United States Securities and Exchange Commission FORM 10-K: Fortinet, Inc

Download as pdf or txt
Download as pdf or txt
You are on page 1of 119

Table of Contents

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549

FORM 10-K
(Mark One)

x ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2018

or

o TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from to

Commission file number: 001-34511


______________________________________
FORTINET, INC.
(Exact name of registrant as specified in its charter)
______________________________________

Delaware 77-0560389
(State or other jurisdiction of (I.R.S. Employer
incorporation or organization) Identification No.)

899 Kifer Road


Sunnyvale, California 94086
(Address of principal executive offices) (Zip Code)
(408) 235-7700
(Registrant’s telephone number, including area code)

Securities registered pursuant to Section 12(b) of the Act:

Common Stock, $0.001 Par Value The Nasdaq Stock Market LLC

(Title of each class) (Name of exchange on which registered)

Securities registered pursuant to Section 12(g) of the Act: None

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes x No o

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes o No x
Table of Contents

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934
(“Exchange Act”) during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to
such filing requirements for the past 90 days. Yes x No o

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of
Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such
files). Yes x No o

Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§229.405 of this chapter) is not contained herein, and
will not be contained, to the best of the registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form
10-K or any amendment to this Form 10-K. o

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an
emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company”
in Rule 12b-2 of the Exchange Act.

Large accelerated filer x Accelerated filer o


Smaller reporting company o
Non-accelerated filer o Emerging growth company o

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new
or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. o

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes o No x

The aggregate market value of voting stock held by non-affiliates of the registrant, as of June 29, 2018, the last business day of the registrant’s most
recently completed second quarter, was $7,073,006,351 (based on the closing price for shares of the registrant’s common stock as reported by The Nasdaq
Global Select Market on that date). Shares of common stock held by each executive officer, director, and holder of 5% or more of the registrant’s outstanding
common stock have been excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not necessarily a conclusive
determination for other purposes.

As of February 22, 2019, there were 170,633,671 shares of the registrant’s common stock outstanding.

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the registrant’s definitive Proxy Statement relating to its 2019 Annual Meeting of Stockholders are incorporated by reference into Part III of
this Annual Report on Form 10-K where indicated. Such Proxy Statement will be filed with the United States Securities and Exchange Commission within
120 days after the end of the fiscal year to which this report relates.
FORTINET, INC.
ANNUAL REPORT ON FORM 10-K
For the Year Ended December 31, 2018
Table of Contents

Page

Part I

Item 1. Business 1
Item 1A. Risk Factors 9
Item 1B. Unresolved Staff Comments 38
Item 2. Properties 38
Item 3. Legal Proceedings 38
Item 4. Mine Safety Disclosures 38

Part II

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities 39
Item 6. Selected Financial Data 41
Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations 42
Item 7A. Quantitative and Qualitative Disclosures about Market Risk 65
Item 8. Financial Statements and Supplementary Data 66
Item 9. Changes in and Disagreements With Accountants on Accounting and Financial Disclosure 103
Item 9A. Controls and Procedures 103
Item 9B. Other Information 105

Part III

Item 10. Directors, Executive Officers and Corporate Governance 105


Item 11. Executive Compensation 105
Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters 105
Item 13. Certain Relationships and Related Transactions, and Director Independence 105
Item 14. Principal Accounting Fees and Services 105

Part IV

Item 15. Exhibits, Financial Statement Schedules 106


Exhibit Index 108
Signatures 110
Table of Contents

Part I

ITEM 1. Business

Overview

Fortinet is a global leader in cybersecurity solutions provided to a wide variety of businesses, such as enterprises, communication service providers
and small businesses. Our cybersecurity solutions are designed to provide broad visibility and segmentation of the digital attack surface through our
integrated Security Fabric platform, which features automated protection, detection and responses.

The focus areas of our business consist of:

• Network Security—We derive a majority of product sales from our FortiGate network security appliances. Our FortiGate network security
appliances include a broad set of built-in security and networking features and functionalities, including firewall, software-defined wide-area
network (“SD-WAN”), secure sockets layer (“SSL”) data leak prevention, virtual private network (“VPN”), switch and wireless controller and wide
area network (“WAN”) acceleration. Our network security appliances include our FortiOS operating system, which provides the foundation for
FortiGate security functions, and FortiASIC integrated circuit, which is designed to accelerate the processing of security and networking functions.
Our customers may also purchase FortiGuard subscription services to receive threat intelligence updates. We provide standard technical support
across all of our products through our FortiCare support services. We also offer services to end-customers including Technical Account Managers
(“TAMs”), Resident Engineers (“REs”) and professional service consultants for implementations, as well as training services to our end-customers
and channel partners.

• Fortinet Security Fabric—The Fortinet Security Fabric platform is an architectural approach that protects the entire digital attack surface, including
network core, endpoints, applications, data centers and private and public cloud. Together with our network of Fabric-Ready Partners, the Fortinet
Security Fabric platform enables disparate security devices to work together as an integrated, automated and collaborative solution.

• Cloud Security—We help customers connect securely to and across their cloud environments by offering security through our virtual firewall and
other software products in public and private cloud environments. Our Cloud Security solutions, including our Client Access Security Broker
Solution, FortiCASB, extend the core capabilities of the Fortinet Security Fabric platform to provide businesses with the same level of cybersecurity
and threat intelligence in cloud environments that they receive on their physical networks. Fortinet cloud security offerings are available across all
major cloud providers, including Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud and IBM Cloud.

• Internet of Things and Operational Technology—The proliferation of Internet of Things (“IoT”) and Operational Technology (“OT”) devices has
generated new opportunities for us to grow our business. IoT and OT have created an environment where data move freely between devices across
locations, network environments, remote offices, mobile workers and public cloud environments, making the data difficult to consistently track and
secure.

During our year ended December 31, 2018, we generated total revenue of $1.80 billion and net income of $332.2 million. See Part II, Item 8 of this
Annual Report on Form 10-K for more information on our consolidated balance sheets as of December 31, 2018 and 2017 and our consolidated statements of
income, comprehensive income, stockholders’ equity, and cash flows for each of the three years ended December 31, 2018, 2017 and 2016.

We were incorporated in Delaware in November 2000. Our principal executive office is located at 899 Kifer Road, Sunnyvale, California 94086 and
our telephone number at that location is (408) 235-7700.

Technology and Architecture

Our proprietary Security Processing Unit (“SPU”) hardware architecture, FortiOS operating system and associated security and networking functions
are combined to form the Fortinet Security Fabric platform. This approach to security ties together discrete security solutions into an integrated whole, which
enables our products to perform security processing for networks with high throughput requirements across a broad threat landscape.

1
Table of Contents

SPU

Our proprietary SPUs are Application-Specific Integrated Circuits (“ASICs”) that are divided into three main types: (i) the Content Processor (“SPU
CP”), (ii) the Network Processor (“SPU NP”) and (iii) the System-on-a-Chip (“SPU SOC”). Our SPUs are designed to enhance the security processing
capabilities implemented in software by accelerating computationally intensive tasks such as firewall policy enforcement, network address translation,
Intrusion Prevention Systems (“IPS”) threat detection and encryption. This architecture provides the ability to implement accelerated processing of new threat
detection. Entry-level FortiGate products often use the SPU SOC2 or SPU SOC3 to provide the necessary acceleration at this level. Mid-range FortiGate
products use a central processing unit (“CPU”) and include the SPU NP and SPU CP hardware acceleration. The high-end FortiGate products use multiple
CPUs, SPU CPs and SPU NPs.

FortiOS

Our proprietary FortiOS operating system provides the foundation for the operation of all FortiGate appliances, whether physical, virtual, private or
public cloud based, and is at the heart of the Fortinet Security Fabric platform. The security and networking capabilities of the Fortinet Security Fabric
platform are controlled through FortiOS. The core kernel functions to the security processing feature sets work together to provide a highly integrated
solution. FortiOS provides (i) multiple layers of security, including a hardened kernel layer providing protection for the FortiGate system, (ii) a network
security layer, providing security for end-customers’ network infrastructures and (iii) application content protection, providing security for end-customers’
workstations and applications. FortiOS directs the operations of processors and SPUs and provides system management functions such as command line,
graphical user interfaces, multiple network and security topology views.

Key high-level functions and capabilities of FortiOS include:

• key enablement for the Fortinet Security Fabric architecture;


• option for FortiGate appliances to be configured into different security environments, such as our Internal Network Firewall, Next-
Generation Firewall and Data Center Firewall;
• configuration of the physical aspects of the appliance, such as ports, onboard Wi-Fi and switching;
• extension of the Fortinet Security Fabric platform through direct management of FortiSwitch and FortiAP devices;
• key network functions such as routing and deployment modes (network routing, transparent, sniffer, etc.);
• implementation of security updates from our FortiGuard distribution network, delivering Advanced Threat Protection (“ATP”), such as IPS,
antivirus and application control;
• access to cloud-based web and email filtering databases;
• direct integration with both cloud and on-premises FortiSandbox technology;
• security policy objects and enforcement;
• data leak prevention and document finger printing; and
• real-time reporting and logging.

FortiOS also enables advanced, integrated routing and switching, allowing end-customers to deploy FortiGate devices within a wide variety of
networks, as well as providing a direct replacement solution option for legacy switching and routing equipment. FortiOS implements a suite of commonly
used standards-based routing protocols as well as network address translation technologies, allowing the FortiGate appliance to integrate and operate in a
wide variety of network environments. Additional features include virtual domain capabilities, which can provide support for multiple customers on a single
device or FortiOS instance. FortiOS also provides capabilities for the logging of traffic for forensic analysis purposes, which are particularly important for
regulatory compliance initiatives such as payment card industry data security standards. FortiOS is designed to help control network traffic in order to
optimize performance by including functionality such as packet classification, queue disciplines, policy enforcement, congestion management, WAN
optimization and caching. These features enable administrators to set the appropriate configurations and policies that meet their infrastructure needs. We make
updates to FortiOS available through our FortiCare support services.

Products

Our core product offerings consist of our FortiGate product family and our non-FortiGate products, all of which may be purchased to complement
commercial and enterprise deployments. Our FortiGate hardware and software licenses are sold with a set of broad security services. These security services
are enabled by FortiGuard, which provides extensive threat research and artificial intelligence capabilities from a global cloud network to deliver protection
services to each FortiGate appliance. Our non-FortiGate products include the Fortinet Security Fabric (such as FortiAP, FortiAnalyzer, FortiSwitch and
FortiManager), certain cloud security products (such as virtual machines and cloud services) and other products.

2
Table of Contents

FortiGate

FortiGate offers a broad set of security and networking functions, including firewall, intrusion prevention, anti-malware, VPN, application control,
web filtering, anti-spam and WAN acceleration. FortiGate is available as a hardware appliance or as a virtual appliance. All FortiGate appliances run on
FortiOS. FortiGate platforms can be centrally managed through both embedded web-based and command line interfaces, as well as through FortiManager,
which provides a central management architecture for FortiGate appliances and the Fortinet Security Fabric platform.

By combining multiple network security functions in our purpose-built security platform, FortiGate appliances provide broad, high-quality
protection capabilities and deployment flexibility while reducing the operational burden and costs associated with managing multiple point products. With
over 30 models in the FortiGate product line, FortiGate is designed to address security requirements for small- to medium-sized businesses, large enterprises
and government organizations worldwide.

Typically, all FortiGate hardware appliances include our SPUs to accelerate content and network security features implemented within FortiOS. The
significant differences between each model are the performance and scalability targets each model is designed to meet, while the security features and
associated services offered are common throughout all models. The FortiGate-20 through -100 series models are designed for perimeter protection for small-
to medium-sized businesses and enterprises with distributed offices. The FortiGate-200 through -900 series models are designed for perimeter deployment in
medium-sized to large enterprise networks. The FortiGate-1000 through -7000 series models deliver high performance and scalable network security
functionality for perimeter, data center and core deployment in large enterprises.

We also incorporate additional technologies within FortiGate appliances that differentiate our solutions, including data leakage protection, traffic
optimization, secure socket layer inspection, threat vulnerability management and wireless controller technology. In addition to these in-built features, we
offer a full range of wireless access points and controllers, complementing FortiGate appliances with the flexibility of wireless local area network access.

Fortinet Security Fabric

As part of the Fortinet Security Fabric platform, we offer products that provide network security, end point security, cloud security, web-based
application security, identity and access management, sandbox protection and email security. The integration of devices using open standards, common
operating systems, and unified management platforms enables the sharing and correlation of real-time threat intelligence. The following products are key
elements of the Fortinet Security Fabric platform:

• FortiAP—Our FortiAP product family provides secure wireless networking solutions. FortiAPs allow a variety of management options
including from the cloud and directly from our FortiGate Next Generation Firewall product. FortiAPs create a scalable and secure access
layer for connecting wireless devices such as computers, laptops, cell phones and tablets, as well as IoT devices.

• FortiSwitch—Our FortiSwitch product family provides secure switching solutions that can be deployed in traditional network switching
designs with Layer 2 or Layer 3 access control features. FortiSwitch creates a scalable and secure access layer for customers to connect
their end devices, such as computers and laptops, as well as to expand the field of IoT devices.

• FortiAnalyzer—Our FortiAnalyzer family of products provides centralized network logging, analyzing and reporting solutions that securely
aggregate content and log data from our FortiGate devices, other Fortinet products and third-party devices to enable network logging,
analysis and reporting.

• FortiManager—Our FortiManager family of products provides a central and scalable management solution for our FortiGate products,
including software updates, configuration, policy settings and security updates. FortiManager facilitates the coordination of policy-based
provisioning, device configuration and operating system revision management, as well as network security monitoring and device control.

• FortiSandbox—Our FortiSandbox technology delivers proactive detection and mitigation with the ability to generate a directly actionable
protection capability. Available in both hardware and cloud-based form, the FortiSandbox subjects suspicious code to a set of multi-layer
protection techniques, culminating in execution within an operating system, allowing real-time behavioral analysis to be performed in a
secure environment. When malicious code is identified, a signature can be generated locally for distribution across the Fortinet Security
Fabric.

3
Table of Contents

• FortiSIEM—Our FortiSIEM family of software solutions provides a cloud-ready security information and event management (“SIEM”)
solution. FortiSIEM unifies analytics that are traditionally monitored discretely, parses the information and then processes it in an event-
based analytics engine for handling real-time searches, rules, dashboards and ad-hoc queries. This unification of diverse sources of data
enables organizations to create comprehensive dashboards and reports to identify root causes of threats, and take the steps necessary to
remediate and prevent them in the future.

Services

FortiGuard Security Subscription Services

Security requirements are dynamic due to the constantly changing nature of threats. Our FortiGuard security subscription services are designed to
allow us to quickly deliver new threat detection and prevention capabilities to end-customers worldwide as new threats evolve. Our FortiGuard Labs global
threat research team identifies emerging threats, collects threat samples, and replicates, reviews, characterizes and collates attack data. Based on this research,
we develop updates for virus signatures, attack definitions, scanning engines and other security solution components to distribute to end-customers.
FortiGuard functionality varies depending on which FortiGate and non-FortiGate products the end-customer is using, but will typically include one or more of
the following functions: application control, antivirus, intrusion prevention, web filtering, anti-spam, VPN functions, email image analysis, vulnerability
management, database functions, web functions, advanced threat protection and domain and IP reputation services.

End-customers purchase FortiGuard security subscription services in advance, typically with terms of one or more years. We provide FortiGuard
security subscription services 24 hours a day, seven days a week.

FortiCare Technical Support Services

Our FortiCare services portfolio includes technical support and extended product warranty. For our standard technical support, our channel partners
may provide first-level support to the end-customer. We also provide first-level support to our end-customers, as well as second- and third-level support as
appropriate. We also provide knowledge management tools and customer self-help portals to help augment our support capabilities in an efficient and scalable
manner. We deliver technical support to partners and end-customers 24 hours a day, seven days a week, through worldwide regional technical support centers.
In addition to our technical support services, we offer a range of advanced services, including premium support and professional services.

Service Bundles

We also sell FortiGuard and FortiCare services as bundles, consolidating security services into packages that would be typical for certain types of
end-customer.

• Threat Protection—Our Threat Protection bundle includes application control, antivirus, IP reputation and anti-botnet security, mobile
security, data sanitation, sandbox, intrusion prevention and virus outbreak protection, along with FortiCare security services.

• Unified Threat Management (“UTM”)—Our UTM bundle includes antispam, antivirus, data sanitation, sandbox, application control,
intrusion prevention, virus outbreak protection and web filtering, along with FortiCare security services.

• Enterprise Protection—Our Enterprise Protection bundle includes application control, intrusion prevention, web filtering, sandbox,
antivirus, mobile security, IP reputation and anti-botnet security, antispam, CASB, industrial control systems, security rating, virus outbreak
protection and data sanitation, along with FortiCare security services.

Professional Services

We offer professional services to end-customers including Technical Account Managers (“TAMs”), Resident Engineers (“REs”) and professional
service consultants for implementations.

4
Table of Contents

TAMs and REs are dedicated support engineers available to help identify and eliminate issues before problems arise. Each TAM and RE acts as a
single point of contact and customer advocate within Fortinet, offering a deep understanding of our customers’ businesses and security requirements.

Our professional services consultants help in the design of product deployments and work closely with end-customers to implement our products
according to design, utilizing network analysis tools, traffic simulation software and scripts.

Training Services

We offer training services to our end-customers and channel partners through our training department and authorized training partners. We have also
implemented a training certification program, Network Security Expert, to help ensure an understanding of our products and services.

Customers

We typically sell our security solutions to channel partners, who in turn sell to end-customers. At times, we also sell directly to end-customers. Our
end-customers include small and medium-sized businesses, large enterprises and government organizations across a wide range of industries, including
telecommunications, technology, government, financial services, education, retail, manufacturing and healthcare. An end-customer deployment may involve
as few as one or as many as thousands of appliances and other Fortinet Security Fabric products, depending on our end-customer’s size and security
requirements. Customers may also access our products via the cloud through certain cloud providers such as Amazon Web Services, Microsoft Azure, Google
Cloud, Oracle Cloud and IBM Cloud. Typically, our customers also purchase our FortiGuard security subscription services and FortiCare technical support
services.

For information regarding our geographic revenue based on the billing address of our distributors and direct customers, see Note 14 to our
consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K. During 2018, Exclusive Networks Group (“Exclusive”) and Ingram
Micro Inc. (“Ingram Micro”) accounted for 30% and 10% of total revenue, respectively. During 2017 and 2016, Exclusive accounted for 25% and 20% of
total revenue, respectively.

Sales and Marketing

We primarily sell our products and services through a two-tier distribution model. We sell to distributors that sell to networking security and
enterprise-focused resellers and service providers and managed security service providers (“MSSPs”), who, in turn, sell to our end-customers. We work with
many technology distributors, including Exclusive, Ingram Micro Inc., Arrow Electronics, Inc., Synnex Corporation and Tech Data Corporation.

We support our channel partners with a dedicated team of experienced channel account managers, sales professionals and sales engineers who
provide business planning, joint marketing strategy, and pre-sales and operational sales support. Additionally, our sales teams help drive and support large
enterprise and service provider sales through a direct touch model. Our sales professionals and engineers typically work closely with our channel partners and
directly engage with large end-customers to address their unique security and deployment requirements. To support our broadly dispersed global channel and
end-customer base, we have sales professionals in over 70 countries around the world.

Our marketing strategy is focused on building our brand and driving end-customer demand for our security solutions. We use a combination of
internal marketing professionals and a network of regional and global channel partners. Our internal marketing organization is responsible for messaging,
branding, demand generation, product marketing, packaging support and subscription services into service bundles, channel marketing, event marketing,
digital marketing, communications, analyst relations, public relations and sales enablement. We focus our resources on campaigns, programs and activities
that can be leveraged by partners worldwide to extend our marketing reach, such as sales tools and collateral, product awards and technical certifications,
media engagement, training, regional seminars and conferences, webinars and various other demand-generation activities.

In 2018, we continued to invest in sales and marketing, particularly in the enterprise market where enterprise customers tend to have a higher
lifetime value. We intend to continue to make investments in our sales resources and infrastructure and marketing strategy, which are critical to support our
growth.

5
Table of Contents

Manufacturing and Suppliers

We outsource the manufacturing of our security appliance products to a variety of contract manufacturers and original design manufacturers. Our
current manufacturing partners include ADLINK Technology, Inc., IBASE Technology, Inc. (“IBASE”), Micro-Star International Co. (“Micro-Star”), Senao
Networks, Inc. (“Senao”), Wistron Corporation (“Wistron”) and a number of other manufacturers. The majority of our hardware is manufactured in Taiwan,
with some products manufactured in the United States or China. We submit purchase orders to our contract manufacturers that describe the type and quantities
of our products to be manufactured, the delivery date and other delivery terms. Once our products are manufactured, they are sent to either our warehouse in
California, or to our logistics partner in Taoyuan City, Taiwan, where accessory packaging and quality-control testing are performed. We believe that
outsourcing our manufacturing and a substantial portion of our logistics enables us to focus resources on our core competencies. Our proprietary SPUs, which
are the key to the performance of our appliances, are built by contract manufacturers including Faraday Technology Corporation (“Faraday”), Kawasaki
Microelectronics America, Inc. and Renesas Electronics Corporation (“Renesas”). These contract manufacturers use foundries operated by either United
Microelectronics Corporation (“UMC”) or Taiwan Semiconductor Manufacturing Company Limited (“TSMC”), or their own foundry, such as Renesas’ fab.

The components included in our products are sourced from various suppliers by us or, more frequently, by our contract manufacturers. Some of the
components important to our business, including certain CPUs from Intel Corporation (“Intel”); network chips from Broadcom Inc. (“Broadcom”), Marvell
Technology Group Ltd. (“Marvell”) and Intel, and memory devices from Intel, ADATA Technology Co., Ltd. (“ADATA”), OCZ Technology Group, Inc.
(“OCZ”), Samsung Electronics Co., Ltd. (“Samsung”), and Western Digital Technologies, Inc. (“Western Digital”), are available from limited or sole sources
of supply.

We have no long-term contracts related to the manufacturing of our ASICs or other components that guarantee any capacity or pricing terms.

Research and Development

We focus our research and development efforts on developing new hardware and software products and services, and adding new features to existing
products and services. Our development strategy is to identify features, products and systems for both software and hardware that are, or are expected to be,
important to our end-customers. Our success in designing, developing, manufacturing and selling new or enhanced products will depend on a variety of
factors, including identification of market demand for new products, product selection, timely implementation of product design and development, product
performance, costs of development, bills of materials, effective manufacturing and assembly processes and sales and marketing.

Intellectual Property

We rely primarily on patent, trademark, copyright and trade secrets laws, confidentiality procedures and contractual provisions to protect our
technology. As of December 31, 2018, we had 596 U.S. and foreign-issued patents and 199 pending U.S. and foreign patent applications. We also license
software from third parties for inclusion in our products, including open source software and other software available on commercially reasonable terms.

Despite our efforts to protect our rights in our technology, unauthorized parties may attempt to copy aspects of our products or obtain and use
information and technology that we regard as proprietary. We generally enter into confidentiality agreements with our employees, consultants, vendors and
customers, and generally limit access to and distribution of our proprietary information. However, we cannot provide assurance that the steps we take will
prevent misappropriation of our technology. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the
laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.

Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patent and other
intellectual property rights. Third parties have asserted, are currently asserting and may in the future assert patent, copyright, trademark or other intellectual
property rights against us, our channel partners or our end-customers. Successful claims of infringement by a third party could prevent us from distributing
certain products or performing certain services or require us to pay substantial damages (including treble damages if we are found to have willfully infringed
patents or copyrights), royalties or other fees. Even if third parties offer a license to their technology, the terms of any offered license may not be acceptable
and the failure to obtain a license or the costs associated with any license could cause our business, operating results or financial condition to be materially
and adversely affected. In certain instances, we indemnify our end-customers, distributors and resellers against claims that our products infringe the
intellectual property of third parties.

6
Table of Contents

Seasonality

For information regarding seasonality in our sales, see the section entitled “Management’s Discussion and Analysis of Financial Condition and
Results of Operations—Quarterly Results of Operations—Seasonality, Cyclicality and Quarterly Revenue Trends” in Part II, Item 7 of this Annual Report on
Form 10-K.

Competition

The markets for our products are extremely competitive and are characterized by rapid technological change. The principal competitive factors in our
markets include the following:

• product performance, throughput, features, effectiveness, interoperability and reliability;


• addition and integration of new networking and security features and technological expertise;
• compliance with industry standards and certifications;
• price of products and services and total cost of ownership;
• brand recognition;
• customer service and support across varied and complex customer segments;
• sales and distribution capabilities;
• size and financial stability; and
• breadth of product line.

Among others, our competitors include Check Point Software Technologies Ltd. (“Check Point”), Cisco Systems, Inc. (“Cisco”), F5 Networks, Inc.
(“F5 Networks”), FireEye, Inc. (“FireEye”), Forcepoint LLC (“Forcepoint”), Imperva, Inc. (“Imperva”), Juniper Networks, Inc. (“Juniper”), McAfee, LLC
(“McAfee”), Palo Alto Networks, Inc. (“Palo Alto Networks”), Proofpoint, Inc. (“Proofpoint”), SonicWALL, Inc. (“SonicWALL”), Sophos Group Plc
(“Sophos”) and Trend Micro Incorporated (“Trend Micro”).

We believe we compete favorably based on our products’ performance, throughput, reliability, breadth and ability to work together; our ability to add
and integrate new networking and security features and our technological expertise. Several competitors are significantly larger, have greater financial,
technical, marketing, distribution, customer support and other resources, are more established than we are, and have significantly better brand recognition.
Some of these larger competitors have substantially broader product offerings, and leverage their relationships based on other products or incorporate
functionality into existing products in a manner that discourages users from purchasing our products. Based in part on these competitive pressures, we may
lower prices or attempt to add incremental features and functionalities to our products.

Conditions in our markets could change rapidly and significantly as a result of technological advancements or market consolidation. The
development and market acceptance of alternative technologies could decrease the demand for our products or render them obsolete. Our competitors may
introduce products that are less costly, provide superior performance, are better marketed, or achieve greater market acceptance than our products.
Additionally, our larger competitors often have broader product lines and are better positioned to withstand a significant reduction in capital spending by end-
customers, and will therefore not be as susceptible to downturns in a particular market. The above competitive pressures are likely to continue to impact our
business. We may not be able to compete successfully in the future, and competition may harm our business.

Employees

As of December 31, 2018, our total headcount was 5,845 employees and contractors. None of our U.S. employees are represented by a labor union;
however, our employees in certain European countries have the right to be represented by external labor organizations if they maintain up-to-date union
membership. We have not experienced any work stoppages, and we consider our relations with our employees to be good.

Available Information

Our web site is located at https://www.fortinet.com, and our investor relations web site is located at https://investor.fortinet.com. The information
posted on our website is not incorporated by reference into this Annual Report on Form 10-K. Our Annual Report on Form 10-K, Quarterly Reports on Form
10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Act, are available free
of charge on our investor relations web site as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC. You may
also access all of our public filings through the SEC’s website at https://www.sec.gov.

7
Table of Contents

We webcast our earnings calls and certain events we participate in or host with members of the investment community on our investor relations web
site. Additionally, we provide notifications of news or announcements regarding our financial performance, including SEC filings, investor events and press
and earnings releases, as part of our investor relations web site. The contents of these web sites are not intended to be incorporated by reference into this
report or in any other report or document we file.

8
Table of Contents

ITEM 1A. Risk Factors

Investing in our common stock involves a high degree of risk. Investors should carefully consider the following risks and all other information
contained in this Annual Report on Form 10-K, including our consolidated financial statements and the related notes, before investing in our common stock.
The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently
believe are not material, also may become important factors that affect us. If any of the following risks materialize, our business, financial condition and
results of operations could be materially harmed. In that case, the trading price of our common stock could decline substantially, and investors may lose some
or all of their investment.

Risks Related to Our Business

Our operating results are likely to vary significantly and be unpredictable.

Our operating results have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors,
many of which are outside of our control or may be difficult to predict, including:

• our ability to attract and retain new end-customers or sell additional products and services to our existing end-customers;

• the level of demand for our products and services, which may render forecasts inaccurate;

• the timing of channel partner and end-customer orders, and our reliance on a concentration of shipments at the end of each quarter;

• the timing of shipments, which may depend on factors such as inventory levels, logistics, manufacturing or shipping delays, our ability to
ship new products on schedule and our ability to accurately forecast inventory requirements;

• inventory management;

• the mix of products sold and the mix of revenue between products and services, as well as the degree to which products and services are
bundled and sold together for a package price;

• the purchasing practices and budgeting cycles of our channel partners and end-customers, including the effect of the end of product refresh
cycles;

• the effectiveness of our sales organization, generally or in a particular geographic region, the time it takes to hire sales personnel and the
timing of hiring, and our ability to retain, sales personnel;

• sales execution risk related to effectively selling to all segments of the market, including enterprise and small- and medium-sized businesses
and service providers, and to selling our broad security product and services portfolio;

• the seasonal buying patterns of our end-customers;

• the timing and level of our investments in sales and marketing, and the impact of such investments on our operating expenses, operating
margin and the productivity and effectiveness of execution of our sales and marketing teams;

• the timing of revenue recognition for our sales;

• the level of perceived threats to network security, which may fluctuate from period to period;

• changes in the requirements, market needs or buying practices and patterns of our distributors, resellers or end-customers;

• changes in the growth rate of the network security market;

9
Table of Contents

• the timing and success of new product and service introductions or enhancements by us or our competitors, or any other change in the
competitive landscape of our industry, including consolidation among our competitors, partners or end-customers;

• the deferral of orders from distributors, resellers or end-customers in anticipation of new products or product enhancements announced by
us or our competitors;

• increases or decreases in our billings, revenue and expenses caused by fluctuations in foreign currency exchange rates or a strengthening of
the U.S. dollar, as a significant portion of our expenses is incurred and paid in currencies other than the U.S. dollar, and the impact such
fluctuations may have on the actual prices that our partners and customers are willing to pay for our products and services;

• compliance with existing laws and regulations that are applicable to our ability to conduct business with the public sector;

• litigation, litigation fees and costs, settlements, judgments and other equitable and legal relief granted related to litigation;

• the impact of cloud-based platforms on our billings, revenues, operating margins and free cash flow;

• decisions by potential end-customers to purchase network security solutions from newer technology providers, from larger, more
established security vendors or from their primary network equipment vendors;

• price competition and increased competitiveness in our market, including the competitive pressure caused by product refresh cycles;

• our ability to both increase revenues and manage and control operating expenses in order to improve our operating margins;

• changes in customer renewal rates or attached rates for our services;

• changes in the payment terms of services contracts or the contractual term of services contracts sold;

• changes in our estimated annual effective tax rates;

• changes in circumstances and challenges in business conditions, including decreased demand, which may negatively impact our channel
partners’ ability to sell the current inventory they hold and negatively impact their future purchases of products from us;

• increased demand for cloud-based services and the uncertainty associated with transitioning to providing such services;

• increased expenses, unforeseen liabilities or write-downs and any impact on results of operations from any acquisition consummated;

• our channel partners having insufficient financial resources to withstand changes and challenges in business conditions;

• disruptions in our channel or termination of our relationship with important channel partners, including as a result of consolidation among
distributors and resellers of security solutions;

• insolvency, credit or other difficulties confronting our key suppliers and channel partners, which could affect their ability to purchase or pay
for products and services and which could disrupt our supply or distribution chain;

• policy changes and uncertainty with respect to immigration laws, trade policy and tariffs, including increased tariffs applicable to countries
where we manufacture our products, foreign imports and tax laws related to international commerce;

10
Table of Contents

• political, economic and social instability, including geo-political instability and uncertainty, such as the impact of the United Kingdom’s exit
from the European Union;

• general economic conditions, both in domestic and foreign markets;

• future accounting pronouncements or changes in our accounting policies, such as changes in accounting for leases and stock-based
compensation, as well as the significant costs that may be incurred to adopt and comply with these new pronouncements;

• possible impairments or acceleration of depreciation of our existing real estate due to our current real estate holdings and future
development plans; and

• legislative or regulatory changes, such as with respect to privacy, information and cybersecurity, exports, the environment and applicable
accounting standards.

Any one of the factors above or the cumulative effect of some of the factors referred to above may result in significant fluctuations in our quarterly
financial and other operating results. This variability and unpredictability could result in our failing to meet our internal operating plan or the expectations of
securities analysts or investors for any period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our shares
could fall substantially and we could face costly lawsuits, including securities class action suits. In addition, a significant percentage of our operating
expenses are fixed in nature over the near term. Accordingly, in the event of revenue shortfalls, we are generally unable to mitigate the negative impact on
margins in the short term.

Adverse economic conditions or reduced information technology spending may adversely impact our business.

Our business depends on the overall demand for information technology and on the economic health of our current and prospective customers. In
addition, the purchase of our products is often discretionary and may involve a significant commitment of capital and other resources. Weak global and
regional economic conditions and spending environments, geopolitical instability and uncertainty, weak economic conditions in certain regions or a reduction
in information technology spending regardless of macro-economic conditions could have adverse impacts on our business, financial condition and results of
operations, including longer sales cycles, lower prices for our products and services, higher default rates among our channel partners, reduced unit sales and
slower or declining growth.

Our billings, revenue, operating margin and free cash flow growth may slow or may not continue.

