w w .f o r t i n e t .c o m /p a r t n e r s t o f i n d a F o r t i P a r t n e r n e a r y o u .F o r t i n e t I n c o r p o r a t e d | 1090 K i f e r R o a d , S u n n y v a l e , C A 94086 U S A T e l +1-408-235-7700 F a x +1-408-235-7737 | w w w .f o r t i n e t .c o m /s a l e sF o r t i O S ™ O p e r a t i n g S y s t e m : D e v e l o p e d f o r S e c u r i t yF o r t i n e t ’s F o r t i O S w a s d e v e l o p e d w i t h s e c u r i t y a n d p e r f o r m a n c e a s t o p p r i o r i t i e s . F o r t i O S f e a t u r e s f u l l r o u t i n g (BG P , O S P F , R I P , c o m p l e t e l o g g i n g a n d a u d i t i n g c a p a b i l i t i e s f o r f o r e n s i c a n a l y s i s , g r a n u l a r V i r t u a l S e c u r i t y D o m a i n (V D O M s u p p o r t , a n d a c o m p l e t e c o m m a n d l i n e i n t e r f a c e (C L I . N o t h i r d p a r t y s o f t w a r e a p p l i c a t i o n s a r e i n c l u d e d t h a t c o u l d l e a d t o a v u l n e r a b i l i t y . I t i s C o m m o n C r i t e r i a C e r t i fi e d E A L 4+ a n d F e d e r a l I n f o r m a t i o n P r o c e s s i n g S t a n d a r d (F I P S 140-2 v a l i d a t e d .F o r t iG u a r d ® S e c u r i t y S e r v i c e sT h e F o r t i G u a r d N e t w o r k i s a c o m b i n a t i o n o f p e o p l e a n d t e c h n o l o g y w h i c h e n h a n c e t h e v a l u e o f F o r t i n e t s o l u t i o n s . O v e r 100 m e m b e r s s t r o n g , t h e F o r t i G u a r d G l o b a l T h r e a t R e s e a r c h T e a m e n s u r e t h a t F o r t i G u a r d S e c u r i t y S u b s c r i p t i o n S e r v i c e s a r e a l w a y s u p -t o -d a t e a n d p r o v i d i n g p r o t e c t i o n f r o m t h e l a t e s t t h re a t s . D e l i v e r i n g t h e l a t e s t s e c u r i t y c o n t e n t i s t h e F o r t i G u a r d D i s t r i b u t i o n N e t w o r k , w h i c h i s c o m p r i s e d ofg e o g r a phi c a l l yd i s pe r s e d s y s t e m s w h i c h c a n o p t i o n a l l y p u s h u p d a t e s t o F o r t i ne t d e v i c e s a n y w h e r e i n t h e w o r l d w i t h i n m i n u t e s.T h e F o r t i G a t e ® f a m i l y o f m u l t i -t h r e a t s e c u r i t y a p p l i a n c e s r a n g e i n p e r f o r m a n c e a n d p h y s i c a l f e a t u r e s t o m e e t n e t w o r k r e q u i r e m e n t s o f a l l s i z e s a n d t o p o l o g i e s . A d d i t i o n a l l y , F o r t i n e t d e l i v e r s a c o m p l e t e l i n e o f p r o d u c t e x t e n s i o n s t h a t e n a b l e n e t w o r k m a n a g e r s t o c o n t r o l , m o n i t o r , a n d o p e r a t e n e t w o r k s s i m p l y a n d p o w e r f u l l y :•F o r t i A n a l y z e r ™ A p p l i a n c e s —C e n t r a l i z e d l o g g i n g a n d r e p o r t i n g t h a t s e c u r e l y a g g r e g a t e s a n d a n a l y z e s l o g d a t a f r o m m u l t i p l e F o r t i n e t p r o d u c t s •F o r t i M a n a g e r ™ A p p l i a n c e s —C e n t r a l i z e d c o m m a n d a n d c o n t r o l , c o n fi g u r a t i o n m a n a g e m e n t a n d m o n i t o r i n g s o l u t i o n •F o r t i M a i l ™ A p p l i a n c e s —A n e n t e r p r i s e -c l a s s f a m i l y o f s p e c i a l i z e d e m a i l s e c u r i t y s o l u t i o n s p r o v i d i n g a n t i s p a m a n d a n t i v i r u s p r o t e c t i o nT h e F o r t i A S I C ™ A d v a n t a g eT h e F o r t i A S I C p r o c e s s o r i s t h e f o u n d a t i o n o f F o r t i n e t ’s u n i q u e t e c h n o l o g y . F o r t i A S I C s u s e a n i n t e l l i g e n t , p r o p r i e t a r y c o n t e n t s c a n n i n g e n g i n e t h a t a c c e l e r a t e s c o m p u t e -i n t e n s i v e a c t i o n s . T h e y a l s o c o n t a i n a c c e l e r a t i o n a l g o r i t h m s f o r e n c r y p t i o n s o t h a t F o r t i G a t e s e c u r i t y d e v i c e s c a n p e r f o r m a n t i v i r u s s c a n n i n g o n V P N t u n n e l s , e n s u r i n g c l e a n a n d c o n t r o l l e d c o m m u n i c a t i o n s . C o u p l i n g o u r c u s t o m A S I C w i t h p r o p r i e t a r y n e t w o r k p r o c e s s o r a c c e l e r a t i o n , F o r t i n e t ’s s e c u r i t y s y s t e m s d e l i v e r i m p r o v e d s e c u r i t y , e x t r e m e p e r f o r m a n c e , a n d a c o m p e l l i n g t o t a l c o s t o f o w n e r s h i p.P r o d u c t M a t r i x。

NSE InsiderEnergizing Your Sales Pipeline withCTAP AssessmentsNeil Matz, Replay: https:///recording/3486741996216584207Primer for New SellersIf You’re New to CTAP…▪The Cyber Threat Assessment Program (CTAP) enables assessment-based selling for our partners and internal sellers▪After monitoring your prospect’s network, CTAP generates an assessment report with key findings that change the conversationACCELERATE your sales cyclesMANAGEyour time investmentsCLOSEmore businessGet to the technology validation discussion faster Predictable workflows mean youspend less time wasting timeConverts 4 out of 5opportunities on averageAssessment Reports Facilitate Sales Conversations“Looks like you are constantly under attack; do you currently haveautomated defenses in place with your existing firewall vendor?”“At least 4 malware bypassed your existing security controls; does yourincumbent solution provide the best content security/heuristics/etc.?”“Were you aware that 7 proxies have circumvented your filtering controls?”“It looks like your log rate is high at 357 logs per second –how doyou process those logs now? Do you use an upstream SIEM?”“Over 75% of your web traffic is encrypted, do you currently inspect those packets?What’s your strategy to deal with encrypted traffic as an organization?”Building an Assessment Based Selling MindsetFamiliarize yourself with the CTAP portal https://Login with yourpartner portal or network credentials Read documentation and watch videosunder the Help section of the portalTake time to understand the end to endassessment based selling processConduct a test assessment in your ownlab environmentYou don’t want to run into any speedbumpson-site or in front of the customerSend copies of sample reportsto your prospectsGenerate interest from your prospects, you want them to say “I want that for my network!”Use the CTAP call to action slidesin your own presentationsAppend assessment based selling slidesto your pitch deck as a next stepOffer to run an assessment to validateyour prospect’s defensesRemind them that “it never hurts to get asecond opinion”LearningPromotingRecent CTAP Success Story▪US School District w/ 23 schools & 12K students ▪What started as a CTAP NGFW assessment ended with a full Security Fabric sale▪CTAP broke the ice with networking team▪PAN displacement in part due to limited performance when inspecting encrypted traffic ▪Great example of landing with CTAP $246,000 Total Deal Size •822K attacks •13 malware •91% encrypted FortiGateFortiAuthenticatorFortiAnalyzerFortiNACFortiClientRecent Features Added to CTAP▪Opening up evaluation pool for FortiGates again (US only)»Allows partners to onboard/test CTAP before making NFR commitment ▪FortiOS 6.4.1 support for E models (60E/300E)▪Improved SFDC integration»Better account linking and updated SFDC reports available▪FortiGate AWS support (beta)»If you have an interested customer, please send inquiry to CTAP alias ▪FortiGate VM support (GA on 8/13)»Setup guide, elevator pitch, and walkthrough video available»Materials on FUSE under Sales > CTAP, partner portal, and CTAP portalIntroducing Remote FortiGate Assessments…Current Drivers and Resulting BehaviorsDriver Resulting BehaviorsRestricted access to datacenters and test labs Aversion to on-site POCs and lab validationsaffects conventional technical sales motions Logistics delays and carrier restrictions Hardware inherently more challenging toprocure and transport from point A to point B Limited physical contact Less face to face selling equates to shift intraditional sales tacticsPrioritize essential services Can’t rely on refresh cycle for pipeline;must prove immediate and essential value Remote assessments are ideal for the current operational climateRemote Assessments Aren’t “One Size Fits All” Though ▪If your locale is unaffected by the aforementioned drivers, hardware assessments are still very valuable»Performance metrics normally excel with hardware-based assessments▪Don’t over-rotate by sidelining your NFR or ITF units; use them▪Partners building their assessment practice are still encouraged to procure Not For Resale (NFR) units to use with multiple prospects ▪US sellers can still take advantage of the evaluation program (loaner FortiGates for running on premises assessments)FortiGate-Based Assessments with FG-VM Particulars▪The CTAP Program now supports FortiGate VM 6.4.1▪To be clear, it only supports ESXi6.5 and above(that said, ~70% of all organizations utilize VMware hypervisors)▪We recommend 8 cores and 8GB memory for oversizing purposes ▪CTAP team is investigating other hypervisors and refining process ▪FG-VM support means sellers can work with many of their prospects to run FortiGate-based assessments remotelyClarifying FortiGate-Based Assessment TypesFortiGate-Based Assessment TypesAssessment Creation Form Nuances With FG-VM▪FG-VM is a new “model” within the assessment creation form▪No need to specify a serial number; you’ll be given a license instead ▪Only “One Arm Sniffer” is selectable as a deployment modeAfter Successfully Submitting a FG-VM Assessment ▪After creating an FG-VMassessment, you will be presentedwith the following:»Setup Checklist»Binaries»License File»Configuration File▪Download everything locally; you’llneed the binaries, license, andconfig file when deploying withinyour customer’s ESXi environmentDeploying