Fortinet Secure Sdwan
Fortinet Secure Sdwan
Fortinet Secure Sdwan
DATA SHEET
Key Features
n World’s only ASIC-accelerated
SD-WAN
n 5000+ applications identified
with real-time SSL inspection
n Self-healing capabilities for
enhanced user experience
n Cloud on-ramp for efficient
SaaS adoption
n Simplified operations with
As the use of business-critical, cloud-based applications continues to increase,
NOC/SOC management and
organizations with a distributed infrastructure of remote offices and an expanding
analytics
remote workforce need to adapt. The most effective solution is to switch from
static, performance-inhibited wide-area networks (WANs) to software-defined WAN
n Enhanced granular analytics
(SD-WAN) architectures. for end-to-end visibility and
control
Traditional WANs may utilize SLA-backed private multiprotocol label switching
(MPLS) or leased line links to an organizations’ main data centers for all application
and security needs. But that comes at a premium price for connectivity. While a
legacy hub-and-spoke architecture may provide centralized protection, it increases
latency and slows down network performance to distributed cloud services for
application access and compute. The result is operational complexity and limited
visibility associated with multiple point products. This scenario adds significant
management overhead and difficulties, especially when trying to troubleshoot and
resolve issues.
1
DATA SHEET | Fortinet Secure SD-WAN
BUSINESS OUTCOMES
Improved User Experience Efficient Operations
An application-driven approach provides Simplify operations with centralized
broad application steering with accurate orchestration and enhanced analytics for SD-
identification, advanced WAN remediation, WAN, security, and SD-Branch at scale
and accelerated cloud on-ramp for optimized
network and application performance Natively Integrated Security
A built-in next-generation firewall (NGFW)
Accelerated Convergence
combines SD-WAN and security capabilities in
The industry’s only organically developed, a unified solution to preserve the security and
purpose-built, and ASIC-powered SD-WAN availability of the network
enables thin edge (SD-WAN, routing) and WAN
Edge (SD-WAN, routing, NGFW) to secure all
applications, users, and data anywhere
CORE COMPONENTS
Fortinet Secure SD-WAN consists of the industry’s only Fabric Management Center
organically developed software complemented by an ASIC-
Simplify centralized management, deployment,
accelerated platform to deliver the most comprehensive
and automation to save time and respond quickly
SD-WAN solution.
to business demands with end-to-end visibility.
With a single pane of glass management that
FortiGate offers deployment at scale, customers can:
Provides a broad portfolio available in different § Centrally manage 100K+ devices, including firewalls,
form factors: physical appliance and virtual switches, access points, and LTE/5G extenders from a
appliances, with the industry’s only ASIC single console
acceleration using the SOC4 SPU or vSPU. § Provision and monitor Secure SD-WAN at the application
§ Reduce cost and complexity with next generation firewall, and network level across branch offices, datacenters, and