We may experience slowing growth, or a decrease, in billings, revenue, operating margin and free cash flow for a number of reasons, including a
slowdown in demand for our products or services, a shift in demand from products to services, increased competition, a decrease in the growth of our overall
market or softness in demand in certain geographies or industry verticals, such as the service provider industry, changes in our strategic opportunities,
execution risks and our failure for any reason to continue to capitalize on sales and growth opportunities due to other risks identified in the risk factors
described in this periodic report. Our expenses as a percentage of total revenue may be higher than expected if our revenue is lower than expected and, if our
investments in sales and marketing and other functional areas do not result in expected billings and revenue growth, we may experience margin declines and
may not be able to sustain profitability in future periods if we fail to increase billings, revenue or deferred revenue, do not appropriately manage our cost
structure and free cash flow or encounter unanticipated liabilities. Any failure by us to maintain profitability, maintain our margins and continue our billings,
revenue and free cash flow growth could cause the price of our common stock to materially decline.

11
Table of Contents

We rely significantly on revenue from FortiGuard security subscription and FortiCare technical support services, and revenue from these services may
decline or fluctuate. Because we recognize revenue from these services over the term of the relevant service period, downturns or upturns in sales of
FortiGuard security subscription and FortiCare technical support services are not immediately reflected in full in our operating results.

Our FortiGuard security subscription and FortiCare technical support services revenue has historically accounted for a significant percentage of our
total revenue. Revenue from the sale of new, or from the renewal of existing, FortiGuard security subscription and FortiCare technical support service
contracts may decline and fluctuate as a result of a number of factors, including fluctuations in purchases of FortiGate appliances or our Fabric products,
changes in the sales mix between products and services, end-customers’ level of satisfaction with our products and services, the prices of our products and
services, the prices of products and services offered by our competitors, reductions in our customers’ spending levels and the timing of revenue recognition
with respect to these arrangements. If our sales of new, or renewals of existing, FortiGuard security subscription and FortiCare technical support service
contracts decline, our revenue and revenue growth may decline and our business could suffer. In addition, in the event significant customers require payment
terms for FortiGuard security subscription and FortiCare technical support services in arrears or for shorter periods of time than annually, such as monthly or
quarterly, this may negatively impact our billings and revenue. Furthermore, we recognize FortiGuard security subscription and FortiCare technical support
services revenue monthly over the term of the relevant service period, which is typically from one to three years, and, to a lesser extent, five years. As a
result, much of the FortiGuard security subscription and FortiCare technical support services revenue we report each quarter is the recognition of deferred
revenue from FortiGuard security subscription and FortiCare technical support services contracts entered into during previous quarters or years.
Consequently, a decline in new or renewed FortiGuard security subscription and FortiCare technical support services contracts in any one quarter will not be
fully reflected in revenue in that quarter but will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales of
new, or renewals of existing, FortiGuard security subscription and FortiCare technical support services is not reflected in full in our statements of income until
future periods. Our FortiGuard security subscription and FortiCare technical support services revenue also makes it difficult for us to rapidly increase our
revenue through additional service sales in any period, as revenue from new and renewal support services contracts must be recognized over the applicable
service period.

We generate a majority of revenue from sales to distributors, resellers and end-customers outside of the United States, and we are therefore subject to a
number of risks associated with international sales and operations.

We market and sell our products throughout the world and have established sales offices in many parts of the world. Our international sales have
represented a majority of our total revenue in recent periods. Therefore, we are subject to risks associated with having worldwide operations. We are also
subject to a number of risks typically associated with international sales and operations, including:

• economic or political instability in foreign markets;

• greater difficulty in enforcing contracts and accounts receivable collection, including longer collection periods;

• longer sales processes for larger deals, particularly during the summer months;

• changes in regulatory requirements;

• difficulties and costs of staffing and managing foreign operations;

• the uncertainty of protection for intellectual property rights in some countries;

• costs of compliance with foreign policies, laws and regulations and the risks and costs of non-compliance with such policies, laws and
regulations;

• protectionist policies and penalties, and local laws, requirements, policies and perceptions that may adversely impact a U.S.-headquartered
business’s sales in certain countries outside of the United States;

• costs of complying with, and the risks and costs of non-compliance with, U.S. or other foreign laws and regulations for foreign operations,
including the U.S. Foreign Corrupt Practices Act, the United Kingdom Bribery Act 2010, the General Data Protection Regulation (which
became effective in May 2018), import and export control laws, tariffs and retaliatory measures, trade barriers and economic sanctions;

12
Table of Contents

• other regulatory or contractual limitations on our ability to sell our products in certain foreign markets, and the risks and costs of non-
compliance;

• heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales or sales-related
arrangements, such as sales “side agreements” to allow return rights, that could disrupt the sales team through terminations of employment
or otherwise, and may adversely impact financial results as compared to those already reported or forecasted and result in restatements of
financial statements and irregularities in financial statements;

• our ability to effectively implement and maintain adequate internal controls to properly manage our international sales and operations;

• political unrest, changes and uncertainty associated with terrorism, hostilities, war or natural disasters;

• changes in foreign currency exchange rates;

• management communication and integration problems resulting from cultural differences and geographic dispersion; and

• changes in tax, tariff, employment and other laws.

Product and service sales and employee and contractor matters may be subject to foreign governmental regulations, which vary substantially from
country to country. Further, we may be unable to keep up-to-date with changes in government requirements as they change over time. Failure to comply with
these regulations could result in adverse effects to our business. In many foreign countries, it is common for others to engage in business practices that are
prohibited by our internal policies and procedures or U.S. regulations applicable to us. Although we implemented policies and procedures designed to ensure
compliance with these laws and policies, there can be no assurance that all of our employees, contractors, channel partners and agents will comply with these
laws and policies. Violations of laws or key control policies by our employees, contractors, channel partners or agents could result in litigation, regulatory
action, costs of investigation, delays in revenue recognition, delays in financial reporting, financial reporting misstatements, fines, penalties or the prohibition
of the importation or exportation of our products and services, any of which could have a material adverse effect on our business and results of operations.

We may undertake corporate operating restructurings or transfers of assets that involve our group of foreign country subsidiaries through which we
do business abroad, in order to maximize the operational and tax efficiency of our group structure. If ineffectual, such restructurings or transfers could
increase our income tax liabilities, and in turn, increase our global effective tax rate. Moreover, our existing corporate structure and intercompany
arrangements have been implemented in a manner we believe is in compliance with current prevailing tax laws. However, the tax authorities of the
jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, which could impact our
worldwide effective tax rate and harm our financial position and operating results.

If we are not successful in continuing to execute our strategy to increase our sales to large and medium-sized end-customers, our results of operations
may suffer.

An important part of our growth strategy is to increase sales of our products to large and medium-sized businesses, service providers and government
organizations. While we have increased sales in recent periods to large and medium-sized businesses, our sales volume varies by quarter and there is risk as to
our level of success selling to these target customers. Such sales involve unique sales skillsets, processes and structures, are often more complex and feature a
longer contract term and may be at higher discount levels. We also have experienced uneven traction selling to certain government organizations and service
providers and MSSPs, and there can be no assurance that we will be successful selling to these customers. Sales to these organizations involve risks that may
not be present, or that are present to a lesser extent, with sales to smaller entities. These risks include:

• increased competition from competitors that traditionally target large and medium-sized businesses, service providers and government
organizations and that may already have purchase commitments from those end-customers;

13
Table of Contents

• increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements;

• unanticipated changes in the capital resources or purchasing behavior of large end-customers, including changes in the volume and
frequency of their purchases and changes in the mix of products and services, willingness to change to cloud delivery model and related
payment terms;

• more stringent support requirements in our support service contracts, including stricter support response times, more complex requirements
and increased penalties for any failure to meet support requirements;

• longer sales cycles and the associated risk that substantial time and resources may be spent on a potential end-customer that elects not to
purchase our products and services; and

• longer ramp-up periods for enterprise sales personnel as compared to other sales personnel.

Large and medium-sized businesses, service providers and MSSPs and government organizations often undertake a significant evaluation process
that results in a lengthy sales cycle, in some cases longer than 12 months. Although we have a channel sales model, our sales representatives typically engage
in direct interaction with end-customers, along with our distributors and resellers, in connection with sales to large and medium-sized end-customers. We may
spend substantial time, effort and money in our sales efforts without being successful in producing any sales. In addition, purchases by large and medium-
sized businesses, service providers and government organizations are frequently subject to budget constraints, multiple approvals and unplanned
administrative, processing and other delays. Furthermore, service providers and MSSPs represent our largest industry vertical and consolidation or continued
changes in buying behavior by larger customers within this industry could negatively impact our business. Large and medium-sized businesses, service
providers and MSSPs and government organizations typically have longer implementation cycles, require greater product functionality and scalability, expect
a broader range of services, including design, implementation and post go-live services, demand that vendors take on a larger share of risks, require
acceptance provisions that can lead to a delay in revenue recognition and expect greater payment flexibility from vendors. In addition, large and medium-
sized businesses, service providers and government organizations may require that our products and services be sold differently from how we offer our
products and services, which could negatively impact our operating results. Our large business and service provider customers may also become more
deliberate in their purchases as they plan their next-generation network security architecture, leading them to take more time in making purchasing decisions
or to purchase based only on their immediate needs. All these factors can add further risk to business conducted with these customers. In addition, if sales
expected from a large and medium-sized end-customer for a particular quarter are not realized in that quarter or at all, our business, operating results and
financial condition could be materially and adversely affected.

Managing inventory of our products and product components is complex. Insufficient inventory may result in lost sales opportunities or delayed revenue,
while excess inventory may harm our gross margins.

Managing our inventory is complex. Our channel partners may increase orders during periods of product shortages, cancel orders or not place orders
commensurate with our expectations if their inventory is too high, return products or take advantage of price protection (if any is available to the particular
partner) or delay orders in anticipation of new products, and accurately forecasting inventory requirements and demand can be challenging. Our channel
partners also may adjust their orders in response to the supply of our products and the products of our competitors that are available to them and in response
to seasonal fluctuations in end-customer demand. Furthermore, if the time required to manufacture or ship certain products increases for any reason, inventory
shortfalls could result. Management of our inventory is further complicated by the significant number of different products and models that we sell which
may impact our billings, revenue, margins and free cash flow. Mismanagement of our inventory, whether due to imprecise forecasting, employee errors or
malfeasance, inaccurate information or otherwise, may adversely affect our results of operations.

Inventory management remains an area of focus as we balance the need to maintain inventory levels that are sufficient to ensure competitive lead
times against the risk of inventory obsolescence because of rapidly changing technology, product transitions, customer requirements or excess inventory
levels. If we ultimately determine that we have excess inventory, we may have to reduce our prices and write-down inventory, which in turn could result in
lower gross margins. Alternatively, insufficient inventory levels may lead to shortages that result in delayed revenue or loss of sales opportunities altogether
as potential end-customers turn to competitors’ products that are readily available. For example, we have in the past experienced inventory shortages and
excesses due to the variance in demand for certain products from forecasted amounts. In addition, for those channel partners that have rights of return,
inventory held by such channel partners affects our results of operations. Our inventory management systems and related supply chain visibility tools may be
inadequate to enable us to effectively manage

14
Table of Contents

inventory. If we are unable to effectively manage our inventory and that of our channel partners, our results of operations could be adversely affected.

We are dependent on the continued services and performance of our senior management, the loss of any of whom could adversely affect our business,
operating results and financial condition.

Our future performance depends on the continued services and continuing contributions of our senior management to execute on our business plan
and to identify and pursue new opportunities and product innovations. The loss of services of members of senior management, particularly Ken Xie, our Co-
Founder, Chief Executive Officer and Chairman or Michael Xie, our Co-Founder, President and Chief Technology Officer, or of any of our senior sales
leaders or functional area leaders, could significantly delay or prevent the achievement of our development and strategic objectives. The loss of the services or
the distraction of our senior management for any reason could adversely affect our business, financial condition and results of operations.

If we are unable to hire, retain and motivate qualified personnel, our business will suffer.

Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. The loss of the services of any of our key
personnel, the inability to attract or retain qualified personnel, any failure to have in place and execute an effective succession plan for key executives or
delays in hiring required personnel, particularly in engineering, sales and marketing, may seriously harm our business, financial condition and results of
operations. From time to time, we experience turnover in our management-level personnel. None of our key employees has an employment agreement for a
specific term, and any of our employees may terminate their employment at any time. Our ability to continue to attract and retain highly skilled personnel will
be critical to our future success. Competition for highly skilled personnel is frequently intense, especially for qualified employees in network security and
especially in the locations where we have a substantial presence and need for highly skilled personnel, such as the San Francisco Bay Area and Vancouver,
Canada. We may not be successful in attracting, assimilating or retaining qualified personnel to fulfill our current or future needs. Also, to the extent we hire
personnel from competitors, we may be subject to allegations that they have been improperly solicited or divulged proprietary or other confidential
information. Changes in immigration laws, including changes to the rules regarding H1-B visas, may also harm our ability to attract personnel from other
countries.

If we do not increase the effectiveness of our sales organization, we may have difficulty adding new end-customers or increasing sales to our existing end-
customers and our business may be adversely affected.

Although we have a channel sales model, sales in our industry are complex and members of our sales organization often engage in direct interaction
with our prospective end-customers, particularly for larger deals involving larger end-customers. Therefore, we continue to be substantially dependent on our
sales organization to obtain new end-customers and sell additional products and services to our existing end-customers. There is significant competition for
sales personnel with the skills and technical knowledge that we require. Our ability to grow our revenue depends, in large part, on our success in recruiting,
training and retaining sufficient numbers of sales personnel to support our growth and on the effectiveness of those personnel in selling successfully in
different contexts each of which has its own different complexities, approaches and competitive landscapes, such as managing and growing the channel
business for sales to small businesses and more actively selling to the end-customer for sales to larger organizations. New hires require substantial training
and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect,
and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. Furthermore,
hiring sales personnel in new countries requires additional setup and upfront costs that we may not recover if the sales personnel fail to achieve full
productivity. If our sales employees do not become fully productive on the timelines that we have projected, our revenue will not increase at anticipated levels
and our ability to achieve long-term projections may be negatively impacted. If we are unable to hire and train sufficient numbers of effective sales personnel,
or the sales personnel are not successful in obtaining new end-customers or increasing sales to our existing customer base, our business, operating results and
prospects will be adversely affected.

15
Table of Contents

The sales prices of our products and services may decrease, which may reduce our gross profits and operating margin, and which may adversely impact
our financial results and the trading price of our common stock.

The sales prices for our products and services may decline for a variety of reasons or our product mix may change, resulting in lower growth and
margins based on a number of factors, including competitive pricing pressures, discounts or promotional programs we offer, a change in our mix of products
and services and anticipation of the introduction of new products and services. Competition continues to increase in the market segments in which we
participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse
product offerings may reduce the price of products and services that compete with ours in order to promote the sale of other products or services or may
bundle them with other products or services. Additionally, although we price our products and services worldwide in U.S. dollars, currency fluctuations in
certain countries and regions have in the past, and may in the future, negatively impact actual prices that partners and customers are willing to pay in those
countries and regions. Furthermore, we anticipate that the sales prices and gross profits for our products or services will decrease over product life cycles. We
cannot ensure that we will be successful in developing and introducing new offerings with enhanced functionality on a timely basis, or that our product and
service offerings, if introduced, will enable us to maintain our prices, gross profits and operating margin at levels that will allow us to maintain profitability.

Reliance on a concentration of shipments at the end of the quarter could cause our billings and revenue to fall below expected levels.

As a result of customer-buying patterns and the efforts of our sales force and channel partners to meet or exceed quarterly quotas, we have
historically received a substantial portion of each quarter’s sales orders and generated a substantial portion of each quarter’s billings and revenue during the
last two weeks of the quarter. We implemented a cloud-based quoting tool to help provide our sales team with the ability to have faster quote generation,
reduce quote errors and increase sales productivity. Our ability to integrate the data from this tool into our order processing may cause order processing delays
which could have an effect on our financial results. If expected orders at the end of any quarter are delayed for any reason, including the failure of anticipated
purchase orders to materialize, our logistics partners’ inability to ship products prior to quarter-end to fulfill purchase orders received near the end of the
quarter, our failure to accurately forecast our inventory requirements and to appropriately manage inventory to meet demand, our inability to release new
products on schedule, any failure of our systems related to order review and processing, any delays in shipments due to trade compliance requirements, labor
disputes or logistics changes at shipping ports or otherwise, our billings and revenue for that quarter could fall below our expectations or those of securities
analysts and investors, resulting in a decline in our stock price.

Unless we continue to develop better market awareness of our company and our products, and to improve lead generation and sales enablement, our
revenue may not continue to grow.

Increased market awareness of our capabilities and products and increased lead generation are essential to our continued growth and our success in
all of our markets, particularly for the large businesses, service provider and government organization market. We have historically had relatively low
spending on marketing activities. While we have increased our investments in sales and marketing, it is not clear that these investments will continue to result
in increased revenue. If our investments in additional sales personnel or our marketing programs are not successful in continuing to create market awareness
of our company and products or increasing lead generation, or if we experience turnover and disruption in our sales and marketing teams, we will not be able
to achieve sustained growth, and our business, financial condition and results of operations will be adversely affected.

We rely on third-party channel partners for substantially all of our revenue. If our partners fail to perform, our ability to sell our products and services
will be limited, and if we fail to optimize our channel partner model going forward, our operating results will be harmed.

A significant portion of our sales is generated through a limited number of distributors, and substantially all of our revenue is from sales by our
channel partners, including distributors and resellers. We depend on our channel partners to generate a significant portion of our sales opportunities and to
manage our sales process. To the extent our channel partners are unsuccessful in selling our products, or if we are unable to enter into arrangements with and
retain a sufficient number of high-quality channel partners in each of the regions in which we sell products, we are unable to keep them motivated to sell our
products, or our channel partners shift focus to other vendors and/or our competitors, our ability to sell our products and operating results will be harmed. The
termination of our relationship with any significant channel partner may adversely impact our sales and operating results.

16
Table of Contents

We provide sales channel partners with specific programs to assist them in selling our products and incentivize them to sell our products, but there
can be no assurance that these programs will be effective. In addition, our channel partners may be unsuccessful in marketing, selling and supporting our
products and services and may purchase more inventory than they can sell. Our channel partners generally do not have minimum purchase requirements.
Some of our channel partners may have insufficient financial resources to withstand changes and challenges in business conditions. In addition, if our channel
partners’ financial condition or operations weaken it could negatively impact their ability to sell our product and services. Our channel partners may also
market, sell and support products and services that are competitive with ours, and may devote more resources to the marketing, sales and support of such
products, or may decide to cease selling our products and services altogether in favor of a competitor’s products and services. They may also have incentives
to promote our competitors’ products to the detriment of our own, or they may cease selling our products altogether. We cannot ensure that we will retain
these channel partners or that we will be able to secure additional or replacement partners or that existing channel partners will continue to perform. The loss
of one or more of our significant channel partners or the failure to obtain and ship a number of large orders each quarter through them could harm our
operating results.

In addition, we may be impacted by consolidation of our existing channel partners. In such instances, we may experience changes to our overall
business and operational relationships due to dealing with a larger combined entity, and our ability to maintain such relationships on favorable contractual
terms may be more limited. We may also become increasingly dependent on a more limited number of channel partners, as consolidation increases the
relative proportion of our business for which each channel partner is responsible, which may magnify the risks described in the preceding paragraphs. In July
2017, Exclusive, which distributes our solutions to a large group of resellers and end-customers, acquired Fine Tec U.S. Since the acquisition of Fine Tec
U.S., Exclusive’s business with us has increased and may continue to increase in the future. Exclusive accounted for 38% and 35% of our total net accounts
receivable as of December 31, 2018 and December 31, 2017. During 2016, 2017 and 2018, Exclusive accounted for 20% and 25% and 30% of our total
revenue, respectively.

In addition, any new sales channel partner will require extensive training and may take several months or more to achieve productivity. Our channel
partner sales structure could subject us to lawsuits, potential liability and reputational harm if, for example, any of our channel partners misrepresent the
functionality of our products or services to end-customers or our channel partners violate laws or our corporate policies. We depend on our global channel
partners to comply with applicable legal and regulatory requirements. To the extent that they fail to do so, that could have a material adverse effect on our
business, operating results and financial condition. If we fail to optimize our channel partner model or fail to manage existing sales channels, our business will
be seriously harmed.

Actual, possible or perceived defects or vulnerabilities in our products or services, the failure of our products or services to detect or prevent a security
breach or the misuse of our products could harm our reputation and divert resources.

Because our products and services are complex, they have contained and may contain defects or errors that are not detected until after their
commercial release and deployment by our customers. Defects or vulnerabilities may impede or block network traffic, cause our products or services to be
vulnerable to electronic break-ins or cause them to fail to help secure networks. We are also susceptible to errors, defects, vulnerabilities or attacks that may
arise at, or be inserted into our products in, different stages in our supply chain, or manufacturing processes, and which are out of our control. Attacks may
target specific unidentified or unresolved vulnerabilities that exist or arrive only in the supply chain, making these attacks virtually impossible to anticipate
and difficult to defend against. Different customers deploy and use our products in different ways, and certain deployments and usages may subject our
products to adverse conditions that may negatively impact the effectiveness and useful lifetime of our products. Our networks and products, including cloud-
based technology, could be targeted by attacks specifically designed to disrupt our business and harm our reputation. We cannot ensure that our products will
prevent all security threats. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not
recognized until launched against a target, we may be unable to anticipate these techniques. In addition, defects or errors in our FortiGuard security
subscription or FortiCare updates or our FortiGate appliances and operating systems could result in a failure of our FortiGuard security subscription services
to effectively update end-customers’ FortiGate appliances and cloud-based products and thereby leave customers vulnerable to attacks. Furthermore, our
solutions may also fail to detect or prevent viruses, worms or similar threats due to a number of reasons such as the evolving nature of such threats and the
continual emergence of new threats that we may fail to add to our FortiGuard databases in time to protect our end-customers’ networks. Our FortiGuard or
FortiCare data centers and networks may also experience technical failures and downtime, and may fail to distribute appropriate updates, or fail to meet the
increased requirements of our customer base. Any such technical failure, downtime or failures in general may temporarily or permanently expose our end-
customers’ networks, leaving their networks unprotected against the latest security threats.

An actual, possible or perceived security breach or infection of the network of one of our end-customers, regardless of whether the breach is
attributable to the failure of our products or services to prevent the security breach, could adversely affect

17
Table of Contents

the market’s perception of our security products and services and, in some instances, subject us to potential liability that is not contractually limited. We may
not be able to correct any security flaws or vulnerabilities promptly, or at all. Our products may also be misused by end-customers or third parties who obtain
access to our products. For example, our products could be used to censor private access to certain information on the internet. Such use of our products for
censorship could result in negative press coverage and negatively affect our reputation, even if we take reasonable measures to prevent any improper
shipment of our products or if our products are provided by an unauthorized third party. Any actual, possible or perceived defects, errors or vulnerabilities in
our products, or misuse of our products, could result in:

• the expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate or work around errors or
defects or to address and eliminate vulnerabilities;

• the loss of existing or potential end-customers or channel partners;

• delayed or lost revenue;

• delay or failure to attain market acceptance;

• negative publicity and harm to our reputation; and

• litigation, regulatory inquiries or investigations that may be costly and harm our reputation and, in some instances, subject us to potential
liability that is not contractually limited.

If we do not appropriately manage any future growth, including through the expansion of our real estate facilities, or are unable to improve our systems,
processes and controls, our operating results will be negatively affected.

We rely heavily on information technology to help manage critical functions such as order configuration, pricing and quoting, revenue recognition,
financial forecasts, inventory and supply chain management and trade compliance reviews. In addition, we have been slow to adopt and implement certain
automated functions, which could have a negative impact on our business. For example, a large part of our order processing relies on manual data entry of
customer purchase orders received through email and, to a lesser extent, through electronic data interchange from our customers. Combined with the fact that
we may receive a large amount of our orders in the last few weeks of any given quarter, an interruption in our email service or other systems could result in
delayed order fulfillment and decreased billings and revenue for that quarter.

To manage any future growth effectively, we must continue to improve and expand our information technology and financial, operating, security and
administrative systems and controls, and our business continuity and disaster recovery plans and processes, and continue to manage headcount, capital and
processes in an efficient manner. We may not be able to successfully implement requisite improvements to these systems, controls and processes, such as
system capacity, access, security and change management controls, in a timely or efficient manner. Our failure to improve our systems and processes, or their
failure to operate in the intended manner, whether as a result of the significant growth of our business or otherwise, may result in our inability to manage the
growth of our business and to accurately forecast our revenue, expenses and earnings, or to prevent certain losses. Moreover, the failure of our systems and
processes could undermine our ability to provide accurate, timely and reliable reports on our financial and operating results and could impact the effectiveness
of our internal control over financial reporting.

In addition, our systems, processes and controls may not prevent or detect all errors, omissions, malfeasance or fraud, such as corruption and
improper “side agreements” that may impact revenue recognition or result in financial liability. Our productivity and the quality of our products and services
may also be adversely affected if we do not integrate and train our new employees quickly and effectively. Any future growth would add complexity to our
organization and require effective coordination throughout our organization. Failure to ensure appropriate systems, processes and controls and to manage any
future growth effectively could result in increased costs and harm our reputation and results of operations.

We have expanded our office real estate holdings to meet our projected growing need for office space. We purchased office buildings in Ottawa and
Burnaby, Canada in 2017, and we have started construction on a second building adjacent to our Sunnyvale headquarters as we expand our campus in
Sunnyvale, California. These plans will require significant capital expenditure over the next several years and involve certain risks, including impairment
charges and acceleration of depreciation, changes in future business strategy that may decrease the need for expansion (such as a decrease in headcount) and,
risks related to construction. Future changes in growth or fluctuations in cash flow may also negatively impact our ability

18
Table of Contents

to pay for these projects or free cash flow. Additionally, inaccuracies in our projected capital expenditures could negatively impact our business, operating
results and financial condition.

We may experience difficulties maintaining and expanding our ERP and CRM systems.

The maintenance of our ERP and CRM systems has required, and will continue to require, the investment of significant financial and human
resources. In addition, we may choose to upgrade or expand the functionality of our ERP and CRM systems, leading to additional costs. We may also
discover deficiencies in our design or maintenance of the ERP or CRM systems that could adversely affect our ability to forecast orders, process orders, ship
products, provide services and customer support, send invoices and track payments, fulfill contractual obligations, accurately maintain books and records,
provide accurate, timely and reliable reports on our financial and operating results, or otherwise operate our business. Additionally, if the system does not
operate as intended, the effectiveness of our internal control over financial reporting could be adversely affected or our ability to assess it adequately could be
delayed. Further, we recently implemented new systems to comply with the new revenue recognition standard and may further expand the scope of our ERP
and CRM systems. Our operating results may be adversely affected if these upgrades or expansions are delayed or if the systems do not function as intended
or are not sufficient to meet our operating requirements.

If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating
results could fall below expectations of securities analysts and investors, resulting in a decline in our stock price.

The preparation of financial statements in conformity with generally accepted accounting principles requires management to make estimates and
assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience
and on various other assumptions that we believe to be reasonable under the circumstances, as provided in “Management’s Discussion and Analysis of
Financial Condition and Results of Operations” in this Annual Report on Form 10-K, the results of which form the basis for making judgments about the
carrying values of assets and liabilities that are not readily apparent from other sources. Additionally, in connection with adopting and implementing the new
revenue accounting standard, management will continue to make judgments and assumptions based on our interpretation of the new standard. The new
revenue standard is principles based and interpretation of those principles may vary from company to company based on their unique circumstances. It is
possible that interpretation, industry practice and guidance may evolve. Our operating results may be adversely affected if our assumptions change or if actual
circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of securities analysts and investors,
resulting in a decline in our stock price. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to
revenue recognition, deferred contract costs and commission expense, valuation of inventory, accounting for business combination, contingent liabilities and
accounting for income taxes. For example, a change in our sales compensation plan may materially impact our accounting for deferred contract costs, which
would impact our commission expense and therefore our future operating results.

We offer retroactive price protection to certain of our major distributors, and if we fail to balance their inventory with end-customer demand for our
products, our allowance for price protection may be inadequate, which could adversely affect our results of operations.

We provide certain of our major distributors with price protection rights for inventories of our products held by them. If we reduce the list price of
our products, certain distributors receive refunds or credits from us that reduce the price of such products held in their inventory based upon the new list price.
Future credits for price protection will depend on the percentage of our price reductions for the products in inventory and our ability to manage the levels of
our major distributors’ inventories. If future price protection adjustments are higher than expected, our future results of operations could be materially and
adversely affected.

19
Table of Contents

Because we depend on several third-party manufacturers to build our products, we are susceptible to manufacturing delays that could prevent us from
shipping customer orders on time, if at all, and may result in the loss of sales and customers, and third-party manufacturing cost increases could result in
lower gross margins and free cash flow.

We outsource the manufacturing of our security appliance products to contract manufacturing partners and original design manufacturing partners
including manufacturers with facilities located in Taiwan, China and other countries outside the United States such as Micro-Star, Wistron, Senao, ADLINK
and IBASE. Our reliance on our third-party manufacturers in Asia and elsewhere reduces our control over the manufacturing process, exposing us to risks,
including reduced control over quality assurance, costs, supply and timing and possible tariffs. Any manufacturing disruption by our third-party
manufacturers could impair our ability to fulfill orders. If we are unable to manage our relationships with these third-party manufacturers effectively, or if
these third-party manufacturers experience delays, increased manufacturing lead-times, disruptions, capacity constraints or quality control problems in their
manufacturing operations, or fail to meet our future requirements for timely delivery, our ability to ship products to our customers could be impaired and our
business would be seriously harmed.

These manufacturers fulfill our supply requirements on the basis of individual purchase orders. We have no long-term contracts or arrangements with
our third-party manufacturers that guarantee capacity, the continuation of particular payment terms or the extension of credit limits. Accordingly, they are not
obligated to continue to fulfill our supply requirements, and the prices we are charged for manufacturing services could be increased on short notice. If we are
required to change third-party manufacturers, our ability to meet our scheduled product deliveries to our customers would be adversely affected, which could
cause the loss of sales and existing or potential customers, delayed revenue or an increase in our costs, which could adversely affect our gross margins. Our
individual product lines are generally manufactured by only one manufacturing partner. Any production or shipping interruptions for any reason, such as a
natural disaster, epidemic, capacity shortages, quality problems or strike or other labor disruption at one of our manufacturing partners or locations or at
shipping ports or locations, would severely affect sales of our product lines manufactured by that manufacturing partner. Furthermore, manufacturing cost
increases for any reason could result in lower gross margins.

Our proprietary SPU, which is the key to the performance of our appliances, is built by contract manufacturers including Faraday, MegaChips
Corporation and Renesas. These contract manufacturers use foundries operated by UMC, TSMC or Renesas on a purchase-order basis, and these foundries do
not guarantee their capacity and could delay orders or increase their pricing. Accordingly, the foundries are not obligated to continue to fulfill our supply
requirements, and due to the long lead time that a new foundry would require, we could suffer temporary inventory shortages of our SPU as well as increased
costs. In addition to our proprietary SPU, we also purchase off-the-shelf ASICs or integrated circuits from vendors for which we have experienced, and may
continue to experience, long lead times. Our suppliers may also prioritize orders by other companies that order higher volumes or more profitable products. If
any of these manufacturers materially delays its supply of ASICs or specific product models to us, or requires us to find an alternate supplier and we are not
able to do so on a timely and reasonable basis, or if these foundries materially increase their prices for fabrication of our ASICs, our business would be
harmed.

In addition, our reliance on third-party manufacturers and foundries limits our control over environmental regulatory requirements such as the
hazardous substance content of our products and therefore our ability to ensure compliance with the Restriction of Hazardous Substances Directive (the “EU
RoHS”) adopted in the European Union (the “EU”) and other similar laws. It also exposes us to the risk that certain minerals and metals, known as “conflict
minerals,” that are contained in our products have originated in the Democratic Republic of the Congo or an adjoining country. As a result of the passage of
the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”), the SEC adopted disclosure requirements for public companies
whose products contain conflict minerals that are necessary to the functionality or production of such products. Under these rules, we are required to obtain
sourcing data from suppliers, perform supply chain due diligence, and file annually with the SEC a specialized disclosure report on Form SD covering the
prior calendar year. We have incurred and expect to incur additional costs to comply with the rules, including costs related to efforts to determine the origin,
source and chain of custody of the conflict minerals used in our products and the adoption of conflict minerals-related governance policies, processes and
controls. Moreover, the implementation of these compliance measures could adversely affect the sourcing, availability and pricing of materials used in the
manufacture of our products to the extent that there may be only a limited number of suppliers that are able to meet our sourcing requirements, which would
make it more difficult to obtain such materials in sufficient quantities or at competitive prices. We may also encounter customers who require that all of the
components of our products be certified as conflict-free. If we are not able to meet customer requirements, such customers may choose to not purchase our
products, which could impact our sales and the value of portions of our inventory.

20
Table of Contents

Because some of the key components in our products come from limited sources of supply, we are susceptible to supply shortages, long lead times for
components, and supply changes, each of which could disrupt or delay our scheduled product deliveries to our customers, result in inventory shortage,
cause loss of sales and customers or increase component costs resulting in lower gross margins and free cash flow.

