Q2 2021

DATA SHEET

Fortinet Secure SD-WAN

One WAN Edge Powered by One OS That Transforms and
Secures WAN

Key Features
n World’s
only ASIC Accelerated
SD-WAN
n 5,000+ application
identification with SSL
Inspection
n Self-Healing
capabilities for
enhanced user experience
n Cloud-On-Ramp for efficient
SaaS adoption
As the use of business critical, cloud-based applications continues to increase, n SimplifiedOperations with
organizations with a distributed Infrastructure of remote offices and expanding
NOC/SOC Management and
remote workforce are switching from static, performance-inhibited wide-area
Analytics
networks (WANs) to software-defined WAN(SD-WAN) architectures. Traditional
n Enhanced Granular Analytics
WANs may utilize SLA-backed private multiprotocol label switching (MPLS) or
leased line links to organizations’ main data centers for all application and security for end to end visibility and
needs that comes at a premium price for connectivity. While this legacy hub-and- control
spoke, architecture provides centralized protection; it increases latency and slows
down network performance to distributed cloud services for application access
and compute. Operational complexity and limited visibility associated with multiple
point products add significant management overhead and difficulties while trying to
troubleshoot and resolve issues.

Fortinet’s Security-driven Networking strategy tightly integrates an organization’s

network infrastructure and security architecture - enabling networks to transform
at scale without compromising security. This next generation approach provides
consistent security enforcement across flexible perimeters that combines next
generation firewall with advanced SD-WAN networking capabilities to eliminate
MPLS required traffic backhaul and deliver improved user experience without ever
compromising on security. This allows simplified single console management for all
networking and security needs, while extending SD-WAN into wired and wireless
access points of branch offices. This enables network security and controls for a
deeper integration and consistent security enforcements into branch LAN networks.

1
DATA SHEET | Fortinet Secure SD-WAN

BUSINESS OUTCOMES
Improved User Experience Efficient Operations
Application Driven approach provides Simplify operations with centralized
broad application steering with accurate orchestration and enhanced analytics for SD-
identification, advanced WAN remediation WAN, Security and SD-Branch at scale
and accelerated cloud on-ramp for optimized
network and application performance Natively Integrated Security
Built-in next-generation firewall (NGFW)
Accelerated Convergence
combines SD-WAN and security capabilities in
Industry’s only organically developed purpose- a unified solution to preserve the security and
built SD-WAN ASIC powered enables thin edge availability of the network
(SD-WAN, routing) and WAN Edge (SD-WAN,
routing, NGFW) securing all applications, users
and data anywhere

CORE COMPONENTS
Fortinet Secure SD-WAN consists of the Industry’s only Fabric Management Center
organically developed software complemented by an
Simplify centralized management, deployment
ASIC accelerated performing platform to deliver the most
and automation to save time and respond quickly
comprehensive SD-WAN solution.
to business demands with end-to-end visibility.
With a single pane of glass management that
FortiGate offers deployment at scale, customers can:
Broad product portfolio in different form factors: § Centrally manage 100K + devices including firewalls,
physical appliance and virtual appliance with the switches, access points and Extenders / LTE devices from a
industry’s only ASIC acceleration with SOC4 SPU single console
or vSPU. § Provision and monitor Secure SD-WAN at the application
§ Reduce cost and complexity with next generation firewall, and network level across branch offices, datacenters and
SD-WAN and advanced routing on a unified platform that cloud
allows customers to eliminate multiple point products at the § Reduce complexity by leveraging automation enabled by
WAN edge REST API, Ansible and cloud connectors
§ ASIC acceleration of SD-WAN overlay tunnels, application § Separate and manage domains leveraging ADOMS for
identification, steering, remediation and prioritization compliance and operational efficiency
ensures the best user experience for business critical, § Role-based access control to provide management flexibility
SaaS and UCaaS applications and separation

FortiOS FortiGuard Security Services

Operating system that delivers Security-driven Enables choice of SD-WAN use case with advanced
OS
Networking strategy that secures and accelerates protection by staying always ahead of the threats:
network and user experience. Continued § Coordinated real-time detection and prevention against
innovations and enhancement enables: known and unknown protecting content, application, people,
§ Real-time application optimization for consistent and and devices
resilient application experience § Real-time Insights based on an extensive amount of data
§ Advanced next generation firewall protection and prevention processed at a cloud-scale and analyzed with advanced
from internal and external threats while providing visibility AI, and are automatically distributed back for real-time
across entire attack surface enforcement and protection
§ Dynamic Cloud connectivity and security with effective
support of cloud integration and automation

2
 DATA SHEET | Fortinet Secure SD-WAN

CORE COMPONENTS

FortiGuard FortiCare 360 Protection Services

Orchestration Integration Automation Centralized

Management

SD-WAN NGFW Advanced Security-Driven

Networking Networking

ASIC
ASIC Virtual FortiOS
Acceleration

Features Description

FortiOS — SD-WAN Application Identification & Control 5000+ Application signatures, First packet Identification, Deep packet Inspection, Custom application
signatures, SSL decryption enabled, TLS1.3 with mandated ciphers and deep inspection.