SD-WAN, and advanced routing on a unified platform that cloud
allows customers to eliminate multiple point products at the § Reduce complexity by leveraging automation enabled by
WAN edge REST APIs, scripting tools such as Ansible/Terraform, and
§ ASIC acceleration of SD-WAN overlay tunnels, application fabric connectors
identification, steering, remediation, and prioritization § Separate and manage domains leveraging ADOMS for
ensure the best user experience for business-critical, compliance and operational efficiency
SaaS, and UCaaS applications § Role-based access control to provide management flexibility
and separation
FortiOS
FortiGuard Security Services
Fortinet’s unified operating system delivers a
OS
security-driven strategy to secure and accelerate Enhances SD-WAN security with advanced
network and user experience. Continued protection to help organizations stay ahead of
innovation and enhancement enable: today’s sophisticated threats:
§ Real-time application optimization for a consistent and § Coordinated real-time detection and prevention against
resilient application experience known and unknown protecting content, application, people,
§ Advanced next generation firewall protection and prevention and devices
from internal and external threats while providing visibility § Real-time insights are achieved by processing extensive
across entire attack surface amounts of data at cloud-scale, analyzing that data with
§ Dynamic Cloud connectivity and security are enabled advanced AI, and then automatically distributing the
through effective cloud integration and automation resulting intelligence back for enforcement and protection
2
DATA SHEET | Fortinet Secure SD-WAN
CORE COMPONENTS
ASIC
ASIC Virtual FortiOS
Acceleration
Features Description
FortiOS — SD-WAN Application Identification and Control 5000+ application signatures, first packet Identification, deep packet inspection, custom application
signatures, SSL decryption, TLS1.3 with mandated ciphers, and deep inspection
SD-WAN Granular application policies, application SLA based path selection, dynamic bandwidth measurement
(Application aware traffic control) of SD-WAN paths, active/active and active/standby forwarding, overlay support for encrypted transport,
Application session-based steering, probe-based SLA measurements
Advanced SD-WAN Forward Error Correction (FEC) for packet loss compensation, packet duplication for best real-time
(WAN remediation) application performance, Active Directory integration for user based SD-WAN steering policies, per packet
link aggregation with packet distribution across aggregate members
SD-WAN deployment Flexible deployment – hub-to-spoke (partial mesh), spoke-to-spoke (full mesh), multi-WAN transport
support
FortiOS — Networking QoS Traffic shaping based on bandwidth limits per application and WAN link, rate limits per application and
WAN link, prioritize application traffic per WAN link, mark/remark DSCP bits for influencing traffic QoS on
egress devices, application steering based on ToS marking