the FG-VM Instance Within Customer’s ESXi ▪Login to the customer’s VMware server using their credentials»We suggest they login and then you take control remotely▪Choose Create/Register VM to startthe New virtual machine wizard▪You’ll want to Deploy a virtualmachine from an OVF or OVA file▪Use the binaries you downloadedpreviously; you’ll want to drag over:»datadrive.vmdk»fortios.vmdk»FortiGate-VM64.hw14.ovfFinish Deploying the FG-VM Instance▪Using the Setup Checklist document, finalize the FG-VM deployment »Select the customer’s datastore, accept the EULA, & configure network mappings/interfaces »We recommend allocating the full 8 cores & using a minimum of 8GB memory»Note: some CLI configuration is required to be able to access the FortiGate’s web GUI▪If you run into trouble, refer to the Setup Guide and/or re-watch the walkthrough videoApplying the FG-VM LicenseAfter logging into the new FG-VM instance, upload the license (.lic file downloaded from CTAP portal) under Dashboard> StatusImporting the FortiGate Config FileRestore the .conf file downloaded from the CTAP portal »This will configure the WAN side settings (including remote logging FAZ IP, FSA IP if applicable, & facilitate FortiGuard lookups for web filtering, etc.)Enable Promiscuous Mode on the Network within ESXi▪Under the ESXi console, edit the Network which contains the FG-VM ▪Ensure that Promiscuous mode is set to Accept or inherits from underlying vSwitch(which should be set to Accept)▪Exit ESXi and port mirror the switch to port2 of the FG-VM instanceAfter Mirroring the Switch, Verify Log Collection in Portal ▪Assuming everything is configured correctly, you will see logs populating on the FG-VM under Log & Report > Sniffer Traffic▪Similarly, if you’re logging to the Remote Server, you can loginto the CTAP portal and the Logs status indicator should turn greenDenote Logs Ready, Generate the Assessment Report ▪On the CTAP portal dashboard, select the Assessment Actions button for your specific assessment▪Then click on the Logs Ready button and your report will be automatically generated (usually within 5 minutes)Available Materials▪Materials are available on both the CTAP and partner portals »https:// and https://▪FG-VM Setup Checklist»PDF describes entire setup from CTAP portal to ESXi configuration▪FG-VM Walkthrough Training Video»MP4 step by step video guide –this can be replayed in webinars/trainings ▪FG-VM Presentation»PPTX slide deck includes materials sellers can reuse to spawn interest in running a remote assessmentClosing ThoughtsDon’t Forget: Email Assessments Are Cloud-Based!▪After creating an email assessment,a FortiMail Cloud instance is provisioned▪Customers configure their O365 or G Suitetransport rules to BCC emails to the cloud▪No on premise equipment or setup required▪We’ve seen a significant uptick in emailassessments over the past 4-5 monthsOn the Horizon for CTAP…▪Hardware model validation»F model (60/1F & 100/1F) support starting with 6.4.2»Add’l CTAP hardware lineup additions (400/1E & 1100/1E)▪Support for AWS-based FortiGates»Available now in limited beta (please be patient)»Please contact CTAP alias with interested partners/prospects▪Revisions to existing assessment types»SD-WAN = jitter/latency/packet loss stats for DIA apps»NGFW = inclusion of new FortiGuard services»Email = improved regional support and backend changes▪New assessment types»Announcements likely in Q4 2020 + Q1 2021 timeframe CTAPfor…?RecapCurrent conditions mandate a shift in sellingstrategies; remote interactions are preferredRemote assessments with FG-VM are nowsupported with the CTAP programRefer to FG-VM video and/or setup checklist for more details or just email the CTAP teamAll CTAP assessment types can be run remotely (NGFW, SD-WAN, and Email)Q&A Session。

F ortiExtender™ SeriesExtend, Ensure, and Secure Your NetworkFortiExtender offers scalable, cost-effective, and resilient 5G, LTE, and Ethernet solutions. Driven by Fortinet’s unique approach of Security-driven networking FortiExtender allows organizations business continuity, improved network availability while securing connectivity with wired broadband and cellular networks.From secure point of sale (POS) systems to vehicle fleet communication, FortiExtender provides reliable broadband access to the internet and extends the value of the Fortinet Security Fabric to support fluid business operations dependent on remote device connectivity.HighlightsImproves user experience though optimal 5G and LTE wireless signalProvides secure network failover with out of band management (OBM), dual SIM, and dual Modem capabilitiesIntegrates with Fortinet Secure SD-WAN for ease of deployment, management, and securityOffers dynamic, flexible edge connectivity—switch links among ISPs based on data consumption, schedules, or ad hocEnables network access for remote sites and branches located beyond fixed broadbandAccelerates cloudconnectivity for any user with flexible on-ramp paths to SaaS/IaaSReduces overall WAN TCO with FortiGate NetworkSecurity Platform integration Cloud-based management empowers businesses with globally distributed locations Four LAN ports and routing capabilities enable remote Available in ApplianceData SheetSecurity-Driven NetworkingSecurity Fabric IntegrationIntegration with Fortinet SD-WAN and FortiGate appliances secures internet edge breakouts with a complete set of Web, Content, and Device security controls far beyond other industry solutions.Optimal Signal StrengthA single PoE cable provides optimal 5G/LTE signal vs complex, lossy antenna cables or limited strength USB modems. Dual SIM and Dual Modem options offer up to 5X network reliability.Simplified ManagementManage your FortiExtender from the FortiManager, FortiGate, or FortiExtender Cloud dashboard, making network changes, security controls, and policy automation simple.FortiExtender managed with FortiGateFeaturesSuperior Management, Security, and ControlFortiExtenders are a true plug-and-play device. Once connected to the FortiGate, they appear as a regular network interface in FortiOS management. IT administrators can manage the connection as well as implement complete UTM security and control, just like any other FortiGate interface. In addition, FortiOS will display data quota usage on the wireless WAN interface, providing complete visibility of the connection to ensure costly carrier data limits are not exceeded. The superior management, security, and control of the FortiExtender ultimately reduces IT costs while extending, ensuring, and securing the network.Flexible Deployment for Optimal Signal StrengthFortiExtender devices are designed to receive the best possible 5G/LTE signal. The device utilizes Power over Ethernet (PoE) so you can run a high-quality ethernet cable to a location with optimal signal strength, up to 100 m away from the FortiGate or Network Switch.FortiExtender can be placed near a window for optimal signal strengthDeploymentFlexible 5G/LTE ConnectivityThe FortiExtender family of 5G/LTE appliances support dual SIMand dual modem options, enabling up to four different ISPs for 5G/LTE connectivity. Our dual SIM models allow for one active and onepassive cellular link, providing fast failover. Dual Modem options providetwo active and two passive links, for the fastest failover and disasterrecovery. You can also configure the FortiExtender to utilize an ISPlink until a certain data usage threshold is reached. At that point,FortiExtender can automatically shift over to another ISP and usethat 5G/ LTE connection. Additional conditions can be set to shift theconnection between SIM cards, allowing you to balance connectivity andcost.Switch between ISPs based on cost or data usageFlexible WAN ConnectivityFortiExtender offers new WAN connectivity options with an EthernetWAN port, in addition to the LTE WAN links. With this WAN port, youcan connect to a DSL, cable, or another modem for additional WANconnectivity options. Load-balancing and failover options enable yourFortiExtender to manage your WAN connections across several optionsto ensure connectivity at the best cost point.Mix LTE and Cable/DSL connections for load-balancing and/or failoverHybrid WAN-LAN ConnectivityFortiExtender offers four LAN Ethernet ports to enable multipleconnections to the LTE connection. Ideal for High Availability (HA)pairs of FortiGates, each FortiGate can be directly connected to theFortiExtender. Either FortiGate can run in load-balancing or failovermodes and receive WAN connectivity from the FortiExtender.Easily supports two FortiGates in HA mode without additional hardwareHardware SpecificationsIC ICES-003, RSS-102—ICES-003, RSS-247, RSS-102—CE—EMC 2014/30/EU (EN 55032, EN55024, EN 55035, EN 61000-3-2/-3; EN 301 489-1/-19, Draft EN 301489-52)RED 2014/53/EU (EN 303 413, EN 301908-1/-2/-13, EN 62311)LVD 2014/35/EU (EN 62368-1)—EMC 2014/30/EU (EN 55032, EN55035, EN 61000-3-2/-3; EN 301 489-1/-17/-52, Draft EN 301 489-19)RED 2014/53/EU (EN 300 328, EN 303413, EN 301 908-1/-2/-13, EN 62311)LVD 2014/35/EU (EN 62368-1)UL UL/CSA 62368-1UL/CSA 62368-1UL/CSA 62368-1UL/CSA 62368-1CB IEC/EN 60950-1, IEC/EN 62368-1IEC/EN 60950-1, IEC/EN 62368-1IEC/EN 62368-1IEC/EN 62368-1Certification notes:The built-in modem offers quad-band connectivity to HSPA+ networks worldwide and expected to work in 3G mode worldwide, subject to carrier support.There are exceptions however, as some carriers control the access to their network to specific carrier certified devices. These carriers allow only certified modem IMEI numbers on their network and have the ability to disable the LTE connection after a period of time.The following carriers are known to require additional testing to obtain certification. Please reach out to the