We and our contract manufacturers currently purchase several key parts and components used in the manufacture of our products from limited
sources of supply. We are therefore subject to the risk of shortages and long lead times in the supply of these components and the risk that component
suppliers discontinue or modify components used in our products. We have in the past experienced, and are currently experiencing, shortages and long lead
times for certain components. Certain of our limited source components for particular appliances and suppliers of those components include: specific types of
CPUs from Intel, network chips from Broadcom, Marvell and Intel, and memory devices from Intel, ADATA, OCZ, Samsung and Western Digital. We also
may face shortages in the supply of the capacitors and resistors that are used in the manufacturing of our products. The introduction by component suppliers
of new versions of their products, particularly if not anticipated by us or our contract manufacturers, could require us to expend significant resources to
incorporate these new components into our products. In addition, if these suppliers were to discontinue production of a necessary part or component, we
would be required to expend significant resources and time in locating and integrating replacement parts or components from another vendor. Qualifying
additional suppliers for limited source parts or components can be time-consuming and expensive.

Our manufacturing partners have experienced long lead times for the purchase of components incorporated into our products. Lead times for
components may be adversely impacted by factors outside of our control, such as natural disasters and other factors. Our reliance on a limited number of
suppliers involves several additional risks, including:

• a potential inability to obtain an adequate supply of required parts or components when required;

• financial or other difficulties faced by our suppliers;

• infringement or misappropriation of our intellectual property;

• price increases;

• failure of a component to meet environmental or other regulatory requirements;

• failure to meet delivery obligations in a timely fashion; and

• failure in component quality.

The occurrence of any of these events would be disruptive to us and could seriously harm our business. Any interruption or delay in the supply of
any of these parts or components, or the inability to obtain these parts or components from alternate sources at acceptable prices and within a reasonable
amount of time, would harm our ability to meet our scheduled product deliveries to our distributors, resellers and end-customers. This could harm our
relationships with our channel partners and end-customers and could cause delays in shipment of our products and adversely affect our results of operations.
In addition, increased component costs could result in lower gross margins.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.

A significant portion of our operating expenses are incurred outside the United States. These expenses are denominated in foreign currencies and are
subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro and Canadian dollar and, to a lesser extent, the
British pound. Additionally, fluctuations in the exchange rate of the Canadian dollar may negatively impact our development plans in Burnaby, Canada.
While we are not currently engaged in material hedging activities, we have been hedging currency exposures relating to certain balance sheet
accounts through the use of forward exchange contracts. If we stop hedging against any of these risks or if our attempts to hedge against these currency
exposures are not successful, our financial condition and results of operations could be adversely affected. Our sales contracts are primarily denominated in
U.S. dollars and therefore, while substantially all of our revenue is not subject to foreign currency risk, it does not serve as a hedge to our foreign currency-
denominated operating expenses. In addition, a strengthening of the U.S. dollar may increase the real cost of our products to our customers outside of the
United States, which may also adversely affect our financial condition and results of operations.

21
Table of Contents

Failure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose end-
customers in the public sector or negatively impact our ability to contract with the public sector.

Our business is subject to regulation by various federal, state, regional, local and foreign governmental agencies, including agencies responsible for
monitoring and enforcing employment and labor laws, workplace safety, product safety, product labeling, environmental laws, consumer protection laws,
anti-bribery laws, data privacy laws, import and export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory
requirements may be more stringent than in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations,
sanctions, enforcement actions, disgorgement of profits, fines, damages and civil and criminal penalties or injunctions. If any governmental sanctions are
imposed, or if we do not prevail in any possible civil or criminal litigation, our business, operating results and financial condition could be adversely affected.
In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees.
Enforcement actions and sanctions could harm our business, operating results and financial condition.

For example, with respect to data privacy and protection, the General Data Protection Regulation (the “GDPR”), which became effective in May
2018 and superseded current EU data protection regulations, imposes stringent data handling requirements on companies that receive or process personal data
of residents of the EU. Non-compliance with the GDPR could result in significant penalties, including data protection audits and heavy fines. Compliance
with, and the other burdens imposed by, the GDPR may limit our ability to operate or expand our business in Europe and could adversely impact our
operating results, as could delays or shortcomings in the implementation of our GDPR compliance program.

Additionally, we may be subject to other legal regimes throughout the world governing data handling, protection and privacy. For example, in June
2018, California passed the California Consumer Privacy Act (the “CCPA”), which provides new data privacy rights for consumers and new operational
requirements for companies and will become effective in 2020. Fines for noncompliance may be up to $7,500 per violation. The costs of compliance with,
and other burdens imposed by, the GDPR and CCPA may limit the use and adoption of our products and services and could have an adverse impact on our
business.

Selling our solutions to the U.S. government, whether directly or through channel partners, also subjects us to certain regulatory and contractual
requirements. Failure to comply with these requirements by either us or our channel partners could subject us to investigations, fines, other penalties and
damages, which could have an adverse effect on our business, operating results, financial condition and prospects. As an example, the U.S. Department of
Justice (the “DOJ”), on its own behalf or on behalf of the General Services Administration (the “GSA”), as well as individuals, has in the past pursued claims
against, reached financial settlements with or otherwise obtained damages from companies that sell electronic equipment and from IT vendors under the False
Claims Act and other statutes related to pricing, discount practices and compliance with laws related to sales to the federal government, such as the Trade
Agreements Act. The DOJ continues to actively pursue such claims. Violations of certain regulatory and contractual requirements could also result in us being
suspended or debarred from future government contracting. Any of these outcomes could have an adverse effect on our revenue, operating results, financial
condition and prospects. See Part I, Item 3 of this Annual Report on Form 10-K for more information on our legal proceedings.

These laws and regulations impose added costs on our business, and failure to comply with these or other applicable regulations and requirements,
including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, termination of contracts, loss of exclusive rights
in our intellectual property and temporary suspension or permanent debarment from government contracting. Any such damages, penalties, disruptions or
limitations in our ability to do business with the public sector could have an adverse effect on our business and operating results.

Global economic uncertainty and weakening product demand caused by political instability and conflict could adversely affect our business and financial
performance.

Economic uncertainty in various global markets caused by political instability and conflict has resulted, and may continue to result, in weakened
demand for our products and services and difficulty for us in forecasting our financial results and managing inventory levels. Political developments
impacting government spending and international trade, including government shutdowns in the United States, continued uncertainty surrounding the United
Kingdom’s departure from the EU and trade disputes and tariffs, may negatively impact markets and cause weaker macroeconomic conditions. The effects of
these events may continue due to potential additional U.S. government shutdowns, instability in the United Kingdom and the EU as the terms of Brexit
remain under negotiation and the prolonging of the United States’ trade disputes with China and other countries. The continuing effect of any or all of these
events could adversely impact demand for our products, harm our operations and weaken our financial results.

22
Table of Contents

We are subject to governmental export and import controls that could subject us to liability or restrictions on sales, and could impair our ability to
compete in international markets.

Because we incorporate encryption technology into our products, certain of our products are subject to U.S. export controls and may be exported
outside the United States only with the required export license or through an export license exception, and may be prohibited altogether from export to certain
countries. If we were to fail to comply with U.S. export laws, U.S. Customs regulations and import regulations, U.S. economic sanctions and other countries’
import and export laws, we could be subject to substantial civil and criminal penalties, including fines for the company and incarceration for responsible
employees and managers, and the possible loss of export or import privileges. In addition, if our channel partners fail to obtain appropriate import, export or
re-export licenses or permits (e.g. for stocking orders placed by our partners), we may also be adversely affected through reputational harm and penalties and
we may not be able to provide support related to appliances shipped pursuant to such orders. Obtaining the necessary export license for a particular sale may
be time-consuming and may result in the delay or loss of sales opportunities.

Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries,
governments and persons. Even though we take precautions to prevent our product from being shipped to U.S. sanctions targets, our products could be
shipped to those targets by our channel partners, despite such precautions. Any such shipment could have negative consequences including government
investigations and penalties and reputational harm. In addition, various countries regulate the import of certain encryption technology, including import
permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to
implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our
products in international markets, prevent our customers with international operations from deploying our products globally or, in some cases, prevent the
export or import of our products to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or
related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such
regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with
international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our
business, financial condition and results of operations.

Efforts to withdraw from or materially modify international trade agreements, to change tax provisions related to global manufacturing and sales or to
impose new tariffs, economic sanctions or related legislation, any of which could adversely affect our financial condition and results of operations.

Our business benefits directly and indirectly from free trade agreements, and we also rely on various U.S. corporate tax provisions related to
international commerce, as we develop, market and sell our products and services globally. Efforts to withdraw from or materially modify international trade
agreements, or to change corporate tax policy related to international commerce, could adversely affect our financial condition and results of operations as
could the continuing uncertainty regarding whether such actions will be taken.

Moreover, efforts to implement changes related to export or import regulations (including the imposition of new border taxes or tariffs on foreign
imports), trade barriers, economic sanctions and other related policies could harm our results of operations. For example, in March 2018, the current
administration imposed a 25% tariff on steel imports and a 10% tariff on aluminum imports and announced additional tariffs on goods imported from China
specifically, as well as certain other countries. Subsequently, in September 2018, additional tariffs were imposed by the United States on some goods imported
from China, including certain electronics and IT products. Other countries have in turn imposed retaliatory tariffs on goods exported from the United States
and both the United States and foreign countries have threatened to alter or leave current trade agreements. While we do not currently expect these tariffs to
have a significant effect on our raw material and product import costs, if the United States expands increased tariffs, or retaliatory trade measures are taken by
China or other countries in response to the tariffs, the cost of our products could increase, our operations could be disrupted or we could be required to raise
our prices, which may result in the loss of customers and harm to our reputation and operating performance.

Any modification in these areas, any shift in the enforcement or scope of existing regulations or any change in the countries, governments, persons
or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to,
existing or potential end-customers with international operations and could result in increased costs. Any decreased use of our products or limitation on our
ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.

23
Table of Contents

If we fail to comply with environmental requirements, our business, financial condition, operating results and reputation could be adversely affected.

We are subject to various environmental laws and regulations, including laws governing the hazardous material content of our products, laws relating
to our real property and future expansion plans and laws concerning the recycling of electrical and electronic equipment. The laws and regulations to which
we are subject include the EU RoHS and the EU Waste Electrical and Electronic Equipment Directive (the “WEEE Directive”), as well as the implementing
legislation of the EU member states. Similar laws and regulations have been passed or are pending in China, South Korea, Norway and Japan and may be
enacted in other regions, including in the United States, and we are, or may in the future be, subject to these laws and regulations.

The EU RoHS and the similar laws of other jurisdictions ban the use of certain hazardous materials such as lead, mercury, cadmium and certain
plastic additives in the manufacture of electrical equipment, including our products. We have incurred costs to comply with these laws, including research and
development costs, costs associated with assuring the supply of compliant components and costs associated with writing off noncompliant inventory. We
expect to continue to incur costs related to environmental laws and regulations in the future. With respect to the EU RoHS, we and our competitors rely on
exemptions for lead and other substances in network infrastructure equipment. It is possible this exemption will be revoked in the future. Additionally,
although the EU RoHS exemptions have been extended, it is possible that some of these exemptions may expire in the future without being extended. If this
exemption is revoked or expires without extension, if there are other changes to these laws (or their interpretation) or if new similar laws are passed in other
jurisdictions, we may be required to reengineer our products to use components compatible with these regulations. This reengineering and component
substitution could result in additional costs to us or disrupt our operations or logistics.

The EU has also adopted the WEEE Directive, which requires electronic goods producers to be responsible for the collection, recycling and
treatment of such products. Although currently our EU international channel partners are responsible for the requirements of this directive as the importer of
record in most of the European countries in which we sell our products, changes in interpretation of the regulations may cause us to incur costs or have
additional regulatory requirements in the future to meet in order to comply with this directive, or with any similar laws adopted in other jurisdictions.

Our failure to comply with these and future environmental rules and regulations could result in reduced sales of our products, increased costs,
substantial product inventory write-offs, reputational damage, penalties and other sanctions.

A portion of our revenue is generated by sales to government organizations, which are subject to a number of challenges and risks.

Sales to U.S. and foreign federal, state and local governmental agency end-customers have accounted for a portion of our revenue in past periods,
and we may in the future increase sales to government organizations. Sales to government organizations are subject to a number of risks. Selling to
government organizations can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense, with long sales
cycles and without any assurance of winning a sale.

Government demand, sales and payment for our products and services may be negatively impacted by numerous factors and requirements unique to
selling to government agencies, such as:

• public sector budgetary cycles;

• funding authorizations and requirements unique to government agencies, with funding or purchasing reductions or delays adversely
affecting public sector demand for our products;

• geopolitical matters, including tariff and trade disputes, Brexit and government shutdowns; and

• rules and regulations applicable to certain government sales, including GSA regulations.

The rules and regulations applicable to sales to government organizations may also negatively impact sales to other organizations. To date, we have
had limited traction in sales to U.S. federal government agencies, and any future sales to government organizations is uncertain. Government organizations
may have contractual or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such
termination may adversely impact our future results of operations. For example, if the distributor receives a significant portion of its revenue from sales to
such government organization, the financial health of the distributor could be substantially harmed, which could negatively affect

24
Table of Contents

our future sales to such distributor. Governments routinely investigate, review and audit government vendors’ administrative and other processes, and any
unfavorable investigation, audit or other review could result in the government’s refusing to continue buying our products and services, a reduction of revenue
or fines, or civil or criminal liability if the investigation, audit or other review uncovers improper, illegal or otherwise concerning activities. Any such
penalties could adversely impact our results of operations in a material way. Finally, purchases by the U.S. government may require certain products to be
manufactured in the United States and other high cost manufacturing locations, and we may not manufacture all products in locations that meet the
requirements of the U.S. government.

False detection of vulnerabilities, viruses or security breaches or false identification of spam or spyware could adversely affect our business.

Our FortiGuard security subscription services may falsely detect, report and act on viruses or other threats that do not actually exist. This risk is
heightened by the inclusion of a “heuristics” feature in our products, which attempts to identify viruses and other threats not based on any known signatures
but based on characteristics or anomalies that may indicate that a particular item is a threat. When our end-customers enable the heuristics feature in our
products, the risk of falsely identifying viruses and other threats significantly increases. These false positives, while typical in the industry, may impair the
perceived reliability of our products and may therefore adversely impact market acceptance of our products. Also, our FortiGuard security subscription
services may falsely identify emails or programs as unwanted spam or potentially unwanted programs, or alternatively fail to properly identify unwanted
emails or programs, particularly as spam emails or spyware are often designed to circumvent anti-spam or spyware products. Parties whose emails or
programs are blocked by our products may seek redress against us for labeling them as spammers or spyware, or for interfering with their business. In
addition, false identification of emails or programs as unwanted spam or potentially unwanted programs may reduce the adoption of our products. If our
system restricts important files or applications based on falsely identifying them as malware or some other item that should be restricted, this could adversely
affect end-customers’ systems and cause material system failures. In addition, our threat researchers periodically identify vulnerabilities in various third-party
products, and, if these identifications are perceived to be incorrect or are in fact incorrect, this could harm our business. Any such false identification or
perceived false identification of important files, applications or vulnerabilities could result in negative publicity, loss of end-customers and sales, increased
costs to remedy any problem and costly litigation.

If our internal enterprise IT networks, on which we conduct internal business and interface externally, or our operational networks, through which we
connect to customer systems and provide services, are compromised, public perception of our products and services will be harmed, we may become
subject to liability, and our business, operating results and stock price may be adversely impacted.

Our success depends on the market’s confidence in our ability to provide effective network security protection. Despite our efforts and processes to
prevent breaches of our internal network system and website, we are still vulnerable to computer viruses, break-ins, phishing attacks, attempts to overload our
servers with denial-of-service and other cyber-attacks and similar disruptions from unauthorized access to our internal network system or our website. Our
security measures may also be breached due to employee error, malfeasance or otherwise, which breaches may be more difficult to detect than outsider
threats, and the existing programs and trainings we have in place to prevent such insider threats may not be effective or sufficient. Third parties may also
attempt to fraudulently induce our employees to transfer funds or disclose information in order to gain access to our network and confidential information. We
cannot guarantee that the measures we have taken to protect our network and website will provide absolute security. Moreover, because we provide network
security products, we may be a more attractive target for attacks by computer hackers. Hackers and malicious parties may be able to develop and deploy
viruses, worms, ransomware and other malicious software programs that attack our products and customers or otherwise exploit any security vulnerabilities of
our products, or attempt to fraudulently induce our employees, customers or others to disclose passwords or other sensitive information or unwittingly
provide access to our internal network system or data. Although we have not yet experienced significant damages from unauthorized access by a third party of
our internal network or website, an actual or perceived breach of network security occurs in our internal systems or website could adversely affect the market
perception of our products and services and investor confidence in our company. Any breach of our network system or website could impair our ability to
operate our business, including our ability to provide FortiGuard security subscription and FortiCare technical support services to our end-customers, lead to
interruptions or system slowdowns, cause loss of critical data or lead to the unauthorized disclosure or use of confidential, proprietary or sensitive
information. We could also be subject to liability and litigation and reputational harm and our channel partners and end-customers may be harmed, lose
confidence in us and decrease or cease using our products and services. Any breach of our internal network system or our website could have an adverse
effect on our business, operating results and stock price.

25
Table of Contents

Our ability to sell our products is dependent on the quality of our technical support services, and our failure to offer high quality technical support
services would have a material adverse effect on our sales and results of operations.

Once our products are deployed within our end-customers’ networks, our end-customers depend on our technical support services, as well as the
support of our channel partners and other third parties, to resolve any issues relating to our products. If we, our channel partners or other third parties do not
effectively assist our customers in planning, deploying and operational proficiency for our products, succeed in helping our customers quickly resolve post-
deployment issues and provide effective ongoing support, our ability to sell additional products and services to existing customers would be adversely
affected and our reputation with potential customers could be damaged. Many large end-customers, and service provider or government organization end-
customers, require higher levels of support than smaller end-customers because of their more complex deployments and more demanding environments and
business models. If we, our channel partners or other third parties fail to meet the requirements of our larger end-customers, it may be more difficult to
execute on our strategy to increase our penetration with large businesses, service providers and government organizations. As a result, our failure to maintain
high quality support services would have a material adverse effect on our business, financial condition and results of operations.

We could be subject to changes in our tax rates, the adoption of new U.S. or international tax legislation or exposure to additional tax liabilities.

We are subject to taxes in the United States and numerous foreign jurisdictions, where a number of our subsidiaries are organized. Our provision for
income taxes is subject to volatility and could be adversely affected by several factors, many of which are outside of our control. These include:

• the mix of earnings in countries with differing statutory tax rates or withholding taxes;

• changes in the valuation of our deferred tax assets and liabilities;

• transfer pricing adjustments;

• an increase in non-deductible expenses for tax purposes, including certain stock-based compensation expense;

• tax costs related to intercompany realignments;

• tax assessments resulting from income tax audits or any related tax interest or penalties that could significantly affect our provision for
income taxes for the period in which the settlement takes place; and

• changes in accounting principles, court decisions, tax rulings, and interpretations of or changes to tax laws, and regulations by international,
federal or local governmental authorities.

We have open tax years that could be subject to the examination by the Internal Revenue Service (the “IRS”) and other tax authorities. We currently
have ongoing tax audits in the United Kingdom, Israel, India and Italy. The focus of all of these audits is the allocation of profit between our legal entities. We
regularly assess the likelihood of adverse outcomes resulting from such examinations to determine the adequacy of our provision for income taxes.

Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial
statements and may materially affect our financial results in the period or periods for which such determination is made.

In December 2017, the U.S. federal government enacted the Tax Cuts and Jobs Act (the “2017 Tax Act”). The 2017 Tax Act reduced the federal
corporate income tax rate from 35% to 21% and created a territorial tax system with a one-time mandatory tax on foreign earnings of U.S. subsidiaries not
previously subject to U.S. income tax. In December 2017, the Securities and Exchange Commission (the “SEC”) staff issued Staff Accounting Bulletin No.
118, Income Tax Accounting Implications of the Tax Cuts and Jobs Act (“SAB 118”), which allowed us to record provisional amounts during a measurement
period not to extend beyond one year of the enactment date. As a result, we previously provided a provisional estimate of the effect of the 2017 Tax Act in our
financial statements. In the fourth quarter of 2018, we completed our analysis to determine the effect of the 2017 Tax Act within the measurement period
under the SEC guidance. We expect further guidance may be forthcoming from the Financial Accounting Standards Board (“FASB”) and the SEC, as well as
regulations, interpretations and rulings from federal and state tax agencies, which could result in additional impacts. We will continue to monitor and assess
the impact of the 2017 Tax Act and the ongoing guidance and accounting interpretations issued in response to the 2017 Tax Act.

26
Table of Contents

The Ninth Circuit Court of Appeals is expected to issue a decision in Altera Corp. v. Commissioner regarding the treatment of stock-based
compensation expense in a cost sharing arrangement, which could have a material effect on our tax obligations and effective tax rate for the quarter in which
the decision is issued.

We may undertake corporate operating restructurings or transfers of assets that involve our group of foreign country subsidiaries through which we
do business abroad, in order to maximize the operational and tax efficiency of our group structure. If ineffectual, such restructurings or transfers could
increase our income tax liabilities, and in turn, increase our global effective tax rate. Moreover, our existing corporate structure and intercompany
arrangements have been implemented in a manner we believe is in compliance with current prevailing tax laws. However, the tax authorities of the
jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, which could impact our
worldwide effective tax rate and harm our financial position and operating results.

Significant judgment is required in determining any valuation allowance recorded against deferred tax assets. In assessing the need for a valuation
allowance, we consider all available evidence, including past operating results, estimates of future taxable income and the feasibility of tax planning
strategies. In the event that we change our determination as to the amount of deferred tax assets that can be realized, we will adjust our valuation allowance
with a corresponding impact to the provision for income taxes in the period in which such determination is made.

Forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between our forecasted
and actual tax rates.

Forecasts of our income tax position and effective tax rate are complex, subject to uncertainty and periodic updates because our income tax position
for each year combines the effects of a mix of profits earned and losses incurred by us in various tax jurisdictions with a broad range of income tax rates, as
well as changes in the valuation of deferred tax assets and liabilities, the impact of various accounting rules and changes to these rules and tax laws, the
results of examinations by various tax authorities, and the impact of any acquisition, business combination or other reorganization or financing transaction. To
forecast our global tax rate, we estimate our pre-tax profits and losses by jurisdiction and forecast our tax expense by jurisdiction. If the mix of profits and
losses, our ability to use tax credits or effective tax rates in a given jurisdiction differs from our estimate, our actual tax rate could be materially different than
forecasted, which could have a material impact on our results of business, financial condition and results of operations. Additionally, our actual tax rate may
be subject to further uncertainty due to potential changes in U.S. and foreign tax rules.

As a multinational corporation, we conduct our business in many countries and are subject to taxation in many jurisdictions. The taxation of our
business is subject to the application of multiple and sometimes conflicting tax laws and regulations, as well as multinational tax conventions. Our effective
tax rate is highly dependent upon the geographic distribution of our worldwide earnings or losses, the tax regulations and tax holidays in each geographic
region, the availability of tax credits and carryforwards and the effectiveness of our tax planning strategies. The application of tax laws and regulations is
subject to legal and factual interpretation, judgment and uncertainty. Tax laws themselves are subject to change as a result of changes in fiscal policy, changes
in legislation and the evolution of regulations and court rulings. Consequently, tax authorities may impose tax assessments or judgments against us that could
materially impact our tax liability and/or our effective income tax rate.

The Organisation for Economic Co-operation and Development (the “OECD”), an international association comprised of 36 countries, including the
United States, has issued and continues to issue guidelines and proposals that change various aspects of the existing framework under which our tax
obligations are determined in many of the countries in which we do business. Due to our extensive international business activities, any changes in the
taxation of such activities could increase our tax obligations in many countries and may increase our worldwide effective tax rate.

27
Table of Contents

Our inability to acquire and integrate other businesses, products or technologies could seriously harm our competitive position.

In order to remain competitive, we may seek to acquire additional businesses, products, technologies or intellectual property, such as patents. For
example, we closed our acquisitions of Bradford Networks, Inc. (“Bradford”) and ZoneFox Limited (“ZoneFox”) in the second quarter of 2018 and the fourth
quarter of 2018, respectively. For any past acquisition or possible future acquisition, we may not be successful in negotiating the terms of the acquisition,
financing the acquisition, or effectively integrating the acquired business, product, technology or intellectual property and sales force into our existing
business and operations. We may have difficulty incorporating acquired technologies, intellectual property or products with our existing product lines,
integrating reporting systems and procedures, and maintaining uniform standards, controls, procedures and policies. For example, we may experience
difficulties integrating an acquired company’s ERP or CRM systems, sales support and other processes and systems, with our current systems and processes.
Our due diligence may fail to identify all of the problems, liabilities or other shortcomings or challenges of an acquired business, product or technology,
including issues with intellectual property, product quality or product architecture, regulatory compliance practices, revenue recognition or other accounting
practices or employee or customer issues, and we may not accurately forecast the financial impact of an acquisition. In addition, any acquisitions we are able
to complete may be dilutive to revenue growth and earnings and may not result in any synergies or other benefits we had expected to achieve, which could
result in impairment charges that could be substantial. We may have to pay cash, incur debt or issue equity securities to pay for any acquisition, each of which
could affect our financial condition or the value of our capital stock and could result in dilution to our stockholders. Acquisitions during a quarter may result
in increased operating expenses and adversely affect our results of operations for that period or future periods compared to the results that we have previously
forecasted or achieved. Further, completing a potential acquisition and integrating acquired businesses, products, technologies or intellectual property could
significantly divert management time and resources.

Our business is subject to the risks of warranty claims, product returns, product liability and product defects.

Our products are very complex and, despite testing prior to their release, have contained and may contain undetected defects or errors, especially
when first introduced or when new versions are released. Product errors have affected the performance of our products and could delay the development or
release of new products or new versions of products, adversely affect our reputation and our end-customers’ willingness to buy products from us and
adversely affect market acceptance or perception of our products. Any such errors or delays in releasing new products or new versions of products or
allegations of unsatisfactory performance could cause us to lose revenue or market share, increase our service costs, cause us to incur substantial costs in
redesigning the products, cause us to lose significant end-customers, subject us to liability for damages and divert our resources from other tasks, any one of
which could materially and adversely affect our business, results of operations and financial condition. Our products must successfully interoperate with
products from other vendors. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. The occurrence of
hardware and software errors, whether or not caused by our products, could delay or reduce market acceptance of our products and have an adverse effect on
our business and financial performance, and any necessary revisions may cause us to incur significant expenses. The occurrence of any such problems could
harm our business, financial condition and results of operations.

Although we generally have limitation of liability provisions in our standard terms and conditions of sale, they may not fully or effectively protect us
from claims as a result of federal, state or local laws or ordinances or unfavorable judicial decisions in the United States or other countries, and in some
circumstances we may be required to indemnify a customer in full, without a limitation on liability, for certain liabilities, including potential liabilities that are
not contractually limited. The sale and support of our products also entail the risk of product liability claims. We maintain insurance to protect against certain
claims associated with the use of our products, but our insurance coverage may not cover such claim at all or may not adequately cover any claim asserted
against us, and in some instances may subject us to potential liability that is not contractually limited. In addition, even claims that ultimately are unsuccessful
could result in our expenditure of funds in litigation and divert management’s time and other resources.

28
Table of Contents

Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by manmade problems
such as civil unrest, labor disruption and terrorism.

A significant natural disaster, such as an earthquake, fire, power outage, flood or other catastrophic event, could have a material adverse impact on
our business, operating results and financial condition. Our corporate headquarters are located in the San Francisco Bay Area, a region known for seismic
activity, and our research and development and data center in Burnaby, Canada, from which we deliver to customers our FortiGuard security subscription
updates, is subject to the risk of flooding and is also in a region known for seismic activity. Any earthquake in the Bay Area or Burnaby, or flooding in
Burnaby could materially negatively impact our ability to provide products and services, such as FortiCare support and FortiGuard subscription services and
could otherwise materially negatively impact our business. In addition, natural disasters could affect our manufacturing vendors, suppliers or logistics
providers’ ability to perform services, such as obtaining product components and manufacturing products, or assisting with shipments, on a timely basis, as
well as our customers’ ability to order from us and our employees’ ability to perform their duties. In the event our or our service providers’ information
technology systems or manufacturing or logistics abilities are hindered by any of the events discussed above, shipments could be delayed, resulting in our
missing financial targets, such as revenue and shipment targets, for a particular quarter. In addition, regional instability, civil unrest, labor disruptions, acts of
terrorism and other geo-political unrest could cause disruptions in our business or the business of our manufacturers, logistics providers, partners or end-
customers, or of the economy as a whole. Given our typical concentration of sales at the end of each quarter, any disruption in the business of our
manufacturers, logistics providers, partners or end-customers that impacts sales at the end of our quarter could have a significant adverse impact on our
quarterly results. To the extent that any of the above results in security risks to our customers, delays or cancellations of customer orders, the delay of the
manufacture, deployment or shipment of our products or interruption or downtime of our services, our business, financial condition and results of operations
would be adversely affected.

Risks Related to Our Industry

The network security market is rapidly evolving and the complex technology incorporated in our products makes them difficult to develop. If we do not
accurately predict, prepare for and respond promptly to technological and market developments and changing end-customer needs, our competitive
position and prospects will be harmed.

The network security market is expected to continue to evolve rapidly. Moreover, many of our end-customers operate in markets characterized by
rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex networks,
incorporating a variety of hardware, software applications, operating systems and networking protocols. In addition, computer hackers and others who try to
attack networks employ increasingly sophisticated techniques to gain access to and attack systems and networks. The technology in our products is especially
complex because it needs to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on
network performance. Additionally, some of our new products and enhancements may require us to develop new hardware architectures and ASICs that
involve complex, expensive and time consuming research and development processes. For example, we enter into development agreements with third parties.
If our contract development projects are not successfully completed, or are not completed in a timely fashion, our product development could be delayed and
our business generally could suffer. Costs for contract development can be substantial and our profitability may be harmed if we are unable to recover these
costs. Although the market expects rapid introduction of new products or product enhancements to respond to new threats, the development of these products
is difficult and the timetable for commercial release and availability is uncertain and there can be long time periods between releases and availability of new
products. We have in the past and may in the future experience unanticipated delays in the availability of new products and services and fail to meet
previously announced timetables for such availability. If we do not quickly respond to the rapidly changing and rigorous needs of our end-customers by
developing and releasing and making available on a timely basis new products and services or enhancements that can respond adequately to new security
threats, our competitive position and business prospects will be harmed.

Moreover, business models based on software-as-a-service (“SaaS”), either hosted or cloud-based services, have become increasingly in-demand by
our end-customers and adopted by other providers, including our competitors. While we have introduced additional cloud-based products and services and
will continue to do so, most of our platform is currently deployed on premise, and therefore, if customers demand that our platform be provided through a
SaaS business model, we would be required to make additional investments in our infrastructure and personnel to be able to more fully provide our platform
through a SaaS model in order to maintain the competitiveness of our platform. Such investments may involve expanding our data centers, servers and
networks, and increasing our technical operations and engineering teams. These risks are compounded by the uncertainty concerning the future viability of
SaaS business models and the future demand for such models by customers. Additionally, if we are unable to meet the demand to provide our services
through a SaaS model, we may lose customers to competitors.

29
Table of Contents

Our uniform resource locator (“URL”) database for our web filtering service may fail to keep pace with the rapid growth of URLs and may not categorize
websites in accordance with our end-customers’ expectations.

The success of our web filtering service depends on the breadth and accuracy of our URL database. Although our URL database currently catalogs
millions of unique URLs, it contains only a portion of the URLs for all of the websites that are available on the internet. In addition, the total number of URLs
and software applications is growing rapidly, and we expect this rapid growth to continue in the future. Accordingly, we must identify and categorize content
for our security risk categories at an extremely rapid rate. Our database and technologies may not be able to keep pace with the growth in the number of
websites, especially the growing amount of content utilizing foreign languages and the increasing sophistication of malicious code and the delivery
mechanisms associated with spyware, phishing and other hazards associated with the internet. Further, the ongoing evolution of the internet and computing
environments will require us to continually improve the functionality, features and reliability of our web filtering function. Any failure of our databases to
keep pace with the rapid growth and technological change of the internet could impair the market acceptance of our products, which in turn could harm our
business, financial condition and results of operations.

In addition, our web filtering service may not be successful in accurately categorizing internet and application content to meet our end-customers’
expectations. We rely upon a combination of automated filtering technology and human review to categorize websites and software applications in our
proprietary databases. Our end-customers may not agree with our determinations that particular URLs should be included or not included in specific
categories of our databases. In addition, it is possible that our filtering processes may place material that is objectionable or that presents a security risk in
categories that are generally unrestricted by our customers’ internet and computer access policies, which could result in such material not being blocked from
the network. Conversely, we may miscategorize websites such that access is denied to websites containing information that is important or valuable to our
customers. Any miscategorization could result in customer dissatisfaction and harm our reputation. Any failure to effectively categorize and filter websites
according to our end-customers’ and channel partners’ expectations could impair the growth of our business.

If our new products and product enhancements do not achieve sufficient market acceptance, our results of operations and competitive position will suffer.

We spend substantial amounts of time and money to acquire and develop internally new products and enhanced versions of our existing products in
order to incorporate additional features, improved functionality or other enhancements in order to meet our customers’ rapidly evolving demands for network
security in our highly competitive industry. When we develop a new product or an enhanced version of an existing product, we typically incur expenses and
expend resources upfront to market, promote and sell the new offering. Therefore, when we develop and introduce new or enhanced products, they must
achieve high levels of market acceptance in order to justify the amount of our investment in developing and bringing them to market.