Advanced Routing (IPv4/IPv6) Static routing, Internal Gateway (iBGP, OSPF v2/v3 , RIP v2), External Gateway(eBGP), VRF, route
redistribution, route leaking, BGP confederation, router reflectors, summarization and route-aggregation,
route asymmetry
VPN/Overlay Site-to-site ADVPN – dynamic VPN tunnels, policy-based VPN, IKEv1, IKEv2, DPD, PFS, ESP and ESP-
HMAC support, symmetric cipher support (IKE/ESP): AES-128 and AES-256 modes: CBC, CNTR, XCBC,
GCM, Pre-shared and PKI authentication with RSA certificates, Diffie-Hellman key exchange (Group 1, 2, 5,
14 through 21 and 27 through 32), MD5, and SHA-based HMAC
Multicast Multicast forwarding, PIM spare (rfc 4601), dense mode (rfc 3973), PIM rendezvous point
Advanced Networking DHCP v4/v6, DNS, NAT – source, destination, static NAT, destination NAT, PAT, NAPT, Full IPv4/v6 support
FortiOS — Security Security Next Generation Firewall with FortiGuard threat intelligence – SSL inspection, application control, Intrusion
prevention, antivirus, web filtering, DLP, and advanced threat protection. Segmentation – micro, macro,
single task VDOM, multi VDOM
Fabric Management Center Centralized Management and Provisioning FortiManager – zero touch provisioning, centralized configuration, change management, dashboard,
application policies, QoS, security policies, application specific SLA, active probe configuration, RBAC,
multi-tenant
Cloud Orchestration FortiManager Cloud through FortiCloud, Single Sign-on portal to manage Fortinet NGFW and SD-WAN,
Cloud-based network management to streamline FortiGate provisioning and management, extensive
automation-enabled management of Fortinet devices
Enhanced Analytics Bandwidth consumption, SLA metrics – jitter, packet loss, and latency, real-time monitoring, filter based
on time slot, WAN link SLA reports, per-application session usage, threat information - malware signature,
malware domain or URL, infected host, threat level, malware category, indicator of compromise
Cloud On-ramp Cloud integration – AWS, Azure, Alibaba, Oracle, Google. AWS – transit, direct and VPC connectivity, transit
gateways, Azure – Virtual WAN connectivity, Oracle – OCI connectivity
FortiGate Redundancy/High-availability FortiGate dual device HA – primary and backup, FortiManager HA, bypass interface, interface redundancy,
redundant power supplies
Integration RESTful API/Ansible for configuration, zero touch provisioning, reporting, and third-party integration
Virtual environments VMware ESXi v5.5 / v6.0 / v6.5/ v6.7, VMware NSX-T v2.3
Microsoft Hyper-V Server 2008 R2 / 2012 / 2012 R2 / 2016
Citrix Xen XenServer v5.6 sp2, v6.0, v6.2 and later
Open source Xen v3.4.3, v4.1 and later
KVM qemu 0.12.1 & libvirt 0.10.2 and later for Red Hat Enterprise Linux / CentOS 6.4 and later / Ubuntu
16.04 LTS (generic kernel) ,KVM qemu 2.3.1 for SuSE Linux Enterprise Server 12 SP1 LTSS
Nutanix AHV (AOS 5.10, Prisim Central 5.10)
Cisco Cloud Services Platform 2100
3
DATA SHEET | Fortinet Secure SD-WAN
PRODUCT OFFERINGS
BRANCHES
COMMON DEPLOYMENTS SMALL RETAIL/ BRANCH/ BIG RETAIL/ MEDIUM BRANCH LARGE BRANCH/
HOME OFFICE SMB SMB CAMPUS
Appliances 40F 60F 80F 100F 200F
IPsec VPN Throughput1 4.4 Gbps 6.5 Gbps 6.5 Gbps 11.5 Gbps 13 Gbps