Fortinet sales team and to evaluate your specific regional requirements: Brazil (VIVO),Hardware SpecificationsCertification notes:The built-in modem offers quad-band connectivity to HSPA+ networks worldwide and expected to work in 3G mode worldwide, subject to carrier support.There are exceptions however, as some carriers control the access to their network to specific carrier certified devices. These carriers allow only certified modem IMEI numbers on their network and have the ability to disable the LTE connection after a period of time.The following carriers are known to require additional testing to obtain certification. Please reach out to the Fortinet sales team and to evaluate your specific regional requirements: Brazil (VIVO),IC ICES-003, RSS-247, RSS-102—ICES-003, RSS-247, RSS-102CE—EMC 2014/30/EU (EN 55032, EN 55035, EN61000-3-2/-3; EN 301 489-1/-17/-52, Draft EN301 489-19)RED 2014/53/EU (EN 300 328, EN 303 413,EN 301 908-1/-2/-13, EN 62311)LVD 2014/35/EU (EN 62368-1)EMC 2014/30/EU (EN 55032, EN 55024, EN55035EN 61000-3-2/-3; EN 301 489-1/-17)RED 2014/53/EU (EN 300 328, EN 62311)LVD 2014/35/EU (EN 60950-1, EN 62368-1)UL UL/CSA 62368-1UL/CSA 62368-1UL/CSA 60950-1, UL/CSA 62368-1CBIEC/EN 62368-1IEC/EN 62368-1IEC/EN 60950-1, IEC/EN 62368-1Hardware SpecificationsIC ICES-003, RSS-247, RSS-102ICES-003, RSS-247, RSS-102ICES-003, RSS-247, RSS-102ICES-003, RSS-247, RSS-102CE EMC 2014/30/EU (EN 55032, EN55024, EN 55035, EN 61000-3-2/-3;EN 301 489-1/-17/-19,Draft EN 301 489-52)RED 2014/53/EU (EN 300 328,EN 303 413, EN 301 908-1/-2/-13,EN 62311, EN 50382, EN 50665,EN 50663, EN 62479)LVD 2014/35/EU (EN 60950-1, EN62368-1)EMC 2014/30/EU (EN 55032, EN55024, EN 55035, EN 61000-3-2/-3;EN 301 489-1/- 17/-19, Draft EN 301489-52)RED 2014/53/EU (EN 300 328, EN 303413, EN 301 908-1/-2/-13, EN 62311)LVD 2014/35/EU (EN 60950-1, EN62368-1)EMC 2014/30/EU (EN 55032, EN55024, EN 55035, EN 61000-3-2/-3; EN 301 489-1/-17, Draft EN 301489-19/-52)RED 2014/53/EU (EN 300 328, EN 303413, EN 301 908-1/-2/-13, EN 62311,EN 50665, EN 50385)LVD 2014/35/EU (EN 62368-1)EMC 2014/30/EU (EN 55032, EN55024, EN 55035, EN 61000-3-2/-3;EN 301 489-1/-17/-19, Draft EN 301489-52)RED 2014/53/EU(EN 300 328, EN 303 413, EN 301908-1/-2/-13/-25, EN 62311)LVD 2014/35/EU (EN 60950-1, EN62368-1)UL UL/CSA 60950-1, UL/CSA 62368-1UL/CSA 62368-1UL/CSA 62368-1UL/CSA 62368-1)CB IEC/EN 60950-1, IEC/EN 62368-1IEC/EN 60950-1, IEC/EN 62368-1IEC/EN 60950-1, IEC/EN 62368-1(IEC/EN 60950-1, IEC/EN 62368-1)Certification notes:The built-in modem offers quad-band connectivity to HSPA+ networks worldwide and expected to work in 3G mode worldwide, subject to carrier support.There are exceptions however, as some carriers control the access to their network to specific carrier certified devices. These carriers allow only certified modem IMEI numbers on their network and have the ability to disable the LTE connection after a period of time.The following carriers are known to require additional testing to obtain certification. Please reach out to the Fortinet sales team and to evaluate your specific regional requirements: Brazil (VIVO),Regional CompatibilityNorth America Carriers EMEA, Brazil, some APACCarriersNorth America Carriers EMEA, APAC Carriers North America Carriers EMEA, APAC Carriers Internal Modem SpecificationsModem Model Quectel EM06-A Quectel EM06-E Sierra Wireless EM7411Sierra Wireless EM7421Sierra Wireless EM7411(2x Modem)Sierra Wireless EM7421 (2x Modem)5G NR SA and NSA————4G: LTE CAT-6FDD Bands:2, 4, 5, 7, 12, 13, 25, 26,29, 30, 66TDD Bands:41CAT-6FDD Bands:1, 3, 5, 7, 8, 20, 28, 32TDD Bands:38, 40, 41CAT-7Bands:2, 4, 5, 7, 12, 13, 14, 25, 26,41, 42, 43, 48, 66, 71CAT-7Bands:1, 3, 7, 8, 20, 28, 32, 38,40, 41, 42, 43CAT-7Bands:2, 4, 5, 7, 12, 13, 14, 25, 26,41, 42, 43, 48, 66, 71CAT-7Bands:1, 3, 7, 8, 20, 28, 32, 38,40, 41, 42, 433G: UMTS/HSPA+Bands: 2, 4, 5Bands: 1, 3, 5, 8Bands: 2, 4, 5Bands: 1, 5, 8Bands: 2, 4, 5Bands: 1, 5, 8 3G: WCDMA Bands: 2, 4, 5Bands: 1, 3, 5, 8Bands: 2, 4, 5Bands: 1, 5, 8Bands: 2, 4, 5Bands: 1, 5, 8 Additional Ports GPS antenna port GPS antenna port GPS antenna port GPS antenna port GPS antenna port GPS antenna portConnector Type SMA (MAIN, AUX, GPS)SMA (MAIN, AUX, GPS)SMA (MAIN, AUX, GPS)SMA (MAIN, AUX, GPS)SMA LTE1(MAIN, AUX,GPS) LTE2(MAIN, AUX,GPS)SMA LTE1(MAIN, AUX, GPS) LTE2(MAIN, AUX,GPS)Module Certifications FCC, IC, GCF, PTCRB GCF, CE, NCC, RCM,ICASAFCC, IC, GCF, PTCRB GCF, NCC FCC, IC, GCF, PTCRB GCF, NCC Diversity Yes Yes Yes Yes Yes YesMIMO Yes Yes Yes Yes Yes YesGNSS Bias Yes Yes Yes Yes Yes YesRegional CompatibilityGlobal Carriers Global Carriers Global Carriers Global CarriersInternal Modem SpecificationsModem Model Sierra Wireless EM7565Sierra Wireless EM7565 (2x Modem)Quectel EM160R-GL Quectel RM502Q-AE5G NR SA and NSA——5G Sub-6Bands:n1, n2, n3, n5, n7, n8, n12, n20, n25, n28, n38,n40, n41, n48, n66, n71, n77, n78, n794G: LTE CAT-12Bands:1, 2, 3, 4, 5, 7, 8, 9, 12, 13, 18, 19,20, 26, 28, 29, 30, 32, 41, 42, 43,46, 48, 66(Bands 42, 43, 46 are supported onRev: P24254-02 and later)CAT-12Bands:1, 2, 3, 4, 5, 7, 8, 9, 12, 13, 18, 19, 20,26, 28, 29, 30, 32, 41, 42, 43, 46,48, 66CAT-16FDD Bands:1, 2, 3, 4, 5, 7, 8, 12, 13, 14, 17, 18, 19,20, 25, 26, 28, 29, 30, 32, 66TDD Bands:38, 39, 40, 41, 42, 43, 46 (LAA), 48(CBRS)CAT-20FDD Bands:1, 2, 3, 4, 5, 7, 8, 12(17), 13, 14, 18, 19, 20, 25,26, 28, 29, 30, 32, 66, 71TDD Bands:34, 38, 39, 40, 41, 42, 43, 483G: UMTS/HSPA+Bands: 1, 2, 4, 5, 6, 8, 9, 19Bands: 1, 2, 4, 5, 6, 8, 9, 19Bands: 1, 2, 3, 4, 5, 6, 8, 19Bands: 1, 2, 3, 4, 5, 6, 8, 19 3G: WCDMA Bands: 1, 2, 4, 5, 6, 8, 9, 19Bands: 1, 2, 4, 5, 6, 8, 9, 19Bands: 1, 2, 3, 4, 5, 6, 8, 19Bands: 1, 2, 3, 4, 5, 6, 8, 19 Additional Ports GPS antenna port GPS antenna port MIMO1, MIMO2MIMO1, MIMO2Connector Type SMA (MAIN, AUX, GPS)SMA LTE1 (MAIN, AUX, GPS)LTE2 (MAIN, AUX, GPS)4x SMA (MAIN, MIMO1, MIMO2,Diversity/GPS)4x SMA (MAIN, MIMO1, MIMO2, Diversity/GPS)Module Certifications FCC, IC, CE, GCF, PTCRB FCC, IC, CE, GCF, PTCRB GCF, CE, PTCRB, FCC, IC, Anatel,IFETEL, SRRC/NAL/CCC, NCC, KC,JATE/TELEC, RCM, ICASAGCF, CE, PTCRB, FCC, IC, JATE/TELEC, RCMDiversity Yes Yes Yes YesMIMO Yes Yes Yes YesGNSS Bias Yes Yes Yes Yes3G/4G-LTE/5G SpecificationsFeaturesAuto-connect✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝Auto-select Network✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝Data Byte Count✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝Network Profile✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝Self-diagnostics✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝Power Management —standby and hibernate✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝selective suspendDIAG and AT Commands✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝Private IP SIM Support✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝L2 Tunnel Mode via VLAN orCAPWAP for fast and flexible✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝deploymentsSingle Pane of GlassManagement via FortiGate✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝✓⃝and FortiManagerThe built-in modem offers quad-band connectivity to HSPA+ networks worldwide and is expected to work in 3G mode worldwide, subject to carrier support. There are exceptions however, as some carriers control the access to their network to specific carrier certified devices. These carriers allow only certified modem IMEI numbers on their network and have the ability to disable the LTE connection after a period of time.FeaturesATT✓⃝—✓⃝—✓⃝—✓⃝✓⃝✓⃝✓⃝PTCRB✓⃝—✓⃝—✓⃝—✓⃝✓⃝✓⃝✓⃝T-Mobile——————————Public Safety Network—————————FirstNetReady®The built-in modem offers quad-band connectivity to HSPA+ networks worldwide and is expected to work in 3G mode worldwide, subject to carrier support. There are exceptions however, as some carriers control the access to their network to specific carrier certified devices. These carriers allow only certified modem IMEI numbers on their network and have the ability to disable the LTE connection after a period of time.FortiExtender™ Series Data Sheet Ordering Information211E, FEX-212F, FEX-311F and FEX-511F models.Power Adapter SP-FEX12V3A-PA-1-EU AC Power adapter with EU plug for Europe, for use with FortiExtender FEX-101F, FEX-201F, FEX-202F, FEX-211E, FEX-212F, FEX-311F and FEX-511F models.11 Copyright © 2023 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.January 17, 2023FEXT-DAT-R36-20230117。