Our new products or product enhancements could fail to attain sufficient market acceptance for many reasons, including:

• delays in releasing our new products or enhancements to the market;

• failure to accurately predict market demand in terms of product functionality and to supply products that meet this demand in a timely
fashion;

• failure to have the appropriate research and development expertise and focus to make our top strategic fabric products successful;

• failure of our sales force and partners to focus on selling new products;

• inability to interoperate effectively with the networks or applications of our prospective end-customers;

• inability to protect against new types of attacks or techniques used by hackers;

• actual or perceived defects, vulnerabilities, errors or failures;

• negative publicity about their performance or effectiveness;

30
Table of Contents

• introduction or anticipated introduction of competing products by our competitors;

• poor business conditions for our end-customers, causing them to delay IT purchases;

• changes to the regulatory requirements around security; and

• reluctance of customers to purchase products incorporating open source software.

If our new products or enhancements do not achieve adequate acceptance in the market, our competitive position will be impaired, our revenue will
be diminished and the effect on our operating results may be particularly acute because of the significant research, development, marketing, sales and other
expenses we incurred in connection with the new product or enhancement.

Demand for our products may be limited by market perception that individual products from one vendor that provide multiple layers of security protection
in one product are inferior to point solution network security solutions from multiple vendors.

Sales of many of our products depend on increased demand for incorporating broad security functionality into one appliance. If the market for these
products fails to grow as we anticipate, our business will be seriously harmed. Target customers may view “all-in-one” network security solutions as inferior
to security solutions from multiple vendors because of, among other things, their perception that such products of ours provide security functions from only a
single vendor and do not allow users to choose “best-of-breed” defenses from among the wide range of dedicated security applications available. Target
customers might also perceive that, by combining multiple security functions into a single platform, our solutions create a “single point of failure” in their
networks, which means that an error, vulnerability or failure of our product may place the entire network at risk. In addition, the market perception that “all-
in-one” solutions may be suitable only for small and medium-sized businesses because such solution lacks the performance capabilities and functionality of
other solutions may harm our sales to large businesses, service provider and government organization end-customers. If the foregoing concerns and
perceptions become prevalent, even if there is no factual basis for these concerns and perceptions, or if other issues arise with our market in general, demand
for multi-security functionality products could be severely limited, which would limit our growth and harm our business, financial condition and results of
operations. Further, a successful and publicized targeted attack against us, exposing a “single point of failure,” could significantly increase these concerns and
perceptions and may harm our business and results of operations.

We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position.

The market for network security products is intensely competitive and we expect competition to intensify in the future. Our competitors include
companies such as Check Point, Cisco, F5 Networks, FireEye, Forcepoint, Imperva, Juniper, McAfee, Palo Alto Networks, Proofpoint, SonicWALL, Sophos
and Trend Micro.

Many of our existing and potential competitors enjoy substantial competitive advantages such as:

• greater name recognition and longer operating histories;

• larger sales and marketing budgets and resources;

• broader distribution and established relationships with distribution partners and end-customers;

• access to larger customer bases;

• greater customer support resources;

• greater resources to make acquisitions;

• lower labor and development costs; and

• substantially greater financial, technical and other resources.

31
Table of Contents

In addition, some of our larger competitors have substantially broader product offerings, and leverage their relationships based on other products or
incorporate functionality into existing products in a manner that discourages customers from purchasing our products. These larger competitors often have
broader product lines and market focus, and are in a better position to withstand any significant reduction in capital spending by end-customers in these
markets. Therefore, these competitors will not be as susceptible to downturns in a particular market. Also, many of our smaller competitors that specialize in
providing protection from a single type of network security threat are often able to deliver these specialized network security products to the market more
quickly than we can. Some of our smaller competitors are using third-party chips designed to accelerate performance. Conditions in our markets could change
rapidly and significantly as a result of technological advancements or continuing market consolidation. Our competitors and potential competitors may also be
able to develop products or services that are equal or superior to ours, achieve greater market acceptance of their products and services, and increase sales by
utilizing different distribution channels than we do. Our current and potential competitors may also offer point solutions, fabric and/or cloud security services
that compete with some of the features present in our platform. They may also establish cooperative relationships among themselves or with third parties that
may further enhance their resources. In addition, current or potential competitors may be acquired by third parties with greater available resources, and new
competitors may arise pursuant to acquisitions of network security companies or divisions. As a result of such acquisitions, competition in our market may
continue to increase and our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater
resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisition or other
opportunities more readily, or develop and expand their product and service offerings more quickly than we do. In addition, our competitors may bundle
products and services competitive with ours with other products and services. Customers may accept these bundled products and services rather than
separately purchasing our products and services. In addition, our competitors may bundle products and services competitive with ours with other products and
services. Customers may accept these bundled products and services rather than separately purchasing our products and services. As our customers refresh the
security products bought in prior years, they may seek to consolidate vendors, which may result in current customers choosing to purchase products from our
competitors on an ongoing basis. Due to budget constraints or economic downturns, organizations may be more willing to incrementally add solutions to their
existing network security infrastructure from competitors than to replace it with our solutions. These competitive pressures in our market or our failure to
compete effectively may result in price reductions, fewer customer orders, reduced revenue and gross margins and loss of market share.

If functionality similar to that offered by our products is incorporated into existing network infrastructure products, organizations may decide against
adding our appliances to their network, which would have an adverse effect on our business.

Large, well-established providers of networking equipment such as Cisco, F5 Networks and Juniper offer, and may continue to introduce, network
security features that compete with our products, either in standalone security products or as additional features in their network infrastructure products. The
inclusion of, or the announcement of an intent to include, functionality perceived to be similar to that offered by our security solutions in networking products
that are already generally accepted as necessary components of network architecture may have an adverse effect on our ability to market and sell our
products. Furthermore, even if the functionality offered by network infrastructure providers is more limited than our products, a significant number of
customers may elect to accept such limited functionality in lieu of adding appliances from an additional vendor such as us. Many organizations have invested
substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking
products, which may make them reluctant to add new components to their networks, particularly from other vendors such as us. In addition, an organization’s
existing vendors or new vendors with a broad product offering may be able to offer concessions that we are not able to match because we currently offer only
network security products and have fewer resources than many of our competitors. If organizations are reluctant to add additional network infrastructure from
new vendors or otherwise decide to work with their existing vendors, our business, financial condition and results of operations will be adversely affected.

32
Table of Contents

Risks Related to Intellectual Property

Our proprietary rights may be difficult to enforce, which could enable others to copy or use aspects of our products without compensating us.

We rely primarily on patent, trademark, copyright and trade secrets laws and confidentiality procedures and contractual provisions to protect our
technology. Valid patents may not issue from our pending applications, and the claims eventually allowed on any patents may not be sufficiently broad to
protect our technology or products. Any issued patents may be challenged, invalidated or circumvented, and any rights granted under these patents may not
actually provide adequate defensive protection or competitive advantages to us. Patent applications in the United States are typically not published until at
least 18 months after filing, or, in some cases, not at all, and publications of discoveries in industry-related literature lag behind actual discoveries. We cannot
be certain that we were the first to make the inventions claimed in our pending patent applications or that we were the first to file for patent protection.
Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable
patent applications at a reasonable cost or in a timely manner. In addition, recent changes to the patent laws in the United States may bring into question the
validity of certain software patents and may make it more difficult and costly to prosecute patent applications. As a result, we may not be able to obtain
adequate patent protection or effectively enforce our issued patents.

Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or obtain and use information
that we regard as proprietary. We generally enter into confidentiality or license agreements with our employees, consultants, vendors and customers, and
generally limit access to and distribution of our proprietary information. However, we cannot guarantee that the steps taken by us will prevent
misappropriation of our technology. Policing unauthorized use of our technology or products is difficult. In addition, the laws of some foreign countries do
not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as
government agencies and private parties in the United States. From time to time, legal action by us may be necessary to enforce our patents and other
intellectual property rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others or to defend against claims of
infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating
results and financial condition. If we are unable to protect our proprietary rights (including aspects of our software and products protected other than by patent
rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the
innovative products that have enabled us to be successful to date.

Our products contain third-party open source software components, and failure to comply with the terms of the underlying open source software licenses
could restrict our ability to sell our products.

Our products contain software modules licensed to us by third-party authors under “open source” licenses, including the GNU Public License, the
GNU Lesser Public License, the BSD License, the Apache License, the MIT X License and the Mozilla Public License. From time to time, there have been
claims against companies that distribute or use open source software in their products and services, asserting that open source software infringes the
claimants’ intellectual property rights. We could be subject to suits by parties claiming infringement of intellectual property rights in what we believe to be
licensed open source software. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as, for
example, open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code.
Some open source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of
open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source
licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products with
lower development effort and time and ultimately could result in a loss of product sales for us.

Although we monitor our use of open source software to avoid subjecting our products to conditions we do not intend, the terms of many open
source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that, for example, could impose
unanticipated conditions or restrictions on our ability to commercialize our products. In this event, we could be required to seek licenses from third parties to
continue offering our products, to make our proprietary code generally available in source code form, to re-engineer our products or to discontinue the sale of
our products if re-engineering could not be accomplished on a timely basis, any of which requirements could adversely affect our business, operating results
and financial condition.

33
Table of Contents

Claims by others that we infringe their proprietary technology or other litigation matters could harm our business.

Patent and other intellectual property disputes are common in the network security industry. Third parties are currently asserting, have asserted and
may in the future assert claims of infringement of intellectual property rights against us. They have also asserted such claims against our end-customers or
channel partners whom we may indemnify against claims that our products infringe the intellectual property rights of third parties. As the number of products
and competitors in our market increases and overlaps occur, infringement claims may increase. Any claim of infringement by a third party, even those without
merit, could cause us to incur substantial costs defending against the claim and could distract our management from our business. In addition, litigation may
involve patent holding companies, non-practicing entities or other adverse patent owners who have no relevant product revenue and against whom our own
patents may therefore provide little or no deterrence or protection.

Although third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a
license or the costs associated with any license could cause our business, financial condition and results of operations to be materially and adversely affected.
In addition, some licenses may be non-exclusive and, therefore, our competitors may have access to the same technology licensed to us.

Alternatively, we may be required to develop non-infringing technology, which could require significant time, effort and expense, and may
ultimately not be successful. Furthermore, a successful claimant could secure a judgment or we may agree to a settlement that prevents us from distributing
certain products or performing certain services or that requires us to pay substantial damages (including treble damages if we are found to have willfully
infringed such claimant’s patents or copyrights), royalties or other fees. Any of these events could seriously harm our business, financial condition and results
of operations.

From time to time we are subject to lawsuits claiming patent infringement. We are also subject to other litigation in addition to patent infringement
claims, such as employment-related litigation and disputes, as well as general commercial litigation, and could become subject to other forms of litigation and
disputes, including stockholder litigation. If we are unsuccessful in defending any such claims, our operating results and financial condition and results may
be materially and adversely affected. For example, we may be required to pay substantial damages and could be prevented from selling certain of our
products. Litigation, with or without merit, could negatively impact our business, reputation and sales in a material fashion.

We have several ongoing patent lawsuits, certain companies have sent us demand letters proposing that we license certain of their patents, and
organizations have sent letters demanding that we provide indemnification for patent claims. One such patent lawsuit by British Telecommunications plc was
filed in federal court in Delaware in July 2018, and a second such lawsuit by Finjan, Inc. was filed in federal court in California in October 2018. Given this
and the proliferation of lawsuits in our industry and other similar industries by both non-practicing entities and operating entities, and recent non-practicing
entity and operating entity patent litigation against other companies in the security space, we expect that we will be sued for patent infringement in the future,
regardless of the merits of any such lawsuits. The cost to defend such lawsuits and any settlement payment or adverse result in such lawsuits could have a
material adverse effect on our results of operations and financial condition.

We rely on the availability of third-party licenses.

Many of our products include software or other intellectual property licensed from third parties. It may be necessary in the future to renew licenses
relating to various aspects of these products or to seek new licenses for existing or new products. Licensors may claim we owe them additional license fees
for past and future use of their software and other intellectual property or that we cannot utilize such software or intellectual property in our products going
forward. There can be no assurance that the necessary licenses would be available on acceptable terms, if at all. The inability to obtain certain licenses or
other rights or to obtain such licenses or rights on favorable terms or for reasonable pricing, or the need to engage in litigation regarding these matters, could
result in delays in product releases until equivalent technology can be identified, licensed or developed, if at all, and integrated into our products and may
result in significant license fees and have a material adverse effect on our business, operating results, and financial condition. Moreover, the inclusion in our
products of software or other intellectual property licensed from third parties on a non-exclusive basis could limit our ability to differentiate our products from
those of our competitors.

We also rely on technologies licensed from third parties in order to operate functions of our business. If any of these third parties allege that we have
not properly paid for such licenses or that we have improperly used the technologies under such licenses, we may need to pay additional fees or obtain new
licenses, and such licenses may not be available on terms

34
Table of Contents

acceptable to us or at all or may be costly. In any such case, or if we were required to redesign our internal operations to function with new technologies, our
business, results of operations and financial condition could be harmed.

Risks Related to Ownership of our Common Stock

As a public company, we are subject to compliance initiatives that will require substantial time from our management and result in significantly increased
costs that may adversely affect our operating results and financial condition.

The Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley”), Dodd-Frank and other rules implemented by the SEC and The Nasdaq Stock Market impose
various requirements on public companies, including requiring changes in corporate governance practices. These requirements, as well as proposed corporate
governance laws and regulations under consideration, may further increase our compliance costs. If compliance with these various legal and regulatory
requirements diverts our management’s attention from other business concerns, it could have a material adverse effect on our business, financial condition and
results of operations. Sarbanes-Oxley requires, among other things, that we assess the effectiveness of our internal control over financial reporting annually,
and of our disclosure controls and procedures quarterly. Although our most recent assessment, testing and evaluation resulted in our conclusion that, as of
December 31, 2018, our internal controls over financial reporting were effective, we cannot predict the outcome of our testing in 2019 or future periods. We
may incur additional expenses and commitment of management’s time in connection with further evaluations, both of which could materially increase our
operating expenses and accordingly reduce our operating results.

In September 2018, California enacted a law that requires publicly held companies headquartered in California to have at least one female director
by the end of 2019 and at least three by the end of 2021, depending on the size of the board. The law would impose financial penalties for failure to comply.
Though we are currently in compliance with the requirements of the law for 2019, we may incur costs associated with complying with the law in future years,
including costs associated with expanding our board of directors or identifying qualified candidates for appointment to our board of directors, or financial
penalties or harm to our brand and reputation if we are unable to do so.

Changes in financial accounting standards may cause adverse unexpected fluctuations and affect our reported results of operations.

A change in accounting standards or practices, and varying interpretations of existing or new accounting pronouncements, such as changes to
standards related to revenue recognition, equity investment valuation (which became effective for us beginning on January 1, 2018) and accounting for leases
(which became effective for us on January 1, 2019), as well as the significant costs incurred or that may be incurred to adopt and to comply with these new
pronouncements, could have a significant effect on our reported financial results or the way we conduct our business. If we do not ensure that our systems and
processes are aligned with the new standards, we could encounter difficulties generating quarterly and annual financial statements in a timely manner, which
would have an adverse effect on our business, our ability to meet our reporting obligations and compliance with internal control requirements.

We have adopted the new revenue recognition standard as of January 1, 2018. Refer to Note 1 to our consolidated financial statements included in
this Annual Report on Form 10-K for additional information on the new standard and its impact on us.

The new revenue standard is principles based and interpretation of those principles may vary from company to company based on their unique
circumstances. Management will continue to make judgments and assumptions based on our interpretation of the new standard. It is possible that
interpretation, industry practice and guidance may evolve as we work toward implementing the new revenue recognition standard. If our circumstances
change or if actual circumstances differ from our assumptions, our operating result may be adversely affected and could fall below our publicly announced
guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock. Further, the new equity
investment valuation standard, which requires most equity investments to be measured at fair value (with subsequent changes in fair value recognized in net
income), may increase the volatility of our earnings.

If securities or industry analysts stop publishing research or publish inaccurate or unfavorable research about our business, our stock price and trading
volume could decline.

The trading market for our common stock will depend in part on the research and reports that securities or industry analysts publish about us or our
business. If we do not maintain adequate research coverage or if one or more of the analysts who cover us downgrades our stock or publishes inaccurate or
unfavorable research about our business, our stock price could

35
Table of Contents

decline. If one or more of these analysts ceases coverage of our company or fails to publish reports on us regularly, demand for our stock could decrease,
which could cause our stock price and trading volume to decline.

The trading price of our common stock may be volatile.

The market price of our common stock may be subject to wide fluctuations in response to, among other things, the risk factors described in this
periodic report, news about us and our financial results, news about our competitors and their results, and other factors such as rumors or fluctuations in the
valuation of companies perceived by investors to be comparable to us. For example, during 2018, the closing price of our common stock ranged from $43.83
to $92.29 per share.

Furthermore, the stock markets have experienced price and volume fluctuations that have affected and continue to affect the market prices of equity
securities of many companies. These fluctuations often have been unrelated or disproportionate to the operating performance of those companies. These broad
market and industry fluctuations, as well as general economic, political and market conditions, such as recessions, interest rate changes or international
currency fluctuations, may negatively affect the market price of our common stock.

In the past, many companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation.
We may be the target of this type of litigation in the future. Securities litigation against us could result in substantial costs and divert our management’s
attention from other business concerns, which could seriously harm our business.

Share repurchases under our Repurchase Program (the “Repurchase Program”) could increase the volatility of the trading price of our common stock,
could diminish our cash reserves, could occur at non-optimal prices and may not result in the most effective use of our capital.

In 2018, our board of directors approved the increase in the aggregate authorized repurchase amount under the Repurchase Program by $500.0
million, bringing the total authorization to $1.5 billion. Share repurchases under the Repurchase Program could affect the price of our common stock, increase
stock price volatility and diminish our cash reserves. In addition, an announcement of the reduction, suspension or termination of the Repurchase Program
could result in a decrease in the trading price of our common stock. Moreover, despite analyses we perform in connection with repurchases under the
Repurchase Program to determine the appropriate prices for repurchases of our stock, our stock price could decline, resulting in repurchases made at non-
optimal prices. Our failure to repurchase our stock at optimal prices may be perceived by investors as an inefficient use of our cash and cash equivalents,
which could result in litigation that may have an adverse effect on our business, operating results and financial condition. In addition, while our board of
directors carefully considers various alternative uses of our cash and cash equivalents in determining whether to authorize stock repurchases, there can be no
assurance that the decision by our board of directors to repurchase stock would result in in the most effective uses of our cash and cash equivalents, and there
may be alternative uses of our cash and cash equivalents that would be more effective, such as investing in growing our business organically or through
acquisitions.

Anti-takeover provisions contained in our certificate of incorporation and bylaws, as well as provisions of Delaware law, could impair a takeover attempt.

Our certificate of incorporation, bylaws and Delaware law contain provisions that could have the effect of rendering more difficult, delaying or
preventing an acquisition deemed undesirable by our board of directors. Our corporate governance documents include provisions:

• authorizing “blank check” preferred stock, which could be issued by the board without stockholder approval and may contain voting,
liquidation, dividend and other rights superior to our common stock;

• limiting the liability of, and providing indemnification to, our directors and officers;

• limiting the ability of our stockholders to call and bring business before special meetings;

• requiring advance notice of stockholder proposals for business to be conducted at meetings of our stockholders and for nominations of
candidates for election to our board of directors;

• providing that certain litigation matters may only be brought against us in state or federal courts in the State of Delaware;

36
Table of Contents

• controlling the procedures for the conduct and scheduling of board and stockholder meetings; and

• providing the board of directors with the express power to postpone previously scheduled annual meetings and to cancel previously
scheduled special meetings.

These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management.

As a Delaware corporation, we are also subject to provisions of Delaware law, including Section 203 of the Delaware General Corporation Law,
which prevents stockholders holding more than 15% of our outstanding common stock from engaging in certain business combinations without approval of
the holders of a substantial majority of all of our outstanding common stock.

Any provision of our certificate of incorporation, bylaws or Delaware law that has the effect of delaying or deterring a change in control could limit
the opportunity for our stockholders to receive a premium for their shares of our common stock, and could also affect the price that some investors are willing
to pay for our common stock.

However, these anti-takeover provisions will not have the effect of preventing activist stockholders from seeking to increase short-term stockholder
value through actions such as nominating board candidates and requesting that we pursue strategic combinations or other transactions. These actions could
disrupt our operations, be costly and time-consuming and divert the attention of our management and employees. In addition, perceived uncertainties as to our
future direction as a result of activist stockholder actions could result in the loss of potential business opportunities, as well as other negative business
consequences. Actions of an activist stockholder may also cause fluctuations in our stock price based on speculative market perceptions or other factors that
do not necessarily reflect our business. Further, we may incur significant expenses in retaining professionals to advise and assist us on activist stockholder
matters, including legal, financial, communications advisors and solicitation experts, which may negatively impact our future financial results.

37
Table of Contents

ITEM 1B. Unresolved Staff Comments

Not applicable.

ITEM 2. Properties

Our corporate headquarters is located in Sunnyvale, California and comprises approximately 162,000 square feet of office and building space on ten
acres of land. Along with our corporate headquarters, as of December 31, 2018, we also owned approximately 202,000 square feet in Union City, California
used as a distribution and office facility; approximately 167,000 square feet of buildings adjacent to our corporate headquarters intended to support growth in
our business operations and provide space for construction of a second building; approximately 342,000 square feet of office and building space in Burnaby
and Ottawa, Canada used for operations, support and research and development work; and 40,000 square feet of office space in Valbonne, France
predominantly used as a sales and support office.

We maintain additional offices throughout the United States and various international locations, including India, France, China, the United Kingdom,
Japan, Singapore, Germany and Mexico. We believe that our existing properties are sufficient and suitable to meet our current needs. We intend to expand our
facilities or add new facilities as we add employees and enter new geographic markets, and we believe that suitable additional or alternative space will be
available as needed to accommodate ongoing operations and any such growth. However, we expect to incur additional operating expenses and capital
expenditures in connection with such new or expanded facilities.

For information regarding the geographical location of our property and equipment, see Note 14 to our consolidated financial statements in Part II,
Item 8 of this Annual Report on Form 10-K.

ITEM 3. Legal Proceedings

We are subject to various claims, complaints and legal actions that arise from time to time in the normal course of business. We accrue for
contingencies when we believe that a loss is probable and that we can reasonably estimate the amount of any such loss. There can be no assurance that
existing or future legal proceedings arising in the ordinary course of business or otherwise will not have a material adverse effect on our business,
consolidated financial position, results of operations or cash flows.

As previously disclosed, in October 2016, we received a letter from the United States Attorney's Office for the Northern District of California
requesting information on events from over two years ago related to our compliance with the Trade Agreements Act. We have been fully cooperating with this
ongoing inquiry and have periodically met and spoken with the United States Attorney’s Office in connection with this matter. We are currently in settlement
discussions with the United States Attorney’s Office.

ITEM 4. Mine Safety Disclosure

Not applicable.

38
Table of Contents

Part II

ITEM 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

Our common stock is traded on The Nasdaq Global Select Market under the symbol “FTNT.”

Holders of Record

As of February 22, 2019, there were 48 holders of record of our common stock. A substantially greater number of holders of our common stock are
“street name” or beneficial holders, whose shares are held by banks, brokers and other financial institutions.

Dividends

We have never declared or paid cash dividends on our capital stock. We do not anticipate paying any cash dividends in the foreseeable future. Any
future determination to declare cash dividends will be made at the discretion of our board of directors and will depend on our financial condition, operating
results, capital requirements, general business conditions and other factors that our board of directors may deem relevant.

Stock Performance Graph

This performance graph shall not be deemed “filed” for purposes of Section 18 of the Securities and Exchange Act of 1934 (the “Exchange Act”), or
incorporated by reference into any filing of Fortinet under the Securities Act of 1933, as amended (the “Securities Act”), or the Exchange Act, except as shall
be expressly set forth by specific reference in such filing.

The following graph compares the cumulative five-year total return for our common stock, the Standard & Poor’s 500 Stock Index (the “S&P 500
Index”) and the NASDAQ Computer Index. Such returns are based on historical results and are not intended to suggest future performance. Data for the S&P
500 Index and the NASDAQ Computer Index assume reinvestment of dividends. We have never declared or paid cash dividends on our capital stock, nor do
we anticipate paying any such cash dividends in the foreseeable future.

39
Table of Contents

COMPARISON OF CUMULATIVE TOTAL RETURN*


Among Fortinet, Inc., The S&P 500 Index and
The NASDAQ Computer Index

December December December December December December


2013 * 2014 2015 2016 2017 2018
Fortinet, Inc. $ 100 $ 160 $ 163 $ 157 $ 228 $ 368
S&P 500 Index $ 100 $ 111 $ 111 $ 121 $ 145 $ 136
NASDAQ Computer $ 100 $ 120 $ 127 $ 143 $ 198 $ 191

________________
* Assumes that $100 was invested on December 31, 2013 in stock or index, including reinvestment of dividends. Stockholder returns over the indicated
period should not be considered indicative of future stockholder returns.

Sales of Unregistered Securities

None.

Purchases of Equity Securities by the Issuer and Affiliated Purchasers

Share Repurchase Program

In January 2016, our board of directors approved the Share Repurchase Program, which authorized the repurchase of up to $200.0 million of our
outstanding common stock through December 31, 2017. In 2016 and 2017, our board of directors approved the increases in the aggregate authorized
repurchase amount under the Repurchase Program by $100.0 million and $700.0 million, respectively, bringing the total amount authorized to $1.0 billion. In
July 2018, our board of directors approved a $500.0 million increase in the authorized stock repurchase under the Repurchase Program and extended the term
of the Repurchase Program to December 31, 2019, bringing the aggregate amount authorized to be repurchased to $1.5 billion of our outstanding common
stock through December 31, 2019. Under the Repurchase Program, share repurchases may be made by us from time to time in privately negotiated
transactions or in open market transactions. The Repurchase Program does not require us to purchase a minimum number of shares, and may be suspended,
modified or discontinued at any time without prior notice.

40
Table of Contents

The following table provides information with respect to the shares of common stock we repurchased during the three months ended December 31,
2018 (in millions, except share and per share amounts):

Approximate Dollar Value of


Total Number of Shares Shares that May Yet Be
Purchased as Part of Publicly Purchased Under the Plans or
Total Number of Shares Average Price Announced Plans or Programs Programs
Purchased Paid per Share
October 1 - October 31, 2018 — $ — — $ 825.8
November 1 - November 30, 2018 559,792 $ 71.29 559,792 $ 785.9
December 1 - December 31, 2018 741,623 $ 70.26 741,623 $ 733.8
Total 1,301,415 1,301,415

ITEM 6. Selected Financial Data

The following selected consolidated financial data set forth below was derived from our historical audited consolidated financial statements and
should be read in conjunction with the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and
“Financial Statements and Supplementary Data,” and other financial data included elsewhere in this Annual Report on Form 10-K. Our historical results of
operations are not indicative of our future results of operations.

Year Ended December 31,


2018 2017 2016 2015 2014
(in millions, except per share amounts)
Consolidated Statements of Income Data:
Total revenue $ 1,801.2 $ 1,494.9 $ 1,275.4 $ 1,009.3 $ 770.4
Total gross profit $ 1,350.8 $ 1,109.6 $ 937.6 $ 722.5 $ 539.4
Operating income $ 231.0 $ 109.8 $ 42.9 $ 14.9 $ 59.3
Net income $ 332.2 $ 31.4 $ 32.2 $ 8.0 $ 25.3
Net income per share:
Basic $ 1.96 $ 0.18 $ 0.19 $ 0.05 $ 0.15
Diluted $ 1.91 $ 0.18 $ 0.18 $ 0.05 $ 0.15
Weighted-average shares outstanding:
Basic 169.1 174.3 172.6 170.4 163.8
Diluted 174.2 178.1 176.3 176.1 169.3

As of December 31,
2018 2017 2016 2015 2014
(in millions)
Consolidated Balance Sheet Data:
Cash, cash equivalents and investments $ 1,716.6 $ 1,349.3 $ 1,310.5 $ 1,164.3 $ 991.7
Total assets $ 3,078.0 $ 2,257.9 $ 2,139.9 $ 1,790.5 $ 1,424.8
Total stockholders’ equity $ 1,010.2 $ 589.4 $ 837.7 $ 755.4 $ 676.0

41
Table of Contents

ITEM 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations

In addition to historical information, this Annual Report on Form 10-K contains forward-looking statements within the meaning of Section 27A of
the Securities Act and Section 21E of the Exchange Act. These statements include, among other things, statements concerning our expectations regarding:

• continued growth and market share gains;

• variability in sales in certain product categories from year to year and between quarters;

• expected impact of sales of certain products and services;

• the impact of macro-economic and geopolitical factors on our sales;

• the proportion of our revenue that consists of our product and service revenue, and the mix of billings between products and services, and
the duration of service contracts;

• the impact of our product innovation strategy;

• the effects of government regulation, tariffs and other related policies;

• drivers of long-term growth and operating leverage, such as increased sales productivity, functionality and value in our standalone and
bundled subscription service offerings;

• growing our sales to businesses, service providers and government organizations, the impact of sales to these organizations on our long-
term growth, expansion and operating results, and the effectiveness of our internal sales organization;

• trends in revenue, cost of revenue and gross margin;

• trends in our operating expenses, including sales and marketing expense, research and development expense, general and administrative
expense, and expectations regarding these expenses as a percentage of total revenue;

• risks and expectations related to acquisitions or sales of assets, including integration issues related to product plans and products,
including the acquired technology;

• continued investments in research and development;

• managing our continued investments in sales and marketing, and the impact of those investments;

• expectations regarding uncertain tax benefits and our effective domestic and global tax rates;

• expectations regarding spending related to real estate and other capital expenditures and to the impact on free cash flows;

• competition in our markets;

• our intentions regarding share repurchases and the sufficiency of our existing cash, cash equivalents and investments to meet our cash
needs for at least the next 12 months;

• other statements regarding our future operations, financial condition and prospects and business strategies; and

• adoption and impact of new accounting standards, including those related to accounting for leases.

42
Table of Contents

These forward-looking statements are subject to certain risks and uncertainties that could cause our actual results to differ materially from those
reflected in the forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those discussed in this
Annual Report on Form 10-K and, in particular, the risks discussed under the heading “Risk Factors” in Part I, Item 1A of this Annual Report on Form 10-K
and those discussed in other documents we file with the Securities and Exchange Commission (the “SEC”). We undertake no obligation to revise or publicly
release the results of any revision to these forward-looking statements. Given these risks and uncertainties, readers are cautioned not to place undue reliance
on such forward-looking statements.

Business Overview

Fortinet is a global leader in cybersecurity solutions provided to a wide variety of businesses, such as enterprises, communication service providers
and small businesses. Our cybersecurity solutions are designed to provide broad visibility and segmentation of the digital attack surface through our
integrated Security Fabric platform, which features automated protection, detection and responses.

The focus areas of our business consist of:

• Network Security—We derive a majority of product sales from our FortiGate network security appliances. Our FortiGate network security
appliances include a broad set of built-in security and networking features and functionalities, including firewall, SD-WAN, SSL data leak
prevention, VPN, switch and wireless controller and WAN acceleration. Our network security appliances include our FortiOS operating system,
which provides the foundation for FortiGate security functions, and FortiASIC integrated circuit, which is designed to accelerate the processing of
security and networking functions. Our customers may also purchase FortiGuard subscription services to receive threat intelligence updates. We
provide standard technical support across all of our products through our FortiCare support services. We also offer services to end-customers
including TAMs, REs and professional service consultants for implementations, as well as training services to our end-customers and channel
partners.

• Fortinet Security Fabric—The Fortinet Security Fabric platform is an architectural approach that protects the entire digital attack surface, including
network core, endpoints, applications, data centers and private and public cloud. Together with our network of Fabric-Ready Partners, the Fortinet
Security Fabric platform enables disparate security devices to work together as an integrated, automated and collaborative solution.

• Cloud Security—We help customers connect securely to and across their cloud environments by offering security through our virtual firewall and
other software products in public and private cloud environments. Our Cloud Security solutions, including our Client Access Security Broker
Solution, FortiCASB, extend the core capabilities of the Fortinet Security Fabric platform to provide businesses with the same level of cybersecurity
and threat intelligence in cloud environments that they receive on their physical networks. Fortinet cloud security offerings are available across all
major cloud providers, including Amazon Web Services, Microsoft Azure, Google Cloud, Oracle Cloud and IBM Cloud.

• Internet of Things and Operational Technology—The proliferation of IoT and OT devices has generated new opportunities for us to grow our
business. IoT and OT have created an environment where data move freely between devices across locations, network environments, remote offices,
mobile workers and public cloud environments, making the data difficult to consistently track and secure.

Financial Highlights

• We recorded total revenue of $1.80 billion in 2018, an increase of 20% compared to $1.49 billion in 2017. Product revenue was $674.4 million in
2018, an increase of 17% compared to $577.2 million in 2017. Service revenue was $1.13 billion in 2018, an increase of 23% compared to $917.7
million in 2017.

• We generated operating income of $231.0 million in 2018, an increase of 110% compared to $109.8 million in 2017.

• Cash, cash equivalents and investments were $1.72 billion as of December 31, 2018, an increase of $367.3 million, or 27%, from December 31,
2017.

• Deferred revenue was $1.69 billion as of December 31, 2018, an increase of $350.5 million, or 26%, from December 31, 2017.