SD-WAN Granular application policies, Application SLA based path selection, Dynamic bandwidth measurement
(Application aware traffic control) of SD-WAN paths, active/active and active/standby forwarding, overlay support for encrypted transport,
Application session-based steering, probe-based SLA measurements

Advanced SD-WAN Forward Error Correction (FEC) for packet loss compensation, packet duplication for best real-time appli-
(WAN remediation) cation performance, Active Directory integration for user based SD-WAN steering policies, per packet link
aggregation with packet distribution across aggregate members

SD-WAN deployment Flexible deployment – hub-to-spoke (partial mesh), spoke-to-spoke (full mesh), Multi-WAN transport
support

FortiOS — Networking QoS Traffic shaping based on bandwidth limits per application and WAN link, Rate limits per application and
WAN link, prioritize application traffic per WAN link, Mark/Remark DSCP bits for influence traffic QoS on
egress devices, Application steering based on ToS marking

Advanced Routing (IPv4/IPv6) Static routing, Internal Gateway (iBGP, OSPF v2/v3 , RIP v2), External Gateway(eBGP), VRF, route redis-
tribution, route leaking, BGP confederation, router reflectors, summarization and route-aggregation, route
asymmetry.

VPN/Overlay Site-to-site ADVPN – Dynamic VPN tunnels, policy-based VPN, IKEv1, IKEv2, DPD, PFS, ESP and ESP-
HMAC support, Symmetric Cipher support (IKE/ESP): AES-128 and AES-256 modes: CBC, CNTR, XCBC,
GCM, Pre-shared and PKI authentication with RSA certificates, Diffie-Hellman key exchange (Group 1,2,5),
MD5 and SHA1 based HMAC

Multicast Multicast forwarding, PIM spare (rfc 4601), dense mode (rfc 3973), PIM Rendezvous- Point.

Advanced Networking DHCP v4/v6, DNS, NAT – source, destination, static NAT, destination NAT, PAT, NAPT, Full IPv4/v6 support

FortiOS — Security Security Next Generation Firewall with FortiGuard threat Intelligence – SSL inspection, application control, Intrusion
prevention, Antivirus, web filtering, DLP, and advanced threat protection. Segmentation – micro, macro,
single task VDOM, multi VDOM

Fabric Management Center Centralized Management & Provisioning FortiManager – zero touch provisioning, centralized configuration, change management, dashboard,
application policies, QoS, security policies, application specific SLA, active probe configuration, RBAC,
Multi-tenant

Cloud Orchestration FortiManager Cloud through FortiCloud, Single Sign-on Portal to manage Fortinet NGFW and SD-WAN,
Cloud-based network management to streamline FortiGate provisioning and management, Extensive
automation-enabled management of Fortinet devices

Enhanced Analytics Bandwidth consumption, SLA metrics – jitter, packet loss and Latency, real-time monitoring, filter based
on time slot, WAN link SLA reports, Per application session usage, threat information - malware signature,
malware domain or URL, infected host, threat level, malware category, indicator of compromise

Cloud On-ramp Cloud integration – AWS, Azure, Alibaba, Oracle, Google. AWS – transit, direct and VPC connectivity, transit
gateways, Azure – Virtual WAN connectivity, Oracle – OCI connectivity

FortiGate Redundancy/High-availability FortiGate dual device HA – primary and backup, FortiManager HA, Bypass interface, interface redundancy,
redundant power supplies

Integration RESTful API/Ansible for configuration, zero touch provisioning, reporting and third-party integration.

Virtual environments VMware ESXi v5.5 / v6.0 / v6.5/ v6.7, VMware NSX-T v2.3
Microsoft Hyper-V Server 2008 R2 / 2012 / 2012 R2 / 2016
Citrix Xen XenServer v5.6 sp2, v6.0, v6.2 and later
Open source Xen v3.4.3, v4.1 and later
KVM qemu 0.12.1 & libvirt 0.10.2 and later for Red Hat Enterprise Linux / CentOS 6.4 and later / Ubuntu
16.04 LTS (generic kernel) ,KVM qemu 2.3.1 for SuSE Linux Enterprise Server 12 SP1 LTSS
Nutanix AHV (AOS 5.10, Prisim Central 5.10)
Cisco Cloud Services Platform 2100