FortiAuthenticator FSSO Features§Enables identity and role-based security policies in the Fortinet secured enterprise network without the need for additional authentication through integration with Active Directory§Strengthens enterprise security by simplifying and centralizing the management of user identity informationAdditional FortiAuthenticator Features§Secure Two-factor / OTP Authentication with full support for FortiToken §RADIUS and LDAP Authentication§Certificate management for enterprise VPN deployment §IEEE802.1X support for wired and wireless network securitycommunicating this information to FortiGate devices for use in Identity-Based Policies.FortiAuthenticator delivers transparent identification via a wide range of methods: §Polling of an Active Directory Domain Controller;§Integration with FortiAuthenticator Single Sign-On Mobility Agent which detects login, IP address changes and logout;§FSSO Portal based authentication with tracking widgets to reduce the need for repeated authentications;§Monitoring of RADIUS Accounting Start records.DATA SHEETFortiAuthenticator ™User Identity Management and SIngle Sign-OnDATA SHEET: FortiAuthenticator ™HIGHLIGHTSFortiAuthenticator Single Sign-On User Identification MethodsFortiAuthenticator can identify users through a varied range of methods and integrate with third party LDAP or Active Directory systems to apply group or role data to the user and communicate with FortiGate for use in Identity based policies. FortiAuthenticator is completely flexible and can utilize these methods in combination. For example, in a large enterprise,primary method for transparent authentication with fallback to the portal for non-domain systems or guest users.Key Features & BenefitsFSSO Transparent User IdentificationZero impact for enterprise users.Integration with LDAP and AD for group membership Utilizes existing systems for network authorization information, reducing deployment times and streamlining management processes. Integration with existing procedures for user management.Wide range of user identification methods Flexible user identification methods for integration with the most diverse of enterprise environments.Enablement of identity and role-based securityAllows security administrator to give users access to the relevant network and application resources appropriate to their role, while retaining control and minimizing risk.DATA SHEET: FortiAuthenticator ™HIGHLIGHTSAdditional FunctionalityStrong User Identity with Two-factor Authentication FortiAuthenticator extends two-factor authentication capability to multiple FortiGate appliances and to third party solutions that support RADIUS or LDAP authentication. User identity information from FortiAuthenticator combined with authentication information from FortiToken ensures that only authorized individuals are granted access to your organization’s sensitive information. This additional layer of security greatly reduces the possibility of data leaks while helping companies meet audit requirements associated with government and business privacy regulations. FortiAuthenticator supports the widest range of tokens possible to suit your user requirements. With the physical time-based FortiToken 200, FortiToken Mobile (for iOS and Android), e-mail and SMS tokens, FortiAuthenticator has token options for all users and scenarios. Two-factor authentication can be used to control access to applications such as FortiGate management, SSL and IPsec VPN, Wireless Captive Portal login and third-party, RADIUS compliant networking equipment.To streamline local user management, FortiAuthenticator includes user self-registration and password recovery features.Enterprise Certificate Based VPNsSite-to-site VPNs often provide access direct to the heart of the enterprise network from many remote locations. Often these VPNs are secured simply by a preshared key, which, if compromised, could give access to the whole network. FortiOS support certificate-based VPNs; however, use of certificate secured VPNs has been limited, primarily due to the overhead and complexity introduced by certificate management. FortiAuthenticator removes this overhead involved by streamlining the bulk deployment of certificates for VPN use in a FortiGate environment by cooperating with FortiManager for the configuration and automating the secure certificate delivery via the SCEP protocol.For client-based certificate VPNs, certificates can be created and stored on the FortiToken 300 USB Certificate store. This secure, pin-protected certificate store is compatible with FortiClient and can be used to enhance the security of client VPN connections in conjunction with FortiAuthenticator.Additional Features & BenefitsRADIUS and LDAP User Authentication Local Authentication database with RADIUS and LDAP interfaces centralizes user management.Wide Range of Strong Authentication MethodsStrong authentication provided by FortiAuthenticator via hardware tokens, e-mail, SMS, e-mail and digital certificates help to enhance password security and mitigate the risk of password disclosure, replay or brute forcing.User Self-registration and Password Recovery Reduces the need for administrator intervention by allowing the user to perform their own registration and resolve their own password issues, which also improves user satisfaction.Integration with Active Directory and LDAP Integration with existing directory simplifies deployment, speeds up installation times and reutilizes existing development.Certificate Management Streamlined certificate management enables rapid, cost-effective deployment of certificate-based authentication methods such as VPN.802.1X AuthenticationDeliver enterprise port access control to validate users connection to the LAN and Wireless LAN to prevent unauthorized access to the network.DATA SHEET: FortiAuthenticator ™SPECIFICATIONSUL/cUL, CB, GOSTFortiAuthenticator 3000DFortiAuthenticator 1000DFortiAuthenticator Virtual ApplianceFortiAuthenticator 400EFortiAuthenticator 200EFortiAuthenticator 3000EDATA SHEET: FortiAuthenticator™Maximum Virtual CPUs SupportedUnlimited Virtual NICs Required (Minimum / Maximum) 1 / 4Virtual Machine Storage (Minimum / Maximum) 60 GB / 2 TB Virtual Machine Memory Required (Minimum / Maximum)512 MB / 64 GBHigh Availability SupportActive-Passive HA and Config Sync HASPECIFICATIONSGLOBAL HEADQUARTERS Fortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +/salesEMEA SALES OFFICE 905 rue Albert Einstein Valbonne 06560Alpes-Maritimes, France Tel: +33.4.8987.0500APAC SALES OFFICE 300 Beach Road 20-01The Concourse Singapore 199555Tel: +65.6395.2788LATIN AMERICA SALES OFFICE Sawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430 Sunrise, FL 33323United StatesTel: +1.954.368.9990Copyright© 2016 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary and may be significantly less effective than the metrics stated herein. Network variables, different network environments and other conditions may negatively affect performance results and other metrics stated herein. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet and any such commitment shall be limited by the disclaimers in this paragraph and other limitations in the written contract. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests, and in no event will Fortinet be responsible for events or issues that are outside of its reasonable control. Notwithstanding anything to the contrary, Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.DATA SHEET: FortiAuthenticator ™FortiAuthenticator 400E FAC-400E 4x GE RJ45 ports, 2x 1 TB HDD.FortiAuthenticator 1000D FAC-1000D-E07S 4x GE RJ45 ports, 2x GE SFP , 2x 2 TB HDD.FortiAuthenticator 3000D FAC-3000D 4x GE RJ45 ports, 2x GE SFP , 2x 2 TB HDD.FortiAuthenticator 3000E FAC-3000E 4x GE RJ45 ports, 2x GE SFP , 2x 2 TB HDD.FortiAuthenticator-VM LicenseFAC-VM-Base Base FortiAuthenticator-VM with 100 user license. Unlimited vCPU.FAC-VM-100-UG FortiAuthenticator-VM with 100 user license upgrade. FAC-VM-1000-UG FortiAuthenticator-VM with 1,000 user license upgrade.FAC-VM-10000-UG FortiAuthenticator-VM with 10,000 user license upgrade.FAC-VM-100000-UG FortiAuthenticator-VM with 100,000 user license upgrade.FC1-10-0ACVM-248-02-12 1 Year 24x7 FortiCare Contract (1–500 users).FC2-10-0ACVM-248-02-12 1 Year 24x7 FortiCare Contract (1–1100 users).FC3-10-0ACVM-248-02-12 1 Year 24x7 FortiCare Contract (1–5100 users).FC4-10-0ACVM-248-02-12 1 Year 24x7 FortiCare Contract (1–10100 users).FC8-10-0ACVM-248-02-12 1 Year 24x7 FortiCare Contract (1–25100 users).FC5-10-0ACVM-248-02-12 1 Year 24x7 FortiCare Contract (1–50100 users).FC6-10-0ACVM-248-02-12 1 Year 24x7 FortiCare Contract (1–100100 users).FC9-10-0ACVM-248-02-12 1 Year 24x7 FortiCare Contract (1–500100 users).FC7-10-0ACVM-248-02-121 Year 24x7 FortiCare Contract (1–1M users).ORDER INFORMATION。

NGIPS SOLUTIONFortinet’s NSS Labsrecommended NGIPSsolution integrates IPS withapplication control andleverages the power ofFortiGuard Labs to deliverbetter security, more controland faster performance. Fortinet’s Next Generation IPS SolutionBetter Security, More Control and Faster PerformanceIntroductionOrganizations are under continuous attack. Cybercriminals, motivatedby previously successful high profile hacks and the highly profitableblack market for stolen data, continue to increase both the volume and sophistication of their attacks on organizations. Traditional Intrusion Prevention Systems (IPS) no longer provides a wide enough range of protection. Today’s threat landscape requires Next Generation IPS (NGIPS) to block a wider range of threats while minimizing false positives.This guide discusses the need for NGIPS and demonstrates how Fortinet’s NGIPS solution can help you solve this multi-faceted problem by integrating highly effective IPS with granular application control capabilities on a platform that delivers faster performance.New Trends Challenge Traditional IPS Securitynn More Attacks against Client and Cloud Applications – Traditionally IPS systems are used to detect attacks against servers and server based applications usingsignatures. Today we see many sophisticated attacks against client based applications.nn Porous Edge Due to BYOD and Remote Workers– Many organizations encourage BYOD and flexible working environments which has led to the explosion of anytime,anywhere data consumption. This increases the risk that sensitive data can be exposed to unauthorized access outside of corporate boundaries.nn Recommended by NSS Labsfor security effectiveness and performance valuenn Industry’s fastest Zero-day protection provided by FortiGuard Labsnn Greater visibility and control over more types of applications, users and devicesnn High level of precision and accuracy provided by IPS Filtersnn Highly flexible deployment options using IPS Sensorsnn Lower TCO and High Performance NGIPS achieved by purpose-built FortiASICnn Single pane of glass management for unmatched visibilityand control 1What this Means for NGIPS Requirementsnn Application Visibility – Protect against application specific attacks using