43
Table of Contents

• We generated cash flows from operating activities of $638.9 million in 2018, an increase of $44.5 million, or 7%, compared to 2017.

• In 2018, we repurchased 3.8 million shares of common stock under the Repurchase Program for an aggregate purchase price of $209.1 million. In
2017, we repurchased 11.2 million shares of common stock for a total purchase price of $446.3 million.

Our revenue growth was driven by both product and service revenue. On a geographic basis, revenue continues to be diversified globally, which
remains a key strength of our business. Product revenue grew 17% in 2018. FortiGate unit shipments increased year-over-year. Sales of non-FortiGate
products, such as the Fortinet Security Fabric and cloud products and services, also grew significantly. Service revenue growth of 23% in 2018 was driven by
the strength of our FortiCare technical support and other service revenue, which combined grew 26%, and FortiGuard security subscription revenue, which
grew 20%.

The percentage of our FortiGate-related billings from entry-level products increased from 31% in 2017 to 33% in 2018, the percentage of our
FortiGate-related billings from mid-range products increased from 30% in 2017 to 32% in 2018 and the percentage of our FortiGate-related billings from
high-end products decreased from 39% in 2017 to 35% in 2018. We continue to see our enterprise customers purchasing a fairly balanced mix of products
across these product groups.

In 2018, operating expenses as a percentage of revenue decreased by 5 percentage points compared to 2017. The decrease in operating expenses was
primarily driven by a decrease of 4 percentage points in sales and marketing expenses as a percentage of revenue, benefiting from the adoption of Accounting
Standards Update (“ASU”) 2014-09, Revenue from Contracts with Customers (Topic 606) (“Topic 606”) for deferred contract costs, which reduced our
commissions expense in absolute dollars and as a percentage of total revenue. In addition, general and administrative expenses as a percentage of revenue
decreased by 1 percentage point while research and development expenses as a percentage of revenue remained consistent. Our sales and marketing expenses
included a benefit of $45.5 million in 2018 from the adoption of Topic 606 related to deferred contract costs. Under Topic 606, we capitalized certain
commissions on service contracts and amortize the amount over a certain period. Prior to the adoption of Topic 606, we expensed the commissions related to
these service contracts upfront. Excluding this benefit, sales and marketing expense as a percentage of revenue would have been 46% in 2018 compared to
47% in 2017. Refer to Note 1 to our consolidated financial statements for more information. Headcount increased by 15% to 5,845 employees and contractors
as of December 31, 2018, up from 5,066 as of December 31, 2017.

Business Model

Our sales strategy is based on a two-tier distribution model. We sell to distributors that sell to networking security and enterprise-focused resellers
and service providers, who in turn sell to our end-customers. In certain cases, we sell directly to large service providers and major systems integrators. We
also offer our products across major cloud providers, and have recognized on-demand revenue from Amazon Web Services and Microsoft Azure and from
customers who deploy our products at a cloud services provider in a bring-your-own-license (“BYOL”) such as from Amazon Web Services, Microsoft
Azure, Google Cloud, Oracle Cloud and IBM Cloud. In a BYOL arrangement, a customer purchases a perpetual license from us through our channel partners
and deploys the software in a cloud provider’s environment. Similarly, customers may purchase such a license from us and deploy in their private cloud.
While the revenue from such sales is still relatively insignificant, it has increased significantly in recent periods on a percentage basis.

Typically, our customers purchase our hardware products and software licenses, as well as our FortiGuard security subscription and FortiCare
technical support services. We generally invoice at the time of our sale for the total price of the products and security and technical support services. The
invoice is payable within 30 to 45 days. We also invoice certain services on a monthly basis.

Our SPU hardware architecture is an important part of our approach to network security. The SPU includes three lines of proprietary ASICs: SPU
CP, SPU NP and SPU SOC. The ASICs are designed for highly efficient execution of computationally intensive tasks, including policy enforcement, threat
detection and encryption. As such, ASIC-based solutions can run many security applications simultaneously without a significant reduction in performance.

Key Metrics

We monitor a number of key metrics, including the key financial metrics set forth below, in order to help us evaluate growth trends, establish
budgets, measure the effectiveness of our sales and marketing efforts, and assess operational

44
Table of Contents

efficiencies. The following table summarizes revenue, deferred revenue, billings (non-GAAP), net cash provided by operating activities, and free cash flow
(non-GAAP). We discuss revenue below under “—Components of Operating Results,” and we discuss net cash provided by operating activities below under
“—Liquidity and Capital Resources.” Deferred revenue, billings (non-GAAP), and free cash flow (non-GAAP) are discussed immediately below the
following table.

Year Ended or As of December 31,


2018 2017 2016
(in millions)
Revenue $ 1,801.2 $ 1,494.9 $ 1,275.4
Deferred revenue $ 1,686.8 $ 1,336.3 $ 1,035.3
Billings (non-GAAP) $ 2,153.3 $ 1,795.9 $ 1,515.1
Net cash provided by operating activities $ 638.9 $ 594.4 $ 345.7
Free cash flow (non-GAAP) $ 585.9 $ 459.1 $ 278.5

Deferred revenue. Our deferred revenue consists of amounts that have been invoiced but that have not yet been recognized as revenue. The majority
of our deferred revenue balance consists of the unrecognized portion of service revenue from FortiGuard security subscription and FortiCare technical support
service contracts, which is recognized as revenue ratably over the contractual service period. We monitor our deferred revenue balance, growth and the mix of
short-term and long-term deferred revenue because it represents a significant portion of revenue and of free cash flow to be recognized in future periods.
Deferred revenue was $1.69 billion as of December 31, 2018, an increase of $350.5 million, or 26%, from December 31, 2017.

Billings (non-GAAP). We define billings as revenue recognized in accordance with generally accepted accounting principles in the United States
(“GAAP”) plus the change in deferred revenue from the beginning to the end of the period and adjustments to the deferred revenue balance due to adoption of
Topic 606 less any deferred revenue balances acquired from business combination(s) during the period. We consider billings to be a useful metric for
management and investors because billings drive current and future revenue, which is an important indicator of the health and viability of our business. There
are a number of limitations related to the use of billings instead of GAAP revenue. First, billings include amounts that have not yet been recognized as
revenue and are impacted by the term of security and support agreements. Second, we may calculate billings in a manner that is different from peer
companies that report similar financial measures. Management accounts for these limitations by providing specific information regarding GAAP revenue and
evaluating billings together with GAAP revenue. Total billings were $2.15 billion for 2018, an increase of 20% compared to $1.80 billion in 2017.

A reconciliation of revenue, the most directly comparable financial measure calculated and presented in accordance with GAAP, to billings is
provided below:

Year Ended December 31,


2018 2017 2016
(in millions)
Billings:
Revenue $ 1,801.2 $ 1,494.9 $ 1,275.4
Add: Change in deferred revenue 350.5 301.0 244.1
Add: Deferred revenue adjustment due to adoption of Topic 606 4.1 — —
Less: Deferred revenue balance acquired in business combinations (2.5) — (4.4)
Total billings (non-GAAP) $ 2,153.3 $ 1,795.9 $ 1,515.1

Free cash flow (non-GAAP). We define free cash flow as net cash provided by operating activities minus capital expenditures such as purchases of
real estate and other property and equipment. We believe free cash flow to be a liquidity measure that provides useful information to management and
investors about the amount of cash generated by the business that, after capital expenditures, can be used for strategic opportunities, including repurchasing
outstanding common stock, investing in our business, making strategic acquisitions and strengthening the balance sheet. A limitation of using free cash flow
rather than the GAAP measure of net cash provided by operating activities is that free cash flow does not represent the total increase or decrease in the cash,
cash equivalents and investments balance for the period because it excludes cash provided by or used in other investing and financing activities. Management
accounts for this limitation by providing information about our capital

45
Table of Contents

expenditures and other investing and financing activities on the face of the consolidated statements of cash flows and under “—Liquidity and Capital
Resources” and by presenting cash flows from investing and financing activities in our reconciliation of free cash flows. In addition, it is important to note
that other companies, including companies in our industry, may not use free cash flow, may calculate free cash flow in a different manner than we do or may
use other financial measures to evaluate their performance, all of which could reduce the usefulness of free cash flow as a comparative measure. A
reconciliation of net cash provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with
GAAP, to free cash flow is provided below:

Year Ended December 31,


2018 2017 2016
(in millions)
Free Cash Flow:
Net cash provided by operating activities $ 638.9 $ 594.4 $ 345.7
Less: Purchases of property and equipment (53.0) (135.3) (67.2)
Free cash flow (non-GAAP) $ 585.9 $ 459.1 $ 278.5
Net cash used in investing activities $ (134.9) $ (76.8) $ (74.1)
Net cash used in financing activities $ (202.6) $ (415.6) $ (105.9)

Components of Operating Results

Revenue. We generate the majority of our revenue from sales of our hardware and software products and amortization of amounts included in
deferred revenue related to previous sales of FortiGuard security subscription and FortiCare technical support services. We also recognize revenue from cloud
business relationships and from providing professional services and training.

Our total revenue is comprised of the following:

• Product revenue. Product revenue is primarily generated from sales of our appliances. The majority of our product revenue has been
generated by our FortiGate product line, and we do not expect this to change in the foreseeable future. Product revenue also includes
revenue derived from sales of FortiGate software licenses and other software. As a percentage of total revenue, we expect that our product
revenue may vary from quarter-to-quarter based on certain factors, as discussed below under “—Quarterly Results of Operations,” and we
expect the trend to continue in 2019.

• Service revenue. Service revenue is generated primarily from FortiGuard security subscription services and from FortiCare technical
support services. We recognize revenue from FortiGuard security subscription and FortiCare technical support services over the contractual
service period. Our typical contractual support and subscription term is one to three years and, to a lesser extent, five years. We also
generate a small portion of our revenue from professional services and training services, for which we recognize revenue as the services are
provided, and cloud-based services, for which we recognize revenue as the services are delivered or on a monthly usage basis. As a
percentage of total revenue, we continue to expect service revenue to be higher than product revenue. Our service revenue growth rate
depends significantly on the growth of our customer base, the expansion of our service bundle offerings, the expansion and introduction of
new service offerings and the renewal of service contracts by our existing customers.

Our total cost of revenue is comprised of the following:

• Cost of product revenue. The majority of the cost of product revenue consists of third-party contract manufacturers' costs and the costs of
materials used in production. Our cost of product revenue also includes supplies, shipping costs, personnel costs associated with logistics
and quality control, facility-related costs, excess and obsolete inventory costs, warranty costs, and amortization of intangible assets, if
applicable. Personnel costs include direct compensation and benefits.

• Cost of service revenue. Cost of service revenue is primarily comprised of salaries, benefits and bonuses, as well as stock-based
compensation. Cost of service revenue also includes third-party repair and contract fulfillment, data center and cloud hosting, supplies and
facility-related costs.

46
Table of Contents

Gross margin. Gross profit as a percentage of revenue, or gross margin, has been and will continue to be affected by a variety of factors, including
the average sales price of our products, product costs, the mix of products sold and the mix of revenue between products, software licenses and services and
any excess inventory write-offs. Service revenue and software licenses have had a positive effect on our total gross margin given the higher gross margins
compared to product gross margins. During 2018, service gross margin benefited from renewals and continued sales of hardware bundled with services and
subscriptions, growing faster than related expenses. Product gross margin was negatively impacted by new product introductions. As a result, the service
margin expansion was partially offset by a decline in product gross margin in 2018. Overall gross margin in 2019 will be impacted by service and product
revenue mix, but we expect it to be comparable to overall gross margin in 2018.

Operating expenses. Our operating expenses consist of research and development, sales and marketing and general and administrative expenses.
Personnel costs are the most significant component of operating expenses and consist primarily of salaries, benefits, bonuses, stock-based compensation, and
sales commissions, as applicable. We expect personnel costs to continue to increase in absolute dollars as we expand our workforce.

• Research and development. Research and development expense consists primarily of personnel costs. Additional research and development
expenses include ASIC and system prototypes and certification-related expenses, depreciation of property and equipment and facility-
related expenses. The majority of our research and development is focused on both software development and the ongoing development of
our hardware platform. We record all research and development expenses as incurred. Our research and development teams are primarily
located in Canada and the United States.

• Sales and marketing. Sales and marketing expense is the largest component of our operating expenses and primarily consists of personnel
costs. Additional sales and marketing expenses include promotional lead generation and other marketing expenses, travel, depreciation of
property and equipment and facility-related expenses. We intend to hire additional personnel focused on sales and marketing and expand
our sales and marketing efforts worldwide in order to capture market share in the enterprise market.

• General and administrative. General and administrative expense consists of personnel costs, as well as professional fees, depreciation of
property and equipment and software and facility-related expenses. General and administrative personnel include our executive, finance,
human resources, information technology and legal organizations. Our professional fees principally consist of outside legal, auditing,
accounting, tax, information technology and other consulting costs.

Interest income. Interest income consists of income earned on our cash, cash equivalents and investments. We have historically invested our cash in
corporate debt securities, certificates of deposit and term deposits, commercial paper, money market funds, and U.S. government and agency securities.

Other income (expense)—net. Other income (expense)—net consists primarily of foreign exchange gains and losses related to foreign currency
remeasurement, as well as the gain on the sale of an investment in a privately held company.

Provision for (benefit from) income taxes. We are subject to income taxes in the United States, as well as other tax jurisdictions or countries in which
we conduct business. Earnings from our non-U.S. activities are subject to income taxes in a local country, which are generally lower than U.S. tax rates, and
may be subject to U.S. income taxes. Our effective tax rate differs from the U.S. statutory rate primarily due to foreign income subject to different tax rates
than in the U.S., federal research and development tax credit, withholding taxes, excess tax benefits related to stock-based compensation expense and the tax
impacts of the 2017 Tax Act.

47
Table of Contents

In December 2017, the U.S. federal government enacted the 2017 Tax Act. The 2017 Tax Act reduced the federal corporate income tax rate from
35% to 21% and created a territorial tax system with a one-time mandatory tax on foreign earnings of U.S. subsidiaries not previously subject to U.S. income
tax. In December 2017, the SEC staff issued SAB 118, which allowed us to record provisional amounts during a measurement period not to extend beyond
one year of the enactment date. As a result, we previously provided a provisional estimate of the effect of the 2017 Tax Act in our financial statements. In the
fourth quarter of 2018, we completed our analysis to determine the effect of the 2017 Tax Act within the measurement period under the SEC guidance, and
reflected an additional $32.6 million increase related to transition tax in the 2018 income tax expense. We expect further guidance may be forthcoming from
the FASB and the SEC, as well as regulations, interpretations and rulings from federal and state tax agencies, which could result in additional impacts. We
will continue to monitor and assess the impact of the 2017 Tax Act and the ongoing guidance and accounting interpretations issued in response to the 2017
Tax Act. Our selection of an accounting policy for 2018 with respect to the Global Intangible Low-Taxed Income (“GILTI”) tax rules was to treat GILTI tax
as a current period expense under the period cost method.

Our effective tax rate approximates the federal corporate income tax rate and also includes the impact of state taxes, excess tax benefits related to
stock-based compensation expense, federal research and development tax credit, foreign withholding tax, nondeductible stock-based compensation expense,
foreign income subject to lower tax rates than income earned in the United States, book-to-tax basis differences and the tax impacts of the 2017 Tax Act.

Critical Accounting Policies and Estimates

Our discussion and analysis of our financial condition and results of operations are based upon our financial statements, which have been prepared in
accordance with GAAP. These principles require us to make estimates and judgments that affect the reported amounts of assets, liabilities, revenue, cost of
revenue and expenses, and related disclosures. We base our estimates on historical experience and on various other assumptions that we believe to be
reasonable under the circumstances. To the extent that there are material differences between these estimates and our actual results, our future financial
statements will be affected.

We believe that, of the significant accounting policies described in Note 1 to our consolidated financial statements included in Part II, Item 8 of this
Annual Report on Form 10-K, the following accounting policies involve a greater degree of judgment and complexity. Accordingly, we believe these are the
most critical to fully understand and evaluate our financial condition and results of operations.

Revenue Recognition

On January 1, 2018, we adopted Topic 606, Revenue from Contracts with Customers, using the modified retrospective method applied to those
contracts which were not completed as of January 1, 2018. Results for reporting periods beginning after January 1, 2018 are presented under Topic 606, while
prior period amounts are not adjusted and continue to be reported under ASC Topic 605 (“Topic 605”), Revenue Recognition.

Beginning in 2018, revenues are recognized when control of goods or services is transferred to our customers, in an amount that reflects the
consideration we expect to be entitled to in exchange for those goods or services. Prior to 2018, revenue was recognized under Topic 605 when all of the
following criteria were met: (i) persuasive evidence of an arrangement existed, (ii) delivery has occurred or services have been rendered, (iii) sales price was
fixed or determinable and (iv) collectability was reasonably assured.

Under Topic 606, we determine revenue recognition through the following steps:

• identification of a contract or contracts with a customer;


• identification of the performance obligations in a contract, including evaluation of performance obligations as to being distinct goods or
services in a contract;
• determination of a transaction price;
• allocation of a transaction price to the performance obligations in a contract; and
• recognition of revenue when, or as, we satisfy a performance obligation.

48
Table of Contents

Our sales contracts typically contain multiple deliverables, such as hardware, software license, security subscription, technical support services and
other services, which are generally capable of being distinct and accounted for as separate performance obligations. We evaluated the criteria to be distinct
under Topic 606 and concluded that the hardware and software licenses were distinct and distinct in the context of a contract from the security subscription
and technical support services, as a customer can benefit from the hardware and software licenses without the services and the services are separately
identifiable within a contract. We allocate a transaction price to each performance obligation based on relative standalone selling price. We determine
standalone selling price based on the historical pricing and discounting practices for those services when sold separately. We determine standalone selling
price for a product or service by considering multiple historical factors including, but not limited to, cost of products, gross margin objectives, pricing
practices, geographies and the term of a service contract that fall within a reasonably range as a percentage of list price.

Under the previous standard, Topic 605, revenue from contracts that contain products and services is allocated to each unit of accounting based on an
estimated selling price using vendor-specific objective evidence (“VSOE”) of selling price, if it existed, or third-party evidence (“TPE”) of selling price. If
neither VSOE nor TPE of selling price existed for a deliverable, we used our best estimate of selling price for that deliverable. For multiple-element
arrangements where software deliverables were included, revenue was allocated to the non-software deliverables and to the software deliverables as a group
using the relative estimated selling prices of each of the deliverables in an arrangement based on the estimated selling price hierarchy. The amount allocated
to the software deliverables was then allocated to each software deliverable using the residual method when VSOE of fair value existed. If evidence of VSOE
of fair value of one or more undelivered elements did not exist, all software allocated revenue was deferred and recognized when delivery of those elements
occurred or when fair value was established. When the undelivered element for which we did not have VSOE of fair value was support, revenue for the entire
arrangement was recognized ratably over the support period. The same residual method and VSOE of fair value principles applied for our multiple element
arrangements that contained only software elements.

Deferred Contract Costs and Commission Expense

Beginning in 2018, we recognized commission expense based on Topic 606's guidance for contract costs. Under this new guidance, we recognize
sales commissions related to product sales upfront while sales commissions for service contracts are deferred as deferred contract costs in the consolidated
balance sheets and amortized over the applicable amortization period. Costs for initial contracts that are not commensurate with renewal commissions are
amortized on a straight-line basis over the period of benefit, which we have determined to be five years and which is typically longer than the initial contract
term. Significant estimates, assumptions, and judgments in accounting for deferred contract costs include, but are not limited to, identification of contract
costs, anticipated billings and the expected period of benefit.

Valuation of Inventory

Inventory is recorded at the lower of cost or net realizable value. Cost is computed using the first-in, first-out method. In assessing the ultimate
recoverability of inventory, we make estimates regarding future customer demand, the timing of new product introductions, economic trends and market
conditions. If the actual product demand is significantly lower than forecasted, we could be required to record additional inventory write-downs which would
be charged to cost of product revenue. Any write-downs could have an adverse impact on our gross margins and profitability.

Business Combinations

We include the results of operations of the businesses that we acquire as of the respective dates of acquisition. We allocate the fair value of the
purchase price of our business acquisitions to the tangible and intangible assets acquired and liabilities assumed based on their estimated fair values. The
excess of the purchase price over the fair values of these identifiable assets and liabilities is recorded as goodwill. We often continue to gather additional
information throughout the measurement period, and if we make changes to the amounts recorded, such changes are recorded in the period in which they are
identified.

Contingent Liabilities

From time to time, we are involved in disputes, litigation and other legal actions. However, there are many uncertainties associated with any
litigation, and these actions or other third-party claims against us may cause us to incur substantial settlement charges, which are inherently difficult to
estimate and could adversely affect our results of operations. We review significant new claims and litigation for the probability of an adverse outcome.
Estimates can change as individual claims develop. The actual liability in any such matters may be materially different from our estimates, which could result
in the need to adjust our liability and record additional expenses.

49
Table of Contents

Accounting for Income Taxes

We record income taxes using the asset and liability method, which requires the recognition of deferred tax assets and liabilities for the expected
future tax consequences of events that have been recognized in our financial statements or tax returns. In addition, deferred tax assets are recorded for the
future benefit of utilizing net operating losses and research and development credit carryforwards. Deferred tax assets and liabilities are measured using the
currently enacted tax rates that apply to taxable income in effect for the years in which those tax assets and liabilities are expected to be realized or settled.
Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.

We recognize tax benefits from an uncertain tax position only if it is more likely than not, based on the technical merits of the position that the tax
position will be sustained on examination by the tax authorities. The tax benefits recognized in the financial statements from such positions are then measured
based on the largest benefit that has a greater than 50% likelihood of being realized upon ultimate settlement.

Effective January 1, 2018, the 2017 Tax Act reduced the federal corporate income tax rate from 35% to 21% and created a territorial tax system with
a one-time transition tax on foreign earnings of U.S. subsidiaries not previously subject to U.S. income tax. We expect further guidance may be forthcoming
from the FASB and the SEC, as well as regulations, interpretations and rulings from federal and state tax agencies, which could result in additional impacts.
Our selection of an accounting policy for 2018 with respect to the GILTI tax rules was to treat GILTI tax as a current period expense under the period cost
method.

As part of the process of preparing our consolidated financial statements, we are required to estimate our taxes in each of the jurisdictions in which
we operate. We estimate actual current tax exposure together with assessing temporary differences resulting from differing treatment of items, such as
accruals and allowances not currently deductible for tax purposes. These differences result in deferred tax assets, which are included in our consolidated
balance sheets. In general, deferred tax assets represent future tax benefits to be received when certain expenses previously recognized in our consolidated
statements of income become deductible expenses under applicable income tax laws, or loss or credit carryforwards are utilized.

In assessing the realizability of deferred tax assets, management considers whether it is more likely than not that some portion or all of the deferred
tax assets will be realized. The ultimate realization of deferred tax assets is dependent upon the generation of future taxable income during the periods in
which those temporary differences become deductible. We continue to assess the need for a valuation allowance on the deferred tax assets by evaluating both
positive and negative evidence that may exist. Any adjustment to the valuation allowance on deferred tax assets would be recorded in the consolidated
statements of income for the period that the adjustment is determined to be required.

50
Table of Contents

Results of Operations

The following tables set forth our results of operations for the periods presented and as a percentage of our total revenue for those periods. The
period-to-period comparison of financial results is not necessarily indicative of financial results to be achieved in future periods.

Year Ended December 31,


2018 2017 2016
(in millions)
Consolidated Statements of Income Data:
Revenue:
Product $ 674.4 $ 577.2 $ 548.1
Service 1,126.8 917.7 727.3
Total revenue 1,801.2 1,494.9 1,275.4
Cost of revenue:
Product 291.0 243.8 209.0
Service 159.4 141.5 128.8
Total cost of revenue 450.4 385.3 337.8
Gross profit:
Product 383.4 333.4 339.1
Service 967.4 776.2 598.5
Total gross profit 1,350.8 1,109.6 937.6
Operating expenses:
Research and development 244.5 210.6 183.1
Sales and marketing 782.3 701.0 626.5
General and administrative 93.0 87.9 81.1
Restructuring charges — 0.3 4.0
Total operating expenses 1,119.8 999.8 894.7
Operating income 231.0 109.8 42.9
Interest income 26.5 13.5 7.3
Other income (expense)—net (6.6) 0.7 (7.1)
Income before income taxes 250.9 124.0 43.1
Provision for (benefit from) income taxes (81.3) 92.6 10.9
Net income $ 332.2 $ 31.4 $ 32.2

51
Table of Contents

Year Ended December 31,


2018 2017 2016
(as percentage of revenue)
Revenue:
Product 37 % 39% 43 %
Service 63 61 57
Total revenue 100 100 100
Cost of revenue:
Product 16 16 16
Service 9 9 10
Total cost of revenue 25 26 26
Gross margin:
Product 57 58 62
Service 86 85 82
Total gross margin 75 74 74
Operating expenses:
Research and development 14 14 14
Sales and marketing 43 47 49
General and administrative 5 6 6
Restructuring charges — — 0.3
Total operating expenses 62 67 70
Operating margin 13 7 3
Interest income 1 1 1
Other income (expense)—net — — (1)
Income before income taxes 14 8 3
Provision for (benefit from) income taxes (5) 6 1
Net income 18 % 2% 3%

2018 and 2017

Revenue

Year Ended December 31,


2018 (1) 2017
% of % of
Amount Revenue Amount Revenue Change % Change
(in millions, except percentages)
Revenue:
Product $ 674.4 37% $ 577.2 39% $ 97.2 17%
Service 1,126.8 63 917.7 61 209.1 23
Total revenue $ 1,801.2 100% $ 1,494.9 100% $ 306.3 20%
Revenue by geography:
Americas $ 762.9 42% $ 642.3 43% $ 120.6 19%
Europe, Middle East and Africa
(“EMEA”) 678.0 38 554.6 37 123.4 22
Asia Pacific (“APAC”) 360.3 20 298.0 20 62.3 21
Total revenue $ 1,801.2 100% $ 1,494.9 100% $ 306.3 20%

52
Table of Contents

(1) Revenue during 2018 under Topic 606 (As Reported) and 605 (Balances Without Adoption of Topic 606) were as follows:

Balances Without
Adoption of Effect of Change
As Reported Topic 606 Increase (Decrease)
(in millions)
Revenue:
Product $ 674.4 $ 654.9 $ 19.5
Service 1,126.8 1,126.9 (0.1)
Total revenue $ 1,801.2 $ 1,781.8 $ 19.4
Revenue by geography:
Americas $ 762.9 $ 746.2 $ 16.7
EMEA 678.0 674.9 3.1
APAC 360.3 360.7 (0.4)
Total revenue $ 1,801.2 $ 1,781.8 $ 19.4

Total revenue increased by $306.3 million, or 20%, in 2018 compared to 2017. We continued to experience global diversification of revenue in 2018.
Revenue from all our regions grew, with EMEA contributing the largest portion of our revenue growth both on an absolute dollar and on a percentage basis.
Product revenue increased by $97.2 million, or 17%, in 2018 compared to 2017. Product revenue benefited from the adoption of Topic 606, primarily related
to the change in accounting treatment under Topic 606 for some of our software products where revenue from these arrangements can now be recognized
upfront instead of ratably over the contracted service term, and partially offset by the lost opportunity to recognize revenue that had been deferred and was
written off to equity on the date of adoption. In addition, FortiGate unit shipments increased in 2018 compared to 2017 while sales of non-FortiGate products,
such as the Fortinet Security Fabric hardware and software products, also grew significantly. Fortinet Security Fabric products were the fastest growing
products compared to the remainder of our business. Service revenue increased by $209.1 million, or 23%, in 2018 compared to 2017. The increase in service
revenue was primarily due to the recognition of revenue from our growing deferred revenue balance consisting of FortiGuard security subscription and
FortiCare technical support and other contracts sold to a larger customer base, as well as the renewals of similar contracts sold in earlier periods.

Cost of revenue and gross margin

Year Ended December 31,


2018 (1) 2017 Change % Change
(in millions, except percentages)
Cost of revenue:
Product $ 291.0 $ 243.8 $ 47.2 19%
Service 159.4 141.5 17.9 13
Total cost of revenue $ 450.4 $ 385.3 $ 65.1 17%
Gross margin (%):
Product 56.9% 57.8%
Service 85.9 84.6
Total gross margin 75.0% 74.2%

53
Table of Contents

(1) Cost of revenue and gross margin during 2018 under Topic 606 (As Reported) and 605 (Balances Without Adoption of Topic 606) were as follows:

Balances Without Adoption


of Effect of Change
As Reported Topic 606 Increase (Decrease)
(in millions, except percentages)
Cost of revenue:
Product $ 291.0 $ 289.6 $ 1.4
Service 159.4 159.4 —
Total cost of revenue $ 450.4 $ 449.0 $ 1.4
Gross margin (%):
Product 56.9% 55.8%
Service 85.9 85.9
Total gross margin 75.0% 74.8%

Total gross margin increased by 0.8 percentage points in 2018 compared to 2017, driven by higher margin on higher service revenue. Service gross
margin increased by 1.3 percentage points during 2018 as compared to 2017, due to the strength of our FortiCare technical support and other revenue growing
26%. FortiGuard security subscription revenue grew 20%, during 2018 compared to 2017, which outpaced the increase in the related personnel costs and
headcount growth, resulting in higher margin. Cost of service revenue was comprised primarily of personnel costs. Product gross margin decreased by 0.9
percentage points in 2018 compared to 2017, as we continued to transition to our new product introductions. Total cost of product revenue was comprised
primarily of direct and indirect cost of products sold, inventory reserves and other charges.

Operating expenses

Year Ended December 31,


2018 (1) 2017
% of % of
Amount Revenue Amount Revenue Change % Change
(in millions, except percentages)
Operating expenses:
Research and development $ 244.5 14% $ 210.6 14% $ 33.9 16 %
Sales and marketing 782.3 43 701.0 47 81.3 12
General and administrative 93.0 5 87.9 6 5.1 6
Restructuring charges — — 0.3 — (0.3) (100)
Total operating expenses $ 1,119.8 62% $ 999.8 67% $ 120.0 12 %

(1) Operating expenses during 2018 under Topic 606 (As Reported) and 605 (Balances Without Adoption of Topic 606) were as follows:

Balances Without
Adoption of Effect of Change
As Reported Topic 606 Increase (Decrease)
(in millions)
Operating expenses:
Research and development $ 244.5 $ 244.5 $ —
Sales and marketing expenses 782.3 827.8 (45.5)
General and administrative 93.0 93.0 —
Total operating expenses $ 1,119.8 $ 1,165.3 $ (45.5)

54
Table of Contents

Research and development

Research and development expense increased by $33.9 million, or 16%, in 2018 compared to 2017, primarily due to an increase of $28.7 million in
personnel costs as a result of increased headcount to support the development of new products and continued enhancements of our existing products. In
addition, depreciation and other occupancy-related costs increased by $2.8 million and product development costs, such as third-party testing and prototypes,
increased by $1.2 million. We intend to continue to invest in our research and development organization, and expect research and development expense to
increase in absolute dollars in 2019.

Sales and marketing

Sales and marketing expense increased by $81.3 million, or 12%, in 2018 compared to 2017, primarily due to an increase of $64.9 million in
personnel costs, including higher stock-based compensation expense of $17.6 million. Sales and marketing headcount increased in order to drive market share
gains globally. The increase in personnel costs included a benefit of $45.5 million from the adoption of Topic 606 related to deferred contract costs. Under
Topic 606, we capitalized certain commissions on service contracts and amortize the amount over a certain period. Prior to the adoption of this new standard,
we expensed the commissions related to these service contracts. Our sales and marketing expense would have increased by $126.8 million, or 18%, under
Topic 605. Refer to Note 1 in our notes to the consolidated financial statements for more information. In addition, depreciation expense and other occupancy-
related expense increased by $6.7 million, travel and entertainment expense increased by $6.4 million and supplies expense increased by $2.0 million. As a
percentage of total revenue, sales and marketing expense decreased primarily due to the benefit from the new accounting standard on deferred contract costs.
Excluding this benefit, sales and marketing expense as a percentage of revenue would have been 46% of total revenue. We intend to continue to make
investments in our sales resources and infrastructure and marketing strategy, which are critical to support growth, and expect sales and marketing expense to
increase in absolute dollars in 2019.

General and administrative

General and administrative expense increased by $5.1 million, or 6%, in 2018 compared to 2017. Personnel costs increased by $9.8 million as we
continued to increase headcount in order to support our expanding business. The increase in expense was partially offset by a decrease in litigation costs of
$1.2 million and a decrease in professional fees of $0.6 million. Certain facilities, depreciation, and information technology costs are allocated to other
organizations based on headcount. We expect general and administrative expense to increase in absolute dollars in 2019.

Operating income and margin

We generated operating income of $231.0 million in 2018, an increase of $121.2 million, or 110%, compared to $109.8 million in 2017. The
improvement in operating income included the benefit from the adoption of Topic 606, along with revenue growth outpacing expense growth. Operating
income as a percentage of revenue increased to 13% in 2018 compared to 7% in 2017. The increase in operating margin is primarily due to a decline in sales
and marketing expenses as a percentage of total revenue to 43% in 2018 compared to 47% in 2017. Excluding the benefit from the adoption of Topic 606,
sales and marketing expense as a percentage of revenue would have been 46% of total revenue. The adoption of Topic 606 resulted in an improvement of 3
percentage points in our operating margin. In addition, general and administrative expenses as a percentage of total revenue decreased by 1 percentage point
and gross margin improved by 0.8 percentage points, contributing to the improvement in operating margin. Research and development expenses as a
percentage of revenue remained consistent.