Max IPsec Tunnels 200 200 200 2,000 2,000
Threat Protection2 600 Mbps 700 Mbps 900 Mbps 1 Gbps 3 Gbps
Application Control Throughput3 990 Mbps 1.8 Gbps 1.8 Gbps 2.2 Gbps 13 Gbps
SSL Inspection Throughput 310 Mbps 630 Mbps 715 Mbps 1 Gbps 4 Gbps
Unrestricted Bandwidth ✓⃝ ✓⃝ ✓⃝ ✓⃝ ✓⃝
Zero Trust Network Access (ZTNA) ✓⃝ ✓⃝ ✓⃝ ✓⃝ ✓⃝
Connectivity
Interfaces 5 x GE RJ45 10 x GE RJ45 8 x GE RJ45 18 x GE RJ45 18 x GE RJ45
2 x Shared Port Pairs 8 x GE SFP 8 x GE SFP
2 x 10 GE SFP+ 4 x 10 GE SFP+
4 x Shared Port Pairs
Hardware Variants WiFi, 3G4G WiFi, Storage WiFi, Bypass, POE, Storage Storage
Storage
5G/LTE Connectivity Supports FortiExtender
Extensibility Supports FortiAP, FortiSwitch
Form Factor Desktop Desktop Desktop 1RU 1RU
Power Supply Single AC PS Single AC PS Single AC PS, dual inputs Dual AC PS Dual AC PS
BRANCH BUNDLES
FortiGate
40F 60F 80F 100F 200F
Unified Threat Protection
Base FG-40F-BDL-950-DD FG-60F-BDL-950-DD FG-80F-BDL-950-DD FG-100F-BDL-950-DD FG-200F-BDL-950-DD
Wifi Variant FWF-40F-A-BDL-950-DD FWF-60F-A-BDL-950-DD FWF-80F-2R-A-BDL-950-DD
LTE Variant FG-40F-3G4G-BDL-950-DD
Wifi + LTE Variant FWF-40F-3G4G-A-BDL-
950-DD
Storage Variant FG-61F-BDL-950-DD FG-81E-BDL-950-DD FG-101F-BDL-950-DD FG-201F-BDL-950-DD
Wifi + Storage Variant FWF-61F-A-BDL-950-DD FWF-81F-2R-A-BDL-950-DD
Bypass FG-80F-BYPASS-BDL-
950-DD
POE FG-80F-POE-BDL-950-DD
Renewal
Base FC-10-0040F-950-02-DD FC-10-0060F-950-02-DD FC-10-0080F-928-02-DD FC-10-F100F-928-02-DD FC-10-F200F-928-02-DD
Wifi Variant FC-10-W040F-928-02-DD FC-10-W060F-950-02-DD FC-10-W080F-950-02-DD
LTE Variant FC-10-F40FG-950-02-DD
Wifi + LTE Variant FC-10-F40FI-950-02-DD
Storage Variant FC-10-0061F-950-02-DD FC-10-0081F-950-02-DD FC-10-F101F-950-02-DD FC-10-F201F-950-02-DD
Wifi + Storage Variant FC-10-W061F-950-02-DD FC-10-W081F-950-02-DD
Bypass FC-10-F80FC-950-02-DD
POE FC-10-F80FP-950-02-DD
4
DATA SHEET | Fortinet Secure SD-WAN
PRODUCT OFFERINGS
HUBS
HUBS
5
DATA SHEET | Fortinet Secure SD-WAN
PRODUCT OFFERINGS
HUB BUNDLES
FortiGate
Unified Threat 400E 600E 1100E 1800F 2200E 2600F 3300E
Protection
Base FG-400E-BDL- FG-600E-BDL- FG-1100E-BDL- FG-1800F-BDL- FG-2200E-BDL- FG-2600F-BDL- FG-3300E-BDL-
950-DD 950-DD 950-DD 950-DD 950-DD 950-DD 950-DD
Storage Variant FG-401E-BDL- FG-601E-BDL- FG-1101E-BDL- FG-1801F-BDL- FG-2201E-BDL- FG-2601F-BDL- FG-3301E-BDL-
950-DD 950-DD 950-DD 950-DD 950-DD 950-DD 950-DD
Bypass FG-400E-BYPASS-
BDL-950-DD
DC Power Variant FG-1100E-DC-BDL- FG-1800F-DC-BDL- FG-2600F-DC-BDL-
950-DD 950-DD 950-DD
Storage + DC Power FG-1801F-DC-BDL- FG-2601F-DC-BDL-
Variant 950-DD 950-DD
Renewal
Base FC-10-0400E-950- FC-10-F6H0E-950- FC-10-F11HE-950- FC-10-F18HF-950- FC-10-F22HE-950- FC-10-F26HF-950- FC-10-F33HE-950-
02-DD 02-DD 02-DD 02-DD 02-DD 02-DD 02-DD
Storage Variant FC-10-0401E-950- FC-10-F6H1E-950- FC-10-F11E1-950- FC-10-F18F1-950- FC-10-F22E1-950- FC-10-F26F1-950- FC-10-F33E1-950-
02-DD 02-DD 02-DD 02-DD 02-DD 02-DD 02-DD
Bypass FC-10-F4HBE-950-
02-DD
DC Power FC-10-F11DE-950- FC-10-D18HF-950- FC-10-FD26F-950-
02-DD 02-DD 02-DD
Storage + DC Power FC-10-D18F1-950- FC-10-FD261-950-
Variant 02-DD 02-DD
Licenses
HyperScale LIC-FGT-HYPSC LIC-FGT-HYPSC