IPS integrated with application control to identify, inspect and monitor thousands of applications.nn Context Awareness – Detect security attacks based on user identity, type of device and network behavior.nn Performance and Reliability – Security must be effectiveand it must keep up with the speed of your business.Combine deep inspection and accurate IPS filters with a high performance NGIPS platform.Fortinet’s NGIPS SolutionFortinet’s Next Generation IPS (NGIPS) meets these newrequirements by combining a high-speed, highly effective IPS engine with extensive application control capabilities, user and device identification, and a performance optimized platform to set a higher standard for security, control and performance.According to some leading analysts, the high end of the security market will tend to continue to use separate firewalls and IPSs driven by compliance requirements, complexity and network operational considerations. The FortiGate-based solution from Fortinet is easily deployed behind existing firewalls to deliver the full range of NGIPS capabilities including the ability to identify more applications users, and devices than other NGIPS options. This section will discuss each of the NGIPS components in more detail.Better SecurityFortinet’s NGIPS solution is Recommended by NSS Labs for top-ranked security effectiveness and the best performance value in the industry.Fortinet’s robust IPS Engine is design from the ground up to provide protection against the latest attacks by detecting and blocking threats before they reach your potentially vulnerable network devices. The combination of our IPS Engine capabilities and the real-time/zero-day threat intelligence updates provided byClick to see attacks happening now around theworld on the FortiGuard Labs live threat mapFor more than 15 years FortiGuard Labs, Fortinet’s industry-leading security research team, has protected organizations against attacks using:nn Real-time intelligence on the threat landscape to delivercomprehensive security updates to the entire Fortinetsolution ecosystemnn24x7x365 security updates from a Global Operations team for the latest security intelligence in real-time to deliver protection as soon as a new threat emerges.nn Industry-leading vulnerability research capabilities. FortiGuard Labs has discovered over 170 unique zero-day vulnerabilities to date and delivers millions of signature updates every month. More ControlFortinet’s NGIPS combines IPS with Application control andmore to detect threats and take action against network traffic based on contextual information derived from applications, users and devices.nn Application Control identifies more than 3500 discreteapplications to enforce policies. It can inspect today’sencrypted and evasive traffic as well as traffic running on new technologies such as the SPDY protocol.nn Extensive User Identity capabilities allow organizations to setgranular policies for more types of users on the network withextensive directory and RADIUS integration options to deliver additional contextual controls.nn Fortinet offers deep inspection of cloud applications to giveorganizations more insight into who is using cloud servicesand how they are being used, such as what files are being FortiGuard Labs, delivers the industry’s best IPS protection to block more threats and better protect your organization.2transferred or what videos are being watched. This unique granular level of information combined with integrated IPS becomes a key advantage for detecting sophisticated cybercriminal attacks.n n Organizations get greater deployment flexibility using IPSand Application control sensors to apply separate policies to different group of users and applications.n n Fortinet is the only NGIPS able to identify the type ofnetworked device being used so you can set stronger security controls for riskier devices.Platforms with Uncompromised PerformanceFortinet’s NGIPS solution is delivered by industry-proven FortiGate appliances.Purpose built FortiASIC processors are at the heart of the FortiGate NGIPS platform to deliver industry-leading, high performance processing. This level of performance is required for the deeper level of next generation inspection as well as the consolidation of multiple NGIPS functions onto a single appliance.Traditional security appliances that solely use a multi-purpose CPU-based architecture become an infrastructure bottleneck. Even with multiple-core general purpose processors, network security devices cannot deliver the high performance and low latency needed for today’s networks. The only way for a network security platform to deliver high-speed performance is via purpose-built ASICs to accelerate specific packet processing and content scanning functions. FortiGate technology utilizes Optimum Path Processing (OPP) to optimize the different resources available in packet flow for maximum performance.As a result, FortiGate’s integrated architecture provides extremely high throughput and exceptionally low latency, while still delivering industry-leading security effectiveness and consolidating functions.Single Pane of Glass ManagementGiven the widely distributed nature of many enterpriseenvironments, the ability to quickly provision, control and scale your security management is critical.FortiManager allows you to control device configurations, securitypolicies, firmware installations and content security updates from one centralized management platform.For large distributed and campus environments with compliance requirements, FortiAnalyzer facilitates logging, reporting, in-depth visibility and event management to keep you constantly aware of your security posture. Together, FortiManager and FortiAnalyzer provide a unified administrative console to oversee your distributed security architecture.SummaryOrganizations need better security solutions to protect against today’s increasingly sophisticated threats. With trends likeBYOD, remote workers and the explosion of cloud applications, cybercriminals are using more advanced techniques to attack and traditional IPS alone no longer offers enough protection.Fortinet’s NGIPS significantly extends the capabilities of IPS and detects multi-vector threats based on integration with application, user, and device control based on industry-leading threatintelligence from FortiGuard Labs.Copyright © 2015 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.GLOBAL HEADQUARTERS Fortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +/salesEMEA SALES OFFICE 120 rue Albert Caquot 06560, Sophia Antipolis, FranceTel: +33.4.8987.0510APAC SALES OFFICE 300 Beach Road 20-01The Concourse Singapore 199555Tel: +65.6513.3730LATIN AMERICA SALES OFFICE Paseo de la Reforma 412 piso 16Col. Juarez C.P . 06600 México D.F.Tel: 011-52-(55) 5524-8428Fortinet’s FortiGate line of NGIPS delivers better security, more control and faster performance than any other solution in the industry.For more information on Fortinet’s Next-Generation IPS solution, please go to : /solutions/next-gen-ips.html。

FortiGate/FortiWiFi®90D SeriesFortiGate 90D, 90D-POE, FortiWiFi 90D, 90D-POEThe Fortinet Enterprise Firewall Solution delivers end-to-end network security with one platform, one network security operating system and unified policy management with a single pane of glass — for the industry’s best protection against the most advanced security threats and targeted attacks .Powered by SPU SoC2§Combines a RISC-based CPU with Fortinet’s proprietary SPU content and network processors for unmatched performance§Simplifies appliance design and enables breakthrough performance for smaller networks§Supports firewall acceleration across all packet sizes for maximum throughput§Delivers accelerated UTM content processing for superior performance and protection§Accelerates VPN performance for high speed, secureremote accessInstall in Minutes with FortiExplorerThe FortiExplorer™ wizard enables you to easily and quickly set up and configure FortiGate and FortiWiFi platforms with easy-to-follow instructions. The application runs on Windows, Mac OS X desktopsand laptops as well as popular mobile devices. Simply connect to the appropriate USB port on the appliance, and be fully protectedin minutes.3G/4G WAN ConnectivityThe FortiGate/FortiWiFi 90D Series includes a USB port that allows you to plug in a compatible third-party 3G/4G USB modem,providing additional WAN connectivity or a redundant link for maximum reliability.Compact and Reliable Form FactorDesigned for small environments, you can place it on a desktop orwall-mount it. It is small, lightweight yet highly reliable with superior MTBF (Mean Time Between Failure), minimizing the chance of a network disruption.Superior Wireless CoverageA built-in dual-band, dual-stream access point with internal antennas is integrated on the FortiWiFi 90D and provides speedy 802.11n coverage on both 2.4 GHz and 5 GHz bands. The dual-band chipset addresses the PCI-DSS compliance requirement for rogue AP wireless scanning, providing maximum protection for regulated environments.Interfaces1. Console Port2. USB Management Port3. 2x USB PortsFortiGate/FortiWiFi 90D(-POE)4. 14x GE RJ45 Switch Ports /10x GE RJ45 Switch and 4x RJ45 PoE Ports on PoE Models 5. 2x GE RJ45 WAN Ports3SERVICESFortiGuard ™ Security ServicesFortiGuard Labs offers real-time intelligence on the threat landscape, delivering comprehensive security updates across the full range of Fortinet’s solutions. Comprised of security threat researchers, engineers, and forensic specialists, the team collaborates with the world’s leading threat monitoring organizations, other network and security vendors, as well as law enforcement agencies:§Real-time Updates — 24x7x365 Global Operations research security intelligence, distributed via Fortinet Distributed Network to all Fortinet platforms.