Interest income and other income (expense)—net

Year Ended December 31,


2018 2017 Change % Change
(in millions, except percentages)
Interest income $ 26.5 $ 13.5 $ 13.0 96 %
Other income (expense)—net (6.6) 0.7 (7.3) (1,043)

Interest income increased in 2018 as compared to 2017, primarily due to higher interest rates on invested balances of cash, cash equivalents and
investments. Interest income varies depending on our average investment balances during the period, types and mix of investments, and market interest rates.
The change in other income (expense)—net in 2018 as

55
Table of Contents

compared to 2017 was the result of $9.3 million of foreign currency transaction and hedging losses recognized in 2018, offset by $2.2 million in gain on the
sale of an investment in a privately held company.

Provision for (benefit from) income taxes

Year Ended December 31,


2018 (1) 2017 Change % Change
(in millions, except percentages)
Provision for (benefit from) income taxes $ (81.3) $ 92.6 $ (173.9) (188)%
Effective tax rate (32)% 75%

(1) Provision for income taxes during 2018 under Topic 606 (As Reported) and 605 (Balances Without Adoption of Topic 606) were as follows:

Balances Without Adoption


of
As Reported Topic 606 (Increase) Decrease
(in millions, except percentages)
Benefit from income taxes $ (81.3) $ (92.2) $ 10.9
Effective tax rate (32)% (49)%

Our provision for income taxes for 2018 reflects an effective tax rate benefit of (32)%, compared to an effective tax rate provision of 75% for 2017.
The benefit from income taxes for 2018 was comprised primarily of impacts related to the 2017 Tax Act including a benefit of $164.0 million from the
realignment of our tax structure and operations that resulted in a book-to-tax basis difference from previously taxed off-shore deferred revenue. These benefits
were partially offset by a $32.6 million increase in the transition tax for finalization of the provisional estimates under SAB 118, a $20.5 million tax expense
for the impact of the GILTI and a $29.6 million of tax expense related to U.S. federal and state taxes, other foreign income taxes, foreign withholding taxes
and a decrease in tax reserves.

Effective January 1, 2018, the 2017 Tax Act reduced the federal corporate income tax rate from 35% to 21% and created a territorial tax system with
a one-time mandatory tax on foreign earnings of U.S. subsidiaries not previously subject to U.S. income tax. Under GAAP, changes in tax rates and tax law
are accounted for in the period of enactment and deferred tax assets and liabilities are measured at the enacted tax rate. In December 2017, the SEC staff
issued SAB 118, which allowed us to record provisional amounts during a measurement period not to extend beyond one year of the enactment date. As a
result, we previously provided a provisional estimate of the effect of the 2017 Tax Act in our financial statements. In the fourth quarter of 2018, we completed
our analysis to determine the effect of the 2017 Tax Act within the measurement period under the SEC guidance, and reflected an increase of an additional
$32.6 million related to the transition tax in the 2018 income tax expense. We expect further guidance may be forthcoming from the FASB and the SEC, as
well as regulations, interpretations and rulings from federal and state tax agencies, which could result in additional impacts.

In 2017, the effective tax rate was 75%, primarily resulting from the deferred tax assets remeasurement and a one-time transition tax due to the 2017
Tax Act. Excluding the tax impacts from the 2017 Tax Act, our 2017 effective tax rate would have been 24%.

56
Table of Contents

2017 and 2016

Revenue

Year Ended December 31,


2017 2016
% of % of
Amount Revenue Amount Revenue Change % Change
(in millions, except percentages)
Revenue:
Product $ 577.2 39% $ 548.1 43% $ 29.1 5%
Service 917.7 61 727.3 57 190.4 26
Total revenue $ 1,494.9 100% $ 1,275.4 100% $ 219.5 17%
Revenue by geography:
Americas $ 642.3 43% $ 536.7 42% $ 105.6 20%
EMEA 554.6 37 477.4 37 77.2 16
APAC 298.0 20 261.3 21 36.7 14
Total revenue $ 1,494.9 100% $ 1,275.4 100% $ 219.5 17%

Total revenue increased by $219.5 million, or 17%, in 2017 compared to 2016. We continued to experience global diversification of revenue in 2017.
Revenue from all our regions grew, with the Americas contributing the largest portion of our revenue growth both on an absolute dollar and on a percentage
basis. Product revenue increased by $29.1 million, or 5%, in 2017 compared to 2016. The increase in product revenue was primarily driven by greater sales
volume in our FortiGate product family across all product categories. Sales of non-FortiGate products, such as the Fortinet Security Fabric hardware and
software products, and services, also grew significantly. Service revenue increased by $190.4 million, or 26%, in 2017 compared to 2016. The increase in
service revenue was primarily due to the recognition of revenue from our growing deferred revenue balance consisting of FortiGuard security subscription
and FortiCare technical support contracts sold to a larger customer base, as well as the renewals of similar contracts sold in earlier periods.

Cost of revenue and gross margin

Year Ended December 31,


2017 2016 Change % Change
(in millions, except percentages)
Cost of revenue:
Product $ 243.8 $ 209.0 $ 34.8 17%
Service 141.5 128.8 12.7 10
Total cost of revenue $ 385.3 $ 337.8 $ 47.5 14%
Gross margin (%):
Product 57.8% 61.9%
Service 84.6 82.3
Total gross margin 74.2% 73.5%

Total gross margin increased by 0.7 percentage points in 2017 compared to 2016, driven by higher margin on service revenue. During 2017, service
gross margin benefited from the shift to higher-margin service revenue. Product gross margin was negatively impacted by longer term deals, resulting in
lower product revenue recognized in 2017 and higher deferred revenue for services that was expected to be recognized in future periods, and as a result of
product costs being recognized upon shipment. As a result, the service margin expansion was partially offset by a decline in product gross margin in 2017.
Total cost of product revenue was comprised primarily of direct and indirect cost of products sold, inventory reserves and other charges. Cost of service
revenue was comprised primarily of personnel costs.

57
Table of Contents

Operating expenses

Year Ended December 31,


2017 2016
% of % of
Amount Revenue Amount Revenue Change % Change
(in millions, except percentages)
Operating expenses:
Research and development $ 210.6 14% $ 183.1 14% $ 27.5 15 %
Sales and marketing 701.0 47 626.5 49 74.5 12
General and administrative 87.9 6 81.1 6 6.8 8
Restructuring charges 0.3 — 4.0 0.3 (3.7) (93)
Total operating expenses $ 999.8 67% $ 894.7 70% $ 105.1 12 %

Research and development

Research and development expense increased by $27.5 million, or 15%, in 2017 compared to 2016, primarily due to an increase of $17.6 million in
personnel costs as a result of increased headcount to support the development of new products and continued enhancements of our existing products. In
addition, product development costs, such as third-party testing and prototypes, increased by $6.2 million and depreciation and other occupancy-related costs
increased by $3.1 million.

Sales and marketing

Sales and marketing expense increased by $74.5 million, or 12%, in 2017 compared to 2016, primarily due to an increase of $55.1 million in
personnel costs as we continued to increase our sales and marketing headcount in order to drive continued market share gains globally. Marketing-related
expense increased by $11.9 million as we invested significantly in marketing programs to drive broader market awareness, build lead generation programs
and accelerate pipeline. In addition, depreciation expense and other occupancy-related expense increased by $6.8 million. As a percentage of total revenue,
sales and marketing expense decreased as revenue grew at a higher pace compared to personnel costs.

General and administrative

General and administrative expense increased by $6.8 million, or 8%, in 2017 compared to 2016. Personnel costs increased by $8.5 million as we
continued to increase headcount in order to support our expanding business. Professional fees increased by $10.6 million, primarily due to the implementation
of a new revenue recognition system and a litigation settlement expense of $1.8 million. The increase in expense was partially offset by a decrease in third-
party costs of $13.4 million related to the substantial completion of our ERP system implementation in 2016.

Operating income and margin

We generated operating income of $109.8 million in 2017, an increase of $66.9 million, or 156%, compared to $42.9 million in 2016. The
improvement in operating margin was primarily due to the improvement in gross margin, and the decline in sales and marketing expenses as a percentage of
total revenue. As a percentage of total revenue, sales and marketing expenses decreased to 47% in 2017 from 49% in 2016.

Interest income and other income (expense)—net

Year Ended December 31,


2017 2016 Change % Change
(in millions, except percentages)
Interest income $ 13.5 $ 7.3 $ 6.2 85 %
Other income (expense)—net 0.7 (7.1) 7.8 (110)

Interest income increased in 2017 as compared to 2016, primarily due to higher interest rates on invested balances of cash, cash equivalents and
investments. Interest income varies depending on our average investment balances during the

58
Table of Contents

period, types and mix of investments, and market interest rates. The change in other income (expense)—net in 2017 as compared to 2016 was the result of a
gain of approximately $1.0 million for foreign currency exchange gains in 2017 compared to a loss of $6.6 million in 2016, due primarily to changes in the
value of Euro relative to the U.S. dollar.

Provision for income taxes

Year Ended December 31,


2017 2016 Change % Change
(in millions, except percentages)
Provision for income taxes $ 92.6 $ 10.9 $ 81.7 750%
Effective tax rate 75% 25%

Our effective tax rate was 75% for 2017, compared to an effective tax rate of 25% for 2016. The provision for income taxes for 2017 was comprised
primarily of U.S. federal and state taxes, other foreign income taxes, foreign withholding taxes, an increase in tax reserves, remeasurement of deferred tax
assets and a one-time transition tax.

In December 2017, the U.S. federal government enacted the 2017 Tax Act. The 2017 Tax Act reduced the federal corporate income tax rate from
35% to 21% effective January 1, 2018 and created a territorial tax system with a one-time mandatory tax on foreign earnings of U.S. subsidiaries not
previously subject to U.S. income tax. Under GAAP, changes in tax rates and tax law are accounted for in the period of enactment and deferred tax assets and
liabilities are measured at the enacted tax rate.

The SEC staff has issued SAB 118, which provides guidance on accounting for the tax effects of the 2017 Tax Act. SAB 118 provides a
measurement period that should not extend beyond one year from the 2017 Tax Act enactment date for companies to complete the accounting under ASC
740. In accordance with SAB 118, a company must reflect the income tax effects of those aspects of the 2017 Tax Act for which the accounting under ASC
740 is complete. To the extent that a company’s accounting for certain income tax effects of the 2017 Tax Act is incomplete but it is able to determine a
reasonable estimate, it must record a provisional estimate in the financial statements. If a company cannot determine a provisional estimate to be included in
the financial statements, it should continue to apply ASC 740 on the basis of the provisions of the tax laws that were in effect immediately before the
enactment of the 2017 Tax Act.

The increase in the effective tax rate in 2017 was primarily due to the deferred tax assets remeasurement and a one-time transition tax due to the
2017 Tax Act. Excluding the tax impact from the 2017 Tax Act, the 2017 effective tax rate would have been 24%, which was relatively consistent with 2016.
In 2016, due to the early adoption of ASU 2016-09, approximately $10.8 million of excess tax benefits were recognized in the income tax provision. In 2017,
$13.5 million of excess tax benefits was included in the income tax provision.

Quarterly Results of Operations

The following table sets forth our unaudited quarterly statements of income data for the last eight quarters. The information for each of these quarters
has been prepared on the same basis as the audited annual financial statements included elsewhere in this Annual Report and, in the opinion of management,
includes all adjustments, which includes only normal recurring adjustments, necessary for the fair presentation of the results of operations for these periods.
This data should be read in conjunction with our audited consolidated financial statements and related notes included elsewhere in this annual report. These
quarterly operating results are not necessarily indicative of our operating results for any future period.

59
Table of Contents

Three Months Ended


Dec 31, Sept 30, Jun 30, Mar 31, Dec 31, Sept 30, Jun 30, Mar 31,
2018 2018 2018 2018 2017 2017 2017 2017
(in millions, except per share amounts)
Consolidated Statements of Income Data:
Revenue:
Product $ 200.8 $ 164.5 $ 166.3 $ 142.8 $ 162.1 $ 137.1 $ 142.7 $ 135.3
Service 306.2 289.4 275.0 256.2 254.5 237.1 220.8 205.3
Total revenue 507.0 453.9 441.3 399.0 416.6 374.2 363.5 340.6
Cost of revenue:
Product (1)(2) 86.9 72.0 73.9 58.2 69.6 58.1 60.8 55.3
(1)(2)
Service 41.6 39.6 39.2 39.0 35.8 35.5 34.9 35.3
Total cost of revenue 128.5 111.6 113.1 97.2 105.4 93.6 95.7 90.6
Total gross profit 378.5 342.3 328.2 301.8 311.2 280.6 267.8 250.0
Operating expenses:
Research and development (1) 65.5 58.7 61.2 59.1 54.7 53.5 51.2 51.2
Sales and marketing (1)(2) 205.9 198.3 192.8 185.3 191.9 172.4 166.3 170.4
General and administrative (1) 22.0 22.5 23.5 25.0 22.4 21.0 21.9 22.6
Restructuring charges — — — — — — (0.1) 0.4
Total operating expenses 293.4 279.5 277.5 269.4 269.0 246.9 239.3 244.6
Operating income 85.1 62.8 50.7 32.4 42.2 33.7 28.5 5.4
Interest income 9.3 6.9 5.8 4.5 4.0 3.9 3.2 2.4
Other income (expense)—net (2.3) 0.9 (5.0) (0.2) (1.2) 0.4 1.2 0.3
Income before income taxes 92.1 70.6 51.5 36.7 45.0 38.0 32.9 8.1
Provision for (benefit from) income taxes (90.5) 11.9 2.2 (4.9) 74.0 11.3 9.9 (2.6)
Net income (loss) $ 182.6 $ 58.7 $ 49.3 $ 41.6 $ (29.0) $ 26.7 $ 23.0 $ 10.7
Net income (loss) per share:
Basic $ 1.07 $ 0.35 $ 0.29 $ 0.25 $ (0.17) $ 0.15 $ 0.13 $ 0.06
Diluted $ 1.04 $ 0.33 $ 0.28 $ 0.24 $ (0.17) $ 0.15 $ 0.13 $ 0.06

_______________________________________________
(1) Includes stock-based compensation as follows:

Three Months Ended


Dec 31, Sept 30, Jun 30, Mar 31, Dec 31, Sept 30, Jun 30, Mar 31,
2018 2018 2018 2018 2017 2017 2017 2017
(in millions)
Cost of product revenue $ 0.4 $ 0.3 $ 0.4 $ 0.4 $ 0.3 $ 0.3 $ 0.4 $ 0.3
Cost of service revenue 2.8 2.8 2.7 2.5 2.4 2.4 2.5 2.3
Research and development 9.5 9.3 9.2 8.4 8.1 8.0 8.3 7.9
Sales and marketing 25.1 26.0 23.6 20.9 19.6 19.6 19.7 19.0
General and administrative 4.8 4.8 4.7 4.3 4.0 4.0 4.2 3.8
Total stock-based
compensation expense $ 42.6 $ 43.2 $ 40.6 $ 36.5 $ 34.4 $ 34.3 $ 35.1 $ 33.3

60
Table of Contents

(2) Total amortization included in product costs, service costs, and sales and marketing expense are as follows:

Three Months Ended


Dec 31, Sept 30, Jun 30, Mar 31, Dec 31, Sept 30, Jun 30, Mar 31,
2018 2018 2018 2018 2017 2017 2017 2017
(in millions)
Amortization of intangible assets $ 2.9 $ 2.5 $ 1.8 $ 1.8 $ 2.1 $ 2.0 $ 2.2 $ 2.3

Seasonality, Cyclicality and Quarterly Revenue Trends

Our quarterly results reflect a pattern of increased customer buying at year-end, which has positively impacted billings and product revenue activity
in the fourth quarter. In the first quarter, we generally experience lower sequential customer buying, followed by an increase in buying in the second quarter.
The third quarter is often consistent with the second quarter. Although these seasonal factors are common in the technology sector, historical patterns should
not be considered a reliable indicator of our future sales activity or performance. On a quarterly basis, we have usually generated the majority of our product
revenue in the final month of each quarter and a significant amount in the last two weeks of each quarter. We believe this is due to customer buying patterns
typical in this industry.

Consistent with the seasonality note above, our total quarterly revenue over the past eight quarters has generally increased sequentially in each
quarter, except in the first and third quarters of 2018 and 2017. Product revenue, in each quarter in 2018, increased as compared to the same quarter in 2017,
which we believe was due to investments we made in our sales and marketing organizations, continued product innovation and a robust security market. We
continue to see a shift from product revenue to higher-margin, recurring service revenue, which is a result of our growing customer base.

Total gross margin has fluctuated on a quarterly basis primarily due to seasonality of product sales and seasonality of cost increases. Product gross
margin varies based on the types of products sold and the average selling prices of our products. In 2018, product gross margin was impacted by new product
introductions and the mix of high-end, mid-range and entry-level products. Service gross margin benefited from the growth of our customer base and
renewals.

61
Table of Contents

Liquidity and Capital Resources

As of December 31,
2018 2017 2016
(in millions)
Cash and cash equivalents $ 1,112.4 $ 811.0 $ 709.0
Investments 604.2 538.3 601.5
Total cash, cash equivalents and investments $ 1,716.6 $ 1,349.3 $ 1,310.5
Working capital $ 964.5 $ 689.6 $ 709.3

Year Ended December 31,


2018 2017 2016
(in millions)
Net cash provided by operating activities $ 638.9 $ 594.4 $ 345.7
Net cash used in investing activities (134.9) (76.8) (74.1)
Net cash used in financing activities (202.6) (415.6) (105.9)
Net increase in cash and cash equivalents $ 301.4 $ 102.0 $ 165.7

Liquidity and capital resources may be impacted by our operating activities, as well as by our stock repurchases, real estate and other capital
expenditures, proceeds associated with stock option exercises and issuances of common stock under our equity incentive plans, payment of taxes in
connection with the net settlement of equity awards and business acquisitions. In recent years, we have received significant capital resources as a result of
increases in our deferred revenue and the proceeds from exercise of stock options and purchases under our equity incentive plans. Additional increases in
deferred revenue may depend on a number of factors including our billing growth rate, service contract renewal rates and length of initial and renewals
service contracts. We expect proceeds from the issuance of stock options in future years to be impacted by the increased mix of restricted stock units versus
stock options granted and also to vary based on our share price. As of December 31, 2018, $733.8 million remained available for future share repurchase
under the Repurchase Program.

Construction to our new headquarters building started in the fourth quarter of 2018 and related spending will continue in 2019 and until project
completion. We estimate 2019 spending on the project to be between $60.0 million to $80.0 million dollars.

As of December 31, 2018, our cash, cash equivalents and investments of $1.72 billion were invested primarily in corporate debt securities,
certificates of deposit and term deposits, commercial paper, money market funds, and U.S. government and agency securities. It is our investment policy to
invest excess cash in a manner that preserves capital, provides liquidity and maximizes return without significantly increasing risk. We do not enter into
investments for trading or speculative purposes.

The amount of cash, cash equivalents and investments held by our international subsidiaries was $956.6 million as of December 31, 2018. Under the
2017 Tax Act signed into law in December 2017, starting on January 1, 2018, we are no longer subject to federal income tax on earnings remitted from our
foreign subsidiaries. We have analyzed our global working capital and cash requirements and the potential tax liabilities attributable to repatriation, and have
determined that we will be repatriating certain unremitted foreign earnings which were previously deemed indefinitely reinvested. For those investments from
which we were able to make a reasonable estimate of the tax effects of such repatriation, we have recorded a provisional estimate for withholding and state
taxes. Most of our off-shore cash is located in Singapore.

We believe that our existing cash and cash equivalents will be sufficient to meet our anticipated cash needs for at least the next 12 months. Our future
capital requirements will depend on many factors, including our growth rate, the timing and amount of our planned share repurchases, the timing and extent
of spending to support development efforts, the expansion of sales and marketing activities, the introduction of new and enhanced products and services
offerings, the continuing market acceptance of our products and our investments in real estate through purchases or long-term leases. Historically, we have
required capital principally to fund our working capital needs, share repurchases, capital expenditures and acquisition activities. In the event that additional
financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all.

62
Table of Contents

Operating Activities

Cash generated by operating activities is our primary source of liquidity. It is primarily comprised of net income, as adjusted for non-cash items, and
changes in operating assets and liabilities, including deferred revenue. Non-cash adjustments consist primarily of stock-based compensation, amortization of
deferred contract costs in connection with the adoption of Topic 606, depreciation of property and equipment, amortization of intangible assets and
amortization of investment premiums.

Our operating activities during 2018 provided $638.9 million in cash as a result of the continued growth of our business and our ability to
successfully manage our working capital. Changes in operating assets and liabilities primarily resulted from an increase in sales of our FortiGuard security
subscription and FortiCare technical support services to new and existing customers, as reflected by an increase in our deferred revenue. Our total deferred
revenue balance grew 26% as of December 31, 2018 compared to the same period last year to $1.69 billion.

Our operating activities during 2017 provided $594.4 million in cash as a result of our continued growth of our business and our ability to
successfully manage our working capital. Changes in operating assets and liabilities primarily resulted from an increase in sales of our FortiGuard security
subscription and FortiCare technical support services to new and existing customers, as reflected by an increase in our deferred revenue, which was partially
offset by an increase in accounts receivable. We continued to see a shift from product revenues to higher-margin, recurring service revenues and longer
duration contracts. Our total revenue grew 17% in 2017 compared to 2016 and our total deferred revenue balance grew 29%.

Our operating activities during 2016 provided $345.7 million in cash as a result of our continued growth of our business and the ability to
successfully manage our working capital. Changes in operating assets and liabilities primarily resulted from an increase in sales of our FortiGuard security
subscription and FortiCare technical supports to new and existing customers, as reflected by an increase in our deferred revenue, which was partially offset by
an increase in accounts receivable and payments for inventory purchases. We also started to see a shift from product revenues to higher-margin, recurring
service revenues. Our total revenue grew 26% in 2016 compared to 2015, while our total deferred revenue balance grew 31%.

Investing Activities

The changes in cash flows from investing activities primarily relate to timing of purchases, maturities and sales of investments, purchases of property
and equipment, and payments made in connection with business acquisitions. Historically, in making a lease versus purchase decision related to our larger
facilities, we have considered various factors including financial metrics and the impact on our employees. In certain cases, we have elected to purchase the
facility if we believed that purchasing rather than leasing is more in line with our long-term strategy. We expect to make similar decisions in the future.

During 2018, cash used in investing activities was primarily due to $60.2 million spent for purchases of our investments, net of maturities and sales
of investments, $53.0 million spent on capital expenditures and $21.7 million used for the acquisitions of Bradford and ZoneFox, net of cash acquired.

During 2017, cash used in investing activities was primarily due to $135.3 million we spent on capital expenditures, including our purchases of real
estate properties in Canada and Sunnyvale, California, for total cash of $107.2 million. The outflow of cash was partially offset by positive cash flow due to
maturities and sales, net of purchases, from our investments of $58.5 million.

During 2016, cash used in investing activities was primarily due to $67.2 million we spent on capital expenditures, including our purchases of a
warehouse in Union City, California, for total cash of $18.5 million, and a $22.1 million payment for the acquisition of AccelOps. The outflow of cash was
partially offset by positive cash flow due to maturities and sales, net of purchases, from our investments of $15.1 million.

Financing Activities

The changes in cash flows from financing activities primarily relate to repurchase and retirement of common stock, proceeds from the issuance of
common stock under our equity incentive plans, taxes paid related to net share settlement of equity awards and payments of debt assumed in business
combinations.

During 2018, cash used in financing activities was $202.6 million, primarily due to $211.8 million used to repurchase our common stock and $10.1
million of payments of the debt assumed in business combinations. This was partially offset by $19.3 million of proceeds from the issuance of common stock,
net of tax withholding.

63
Table of Contents

During 2017, cash used in financing activities was $415.6 million, primarily due to $446.3 million used to repurchase our common stock. This was
partially offset by $30.7 million of proceeds from the issuance of common stock, net of tax withholding.

During 2016, cash used in financing activities was $105.9 million, primarily due to $110.8 million used to repurchase our common stock. This was
partially offset by $6.5 million of proceeds from the issuance of common stock, net of tax withholding.

Contractual Obligations and Commitments

The following summarizes our contractual obligations as of December 31, 2018:

Payments Due by Period


More than 5
Total Less than 1 year 1 - 3 years 3 - 5 years years
(in millions)
(1)
Operating lease commitments $ 50.1 $ 17.1 $ 20.7 $ 8.6 $ 3.7
Inventory purchase commitments (2) 177.3 173.1 4.2 — —
Total $ 227.4 $ 190.2 $ 24.9 $ 8.6 $ 3.7
________________________
(1) Consists of contractual obligations from non-cancelable office space under operating leases.
(2) Consists of minimum purchase commitments with independent contract manufacturers.

In addition to commitments with contract manufacturers, we have open purchase orders and contractual obligations in the ordinary course of
business for which we have not received goods or services. As of December 31, 2018, we had $14.3 million in other contractual commitments having a
remaining term in excess of one year that may not be cancelable.

As of December 31, 2018, we had $77.5 million of long-term income tax liabilities, including interest, related to uncertain tax positions. Because of
the high degree of uncertainty regarding the settlement of these liabilities, we are unable to estimate the years in which future cash outflows may occur.

Off-Balance Sheet Arrangements

During 2018, 2017 and 2016, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured
finance or special purpose entities that would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually
narrow or limited purposes.

Recent Accounting Pronouncements

See Note 1 of the notes to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K for a full description of
recently adopted accounting pronouncements.

64
Table of Contents

ITEM 7A. Quantitative and Qualitative Disclosures about Market Risk

Interest Rate Fluctuation Risk

The primary objectives of our investment activities are to preserve principal, provide liquidity and maximize income without significantly increasing
risk. Some of the securities we invest in are subject to market risk. This means that a change in prevailing interest rates may cause the principal amount of the
investment to fluctuate. To minimize this risk, we maintain our portfolio of cash, cash equivalents and investments in a variety of securities, including
corporate debt securities, certificates of deposit and term deposits, commercial paper, money market funds, and U.S. government and agency securities. The
risk associated with fluctuating interest rates is limited to our investment portfolio. A 10% decrease in interest rates in 2018, 2017 and 2016 would have
resulted in an insignificant decrease in our interest income in each of these periods.

Foreign Currency Exchange Risk

Our sales contracts are primarily denominated in U.S. dollars and therefore substantially all of our revenue is not subject to foreign currency
translation risk. However, a substantial portion of our operating expenses incurred outside the United States are denominated in foreign currencies and are
subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Canadian dollar (“CAD”), the Euro (“EUR”) and the
British pound (“GBP”). To help protect against significant fluctuations in value and the volatility of future cash flows caused by changes in currency
exchange rates, we engage in foreign currency risk management activities to minimize the impact of balance sheet items denominated in CAD. We do not use
these contracts for speculative or trading purposes. All of the derivative instruments are with high quality financial institutions and we monitor the credit
worthiness of these parties. These contracts typically have a maturity of one month and settle on the last day of each month. We record changes in the fair
value of forward exchange contracts related to balance sheet accounts in Other income (expense)—net in the consolidated statements of income. We
recognized an expense of $9.3 million in 2018 due to foreign currency transaction and hedging losses.

Our use of forward exchange contracts is intended to reduce, but not eliminate, the impact of currency exchange rate movements. Our forward
exchange contracts are relatively short-term in nature and are focused on the CAD. Long-term material changes in the value of the U.S. dollar against other
foreign currencies, such as the EUR and GBP, could adversely impact our operating expenses in the future. We assessed the risk of loss in fair values from the
impact of hypothetical changes in foreign currency exchange rates. For foreign currency exchange rate risk, a 10% increase or decrease of foreign currency
exchange rates against the U.S. dollar with all other variables held constant would have resulted in a $6.2 million change in the value of our foreign currency
cash balances as of December 31, 2018.

Inflation Risk

Our monetary assets, consisting primarily of cash, cash equivalents and short-term investments, are not affected significantly by inflation because
they are predominantly short-term. We believe the impact of inflation on replacement costs of equipment, furniture and leasehold improvements will not
materially affect our operations. The rate of inflation, however, affects our cost of revenue and expenses, such as those for employee compensation, which
may not be readily recoverable in the price of products and services offered by us.

65
Table of Contents

ITEM 8. Financial Statements and Supplementary Data

INDEX TO CONSOLIDATED FINANCIAL STATEMENTS


For the years ended December 31, 2018, 2017, and 2016

Page

Report of Independent Registered Public Accounting Firm 67


Consolidated Balance Sheets 68
Consolidated Statements of Income 69
Consolidated Statements of Comprehensive Income 70
Consolidated Statements of Stockholders’ Equity 71
Consolidated Statements of Cash Flows 72
Notes to Consolidated Financial Statements 73

The supplementary financial information required by this Item 8 is included in Part II, Item 7 of this Annual Report on Form 10-K under the caption
“Management’s Discussion and Analysis of Financial Condition and Results of Operations—Quarterly Results of Operations.”

66
Table of Contents

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the stockholders and the Board of Directors of Fortinet, Inc.

Opinion on the Financial Statements

We have audited the accompanying consolidated balance sheets of Fortinet, Inc. and subsidiaries (the “Company”) as of December 31, 2018 and 2017, the
related consolidated statements of income, comprehensive income, stockholders’ equity, and cash flows for each of the three years in the period ended
December 31, 2018, and the related notes and the schedule listed in the Index at Item 15 (collectively referred to as the “financial statements”). In our
opinion, the financial statements present fairly, in all material respects, the financial position of the Company as of December 31, 2018 and 2017, and the
results of its operations and its cash flows for each of the three years in the period ended December 31, 2018, in conformity with accounting principles
generally accepted in the United States of America.

We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company’s
internal control over financial reporting as of December 31, 2018, based on criteria established in Internal Control — Integrated Framework (2013) issued by
the Committee of Sponsoring Organizations of the Treadway Commission and our report dated February 26, 2019, expressed an unqualified opinion on the
Company's internal control over financial reporting.

Change in Accounting Principle

As discussed in Note 1 to the financial statements, the Company has changed its method of accounting for revenue in fiscal 2018 due to adoption of the new
revenue standard.

Basis for Opinion

These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s financial
statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company
in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable
assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures
to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks.
Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included
evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial
statements. We believe that our audits provide a reasonable basis for our opinion.

/s/ DELOITTE & TOUCHE LLP

San Jose, California


February 26, 2019

We have served as the Company's auditor since 2002.

67
Table of Contents

FORTINET, INC.
CONSOLIDATED BALANCE SHEETS
(in millions, except per share amounts)

December 31, December 31,


2018 2017
ASSETS
CURRENT ASSETS:
Cash and cash equivalents $ 1,112.4 $ 811.0
Short-term investments 537.2 440.3
Accounts receivable—Net of reserves for doubtful accounts of $0.9 million at December 31, 2018 and net
of reserves for sales returns and doubtful accounts of $14.5 million at December 31, 2017 444.5 348.2
Inventory 90.0 77.3
Prepaid expenses and other current assets 36.8 40.0
Total current assets 2,220.9 1,716.8
LONG-TERM INVESTMENTS 67.0 98.0
PROPERTY AND EQUIPMENT—NET 271.4 245.4
DEFERRED CONTRACT COSTS 182.6 —
DEFERRED TAX ASSETS 255.0 146.9
OTHER INTANGIBLE ASSETS—NET 22.1 16.3
GOODWILL 38.2 14.6
OTHER ASSETS 20.8 19.9
TOTAL ASSETS $ 3,078.0 $ 2,257.9

LIABILITIES AND STOCKHOLDERS’ EQUITY


CURRENT LIABILITIES:
Accounts payable $ 86.4 $ 70.0
Accrued liabilities 77.5 50.0
Accrued payroll and compensation 98.4 92.0
Income taxes payable 28.2 21.4
Deferred revenue 965.9 793.8
Total current liabilities 1,256.4 1,027.2
DEFERRED REVENUE 720.9 542.5
INCOME TAX LIABILITIES 77.5 90.2
OTHER LIABILITIES 13.0 8.6
Total liabilities 2,067.8 1,668.5
COMMITMENTS AND CONTINGENCIES (Note 10)
STOCKHOLDERS’ EQUITY:
Common stock, $0.001 par value—300 shares authorized; 169.8 and 167.9 shares issued and outstanding at
December 31, 2018 and 2017, respectively 0.2 0.2
Additional paid-in capital 1,068.3 909.6
Accumulated other comprehensive loss (0.8) (0.8)
Accumulated deficit (57.5) (319.6)
Total stockholders’ equity 1,010.2 589.4
TOTAL LIABILITIES AND STOCKHOLDERS’ EQUITY $ 3,078.0 $ 2,257.9

See notes to consolidated financial statements.