Carrier
HUB BUNDLES
FortiGate
Unified Threat 3400E 3500F 3600E 3960E 3980E 4200F 4400F
Protection
Base FG-3400E-BDL- FG-3500F-BDL- FG-3600E-BDL- FG-3960E-BDL- FG-3980E-BDL- FG-4200F-BDL- FG-4400F-BDL-
950-DD 950-DD 950-DD 950-DD 950-DD 950-DD 950-DD
Storage Variant FG-3401E-BDL- FG-3501F-BDL- FG-3601E-BDL- FG-4201F-BDL- FG-4401F-BDL-
950-DD 950-DD 950-DD 950-DD 950-DD
Bypass
DC Power Variant FG-3400E-DC-BDL- FG-3600E-DC-BDL- FG-3960E-DC-BDL- FG-3980E-DC-BDL- FG-4200F-DC-BDL- FG-4400F-DC-BDL-
950-DD 950-DD 950-DD 950-DD 950-DD 950-DD
Storage + DC Power FG-3401E-DC-BDL- FG-4201F-BDL- FG-4401F-DC-BDL-
Variant 950-DD 950-DD 950-DD
Renewal
Base FC-10-F3K4E-950- FC-10-F3K5F-950- FC-10-F3K6E-950- FC-10-03961-950- FC-10-03981-950- FC-10-F42HF-950- FC-10-F44HF-950-
02-DD 02-DD 02-DD 02-DD 02-DD 02-DD 02-DD
Storage Variant FC-10-F34E1-950- FC-10-F35F1-950- FC-10-F36E1-950- FC-10-F421F-950- FC-10-F441F-950-
02-DD 02-DD 02-DD 02-DD 02-DD
Bypass
DC Power FC-10-FD3K4-950- FC-10-FD3K6-950- FG-3960E-DC-BDL- FC-10-03980-950- FC-10-D42HF-950- FC-10-D44HF-950-
02-DD 02-DD 950-DD 02-DD 02-DD 02-DD
Storage + DC Power FC-10-FD34E-950- FC-10-F421F-950- FC-10-D441F-950-
Variant 02-DD 02-DD 02-DD
Licenses
HyperScale LIC-FGT-HYPSC LIC-FGT-HYPSC
Carrier FCR-EUPG FCR-EUPG FCR-EUPG FCR-EUPG
6
DATA SHEET | Fortinet Secure SD-WAN
PRODUCT OFFERINGS
FORTIGATE VM: PRIVATE CLOUD SUPPORT MATRIX
VMware VSphere Citrix Xen Xen KVM Microsoft Hyper-V Nutanix AHV
FG-VM ✓⃝ ✓⃝ ✓⃝ ✓⃝ ✓⃝ ✓⃝
Amazon AWS Microsoft Azure Oracle OCI / OPC Google GCP Alibaba AliCloud
FG-VM ✓⃝ / # ✓⃝ / # ✓⃝ / # ✓⃝ / # ✓⃝ / #
HARDWARE SUBSCRIPTION
Appliances 200G 400G 1000F 3000G 3700G Cloud (PaaS) VM
Default Devices/VDOMs 30 150 1,000 4,000 10,000+ 10 10
Add-on Devices/VDOMs ✓⃝ ✓⃝ ✓⃝
ADOMs 30 150 1,000 Add-On 1,200 Add-On
Max ADOMs with add-on license 1,200
Docker Enabled ✓⃝ ✓⃝ ✓⃝
Zero Touch Provisioning Order FortiDeploy at the time of Purchase
Third Party Automation ✓⃝ ✓⃝ ✓⃝ ✓⃝ ✓⃝ ✓⃝ ✓⃝
Additional Services
24x7 Support Subscription ✓⃝ ✓⃝
FortiCare Best Practice Services (BPS) Included in hardware bundle + a la carte ✓⃝ ✓⃝
Replacement Disks ✓⃝ ✓⃝ ✓⃝ ✓⃝ ✓⃝
How to Buy Hardware Bundle Hardware Bundle Hardware Bundle Hardware Bundle Hardware Bundle VM Subscription VM Subscription
FORTIMANAGER BUNDLES
Appliances 200G 400G 1000F 3000G 3700G
www.fortinet.com
Copyright © 2022 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.
Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights and ethical business practices, making possible a digital world you can always trust. You represent and warrant to Fortinet that you will not use
Fortinet’s products and services to engage in, or support in any way, violations or abuses of human rights, including those involving censorship, surveillance, detention, or excessive use of force. Users of Fortinet products are required to comply with the Fortinet EULA
(https://www.fortinet.com/content/dam/fortinet/assets/legal/EULA.pdf) and report any suspected violations of the EULA via the procedures outlined in the Fortinet Whistleblower Policy (https://secure.ethicspoint.com/domain/media/en/gui/19775/Whistleblower_Policy.pdf).
SSD-WAN-DAT-R11-20220517