§Security Research — FortiGuard Labs have discovered over 170 unique zero-day vulnerabilities to date, totaling millions of automated signature updates monthly.§Validated Security Intelligence — Based on FortiGuard intelligence, Fortinet’s network security platform is tested and validated by the world’s leading third-party testing labs and customers globally.FortiCare ™ Support ServicesOur FortiCare customer support team provides global technical support for all Fortinet products. With support staff in the Americas, Europe, Middle East and Asia, FortiCare offers services to meet the needs of enterprises of all sizes:§Enhanced Support — For customers who need support during local business hours only.§Comprehensive Support — For customers who need around-the-clock mission critical support, including advanced exchange hardware replacement.§Advanced Services — For global or regional customers who need an assigned Technical Account Manager, enhanced service level agreements, extended software support, priority escalation, on-site visits and more.§Professional Services — For customers with more complex security implementations that require architecture and design services, implementation and deployment services, operational services and more.For more information, please refer to the FortiOS data sheet available at FortiOSControl all the security and networking capabilities across the entire FortiGate platform with one intuitive operating system. Reduce operating expenses and save time with a truly consolidated next generation security platform.§ A truly consolidated platform with one OS for all security and networking services for all FortiGate platforms.§Industry-leading protection: NSS Labs Recommended, VB100, AV Comparatives and ICSA validated security and performance. §Control thousands of applications, block the latest exploits, and filter web traffic based on millions of real-time URL ratings. §Detect, contain and block advanced attacks automatically in minutes with integrated advanced threat protection framework. §Solve your networking needs with extensive routing, switching, WiFi, LAN and WAN capabilities.§Activate all the SPU-boosted capabilities you need on the fastest firewall platform available.Enterprise BundleFortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform. You can easily optimize the protection capabilities of your FortiGate with the FortiGuard Enterprise Bundle. This bundle contains the full set of FortiGuard security services plus FortiCare service and support offering the most flexibility and broadest range of protection all in one package.GLOBAL HEADQUARTERS Fortinet Inc.899 KIFER ROAD Sunnyvale, CA 94086United StatesTel: +/salesEMEA SALES OFFICE 905 rue Albert Einstein 06560 Valbonne FranceTel: +33.4.8987.0500APAC SALES OFFICE 300 Beach Road 20-01The Concourse Singapore 199555Tel: +65.6395.2788LATIN AMERICA SALES OFFICE Sawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430 Sunrise, FL 33323United StatesTel: +1.954.368.9990Copyright© 2017 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.FST -PROD-DS-GT90D FGFWF-90D-DAT-R14-201702FortiGate/FortiWiFi ® 90D SeriesORDER INFORMATION。

#1 Cybersecurity Company in the WorldLeading Every Evolutionof CybersecurityNearly 3x more patents than our nearest competitor~30% of Global Firewall Shipments and counting across industriesMost 3rd Party ValidatedMore tested and proven than any other network security vendorWho is Fortinet?ComplexityAdvancedThreatsValue and ROIComplexity •Attack surface is expanding and becoming harder to maintain V&C•Handing more valuable data•Lack staff to manage best-of-breed and remote locations•Managing disparate and poorly integrated solutions•Aggregating reporting / logs •Responding to conflicting alertsAdvancedThreats •Attack tech easier to use and consume •SMBs are handling more mature data and sharing like enterprises•Attackers know SMB not as many resources to stop and security not as high priority •When business shifts, security falls away •SMBs unsure whether existing security is effectiveValue and ROI•High powered firewalls are pricey •Unsure who to believe for SMB use-case•Consumer-grade tools unable to meet future growth needs (performance/function)ComplexitySMBs are consuming more tech•How well have you been able to maintain V&C through the shift?•We’re hearing a lot of issues and worry around endpoint hygiene, how are you handling?•How many different security and networking vendors are you trying tointegrate? Across how many locations?Advanced ThreatsSMBs targeted with more sophisticated threats•Others are seeing more sophisticated malware starting to come through and are evading detection –how do you feel?•How do you vet your security to know it’s working?•How much time do you have to spend checking and working on firewall administration?Value and ROIHigh costs for performance•When you were originally comparing vendors, did you look at Fortinet’s price and performance benchmarks?•Why didn’t you choose Fortinet? Willing to take another look?Performance and SecurityVisibility and ControlMaximizing ResourcesFortinet routinely performs multiple times faster than similarlypriced competitors without sacrificing securityYear after year, Fortinet is validated by third parties as one of theleading network security vendors on the marketFortinet is consistently recognized by industry leaders andanalysts including Gartner and NSS Labs as a leader incybersecurity and has higher performance than similarly pricedcompetitor devicesFortinet boasts the broadest, most integrated security platform onthe market with products designed to work together Business Challenges/ Fortinet Solutions43% of cyberattacks target SMBsFortinet SMB Security Solutions provide a path to complete protection SMBs can take advantage of tight integration , automation , and visibility cycles, and scale as the company grows89%of SMBs considercybersecurity a top priorityWith Fortinet, we can deliver complete protection , everywhere you need itAnd we’re designed to maximize simplicity performance you need to growWe deliver this through:Our missionA complete cloud-managed networking and security platform for lean IT teamsWith proven security that automatically adapts to changing business requirements and threats but doesn’t sacrifice performanceAt a price point designed to allow any size business to get the solution they need to handle modern challenges like shifting to a hybrid workforceIntelligent enough tohandle modern threatsand requirements…built to maximizelimited resourcesYou Need ASmarter ApproachProven SecurityConsolidatedManagementMaximum ValueIntent-based policiesUnified visibility controlCentralized cloud-managementof all your Switches, APs, Firewalls and SD-WAN into a single device , the FortiGate NGFWmaintain consistency with policies built around users, devices and applications that easily scale and adapt when things changegives you the freedom to manage andtroubleshoot any device, anytime, from anywhere and save money by eliminating onsite IT staff at remote locationsA complete cloud-managed networking and security platform for lean IT teamsA complete cloud-managed networking and security platform for lean IT TeamsMaintain consistency with intent-based policies built around users, devices and applications that easily scales and adapts when things changeIntent based policies and segmentation allow you to start building towards a zero-trust networkIntegrated endpoint and network visibility enables you to control endpoint hygiene and network access based on risk Build an adaptive hybrid environment with network access controls based on endpoint risk Simplify management by consolidating visibility and control of all your Switches, APs, NGFWs and SD-WAN into a single device, the FortiGate NGFW Modernize policy management by merging control of networking and security into a single, unified policy organized on a single screen and eliminate the need to shift across poorly integrated devices, management consoles and platformsBuild a smarter more secure network around how your business operates with an understanding of users, groups, devices and applications that maintains consistency and automatically adapts as your business changesFine tune application control and enable safe, business approved capabilities while blocking other risky, potentially dangerous features without shutting down access to the entire applicationA complete cloud-managed networking and security platform for lean IT TeamsCentralized cloud-management gives you the freedom to manage and troubleshoot any device, anytime, from anywhere and save money by eliminating onsite IT staff at remote locationsDesigned for growth allowing you to scale from small local deployments to large scale, diversified enterprises (FortiDeploy)Eliminate the need for on-site IT staffZTP Cut through the noise with intuitive dashboards, monitoring and centralized logging to alert you when something’s off and automate response Comprehensive monitoring integrates real-time and historical data into practical dashboards to help you quickly understand and identify key areas of improvement and understand how your network is operatingVisualize your entire network with an easy-to-use GUI, drill downs and out of the box reporting to easily explain quickly prove complianceStop endlessly hunting through policies and logs and quickly find what you’re looking for with advanced search capabilities and fully customizable time parametersMaintain performanceImplement enterprise security and automationTrustwithout an enterprise bill that delivers threatintelligence in minutes to prevent