68
Table of Contents

FORTINET, INC.
CONSOLIDATED STATEMENTS OF INCOME
(in millions, except per share amounts)

Year Ended December 31,


2018 2017 2016
REVENUE:
Product $ 674.4 $ 577.2 $ 548.1
Service 1,126.8 917.7 727.3
Total revenue 1,801.2 1,494.9 1,275.4
COST OF REVENUE:
Product 291.0 243.8 209.0
Service 159.4 141.5 128.8
Total cost of revenue 450.4 385.3 337.8
GROSS PROFIT:
Product 383.4 333.4 339.1
Service 967.4 776.2 598.5
Total gross profit 1,350.8 1,109.6 937.6
OPERATING EXPENSES:
Research and development 244.5 210.6 183.1
Sales and marketing 782.3 701.0 626.5
General and administrative 93.0 87.9 81.1
Restructuring charges — 0.3 4.0
Total operating expenses 1,119.8 999.8 894.7
OPERATING INCOME 231.0 109.8 42.9
INTEREST INCOME 26.5 13.5 7.3
OTHER INCOME (EXPENSE)—NET (6.6) 0.7 (7.1)
INCOME BEFORE INCOME TAXES 250.9 124.0 43.1
PROVISION FOR (BENEFIT FROM) INCOME TAXES (81.3) 92.6 10.9
NET INCOME $ 332.2 $ 31.4 $ 32.2
Net income per share (Note 9):
Basic $ 1.96 $ 0.18 $ 0.19
Diluted $ 1.91 $ 0.18 $ 0.18
Weighted-average shares outstanding:
Basic 169.1 174.3 172.6
Diluted 174.2 178.1 176.3

See notes to consolidated financial statements.

69
Table of Contents

FORTINET, INC.
CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME
(in millions)

Year Ended December 31,


2018 2017 2016
Net income $ 332.2 $ 31.4 $ 32.2
Other comprehensive income (loss):
Change in unrealized gains (losses) on investments — (0.1) 0.3
Tax provision (benefit) related to change in unrealized gains (losses) on investments — — 0.1
Other comprehensive income (loss) — (0.1) 0.2
Comprehensive income $ 332.2 $ 31.3 $ 32.4

See notes to consolidated financial statements.

70
Table of Contents

FORTINET, INC.
CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY
(in millions)
Accumulated
Common Stock Additional Other Retained Total
Paid-In Comprehensive Earnings Stockholders’
Shares Amount Capital Loss (Deficit) Equity
BALANCE—December 31, 2015 171.4 $ 0.2 $ 687.6 $ (0.9) $ 68.5 $ 755.4
Issuance of common stock in connection with equity incentive plans - net of tax
withholding 5.5 — 6.0 — — 6.0
Repurchase and retirement of common stock (3.8) — (16.2) — (94.6) (110.8)
Stock-based compensation expense — — 122.4 — — 122.4
Cumulative-effect adjustment from adoption of ASU 2016-09 — — 0.8 — 31.5 32.3
Net unrealized gain on investments - net of tax — — — 0.2 — 0.2
Net income — — — — 32.2 32.2
BALANCE—December 31, 2016 173.1 0.2 800.6 (0.7) 37.6 837.7
Issuance of common stock in connection with equity incentive plans - net of tax
withholding 6.0 — 29.5 — — 29.5
Repurchase and retirement of common stock (11.2) — (57.7) — (388.6) (446.3)
Stock-based compensation expense — — 137.2 — — 137.2
Net unrealized loss on investments - net of tax — — — (0.1) — (0.1)
Net income — — — — 31.4 31.4
BALANCE—December 31, 2017 167.9 0.2 909.6 (0.8) (319.6) 589.4
Issuance of common stock in connection with equity incentive plans - net of tax
withholding 5.7 — 17.5 — — 17.5
Repurchase and retirement of common stock (3.8) — (21.7) — (187.4) (209.1)
Stock-based compensation expense — — 162.9 — — 162.9
Cumulative effect adjustments from adoption of Topic 606 — — — — 117.3 117.3
Net income — — — — 332.2 332.2
BALANCE—December 31, 2018 169.8 $ 0.2 $ 1,068.3 $ (0.8) $ (57.5) $ 1,010.2

See notes to consolidated financial statements.

71
Table of Contents

FORTINET, INC.
CONSOLIDATED STATEMENTS OF CASH FLOWS
(in millions)
Year Ended December 31,
2018 2017 2016
CASH FLOWS FROM OPERATING ACTIVITIES:
Net income $ 332.2 $ 31.4 $ 32.2
Adjustments to reconcile net income to net cash provided by operating activities:
Stock-based compensation 162.9 137.2 122.4
Amortization of deferred contract costs 90.9 — —
Depreciation and amortization 55.7 55.5 48.5
Amortization of investment premiums (0.6) 2.5 4.8
Other non-cash items—net (0.9) 3.8 2.6
Changes in operating assets and liabilities, net of assets acquired and liabilities assumed in business
acquisitions:
Accounts receivable—net (82.0) (38.4) (57.9)
Inventory (33.4) 9.4 (43.0)
Prepaid expenses and other current assets 4.2 (6.7) 2.6
Deferred contract costs (136.4) — —
Deferred tax assets (127.8) 35.8 (27.8)
Other assets (3.8) (1.0) (2.4)
Accounts payable 14.6 13.1 0.1
Accrued liabilities 14.5 14.4 (3.2)
Accrued payroll and compensation 3.5 12.6 15.7
Other liabilities (0.8) (5.5) (5.0)
Deferred revenue 352.1 300.8 243.0
Income taxes payable (6.0) 29.5 13.1
Net cash provided by operating activities 638.9 594.4 345.7
CASH FLOWS FROM INVESTING ACTIVITIES:
Purchases of investments (681.8) (669.2) (473.6)
Sales of investments 42.8 300.3 28.3
Maturities of investments 578.8 427.4 460.5
Purchases of property and equipment (53.0) (135.3) (67.2)
Payments made in connection with business acquisitions, net of cash acquired (21.7) — (22.1)
Net cash used in investing activities (134.9) (76.8) (74.1)
CASH FLOWS FROM FINANCING ACTIVITIES:
Repurchase and retirement of common stock (211.8) (446.3) (110.8)
Proceeds from issuance of common stock 86.5 75.8 44.8
Taxes paid related to net share settlement of equity awards (67.2) (45.1) (38.3)
Payments of debt assumed in connection with business acquisitions (10.1) — (1.6)
Net cash used in financing activities (202.6) (415.6) (105.9)
NET INCREASE IN CASH AND CASH EQUIVALENTS 301.4 102.0 165.7
CASH AND CASH EQUIVALENTS—Beginning of year 811.0 709.0 543.3
CASH AND CASH EQUIVALENTS—End of year $ 1,112.4 $ 811.0 $ 709.0

SUPPLEMENTAL DISCLOSURES OF CASH FLOW INFORMATION:


Cash paid for income taxes—net $ 41.4 $ 32.2 $ 26.6

NON-CASH INVESTING AND FINANCING ACTIVITIES:


Transfers of evaluation units from inventory to property and equipment $ 21.6 $ 21.0 $ 21.1
Liability for purchase of property and equipment $ 8.3 $ 8.1 $ 8.2
Liability incurred for repurchase of common stock $ 4.2 $ — $ —

See notes to consolidated financial statements.

72
Table of Contents

FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

1. SUMMARY OF SIGNIFICANT ACCOUNTING POLICIES

Business—Fortinet, Inc. (“Fortinet”) was incorporated in Delaware in November 2000 and is a global leader in broad, integrated and automated
cybersecurity solutions. Fortinet provides high performance cybersecurity solutions to a wide variety of businesses, such as enterprises, communication
service providers and small businesses. Fortinet’s cybersecurity solutions are designed to provide broad visibility and segmentation of the digital attack
surface, through our integrated Security Fabric Platform with automated protection, detection and responses.

Basis of Presentation and Preparation—The consolidated financial statements of Fortinet and its wholly owned subsidiaries (collectively, the
“Company,” “we,” “us” or “our”) have been prepared in accordance with generally accepted accounting principles in the United States (“GAAP”). All
intercompany transactions and balances have been eliminated in consolidation.

Use of Estimates—The preparation of consolidated financial statements in accordance with GAAP requires management to make estimates and
assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. Such management estimates include, but are
not limited to, the standalone selling price for each distinct performance obligation included in customer contracts with multiple performance obligations, the
period of benefit for deferred contract costs for commissions, stock-based compensation, inventory valuation, fair value of assets acquired and liabilities
assumed in business combinations, measurement of liabilities for uncertain tax positions and deferred tax assets and liabilities, assessment of recoverability of
our goodwill and other long-lived assets, sales returns reserve and contingent liabilities. We base our estimates on historical experience and also on
assumptions that we believe are reasonable. Actual results could differ from those estimates.

Concentration of Credit Risk—Financial instruments that subject us to concentrations of credit risk consist primarily of cash, cash equivalents,
short-term and long-term investments and accounts receivable. Our cash balances are maintained as deposits with various large financial institutions in the
United States and around the world. Balances in the United States typically exceed the amount of insurance provided on such deposits. We maintain our cash
equivalents and investments in money market funds, commercial paper and fixed income securities with major financial institutions that our management
believes are financially sound.

Our accounts receivables are primarily derived from our channel partners in various geographic locations. We perform ongoing credit evaluations of
our customers. We generally do not require collateral on accounts receivable, and we maintain reserves for estimated potential credit losses. In July 2017,
Exclusive Networks Group (“Exclusive”), which distributes our solutions to a large group of resellers and end-customers, acquired the U.S. division of Fine
Tec Computers (“Fine Tec U.S.”). Fine Tec U.S.’s revenue and accounts receivable have been combined with Exclusive’s from the date of acquisition. As of
December 31, 2018 and 2017 Exclusive accounted for 38% and 35% of total net accounts receivable, respectively.

During 2018, Exclusive and Ingram Micro Inc. accounted for 30% and 10% of total revenue, respectively. During 2017 and 2016, Exclusive
accounted for 25% and 20% of total revenue, respectively.

Financial Instruments and Fair Value—We define fair value as the price that would be received from selling an asset, or paid to transfer a liability,
in an orderly transaction between market participants at the measurement date. When determining the fair value measurements for assets and liabilities which
are required to be recorded at fair value, we consider the principal or most advantageous market in which to transact and the market-based risk. We apply fair
value accounting for all financial assets and liabilities and non-financial assets and liabilities that are recognized or disclosed at fair value in the financial
statements on a recurring basis. Due to their short-term nature, the carrying amounts reported in the consolidated financial statements approximate the fair
value for cash and cash equivalents, accounts receivable, accounts payable, accrued liabilities, and accrued payroll and compensation.

Comprehensive Income—Comprehensive income includes certain changes in equity from non-owner sources that are excluded from net income,
specifically, unrealized gains and losses on available-for-sale investments and the related tax impact.

73
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Foreign Currency and Transaction Gains and Losses—The functional currency of our foreign subsidiaries is the U.S. dollar. Accordingly,
monetary assets and liabilities denominated in foreign currencies have been remeasured into U.S. dollars using the exchange rates in effect at the balance
sheet dates. Foreign currency denominated income and expenses have been remeasured using the exchange rates in effect during each period. Foreign
currency remeasurement gains (losses) of $(8.2) million, $1.0 million and $(6.6) million are included in other income (expense)—net for 2018, 2017 and
2016, respectively.

Cash, Cash Equivalents and Available-for-Sale Investments—We consider all highly liquid investments, purchased with original maturities of
three months or less, to be cash equivalents. Cash and cash equivalents consist of balances with banks and highly liquid investments in money market funds,
commercial paper, term deposits and corporate debt.

We classify our investments as available-for-sale at the time of purchase, since it is our intent that these investments are available for current
operations. Investments with original maturities greater than three months that mature less than one year from the consolidated balance sheet date are
classified as short-term investments. Investments with maturities greater than one year from the consolidated balance sheet date are classified as long-term
investments.

Investments are considered to be impaired when a decline in fair value is judged to be other-than-temporary. We consult with our investment
managers and consider available quantitative and qualitative evidence in evaluating potential impairment of our investments on a quarterly basis. If the cost of
an individual investment exceeds its fair value, we evaluate, among other factors, general market conditions, the duration and extent to which the fair value is
less than cost, and our intent and ability to hold the investment. Once a decline in fair value is determined to be other-than-temporary, an impairment charge is
recorded and a new cost basis in the investment is established.

For debt securities in an unrealized loss position which is deemed to be other-than-temporary, the difference between the security’s then-current
amortized cost basis and fair value is separated into (i) the amount of the impairment related to the credit loss (i.e., the credit loss component) and (ii) the
amount of the impairment related to all other factors (i.e., the non-credit loss component). The credit loss component is recognized in earnings. The non-credit
loss component is recognized in accumulated other comprehensive loss.

Inventory—Inventory is recorded at the lower of cost or net realizable value. Cost is computed using the first-in, first-out method. In assessing the
ultimate recoverability of inventory, we make estimates regarding future customer demand, the timing of new product introductions, economic trends and
market conditions. If the actual product demand is significantly lower than forecasted, we could be required to record inventory write-downs which would be
charged to cost of product revenue.

Property and Equipment—Property and equipment are stated at cost less accumulated depreciation. Depreciation is computed using the straight-
line method over the estimated useful lives of the assets as follows:

Estimated Useful Lives


Building and building improvements 2 to 30 years
Computer equipment and software 1 to 7 years
Evaluation units 1 year
Furniture and fixtures 3 to 5 years
Leasehold improvements Shorter of useful life or lease term

Other Investments—Investments in privately held companies where we own less than 20% of the voting stock and have no indicators of significant
influence over operating and financial policies of those companies are included in other assets in the consolidated balance sheets. As of December 31, 2017,
these investments were accounted for under the cost method. As of December 31, 2018, with the adoption of the ASU 2016-01—Financial Instruments—
Overall (Subtopic 825-10): Recognition and Measurement of Financial Assets and Financial Liabilities, these investments are accounted for at cost, adjusted
for changes in observable prices minus impairment. Adoption of ASU 2016-01 did not have an impact on our consolidated financial statements. For these
non-quoted investments, we regularly review the assumptions underlying the operating performance and cash flow forecasts as well as current fundraising
activities and valuations based on information provided by these privately held companies. If it is determined that an other-than-temporary decline or increase
in value exists

74
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

in an investment without readily determinable value, we adjust the value of the investment to its fair value and record the related impairment or increase in
value as an investment loss or gain in our consolidated statements of income.

Business Combinations—We include the results of operations of the businesses that we acquire as of the respective dates of acquisition. We allocate
the fair value of the purchase price of our business acquisitions to the tangible and intangible assets acquired and liabilities assumed, based on their estimated
fair values. The excess of the purchase price over the fair values of these identifiable assets and liabilities is recorded as goodwill. We often continue to gather
additional information throughout the measurement period, and if we make changes to the amounts recorded, such amounts are recorded in the period in
which they are identified.

Impairment of Long-Lived Assets—We evaluate events and changes in circumstances that could indicate carrying amounts of long-lived assets,
including intangible assets, may not be recoverable. When such events or changes in circumstances occur, we assess the recoverability of long-lived assets by
determining whether the carrying value of such assets will be recovered through undiscounted expected future cash flows. If the total of the future
undiscounted cash flows is less than the carrying amount of those assets, we record an impairment charge in the period in which we make the determination.
If such assets are considered to be impaired, the impairment to be recognized is measured by the amount by which the carrying amount of the assets exceeds
the fair value of the assets.

Goodwill—Goodwill represents the excess of purchase consideration over the estimated fair value of net assets of businesses acquired in a business
combination. Goodwill acquired in a business combination is not amortized, but instead tested for impairment at least annually during the fourth quarter, or
sooner when circumstances indicate an impairment may exist. We perform a qualitative assessment in the fourth quarter of each year, or more frequently if
indicators of potential impairment exist, to determine if any events or circumstances exist, such as an adverse change in business climate or a decline in the
overall industry that would indicate that it would more likely than not reduce the fair value of a reporting unit below its carrying amount, including goodwill.
Then we perform a quantitative impairment test by comparing the fair value of a reporting unit with its carrying amount. Any excess in the carrying value of a
reporting unit’s goodwill over its fair value is recognized as an impairment loss, limited to the total amount of goodwill allocated to that reporting unit.

We performed our annual goodwill impairment analysis and did not identify any impairment indicators as a result of the review. As of December 31,
2018, we had one reporting unit.

Other Intangible Assets—Intangible assets with finite lives are carried at cost, less accumulated amortization. Amortization is computed using the
straight-line or accelerated method over the estimated economic lives of the assets, which range from three to five years.

Deferred Revenue—Deferred revenue consists of amounts that have been invoiced but that have not yet been recognized as revenue. The majority
of deferred revenue is comprised of security subscription and technical support services which are invoiced upfront and delivered over 12 months or longer.

Income Taxes—We record income taxes using the asset and liability method, which requires the recognition of deferred tax assets and liabilities for
the expected future tax consequences of events that have been recognized in our financial statements or tax returns. In addition, deferred tax assets are
recorded for the future benefit of utilizing net operating losses and research and development credit carryforwards. Deferred tax assets and liabilities are
measured using the currently enacted tax rates that apply to taxable income in effect for the years in which those tax assets and liabilities are expected to be
realized or settled. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.

We recognize tax benefits from an uncertain tax positions only if it is more likely than not, based on the technical merits of the position, that the tax
position will be sustained on examination by the tax authorities. The tax benefits recognized in the financial statements from such positions are then measured
based on the largest benefit that has a greater than 50% likelihood of being realized upon ultimate settlement.

Stock-Based Compensation—The fair value of restricted stock units (“RSUs”) is based on the closing market price of our common stock on the
date of grant. We have elected to use the Black-Scholes-Merton (“Black-Scholes”) pricing model to determine the fair value of our employee stock options
and our equity incentive plans. Stock-based compensation expense is amortized on a straight-line basis over the service period.

75
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Leases—We rent certain facilities under operating lease agreements and recognize related rent expense on a straight-line basis over the term of the
lease. Some of our lease agreements contain rent holidays, scheduled rent increases, lease incentives and renewal options. Rent holidays and scheduled rent
increases are included in the determination of rent expense to be recorded over the lease term. Lease incentives are recognized as a reduction of rent expense
on a straight-line basis over the term of the lease. Renewals are not assumed in the determination of the lease term unless they are deemed to be reasonably
assured at the inception of the lease. We begin recognizing rent expense on the date that we obtain the legal right to use and control the leased space.

Advertising Expense—Advertising costs are expensed when incurred and are included in operating expenses in the accompanying consolidated
statements of income. Our advertising expenses were not significant for any periods presented.

Research and Development Costs—Research and development costs are expensed as incurred.

Deferred Contract Costs and Commission Expense—In 2017, we recognized commission expense on both product sales and service contracts at
the time of sale. Beginning on January 1, 2018, we recognize sales commissions related to product sales upfront while sales commissions for service contracts
are deferred as Deferred contract costs in the consolidated balance sheets and amortized over the applicable amortization period. Costs for initial contracts
that are not commensurate with renewal commissions are amortized on a straight-line basis over the period of benefit, which we have determined to be five
years and which is typically longer than the initial contract term.

Software Development Costs—The costs to develop software that is marketed have not been capitalized as we believe our current software
development process is essentially completed concurrently with the establishment of technological feasibility. Such costs are expensed as incurred and
included in research and development in our consolidated statements of income.

The costs to obtain or develop software for internal use are capitalized based on qualifying criteria, which includes a determination of whether such
costs are incurred during the application development stage. Such costs are amortized over the software’s estimated useful life.

Revenue Recognition—On January 1, 2018 we adopted Accounting Standards Update (“ASU”) 2014-09, Revenue from Contracts with Customers
(Topic 606) (“Topic 606”) using the modified retrospective method applied to those contracts which were not completed as of January 1, 2018. Results for
reporting periods beginning after January 1, 2018 are presented under Topic 606, while prior period amounts are not adjusted and continue to be reported
under ASU 2009-13, Revenue Recognition (Topic 605) (“Topic 605”). The details of significant changes and quantitative impact of the changes are discussed
below.

Beginning in 2018, revenues are recognized when control of these goods or services is transferred to our customers, in an amount that reflects the
consideration we expect to be entitled to in exchange for those goods or services. Prior to 2018, revenue was recognized under Topic 605 when all of the
following criteria were met: (i) persuasive evidence of an arrangement existed, (ii) delivery has occurred or services have been rendered, (iii) sales price was
fixed or determinable and (iv) collectability was reasonably assured.

Under Topic 606, we determine revenue recognition through the following steps:

• identification of a contract or contracts with a customer,


• identification of the performance obligations in a contract, including evaluation of performance obligations and evaluating the distinct
goods or services in a contract,
• determination of a transaction price,
• allocation of a transaction price to the performance obligations in a contract, and
• recognition of revenue when, or as, we satisfy a performance obligation.

We derive a majority of product sales from our FortiGate products. Our FortiGate products include a broad set of built-in security and networking
features and functionalities including firewall, SD-WAN, data leak prevention, VPN, switch and wireless controller and WAN acceleration, among others.

76
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

We previously recognized product revenue for sales to distributors that had no general right of return and direct sales to end-customers upon
shipment, based on general revenue recognition accounting guidance once all other revenue recognition criteria were met. Certain distributors are granted
stock rotation rights, limited rights of return or rebates for sales of our products. The arrangement fee for this group of distributors was not fixed or
determinable when products were shipped and revenue was therefore deferred and recognized upon sell-through. Under Topic 606, we recognize product
revenue upon shipment when control of the promised goods is transferred to the customer. We recognize revenue from term licenses upon electronic transfer
of the license key to a customer. Previously, term licenses were recognized over the license period.

Service revenue relates to sales of our FortiGuard security subscription, FortiCare technical support services and other services. Our typical
subscription and contractual support term is one to three years, and to a lesser extent, five years. Our revenue recognition for service arrangements did not
significantly change under Topic 606. We continue to recognize revenue from these services ratably over the contractual service period because of continuous
transfer of control to the customer over the support period. Revenue related to subsequent renewals of these services are recognized over the support term of
the renewal agreement. We also generate a small portion of our revenue from other services consisting of professional services, training and software-as-a-
service (“SaaS”) which is either hosted or cloud-based services. We recognize revenue from professional and training services as the services are provided.
We recognize revenue from SaaS as the subscription service is delivered over the term, which is typically one year, or on a monthly usage basis. To date, SaaS
revenue has not represented a significant percentage of our total revenue.

Our sales contracts typically contain multiple deliverables, such as hardware, software license, security subscription, technical support services and
other services, which are generally capable of being distinct and accounted for as separate performance obligations. We evaluated the criteria to be distinct
under Topic 606 and concluded that the hardware and software license were distinct and distinct in the context of the contract from the security subscription
and technical support services, as the customer can benefit from the hardware and license without the services and the services are separately identifiable
within the contract. We allocate the transaction price to each performance obligation based on relative standalone selling price. We determine standalone
selling price based on the historical pricing and discounting practices for those services when sold separately. We determine standalone selling price for a
product or service by considering multiple historical factors including, but not limited to, cost of products, gross margin objectives, pricing practices,
geographies and the term of the service contract that fall within a reasonably range as a percentage of list price. Revenue is reported net of sales tax.

Under Topic 605, revenue from contracts that contain our products and services were allocated to each unit of accounting based on an estimated
selling price using vendor-specific objective evidence (“VSOE”) of selling price, if it existed, or third-party evidence (“TPE”) of selling price. If neither
VSOE nor TPE of selling price existed for a deliverable, we used our best estimate of selling price for that deliverable. For multiple-element arrangements
where software deliverables were included, revenue was allocated to the non-software deliverables and to the software deliverables as a group using the
relative estimated selling prices of each of the deliverables in the arrangement based on the estimated selling price hierarchy. The amount allocated to the
software deliverables was then allocated to each software deliverable using the residual method when VSOE of fair value existed. If evidence of VSOE of fair
value of one or more undelivered elements did not exist, all software allocated revenue was deferred and recognized when delivery of those elements
occurred or when fair value was established. When the undelivered element for which we did not have VSOE of fair value was support, revenue for the entire
arrangement was recognized ratably over the support period. The same residual method and VSOE of fair value principles applied for our multiple element
arrangements that contained only software elements.

In certain circumstances, our contracts include provisions for sales rebates and other customer incentive programs. Additionally, in limited
circumstances, we may permit end-customers, distributors and resellers to return our products, subject to varying limitations, for a refund within a reasonably
short period from the date of purchase. These amounts are accounted for as variable consideration that can decrease the transaction price. We estimate
variable consideration at the most likely amounts to which we expect our customers to be entitled. We include estimated amounts in the transaction price to
the extent that it is probable that a significant reversal of cumulative revenue recognized will not occur when the uncertainty associated with the variable
consideration is resolved. Our estimate for sales return reserve was $20.8 million as of December 31, 2018 and is included in current liabilities in our
consolidated balance sheet. Under Topic 605, the sales return reserve of $13.6 million was presented as a reduction to accounts receivable as of December 31,
2017.

We generally invoice at the time of our sale for the total price of the hardware, software licenses, security and technical support and other services,
and the invoice is payable within 30 to 45 days. We also invoice certain services on a monthly basis. Amounts billed and due from our customers are
classified as receivables on the balance sheet and do not bear

77
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

interest. Our deferred revenue primarily consists of amounts that have been invoiced but have not been recognized as revenue as of period end.

Shipping and handling fees charged to our customers are recognized as revenue in the period shipped and the related costs for providing these
services are recorded in cost of revenue. Shipping and handling fees recognized were not significant during 2018 and 2017.

Warranties—We generally provide a one-year warranty on most hardware products and a 90-day warranty on software. We also provide extended
warranties under the terms of our support agreements. A provision for estimated future costs related to warranty activities in the first year after product sale is
recorded as a component of cost of product revenues when the product revenue is recognized, based upon historical product failure rates and historical costs
incurred in correcting product failures. Warranty costs related to extended warranties sold under support agreements are recognized as cost of service revenue.
In the event we change our warranty reserve estimates, the resulting charge against future cost of revenue or reversal of previously recorded charges may
materially affect our gross margins and operating results. Accrued warranty was not significant as of December 31, 2018 and 2017.

Contingent Liabilities—From time to time, we are involved in disputes, litigation, and other legal actions. However, there are many uncertainties
associated with such legal action, and these actions or other third-party claims against us may cause us to incur substantial settlement charges, which are
inherently difficult to estimate and could adversely affect our results of operations. We review significant new claims and litigation for the probability of an
adverse outcome. Estimates can change as individual claims develop. The actual liability in any such matters may be materially different from our estimates,
which could result in the need to adjust our liability and record additional expenses.

Recently Adopted Accounting Standards

Financial Instruments – Recognition and Measurement

In January 2016, the FASB issued ASU 2016-01—Financial Instruments—Overall (Subtopic 825-10): Recognition and Measurement of Financial
Assets and Financial Liabilities, with further clarifications made recently with the issuance of ASU 2018-03—Technical Corrections and Improvements to
Financial Instruments—Overall (Subtopic 825-10): Recognition and Measurement of Financial Assets and Financial Liabilities, which requires most equity
investments to be measured at fair value, with subsequent changes in fair value recognized in net income. A practicality exception applies to those equity
investments that do not have a readily determinable fair value. These investments may be measured at cost, adjusted for changes in observable prices minus
impairment. ASU 2016-01 was effective prospectively for us beginning on January 1, 2018 for our equity investments, which were previously accounted for
under the cost-method. We adopted ASU 2016-01 on January 1, 2018. There was no material impact on our consolidated financial statements as of the
adoption date.

Revenue Recognition

In May 2014, the FASB issued Topic 606, which supersedes the revenue recognition requirements in Topic 605 and requires entities to recognize
revenue when control of the promised goods or services is transferred to customers at an amount that reflects the consideration to which the entity expects to
be entitled in exchange for those goods or services. We adopted Topic 606 as of January 1, 2018 using the modified retrospective transition method. The
comparative information has not been restated and continues to be reported under the accounting standards in effect for those periods.

We recorded a net reduction to our accumulated deficit as of January 1, 2018 of $117.3 million due to the cumulative impact of adopting Topic 606.
The primary impact of adopting Topic 606 relates to the deferral of our incremental contract costs, which are comprised of sales commissions. Prior to
January 1, 2018, we expensed all sales commissions upfront. Beginning on January 1, 2018, we continue to expense sales commissions related to product
sales upfront, but capitalize and then amortize certain sales commissions on service contracts over the applicable amortization period. The deferred contract
costs for capitalized sales commissions related to the initial service contracts are deferred and then amortized as expense on a straight-line basis over the
period of benefit which we have determined to be five years. Sales commissions for renewal contracts are deferred and then amortized on a straight-line basis
over the contractual period of the underlying contracts. The deferral of contract costs generated a deferred tax liability of $23.8 million, of which $18.0
million was recorded against deferred tax assets and the remaining $5.8 million was recorded in other long-term liabilities on our consolidated balance sheet.
The impact on deferred revenue as of January 1, 2018 was $4.1 million, which primarily relates to certain changes in revenue

78
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

recognition on software license sales and the acceleration of revenue from U.S.-based channel partners which were previously deferred until the product was
sold through. Beginning on January 1, 2018, our sales returns reserve is now included on the balance sheet in accrued liabilities and no longer as a reduction
to our accounts receivable. See above significant accounting policies for further details.

The cumulative effects of the changes made to our January 1, 2018 consolidated balance sheet for the adoption of Topic 606 were as follows (in
millions):

Balance at Adjustments due to Balance at


December 31, 2017 Topic 606 January 1, 2018
Assets:
Accounts receivable, net $ 348.2 $ 13.6 $ 361.8
Inventory 77.3 (0.1) 77.2
Deferred tax assets 146.9 (18.0) 128.9
Deferred contract costs — 137.1 137.1

Liabilities:
Accrued liabilities 50.0 13.6 63.6
Deferred revenue, current 793.8 0.3 794.1
Deferred revenue, non-current 542.5 (4.4) 538.1
Other liabilities, non-current 8.6 5.8 14.4

Stockholders’ equity:
Accumulated deficit $ (319.6) $ 117.3 $ (202.3)

Recent Accounting Standards Not Yet Effective

Cloud Computing

In August 2018, the FASB issued ASU 2018-15—Intangibles-Goodwill and Other-Internal—Use Software (Subtopic 350-40): Customer’s
Accounting for Implementation Costs Incurred in a Cloud Computing Arrangement That Is a Service Contract, which requires a customer in a cloud
computing arrangement that is a service contract to follow the internal-use software guidance in Accounting Standards Codification (“ASC”) Topic 350,
Intangibles—Goodwill and Other, to determine which implementation costs to capitalize as assets or expense as incurred. ASU 2018-15 is effective for us
beginning January 1, 2020, and early adoption is permitted. We are currently evaluating the impact of ASU 2018-15 on our consolidated financial statements.

Fair Value Measurements

In August 2018, the FASB issued ASU 2018-13—Fair Value Measurement (Topic 820): Disclosure Framework—Changes to the Disclosure
Requirements for Fair Value Measurement, which eliminates, adds and modifies certain disclosure requirements for fair value measurements in ASC 820, Fair
Value Measurement, as part of its disclosure framework project. ASU 2018-13 is effective for us beginning January 1, 2020. The amendments in ASU 2018-
13 on changes in unrealized gains and losses, the range and weighted average of significant unobservable inputs used to develop Level 3 fair value
measurements, and the narrative description of measurement uncertainty should be applied prospectively for only the most recent interim or annual period
presented in the initial fiscal year of adoption. All other amendments in ASU 2018-13 should be applied retrospectively to all periods presented upon their
effective date. Early adoption is permitted upon issuance of ASU 2018-13. An entity is permitted to early adopt any removed or modified disclosures upon
issuance of ASU 2018-13 and delay adoption of the additional disclosures until their effective date. We are currently assessing the impact the new guidance
will have on our disclosures.

79
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Stock Compensation

In June 2018, the FASB issued ASU 2018-07—Compensation—Stock Compensation (Topic 718): Improvements to Nonemployee Share-Based
Payment Accounting, which simplifies the accounting for share-based payments to nonemployees by aligning it with the accounting for share-based payments
to employees subject to certain exceptions. ASU 2018-07 expands the scope of ASC Topic 718, Compensation—Stock Compensation (“ASC 718”), to
include share-based payments granted to nonemployees in exchange for goods or services used or consumed in an entity’s own operations and supersedes the
guidance in ASC 505, Equity, by moving it to ASC 718. This amendment was effective for us beginning January 1, 2019. The adoption of this standard will
not have a material impact on our consolidated financial statements.

Comprehensive Income

In February 2018, the FASB issued ASU 2018-02—Income Statement—Reporting Comprehensive Income (Topic 220): Reclassification of Certain
Tax Effects from Accumulated Other Comprehensive Income, which allows companies to reclassify stranded tax effects resulting from the 2017 Tax Act,
from accumulated other comprehensive income to retained earnings. ASU 2018-02 also requires certain new disclosures regardless of the election. ASU
2018-02 was effective for us beginning January 1, 2019. We are currently assessing the impact of ASU 2018-02 on our consolidated financial statements and
we expect the standard will not have a material impact on our consolidated financial statements.

Financial Instruments

In June 2016, the FASB issued ASU 2016-13—Financial Instruments—Credit Losses (Topic 326): Measurement of Credit Losses on Financial
Instruments, which requires a financial asset (or a group of financial assets) to be measured at an amortized cost basis to be presented at the net amount
expected to be collected. The new approach to estimating credit losses (referred to as the current expected credit losses model) applies to most financial assets
measured at amortized cost and certain other instruments, including trade and other receivables, loans and held-to-maturity debt securities. ASU 2016-13 is
effective for us beginning on January 1, 2020, and early adoption is permitted. We are currently assessing the impact of ASU 2016-13 on our consolidated
financial statements.