Built-in Variants POE, LTE, WiFi, ADSL/VDSL

3
DATA SHEET | Fortinet Secure SD-WAN

PRODUCT OFFERINGS
FortiGate

SD-WAN Branch Offices FG/FWF-40F Series FG/FWF-60F Series FG/FWF-80F Series FG-100F Series FG-200F Series
Use Case

Type Remote Office/Home Small Branch Medium Branch Large Branch Large Branch
Performance
Unrestricted WAN Bandwidth Fortinet Secure SD-WAN offers unrestricted bandwidth unlike other SD-WAN vendors

Zero Touch Provisioning Order FortiDeploy at the time of Purchase

WAN VPN Throughput 4.4 Gbps 6.5 Gbps 6.5 Gbps 11.5 Gbps 13 Gbps

Application Control Throughput 990 Mbps 1.8 Gbps 1.8 Gbps 2.2 Gbps 13 Gbps

Threat Protection Throughput 600 Mbps 700 Mbps 900 Mbps 1 Gbps 3 Gbps

SSL Inspection Throughput 310 Mbps 630 Mbps 715 Mbps 1 Gbps 4 Gbps

Connectivity
Dedicated WAN Ports 1 2 2 2 2 (10GE)

Dedicated FortiLink Ports 1 2 2 2 (10GE) 2 (10GE)

LAN / Switch Ports* 2 5 6 12 16

Hardware Variants
Built-in 3G/4G, WiFi WiFi, Storage WiFi, Bypass, Storage Storage Storage

Form Factor Desktop Desktop Desktop 1RU 1RU

Content Web & Vuln. And

Priority Access Compliance SD-WAN Network &
Offering Protection With Application Device
Use Case Support To Level 2 Monitoring Management & Security Cloud
Name AV & Cloud Access Protection
Support Tools Orchestration Management
Sandbox Protection ( Iot/Ot )

360 Protection
WAN Edge 24 x 7 ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
Bundle

* 1 GE by default

SD-WAN Hub Sites FG-600E Series FG-1100E Series FG-1800F Series FG-2600F FG-3400E FG-3600E FG-4200F FG-4400F
Series Series Series Series Series
Use Case

Type Campus/Small Campus/Small Large Large Large Large Hyperscale Hyperscale

Datacenter Datacenter Datacenter Datacenter Datacenter Datacenter Datacenter Datacenter
Performance
Unrestricted WAN Bandwidth Fortinet Secure SD-WAN offers unrestricted bandwidth unlike other SD-WAN vendors

IPSEC VPN Throughput 20 Gbps 48 Gbps 55 Gbps 55 Gbps 140 Gbps 140 Gbps 210 Gbps 310 Gbps

Max Client to G/W IPSEC Tunnels 50,000 100,000 100,000 100,000 200,000 200,000 200,000 200,000

Threat Protection Throughput 7 Gbps 7.1 Gbps 9.1 Gbps 17 Gbps 25 Gbps 30 Gbps 45 Gbps 75 Gbps

SSL Inspection Throughput 8 Gbps 10 Gbps 17 Gbps 20 Gbps 30 Gbps 34 Gbps 50 Gbps 86 Gbps

Connectivity
40/100GE - - - 4 4 6 8 12

10/40GE - 2 4 - - - - -

10/25GE - 4 12 16 24 32 18 20

1/10GE 2 4 2 18 - - - -

Dual Power Supply Optional Yes, Hot Yes, Hot Yes, Hot Yes, Hot Yes, Hot Yes, Hot Yes, Hot
Swappable Swappable Swappable Swappable Swappable Swappable Swappable

Content
Priority Web & Vuln. And SD-WAN Network Recommeded
Protection Compliance
Offering Access Application Device Management & Security Add-on
Use Case Support With AV Monitoring
Name To Level 2 Access Protection & Orchestra- Cloud Protections /
& Cloud Tools
Support Protection ( Iot/Ot ) tion Management Products
Sandbox
Unified Threat
Hub Option 1 Protection 24 x 7 - ⃝✓ ⃝✓ - - - - SD-WAN mgmt.
Bundle
360 Protection
Hub Option 2 24 x 7 ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ -
Bundle

4
 DATA SHEET | Fortinet Secure SD-WAN

PRODUCT OFFERINGS
FortiGate-VM Support Matrix

Private Cloud Public Cloud

VMware Microsoft Nutanix Amazon Microsoft Oracle Google Ailbaba
Citrix Xen Xen KVM
VSphere Hyper-V AHV AWS Azure OCI / OPC GCP AliCloud

FG-VM ** ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ / # ⃝✓ / # ⃝✓ / # ⃝✓ / # ⃝✓ / #

** Available as FortiGate-VMX solution for VMware NSX environment, AzureStack and RackSpace (PAYG)
# on-demand

www.fortinet.com

Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

FST-PROD-DS-SSDWAN

SSD-WAN-DAT-R6-20210510