advanced threatseven with security and decryption fully engaged thanks to Fortinet’s dedication to R&D and parallel path processingin a vendor that’s been thoroughly tested and vetted by security experts and publicly validatedPeace of mind your security works and can adapt to changing businessrequirements and threatsPeace of mind your security works and can adapt to changing business requirements and threatsImplement enterprise security and automation without an enterprise bill that delivers threat intelligence in minutes to prevent advanced threatsBroadest natively integrated security platform on the market Threat intelligence automatically shared across the entire Fortinet Security Fabric in minutes, not hours or days Automation capabilities based on IoC Trust in a vendor that’s been thoroughly tested and vetted by security experts and publicly validated Leading IPS technologyGartner critical capZTPAdv. Malware ProtectionProtects against the latest viruses, spyware and otherthreats. Includes: Antivirus, Sandboxing, Anti-Botnet, VirusOutbreak ProtectionWeb & Content FilteringProvides protection through blocking access to malicious,hacked and inappropriate websitesApplication ControlQuickly create policies to allow, deny, or restrict access toindividual applications or entire categoriesIntrusion Prevention (IPS)Provides near real-time updates and threat intelligence toproactively block attacksVPN (IPsec & SSL)Creates an encrypted tunnel to enable secure remoteaccess for employees and branch locations465K+ customer networksacross all major threat vectorsInformation feeds200+100B+ EventsML and AI platform speeds detection and protectionWorldwide team of threat hunters,researchers, analysts, tool developers and data scientistsPreventionKnown attacksDetectionUnknown attacksFirewallsWebEmailsEndpointsIntelligencePlaybooks, IRThreat sharing and intelligence derived from billions of sensorsAutomated Security•Most widely deployed NGFW on themarket •Lowest cost per protected Mbps•Integrated Secure SD-WAN•Wi-Fi 6 Ready•Indoor and Outdoor options •Strong connectivity even in dense environments•Multiple Gigabit ports •Stackable•Power over Ethernet optionsFortiGate FortiSwitch FortiAPCritical networking components tightly integrated for superior performanceFortiGate 60F Security Compute Rating ComparisonSpecificationFortiGate60F (SOC4ASIC)IndustryAverageSecurityComputeRating1Palo AltoNetworksPA-220CheckpointSG-1550Cisco MerakiMX67SophosXG125SonicWallTZ400Firewall10Gbps 2.05Gbps5x0.5Gbps1Gbps0.45Gbps7 Gbps 1.3 Gbps IPsec VPN 6.5Gbps0.8Gbps8x0.1Gbps 1.3Gbps0.2Gbps 1.5 Gbps900 MbpsIPsec GW to GWtunnels200537---50-20Threatprevention0.70Gbps0.38Gbps2x0.15Gbps0.45Gbps0.3Gbps400 Mbps600 Mbps SSL Inspection0.75Gbps0.14Gbps5x0.065Gbps--170 Mbps180 MbpsConcurrentSessions700,00080,0009x64,000500,000--125,000Connections persecond35,0008,0004x4,20014,000NA-6,000 1.Security Compute Rating: Benchmark (performance multiplier) that compares FortiGate NGFW performance vs the industry average of competing products across various categories that fall within the same price bandSupport your visionDesigned for growthStretch your budgetwith right-sized solutions and purpose-built fabric connectors that deliver turnkey deployment and deeper integration vs. basic API integrationswith a trusted platform that helps you -not one that leaves you building workarounds and adding complexity as you growdon’t overpay for performance or make sacrifices when it comes to functionality, Fortinet leads the way in ROIA smarter investment to get the networking, security and performance you need today and for the futureA smarter investment to get the networking, security and performance you need today and for the futurePrice to PerformanceConsistently recognized leader by industry analysts including Gartner, NSS and of course our customersSuperior security compute ratings compared to competitors No charge Cyber Threat Assessment Program to help discover what may be lurking in your network so you can take action Designed for GrowthRight sized options and capabilities to fit your true needs with consistent look and feel enable you to expand when you’re ready from local SD-Branch deployments to large scale enterprisesFortinet’s open ecosystem architecture enables Fortinet Security Fabric to quickly integrate with other vendors and share information and perform coordinated actionsPurpose-built Fabric Connectors deliver turnkey API-based integration with as little as a single click free of charge and facilitate real-time communications and automatic updates between Fortinet and 3rd party solutionsKey DifferentiatorsAutomated SecurityBroadest Integrated Platform Industry-leading Price to PerformanceMost Deployed NGFW in the WorldSmarter Long-term InvestmentNetworking and Security Converged The FortiGate NGFW brings advanced threat protection, IPS, web filtering, SD-WAN and more in a single device without sacrificing security or adding complexityFortiSandbox Cloud is an as-a-service Sandbox that simplifies deployments and maintenance, and reducesFortinet prides itself on limited acquisitions to grow our capabilities and continues to boast the broadest offering in the industryMultiple times better performance than similarly priced competitors with the lowest total cost of ownership (TCO)Extensive security and management-as-a-service offering for SMBs looking to take advantage of cloud security and flexibility from a single vendorFortinet has more third-party validations than any other network security vendorSecurity-Driven NetworkingAdaptive Cloud SecurityFortiGuard Security ServicesOpen EcosystemFabric Management Center -NOCZero Trust AccessFabric Management Center -SOCLAN EdgeWAN EdgeDC EdgeCloud EdgeFortiGateFortiExtender FortiAPFortiSwitch FortiSASEFortiGate SD-WANFortiProxy FortiISolator NetworkPlatformApplicationsFortiGate VMFortiDDos Cloud NetworkingFortiCASBFortiCWPFortiWebFortiMailFortiADC FortiGSLBAWS Native Azure Native FortiToken FortiNACFortiClient FortiAuthenticatorFortiMonitorFortiManagerFortiCloudEndpointBreachIncident ResponseFortiXDRFortiEDRFortiAnalyzer FortiSIEMFortiISOARFortiSandboxFortiAIFortiDeceptorFortiGuard MDRServiceSOC & NOC User SecurityUser Security Device SecurityContent Security Advanced SOC/NOCWeb SecurityConnector Fabric APIDevOpsExtended Fabric Ecosystem。

FortiEDR Product OfferingsSEE ALSOOther FortiEDR SKUs are orderable for the following deployments. See the FortiEDR datasheet for information about these deployments:•Protect and Respond (P&R): for special cases where customers may have complimentary vulnerability discovery in place already, a special subscription is available. This subscription supports the standard XDR, MDR, and MXDR variations.•On-premise : for special deployments, an on-premise hosting option with FortiGuard Cloud Services (FCS) connection enabled is available.DISCOVER, PROTECT, AND RESPONDEDRXDRManaged EDRManaged XDR25-pack FC1-10-FEDR1-348-01-DD FC1-10-FEDR1-394-01-DD FC1-10-FEDR1-349-01-DD FC1-10-FEDR1-597-01-DD 500-pack FC2-10-FEDR1-348-01-DD FC2-10-FEDR1-394-01-DD FC2-10-FEDR1-349-01-DD FC2-10-FEDR1-597-01-DD 2,000-pack FC3-10-FEDR1-348-01-DD FC3-10-FEDR1-394-01-DD FC3-10-FEDR1-349-01-DD FC3-10-FEDR1-597-01-DD 10,000-packFC4-10-FEDR1-348-01-DDFC4-10-FEDR1-394-01-DDFC4-10-FEDR1-349-01-DDFC4-10-FEDR1-597-01-DDORDER INFORMATIONDISCOVER AND PROTECTEPP/EDR-LightManaged EDR25-pack FC1-10-FEDR1-350-01-DD FC1-10-FEDR1-391-01-DD 500-pack FC2-10-FEDR1-350-01-DD FC2-10-FEDR1-391-01-DD 2,000-pack FC3-10-FEDR1-350-01-DD FC3-10-FEDR1-391-01-DD 10,000-packFC4-10-FEDR1-350-01-DDFC4-10-FEDR1-391-01-DDADDITIONAL SERVICESSERVICESSKU LICENSECloud StorageDisk Expansion (512 GB storage)FC-10-FEDR0-344-01-DD FortiCare Best Practices Onboarding Service (mandatory for onboarding customers)Up to 1,000 endpoints FC1-10-EDBPS-310-02-DD 1,001 to 3,000 endpointsFC2-10-EDBPS-310-02-DD 3,001 to 10,000 endpoints FC3-10-EDBPS-310-02-DD 10,001 to 30,000 endpoints FC5-10-EDBPS-310-02-DD 30,001 or more endpoints FP-10-EDR-PS (per day)Professional ServicesFortiEDR Professional ServiceFP-10-FTEDR-000-00-00FortiEDR DayFP-10-EDR-PS Incident Response Training FP-10-PS-TRAINING Forensics and IR Consultancy FP-10-EDR-FRNSCSTraining Services Classroom - Virtual ILTFT-EDR Lab Access - Standard NSE Training Lab Environment FT-EDR-LAB NSE5 Exam VoucherNSE-EX-SPL522ORDERING GUIDE | FortiEDRFortiEDR is available in flexible combinations. For the best security coverage, the all-in-one subscription is recommended.For customers in the process of migrating from a traditional endpoint protection platform or next generation antivirus solution towards EDR, a basic Discover and Protect option is available, which supports future migration to full EDR.Additional services available include expanded cloud storage, NSE training, professional services, and best practice deployment consultation.ORDER LIFECYCLENew OrderExample: 500 EDR endpointsDirect purchase 1x500-pack• FC2-10-FEDR1-348-01-12• FC1-10-EDBPS-310-02-DDAdd More EndpointsExample: add 50 EDR endpointsUse the co-term tool to add more endpoints and align the end dates:• FC1Z-15-FEDR1-348-02-00 (x2)Renew All EndpointsExample: renew all 550 EDR endpointsRegardless of the option used above, use the co-term tool for all renewals. This aligns all contracts to the same expiration date.• FC1Z-15-FEDR1-348-02-00 (x2)• FC2Z-15-FEDR1-348-02-00 (x1)Upgrade All EndpointsExample: upgrade all 550 EDR endpoints to XDRUse the co-term tool to upgrade all endpoints to the end of the term, then follow standard renewal:• FC1Z-15-FEDR1-394-02-00 (x2)• FC2Z-15-FEDR1-394-02-00 (x1)UPGRADE MATRIXFortiEDR contains three subscriptions, and each subscription contains multiple different service levels. You can convert one subscription to another in two steps:1. Change the subscription level if required2. Change the service level if required To use the upgrade matrix below:1. Select your current version in the left column2. Locate the desired version columnIf the cell is blue, you can upgrade in one step using the co-term tool. If not, you may need to complete two steps. UPGRADE TODiscover and Protect Protect and Respond Discover, Protect, and RespondUpgrade FROM EDR-Light ManagedEDR-Light EDR XDR MDR MXDR EDR XDR MDR MXDR On-premise EDR-LightManaged EDR-LightEDR (P&R)XDR (P&R)MDR (P&R)MXDR (P&R)EDRXDRMDRTo use this matrix, select the current subscription in the left column and follow the row to the right to see what is directly upgradable with the co-term tool.3ORDERING GUIDE | FortiEDR。

FortiGuard Security Services Product OfferingsFREQUENTLY ASKED QUESTIONSHow does the ordering process work?Consider in three parts:1. New Order. Do one of the following:a.Order the hardware with a bundle that includes FortiCare and FortiGuard serviceb. Order hardware-only (a La Carte), and add FortiCare and FortiGuard services to it.2. Renew ServicesYou can order service renewals as bundles or a La Carte and applied to the device under the FortiCare account. Services will be extended based on the contract purchased.NOTE: Renewal services purchased with a FortiCare quote ID generated by Disti are automatically registered to the serial number.3. Add Services to an Existing UnitNormally, customers want to align the end date, so that all components (existing and new) renew/expire together. This can be performed with a co-term. You can request a co-term quotation to your Fortinet-authorized partner.NSE TRAINING AND CERTIFICATIONSecurity Operations (SOP)Instructor-led learning explore the practicaluse of Fortinet security operations solutions to detect, investigate, and respond to Advanced Persistent Threats (APTs). Comprised of theory lessons and hands-on labs, this course will guide you to understand how to execute advanced threats, how threat actors behave, and how security operations handle such threats.Web Application Security (WAS)Instructor-led learning explore web application threats and countermeasures focused on Fortinet solutions. Comprised of theory lessons and hands-on labs, this course will guide you from the very motivations of attacks on web applications through to understanding and executing attack techniques,recognizing such attacks, and, finally, configure Fortinet solutions to mitigate them.• FT-CST-SOP– CST-SOP Training – 2days • FT-CST-WAS– CST-WAS Training – 1 day Certification ExamsNo certification Pre-requisites (SOP)• You must have an understanding of the topics covered in the following courses, or have equivalent experience:• Basic knowledge of security operations• NSE 4 FortiGate Security• NSE 5 FortiSIEM• NSE 7 FortiSOAR Design and Development• It is also recommended that you have an understanding of the topics covered in the following course, or have equivalent experience:• NSE 7 Advanced Threat ProtectionPre-requisites (WAS)• You must have an understanding of the topics covered in the following courses, or have equivalent experience:• NSE 4 FortiGate Security• NSE 4 FortiGate Infrastructure• NSE 7 FortiSOAR Design and Development• It is also recommended that you have an understanding of the topics covered in the following course, or have equivalent experience:• NSE 6 FortiWeb• NSE 7 Advanced Threat ProtectionReferences:Course description:https:///local/staticpage/view.php?page=library_security-operationshttps:///local/staticpage/view.php?page=library_web-application-securityORDERING GUIDE | FortiGuard Security ServicesCopyright © 2021 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. FGD-OG-R8-20221108。

FortiTrust User-based Security Product OfferingsIDENTITYIDENTITYMFAMobile Token with Mobile Push⃝✓Email/SMS OTP, Hardware Tokens⃝✓SMS Credits⃝✓FIDO2 Authentication/Registration Server⃝✓Third-party Application Integration⃝✓Adaptive AuthenticationIntegrated with Dynamic Policies and Fabric Connectors⃝✓Enforce based on Authorized Networks⃝✓Enforce based on User Location⃝✓Enforce based on Time of Day/Day of Week⃝✓Enforce Device Trust Policies based on Device Posture*⃝✓Cloud-hosted Identity ControllerSecure Application Access⃝✓Fortinet Single Sign On (FSSO)⃝✓Identity and Role-based Security Policies⃝✓Central User Identity Management⃝✓Certificate Management-VPN⃝✓SAML Service Provider/Identity Provider Web SSO⃝✓Open ID Connect SSO⃝✓Additional InformationFortiCare Premium Support⃝✓Order Information100-499 Users FC2-10-ACCLD-511-02-DD 500-1,999 Users FC3-10-ACCLD-511-02-DD 2,000-9,999 Users FC4-10-ACCLD-511-02-DD 10,000+ Users FC5-10-ACCLD-511-02-DD* Requires FortiClient EMSORDER LIFECYCLENew OrderExample: 350 Identity usersDirect purchase• FC2-10-ACCLD-511-02-DD (x350) Add More UsersExample: add 200 Identity users Direct purchase• FC2-10-ACCLD-511-02-DD (x200)Renew All UsersExample: renew all 550 Identity usersUse the co-term tool for all renewals. This aligns all contracts to the same expiration date and renews with the higher quantity/lower priced SKU.• FC3-10-ACCLD-511-02-DD (x550)22ORDERING GUIDE | FortiTrust User-based SecurityZTNA AND SASEZTNA SASE Remote Access and Zero TrustZTNA⃝✓⃝✓Central Management Using FortiClient Cloud⃝✓⃝✓Central Logging and Reporting⃝✓⃝✓SSL VPN ⃝✓⃝✓IPsec VPN⃝✓⃝✓CASB (Inline and Cloud API)⃝✓⃝✓IT Hygiene and Endpoint SecurityVulnerability Agent and Remediation⃝✓⃝✓FortiGuard Web Filtering⃝✓⃝✓FortiSandbox (On-premise or PaaS)⃝✓USB Device Control⃝✓Automated Endpoint Quarantine⃝✓Cloud-based Security (Inline Inspection)SSL⃝✓Antimalware⃝✓IPS⃝✓Web Filtering⃝✓DNS Filtering⃝✓Botnet/C&C⃝✓Data Leak Prevention ⃝✓Additional InformationNumber of Devices Up to 3 per-user Up to 3 per-user FortiCare Premium Support⃝✓⃝✓Order Information100-499 Users FC2-10-EMS05-509-02-DD FC2-10-EMS05-547-02-DD 500-1,999 Users FC3-10-EMS05-509-01-DD FC3-10-EMS05-547-02-DD 2,000-9,999 Users FC4-10-EMS05-509-01-DD FC4-10-EMS05-547-02-DD 10,000+ Users FC5-10-EMS05-509-01-DD FC5-10-EMS05-547-02-DDORDER LIFECYCLENew OrderExample: 350 ZTNA usersDirect purchase• FC2-10-EMS05-509-01-DD (x350) Add More UsersExample: add 200 ZTNA usersDirect purchase• FC2-10-EMS05-509-01-DD (x200)Renew All UsersExample: renew all 550 ZTNA usersUse the co-term tool for all renewals. This aligns all contracts to the same expiration date and renews with the higher quantity/lower priced SKU.• FC3-10-EMS05-509-01-DD (x550)Upgrade all Users from ZTNA to SASEExample: upgrade all 550 ZTNA users to SASEUse the co-term tool upgrade all existing users to SASE to the end of the term, and then follow regular renewal. • FC3-10-EMS05-547-02-DD (x550)3ORDERING GUIDE | FortiTrust User-based Security。

FortiTrust User-based Security Product OfferingsIDENTITYIDENTITYMFAMobile Token with Mobile Push⃝✓Email/SMS OTP, Hardware Tokens⃝✓SMS Credits⃝✓FIDO2 Authentication/Registration Server⃝✓Third-party Application Integration⃝✓Adaptive AuthenticationIntegrated with Dynamic Policies and Fabric Connectors⃝✓Enforce based on Authorized Networks⃝✓Enforce based on User Location⃝✓Enforce based on Time of Day/Day of Week⃝✓Enforce Device Trust Policies based on Device Posture*⃝✓Cloud-hosted Identity ControllerSecure Application Access⃝✓Fortinet Single Sign On (FSSO)⃝✓Identity and Role-based Security Policies⃝✓Central User Identity Management⃝✓Certificate Management-VPN⃝✓SAML Service Provider/Identity Provider Web SSO⃝✓Open ID Connect SSO⃝✓Additional InformationFortiCare Premium Support⃝✓Order Information100-499 Users FC2-10-ACCLD-511-02-DD 500-1,999 Users FC3-10-ACCLD-511-02-DD 2,000-9,999 Users FC4-10-ACCLD-511-02-DD 10,000+ Users FC5-10-ACCLD-511-02-DD* Requires FortiClient EMSORDER LIFECYCLENew OrderExample: 350 Identity usersDirect purchase• FC2-10-ACCLD-511-02-DD (x350) Add More UsersExample: add 200 Identity users Direct purchase• FC2-10-ACCLD-511-02-DD (x200)Renew All UsersExample: renew all 550 Identity usersUse the co-term tool for all renewals. This aligns all contracts to the same expiration date and renews with the higher quantity/lower priced SKU.• FC3-10-ACCLD-511-02-DD (x550)22ORDERING GUIDE | FortiTrust User-based SecurityZTNA AND SASEZTNA SASE Remote Access and Zero TrustZTNA⃝✓⃝✓Central Management Using FortiClient Cloud⃝✓⃝✓Central Logging and Reporting⃝✓⃝✓SSL VPN ⃝✓⃝✓IPsec VPN⃝✓⃝✓CASB (Inline and Cloud API)⃝✓⃝✓IT Hygiene and Endpoint SecurityVulnerability Agent and Remediation⃝✓⃝✓FortiGuard Web Filtering⃝✓⃝✓FortiSandbox (On-premise or PaaS)⃝✓USB Device Control⃝✓Automated Endpoint Quarantine⃝✓Cloud-based Security (Inline Inspection)SSL⃝✓Antimalware⃝✓IPS⃝✓Web Filtering⃝✓DNS Filtering⃝✓Botnet/C&C⃝✓Data Leak Prevention ⃝✓Additional InformationNumber of Devices Up to 3 per user license Up to 3 per user license FortiCare Premium Support⃝✓⃝✓Order Information100-499 Users FC2-10-EMS05-509-02-DD FC2-10-EMS05-547-02-DD 500-1,999 Users FC3-10-EMS05-509-01-DD FC3-10-EMS05-547-02-DD 2,000-9,999 Users FC4-10-EMS05-509-01-DD FC4-10-EMS05-547-02-DD 10,000+ Users FC5-10-EMS05-509-01-DD FC5-10-EMS05-547-02-DDORDER LIFECYCLENew OrderExample: 350 ZTNA usersDirect purchase• FC2-10-EMS05-509-01-DD (x350) Add More UsersExample: add 200 ZTNA usersDirect purchase• FC2-10-EMS05-509-01-DD (x200)Renew All UsersExample: renew all 550 ZTNA usersUse the co-term tool for all renewals. This aligns all contracts to the same expiration date and renews with the higher quantity/lower priced SKU.• FC3-10-EMS05-509-01-DD (x550)Upgrade all Users from ZTNA to SASEExample: upgrade all 550 ZTNA users to SASEUse the co-term tool upgrade all existing users to SASE to the end of the term, and then follow regular renewal. • FC3-10-EMS05-547-02-DD (x550)3ORDERING GUIDE | FortiTrust User-based Security。