Leases

In February 2016, the FASB issued ASU 2016-02—Leases (Topic 842), which requires the recognition of right-of-use assets and lease liabilities on
the consolidated balance sheet for substantially all leases. ASU 2016-02 includes a number of optional practical expedients that entities may elect to apply.
ASU 2016-02 will also require significant additional disclosures about the amount, timing and uncertainty of cash flows from leases. In July 2018, the FASB
issued ASU 2018-10—Codification Improvements to Topic 842, Leases, and ASU 2018-11—Leases (Topic 842): Targeted Improvements, which address
questions about how to apply certain aspects for the adoption of Topic 842. The clarifications address the rate implicit in the lease, impairment of the net
investment in the lease, lessee reassessment of lease classification, lessor reassessment of lease term and purchase options and variable payments that depend
on an index or rate, and provide an alternative transition approach that allows companies to initially apply the new leases standard by recognizing a
cumulative-effect adjustment on adoption date. ASU 2016-02 was effective for us beginning on January 1, 2019, and we expect to apply a modified
retrospective transition approach through a cumulative-effect adjustment at the beginning of the first quarter of 2019. Based on our current lease portfolio, we
currently estimate that the value of leased assets and liabilities that may be recognized to be at least $40.0 million. We are continuing to evaluate the impact of
ASU 2016-02 and our estimate is subject to change. We do not believe that ASU 2016-02 will have a material impact on our consolidated statements of
income and cash flows. Upon adoption, we expect to expand our disclosures in the notes to consolidated financial statements to include more details on our
leases, significant judgments and lease-related amounts recognized in the consolidated financial statements.

80
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

2. REVENUE RECOGNITION

The following table presents our revenue disaggregated by major product and service lines (in millions):

Years Ended
December 31, December 31,
2018 2017 (1)
Product $ 674.4 $ 577.2
Service:
Security subscription 606.1 504.8
Technical support and other (2) 520.7 412.9
Total service revenue 1,126.8 917.7
Total revenue $ 1,801.2 $ 1,494.9
(1) Prior period amounts have not been adjusted under the modified retrospective method.
(2) During 2018, the amounts previously reported as professional services and training have been combined with the amounts previously reported as technical
support. The combined amounts are now being presented as technical support and other. The professional service and training amounts are not material, and
the reclassification did not have any impact on our service revenue or total revenue. Prior periods have been reclassified to conform with current period
presentation.

Transaction Price Allocated to the Remaining Performance Obligations

As of December 31, 2018, the aggregate amount of the transaction price allocated to remaining performance obligations was $1.69 billion, which
was substantially comprised of deferred security subscription and technical support services. We expect to recognize revenue on approximately 80% of these
remaining performance obligations over the next one to two years, with the remaining balance to be recognized in three to five years.

Accounts Receivable

Trade accounts receivable are recorded at the invoiced amount. Trade accounts receivable is reduced by allowance for doubtful accounts which is
determined based on our assessment of the collectability of customer accounts. The allowance for doubtful accounts was $0.9 million as of December 31,
2018 and December 31, 2017. As of December 31, 2017, accounts receivable was also reduced by sales return reserve of $13.6 million, which we reclassified
to accrued liabilities account as of January 1, 2018 in accordance with the adoption of Topic 606.

Contract Assets

Contract assets represent amounts that have been recognized as revenue but for which we did not have the unconditional right to invoice the
customer. We did not have contract assets as of December 31, 2018 and January 1, 2018.

Deferred Contract Costs

Sales commissions earned by our sales force are considered incremental and recoverable costs of obtaining a contract with a customer. Sales
commissions for the sale of products and software licenses are recognized at the time of sale. Sales commissions for initial service contracts are deferred and
then amortized as an expense on a straight-line basis over the period of benefit which we have determined to be five years. We determined the period of
benefit taking into consideration our customer contracts, our technology and other factors. Sales commissions for renewal contracts are deferred and then
amortized on a straight-line basis over the contractual period of the underlying contracts which ranges from one to three years and, to a lesser extent, five
years. The amortization of deferred contract costs is included in sales and marketing expense in our consolidated statement of income. Amortization of
deferred contract costs during 2018 was $90.9 million. No impairment loss was recognized during 2018.

Deferred Revenue

Our deferred revenue consists of amounts that have been invoiced but have not been recognized as revenue as of period end. During 2018, we
recognized $753.3 million in revenue that was included in the deferred revenue balance as of January 1, 2018.

81
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Practical Expedient

We elected to use the contract modification practical expedient. This practical expedient allows for all contract modifications before January 1, 2018
to be aggregated and evaluated at adoption date.

Impact on Consolidated Financial Statements

The following tables summarize the impact of adopting Topic 606 on our consolidated financial statements as of and for 2018 (in millions). These
tables do not represent the full consolidated financial statements as they only reflect the accounts impacted by the adoption of Topic 606.

Consolidated Balance Sheet

As of December 31, 2018


Balances Without
Adoption of Effect of Change
As Reported Topic 606 Increase (Decrease)
Assets:
Accounts receivable $ 444.5 $ 422.4 $ 22.1
Prepaid and other current assets 36.8 37.2 (0.4)
Inventory 90.0 91.5 (1.5)
Deferred contract costs 182.6 — 182.6
Deferred tax assets 255.0 279.6 (24.6)

Liabilities:
Accrued liabilities 77.5 53.4 24.1
Deferred revenue, current 965.9 988.9 (23.0)
Deferred revenue, non-current 720.9 723.4 (2.5)
Income taxes payable 28.2 27.4 0.8
Other liabilities, non-current 13.0 4.1 8.9

Stockholders’ Equity
Accumulated deficit $ (57.5) $ (227.4) $ 169.9

82
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Consolidated Statement of Income

Year Ended December 31, 2018


Balances Without
Adoption of Effect of Change
As Reported Topic 606 Increase (Decrease)
REVENUE:
Product (1) $ 674.4 $ 654.9 $ 19.5
Service 1,126.8 1,126.9 (0.1)
Total revenue 1,801.2 1,781.8 19.4
COSTS OF REVENUE:
Product 291.0 289.6 1.4
GROSS PROFIT:
Product 383.4 365.3 18.1
Service 967.4 967.5 (0.1)
Total gross profit 1,350.8 1,332.8 18.0
OPERATING EXPENSES:
Sales and marketing expenses 782.3 827.8 (45.5)

OPERATING INCOME 231.0 167.5 63.5

INCOME BEFORE INCOME TAXES 250.9 187.4 63.5


PROVISION FOR (BENEFIT FROM) INCOME TAXES (81.3) (92.2) 10.9
NET INCOME $ 332.2 $ 279.6 $ 52.6
Net income per share:
Basic $ 1.96 $ 1.65 $ 0.31
Diluted $ 1.91 $ 1.61 $ 0.30

(1) Productrevenue during 2018 included a $19.5 million benefit from the adoption of Topic 606, which primarily related to the change in accounting
treatment under Topic 606 for some of our software products such that revenue from these arrangements is now recognized upfront instead of ratably over the
contracted service term, net of the lost opportunity to recognize revenue that had been deferred and was written off to equity on the date of adoption.

83
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Consolidated Statement of Cash Flows

Year Ended December 31, 2018


Balances Without
Adoption of Effect of Change
As Reported Topic 606 Increase (Decrease)
Cash flows from operating activities:
Net income $ 332.2 $ 279.6 $ 52.6
Adjustments to reconcile net income to net cash provided by operating
activities:
Amortization of deferred contract costs 90.9 — 90.9
Other (0.9) 7.6 (8.5)
Changes in operating assets and liabilities:
Prepaid expenses and other current assets 4.2 3.7 0.5
Inventory (33.4) (34.8) 1.4
Deferred contract costs (136.4) — (136.4)
Deferred tax assets (127.8) (134.3) 6.5
Accrued liabilities 14.5 4.0 10.5
Other liabilities (0.8) (3.9) 3.1
Deferred revenue 352.1 373.5 (21.4)
Income taxes payable (6.0) (6.8) 0.8
Net cash provided by operating activities $ 638.9 $ 638.9 $ —

3. FINANCIAL INSTRUMENTS AND FAIR VALUE

The following tables summarize our investments (in millions):

December 31, 2018


Amortized Unrealized Unrealized Fair
Cost Gains Losses Value
Corporate debt securities $ 299.5 $ — $ (1.2) $ 298.3
Commercial paper 102.5 — — 102.5
Certificates of deposit and term deposits (1) 145.8 — — 145.8
U.S. government and agency securities 57.7 — (0.1) 57.6
Total available-for-sale securities $ 605.5 $ — $ (1.3) $ 604.2

December 31, 2017


Amortized Unrealized Unrealized Fair
Cost Gains Losses Value
Corporate debt securities $ 391.0 $ — $ (1.2) $ 389.8
Commercial paper 74.2 — — 74.2
(1)
Certificates of deposit and term deposits 45.9 — — 45.9
U.S. government and agency securities 28.5 — (0.1) 28.4
Total available-for-sale securities $ 539.6 $ — $ (1.3) $ 538.3

(1)
The majority of our certificates of deposit and term deposits are foreign deposits.

84
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

The following tables show the gross unrealized losses and the related fair values of our investments that have been in a continuous unrealized loss
position (in millions):

December 31, 2018


Less Than 12 Months 12 Months or Greater Total
Fair Unrealized Fair Unrealized Fair Unrealized
Value Losses Value Losses Value Losses
Corporate debt securities $ 150.1 $ (0.2) $ 93.5 $ (1.0) $ 243.6 $ (1.2)
Certificates of deposit and term deposits 51.7 — — — 51.7 —
Commercial paper 75.6 (0.1) — — 75.6 (0.1)
U.S. government and agency securities 39.0 — 3.5 — 42.5 —
Total available-for-sale securities $ 316.4 $ (0.3) $ 97.0 $ (1.0) $ 413.4 $ (1.3)

December 31, 2017


Less Than 12 Months 12 Months or Greater Total
Fair Unrealized Fair Unrealized Fair Unrealized
Value Losses Value Losses Value Losses
Corporate debt securities $ 317.4 $ (0.9) $ 58.2 $ (0.3) $ 375.6 $ (1.2)
Certificates of deposit and term deposits 37.2 — — — 37.2 —
Commercial paper 29.1 — — — 29.1 —
U.S. government and agency securities 17.0 — 11.4 (0.1) 28.4 (0.1)
Total available-for-sale securities $ 400.7 $ (0.9) $ 69.6 $ (0.4) $ 470.3 $ (1.3)

The contractual maturities of our investments were as follows (in millions):

December 31, December 31,


2018 2017
Due within one year $ 537.2 $ 440.3
Due within one to three years 67.0 98.0
Total $ 604.2 $ 538.3

Available-for-sale securities are reported at fair value, with unrealized gains and losses and the related tax impact included as a separate component
of stockholders’ equity and in comprehensive income. Realized losses on available-for-sale securities were insignificant in the periods presented and are
included in Other income (expense)—net in our consolidated statements of income. We use the specific identification method to determine the cost basis of
investments sold.

The unrealized losses on our available-for-sale securities were caused by fluctuations in market value and interest rates as a result of the economic
environment. As the decline in market value are attributable to changes in market conditions and not credit quality, and because we have concluded currently
that we neither intend to sell nor is it more likely than not that we will be required to sell these investments prior to a recovery of par value, we do not
consider these investments to be other-than temporarily impaired as of December 31, 2018.

Fair Value Accounting—We apply the following fair value hierarchy for disclosure of the inputs used to measure fair value. This hierarchy
prioritizes the inputs into three broad levels as follows:

Level 1—Inputs are unadjusted quoted prices in active markets for identical assets or liabilities.

85
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Level 2—Inputs are quoted prices for similar assets and liabilities in active markets or inputs that are observable for the assets or liabilities, either
directly or indirectly through market corroboration, for substantially the full term of the financial instruments.

Level 3—Unobservable inputs based on our own assumptions used to measure assets and liabilities at fair value. The inputs require significant
management judgment or estimation.

We measure the fair value of money market funds and certain U.S. government and agency securities using quoted prices in active markets for
identical assets. The fair value of all other financial instruments was based on quoted prices for similar assets in active markets, or model driven valuations
using significant inputs derived from or corroborated by observable market data.

We classify investments within Level 1 if quoted prices are available in active markets for identical securities.

We classify items within Level 2 if the investments are valued using model driven valuations using observable inputs such as quoted market prices,
benchmark yields, reported trades, broker/dealer quotes or alternative pricing sources with reasonable levels of price transparency. Investments are held by
custodians who obtain investment prices from a third-party pricing provider that incorporates standard inputs in various asset price models.

Fair Value of Financial Instruments

Assets Measured at Fair Value on a Recurring Basis

The following tables present the fair value of our financial assets measured at fair value on a recurring basis as of December 31, 2018 and 2017 (in
millions):

December 31, 2018 December 31, 2017


Quoted Quoted
Prices in Significant Significant Prices in Significant Significant
Active Other Other Active Other Other
Aggregate Markets For Observable Unobservable Aggregate Markets For Observable Unobservable
Fair Identical Remaining Remaining Fair Identical Remaining Remaining
Value Assets Inputs Inputs Value Assets Inputs Inputs
(Level 1) (Level 2) (Level 3) (Level 1) (Level 2) (Level 3)
Assets:
Corporate debt securities $ 299.3 $ — $ 299.3 $ — $ 411.1 $ — $ 411.1 $ —
Certificates of deposit and term
deposits 217.4 — 217.4 — 132.1 — 132.1 —
Money market funds 58.6 58.6 — 195.6 195.6 — —
Commercial paper 184.7 — 184.7 — 128.9 — 128.9 —
U.S. government and agency
securities 57.6 45.3 12.3 — 28.4 24.9 3.5 —
Total $ 817.6 $ 103.9 $ 713.7 $ — $ 896.1 $ 220.5 $ 675.6 $ —

Reported as:
Cash equivalents $ 213.4 $ 357.8
Short-term investments 537.2 440.3
Long-term investments 67.0 98.0
Total $ 817.6 $ 896.1

There were no transfers between Level 1 and Level 2 of the fair value hierarchy during the years ended December 31, 2018 and December 31, 2017.

86
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

4. INVENTORY

Inventory consisted of the following (in millions):

December 31, December 31,


2018 2017
Raw materials $ 13.3 $ 13.0
Finished goods 76.7 64.3
Inventory $ 90.0 $ 77.3

Inventory includes materials at contract manufacturers of $2.4 million and $2.6 million as of December 31, 2018 and 2017, respectively.

5. PROPERTY AND EQUIPMENT—Net

Property and equipment—net consisted of the following (in millions):

December 31, December 31,


2018 2017
Building and building improvements $ 144.2 $ 133.2
Computer equipment and software 95.9 79.9
Land 75.7 65.6
Leasehold improvements 17.9 20.8
Evaluation units 20.5 20.1
Furniture and fixtures 15.7 14.7
Construction-in-progress 12.3 6.3
Total property and equipment 382.2 340.6
Less: accumulated depreciation (110.8) (95.2)
Property and equipment—net $ 271.4 $ 245.4

Depreciation expense was $46.7 million, $46.9 million and $39.2 million in 2018, 2017 and 2016, respectively.

6. INVESTMENTS IN PRIVATELY HELD COMPANIES

Our investments in the equity securities of privately held companies totaled $9.1 million and $12.1 million as of December 31, 2018 and 2017,
respectively. These investments, which were previously accounted for at cost, are now accounted for at cost, adjusted for changes in observable prices minus
impairment. We own less than 20% of the voting securities in each of these investments and do not have the ability to exercise significant influence over
operating and financial policies of the respective entities. These investments are recorded as other assets on our consolidated balance sheets and would be
measured at fair value if indicators of an increase in value or impairment existed. During the third quarter of 2018, we sold equity securities of a privately
held company for $5.2 million and recognized a gain of $2.2 million as other income in our consolidated statements of income. As of December 31, 2018, no
events have occurred that would affect the carrying value of these investments.

7. BUSINESS COMBINATIONS

ZoneFox Holdings Limited

On October 22, 2018, we acquired all outstanding shares of ZoneFox Holdings Limited (“ZoneFox”), a privately held cloud-based insider threat
detection and response company headquartered in Edinburgh, Scotland. We expect the ZoneFox acquisition will allow us to provide additional user and entity
behavior analytics features.

87
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Under the business combination method of accounting in accordance with ASC Topic 805, Business Combinations (“ASC 805”), the total
preliminary purchase price was allocated to ZoneFox’s identifiable tangible and intangible assets acquired and liabilities assumed based on their estimated fair
values using management’s best estimates and assumptions to assign fair value as of the acquisition date, and our estimates and assumptions are subject to
change within the measurement period. The allocation of the purchase price for this acquisition has been prepared on a preliminary basis and changes to the
allocation of certain assets and liabilities may occur as additional information becomes available. The primary area that remains preliminary relates to
finalization of valuation analyses pertaining to intangible assets acquired and tax liabilities assumed. The preliminary purchase price for ZoneFox was $16.1
million, of which $12.5 million was allocated to goodwill that was non-deductible for tax purposes, and $6.8 million was allocated to identifiable intangible
assets the majority of which was developed technology offset by $3.2 million of net liabilities assumed. Acquisition-related costs related to the ZoneFox
acquisition were not material. Goodwill recorded in connection with this acquisition represents the value we expect to be created through expansion into
markets within our existing business, and potential cost savings and synergies.

We may pay an additional $2.0 million in cash consideration as an earn-out that is subject in full to satisfaction of certain performance conditions. As
of December 31, 2018, no fair value was assigned to the contingent consideration based on the estimated probability of attainment of the target.

Bradford Networks, Inc.

On June 4, 2018, we acquired all outstanding shares of Bradford Networks, Inc. (“Bradford”), a provider of network access control security products
and services. We believe that this acquisition will extend the Fortinet Security Fabric to include network access control and provide for the security
assessment and response related to devices accessing the network, including Internet of Things devices.

Under the business combination method of accounting in accordance with ASC 805, the total purchase price was allocated to Bradford’s identifiable
tangible and intangible assets acquired and liabilities assumed based on their estimated fair values using management's best estimates and assumptions to
assign fair value as of the acquisition date. The purchase price for Bradford was $6.8 million, of which $11.1 million was allocated to goodwill that was non-
deductible for tax purposes, and $8.0 million was allocated to identifiable intangible assets the majority of which was developed technology offset by $12.3
million of net liabilities assumed. Acquisition-related costs related to the Bradford acquisition were not material. Goodwill recorded in connection with this
acquisition represents the value we expect to be created through expansion into markets within our existing business, and potential cost savings and synergies.

We may pay an additional $2.0 million in cash consideration as an earn-out that is subject in full to satisfaction of certain performance conditions. As
of December 31, 2018, no fair value was assigned to the contingent consideration based on the estimated probability of attainment of the target.

AccelOps, Inc.

On June 7, 2016, we completed our acquisition of AccelOps, Inc. (“AccelOps”), a provider of network security monitoring and analytics solutions.
This acquisition extended the Fortinet Security Fabric.

The acquisition of AccelOps was accounted as a business combination in accordance with ASC 805, and we used our best estimates and assumptions
to assign fair value to the tangible and intangible assets acquired and liabilities assumed at the acquisition date. The total purchase price for AccelOps was
$22.3 million, of which $9.9 million was allocated to goodwill that was non-deductible for tax purposes, and $16.5 million was allocated to identifiable
intangible assets with average estimated lives of approximately two to four years, offset by $4.1 million of net liabilities assumed.

Additional Acquisition-Related Information

The operating results of the acquired companies are included in our consolidated statements of income from the respective dates of acquisition. Pro
forma results of operations have not been presented because the effects of these acquisitions, individually and in the aggregate, were not material to our
consolidated statements of income.

88
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

8. GOODWILL AND OTHER INTANGIBLE ASSETS—Net

Goodwill

The following table presents the changes in the carrying amount of goodwill (in millions):

Amount
Balance—December 31, 2017 $ 14.6
Additions due to business combinations 23.6
Balance—December 31, 2018 $ 38.2

There were no impairments to goodwill during 2018, 2017, 2016 or any previous years.

Other Intangible Assets—net

The following tables present other intangible assets—net as of December 31, 2018 and 2017 (in millions, except years):

December 31, 2018


Weighted-Average
Useful Life (in Accumulated
Years) Gross Amortization Net
Other intangible assets—net:
Finite-lived intangible assets:
Developed technologies 4.0 $ 34.4 $ 17.0 $ 17.4
Customer relationships 4.4 17.5 12.8 4.7
Total other intangible assets—net $ 51.9 $ 29.8 $ 22.1

December 31, 2017


Weighted-Average
Useful Life (in Accumulated
Years) Gross Amortization Net
Other intangible assets—net:
Finite-lived intangible assets:
Developed technologies and other 3.8 $ 24.0 $ 13.7 $ 10.3
Customer relationships 4.7 14.5 10.1 4.4
38.5 23.8 14.7

Indefinite-lived intangible assets:


In-process research and development 1.6 — 1.6
Total other intangible assets—net $ 40.1 $ 23.8 $ 16.3

The project related to in-process research and development intangible asset of $1.6 million was completed in the first quarter of 2018. Upon
completion, the cost was transferred to developed technology and is amortized over the estimated useful life of four years. Amortization expense of finite-
lived intangible assets was $9.0 million, $8.6 million and $9.3 million in 2018, 2017, and 2016, respectively. The following table summarizes estimated future
amortization expense of finite-lived intangible assets—net (in millions):

89
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Amount
Years:
2019 $ 10.2
2020 6.2
2021 3.6
2022 2.1
Total $ 22.1

9. NET INCOME PER SHARE

Basic net income per share is computed by dividing net income by the weighted-average number of shares of common stock outstanding during the
period. Diluted net income per share is computed by dividing net income by the weighted-average number of shares of common stock outstanding during the
period, plus the dilutive effects of RSUs, stock options and our Employee Stock Purchase Plan (the “ESPP”). Dilutive shares of common stock are determined
by applying the treasury stock method.

A reconciliation of the numerator and denominator used in the calculation of basic and diluted net income per share is as follows (in millions, except
per share amounts):

Year Ended December 31,


2018 2017 2016
Numerator:
Net income $ 332.2 $ 31.4 $ 32.2

Denominator:
Basic shares:
Weighted-average common stock outstanding-basic 169.1 174.3 172.6
Diluted shares:
Weighted-average common stock outstanding-basic 169.1 174.3 172.6
Effect of potentially dilutive securities:
RSUs 3.6 2.3 1.9
Stock options 1.4 1.4 1.7
ESPP 0.1 0.1 0.1
Weighted-average shares used to compute diluted net income per share 174.2 178.1 176.3
Net income per share:
Basic $ 1.96 $ 0.18 $ 0.19
Diluted $ 1.91 $ 0.18 $ 0.18

90
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

The following weighted-average shares of common stock were excluded from the computation of diluted net income per share for the periods
presented, as their effect would have been antidilutive (in millions):

Year Ended December 31,


2018 2017 2016
RSUs 0.5 1.4 3.3
Stock options 0.3 1.0 1.0
ESPP 0.1 0.2 0.2
0.9 2.6 4.5

10. COMMITMENTS AND CONTINGENCIES

The following table summarizes our future principal contractual obligations as of December 31, 2018 (in millions):

Total 2019 2020 2021 2022 2023 Thereafter


Operating lease commitments $ 50.1 $ 17.1 $ 12.2 $ 8.5 $ 5.0 $ 3.6 $ 3.7
Inventory purchase commitments 177.3 173.1 4.2 — — — —
Total $ 227.4 $ 190.2 $ 16.4 $ 8.5 $ 5.0 $ 3.6 $ 3.7

Operating Leases—We lease certain facilities under various non-cancelable operating leases, which expire through 2026. Certain leases require us
to pay variable costs such as taxes, maintenance, and insurance. The terms of certain operating leases also provide for renewal options and escalation clauses.
Rent expense was $17.1 million, $16.7 million and $18.9 million for 2018, 2017 and 2016, respectively. Rent expense is recognized using the straight-line
method over the term of a lease.

Inventory Purchase Commitments—Our independent contract manufacturers procure components and build our products based on our forecasts.
These forecasts are based on estimates of future demand for our products, which are in turn based on historical trends and an analysis from our sales and
marketing organizations, adjusted for overall market conditions. In order to reduce manufacturing lead times and plan for adequate component supply, we
may issue purchase orders to some of our independent contract manufacturers which may not be cancelable. As of December 31, 2018, we had $177.3 million
of open purchase orders with our independent contract manufacturers that may not be cancelable.

Other Contractual Commitments and Open Purchase Orders—In addition to commitments with contract manufacturers, we have open purchase
orders and contractual obligations in the ordinary course of business for which we have not received goods or services. As of December 31, 2018, we had
$14.3 million in other contractual commitments having a remaining term in excess of one year that may not be cancelable.

Litigation—We are involved in disputes, litigation, and other legal actions. For lawsuits where we are the defendant, we are in the process of
defending these litigation matters, and while there can be no assurances and the outcome of these matters is currently not determinable, we currently believe
that there are no existing claims or proceedings that are likely to have a material adverse effect on our financial position. There are many uncertainties
associated with any litigation and these actions or other third-party claims against us may cause us to incur costly litigation fees, costs and substantial
settlement charges, and possibly subject us to damages and other penalties. In addition, the resolution of any intellectual property litigation may require us to
make royalty payments, which could adversely affect our gross margins in future periods. If any of those events were to occur, our business, financial
condition, results of operations, and cash flows could be adversely affected. The actual liability in any such matters may be materially different from our
estimates, if any, which could result in the need to adjust the liability and record additional expenses. As required under ASC 450, Contingencies, issued by
the FASB, we accrue for contingencies when we believe that a loss is probable and that we can reasonably estimate the amount of any such loss.

As previously disclosed, in October 2016, we received a letter from the United States Attorney’s Office for the Northern District of California
requesting information relating to events from over two years ago related to our compliance with the Trade Agreements Act. We have been fully cooperating
with this ongoing inquiry and have periodically met and spoken with the United States Attorney’s Office in connection with this matter. We are currently in
settlement discussions with the United States Attorney's Office.

91
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Indemnification—Under the indemnification provisions of our standard sales contracts, we agree to defend our customers against third-party claims
asserting various allegations such as product defects and infringement of certain intellectual property rights, which may include patents, copyrights,
trademarks or trade secrets, and to pay judgments entered on such claims. In some contracts, our exposure under these indemnification provisions is limited
by the terms of the contracts to certain defined limits, such as the total amount paid by our customer under the agreement. However, certain agreements
include covenants, penalties and indemnification provisions including and beyond indemnification for third-party claims of intellectual property infringement,
that could potentially expose us to losses in excess of the amount received under the agreement, and in some instances to potential liability that is not
contractually limited. To date, there have been no material awards under such indemnification provisions.

11. STOCKHOLDERS’ EQUITY

Stock-Based Compensation Plans

Our stock-based compensation plans include the 2000 Stock Plan (the “2000 Plan”), the 2008 Stock Plan (the “2008 Plan”), the 2009 Equity
Incentive Plan (the “2009 Plan”) and the ESPP. Under these plans, we have granted stock options and RSUs.

Stock Plans—Our board of directors adopted the 2000 Plan in 2000 and the 2008 Plan in 2008. During 2018, 2017 and 2016, we issued no stock
options under these plans. As of December 31, 2015, no shares remain available for grant under these plans.

2009 Equity Incentive Plan—In 2009, our board of directors approved the 2009 Plan, which includes awards of stock options, stock appreciation
rights, restricted stock, RSUs and performance stock units. The maximum aggregate number of shares that may be issued under the 2009 Plan is 9.0 million
shares, plus any shares subject to stock options or similar awards granted under the 2008 Plan and the 2000 Plan that expire or otherwise terminate without
having been exercised in full and shares issued pursuant to awards granted under the 2008 Plan and the 2000 Plan that are forfeited to or repurchased by us,
with the maximum number of shares to be added to the 2009 Plan pursuant to such terminations, forfeitures and repurchases not to exceed 21.0 million
shares. The shares may be authorized but unissued or reacquired common stock. The number of shares available for issuance under the 2009 Plan is increased
on the first day of each year beginning with 2011, in an amount equal to the lesser of (i) 14.0 million shares (as adjusted in connection with the stock split
effected in June 2011), (ii) 5% of the outstanding shares on the last day of the immediately preceding year or (iii) such number of shares determined by our
board of directors. Under the 2009 Plan, we may grant awards to employees, directors and other service providers. In the case of an incentive stock option
granted to an employee who, at the time of the grant, owns stock representing more than 10% of the voting power of all classes of stock, the exercise price
shall be no less than 110% of the fair market value per share on the date of grant and expire five years from the date of grant, and options granted to any other
employee, the per share exercise price shall be no less than 100% of the closing stock price on the date of grant. In the case of a non-statutory stock option
and options granted to other service providers, the per share exercise price shall be no less than 100% of the fair market value per share on the date of grant.
Options granted to individuals owning less than 10% of the total combined voting power of all classes of stock generally have a contractual term of seven
years and options generally vest over four years.

2011 Employee Stock Purchase Plan—In June 2011, our stockholders approved the ESPP. The ESPP permitted eligible employees to purchase
common stock through regular, systematic payroll deductions, up to a maximum of 15% of employees’ compensation for each purchase period at purchase
prices equal to 85% of the lesser of the fair market value of our common stock at the first trading date of the applicable offering period or the purchase date,
subject to purchase limits of 4,000 shares for each purchase period or $25,000 worth of stock for each calendar year. Our board of directors voluntarily
determined to terminate the ESPP, effective February 2019 at the completion of the prior offering period.

As of December 31, 2018, there were a total of 54,512,197 shares of common stock available for grant under our stock-based compensation plans.

92
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Restricted Stock Units

The following table summarizes the activity and related information for RSUs for the periods presented below (in millions, except per share
amounts):

Restricted Stock Units Outstanding


Weighted-Average Grant
Date Fair Value per
Number of Shares Share
Balance—December 31, 2015 9.3 $ 32.97
Granted 5.5 27.96
Forfeited (1.7) 32.03
Vested (3.6) 30.45
Balance—December 31, 2016 9.5 31.01
Granted 4.2 37.60
Forfeited (1.3) 34.12
Vested (3.9) 29.42
Balance—December 31, 2017 8.5 34.79
Granted 4.1 57.37
Forfeited (0.9) 39.29
Vested (3.9) 34.67
Balance—December 31, 2018 7.8 $ 46.07

As of December 31, 2018, total compensation expense related to unvested RSUs granted to employees and non-employees under the 2009 Plan, but
not yet recognized, was $306.1 million. This expense is expected to be amortized on a straight-line basis over a weighted-average vesting period of 2.70
years.

RSUs settle into shares of common stock upon vesting. Upon the vesting of the RSUs, we net-settle the RSUs and withhold a portion of the shares to
satisfy minimum statutory employee withholding tax requirement. Total payment of the employees’ tax obligations to the tax authorities is reflected as a
financing activity within the consolidated statements of cash flows.

The following summarizes the number and value of the shares withheld for employee taxes (in millions):

Year Ended December 31,


2018 2017 2016
Shares withheld for taxes 1.2 1.2 1.2
Amount withheld for taxes $ 67.2 $ 45.1 $ 38.3

Employee Stock Options

In determining the fair value of our employee stock options, we use the Black-Scholes option pricing model, which employs the following
assumptions.

Expected Term—The expected term represents the period that our stock-based awards are expected to be outstanding. We believe that we have
sufficient historical experience for determining the expected term of the stock option award, and therefore, we calculated our expected term based on
historical experience instead of using the simplified method.

Expected Volatility—The expected volatility of our common stock is based on our weighted-average implied and historical volatility.

93
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Fair Value of Common Stock—The fair value of our common stock is the closing sales price of the common stock effective on the date of grant.

Risk-Free Interest Rate—We base the risk-free interest rate on the implied yield available on U.S. Treasury zero-coupon issues with an equivalent
remaining term.

Expected Dividend—The expected dividend weighted-average assumption is zero.

The following table summarizes the weighted-average assumptions relating to our employee stock options:

Year Ended December 31,


2018 2017 2016
Expected term in years 4.4 4.4 4.3
Volatility 31.8% 36.0% 42.2%
Risk-free interest rate 2.7% 1.9% 1.1%
Dividend rate —% —% —%

The following table summarizes the stock option activity and related information for the periods presented below (in millions, except exercise prices
and contractual life):

Options Outstanding
Weighted-
Weighted- Average
Average Remaining Aggregate
Number Exercise Contractual Intrinsic
of Shares Price Life (Years) Value
Balance—December 31, 2015 7.0 $ 20.03
Granted 1.5 25.65
Forfeited (0.3) 34.82
Exercised (2.0) 10.45
Balance—December 31, 2016 6.2 23.79
Granted 0.5 37.34
Forfeited (0.2) 31.75
Exercised (2.2) 19.19
Balance—December 31, 2017 4.3 27.50
Granted 0.8 52.09
Forfeited (0.2) 32.24
Exercised (1.9) 24.96
Balance—December 31, 2018 3.0 $ 35.53
Options vested and expected to vest—December 31, 2018 3.0 $ 35.53 4.00 $ 105.6
Options exercisable—December 31, 2018 1.6 $ 28.91 2.67 $ 66.3

The aggregate intrinsic value represents the pre-tax difference between the exercise price of stock options and the quoted market price of our
common stock on December 31, 2018, for all in-the-money stock options. As of December 31, 2018, total compensation expense related to unvested stock
options granted to employees but not yet recognized was $16.5 million. This expense is expected to be amortized on a straight-line basis over a weighted-
average period of 2.60 years.

94
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Additional information related to our stock options is summarized below (in millions, except per share amounts):

Year Ended December 31,


2018 2017 2016
Weighted-average fair value per share granted $ 16.03 $ 12.15 $ 9.14
Intrinsic value of options exercised 62.2 42.7 40.3
Fair value of options vested 7.2 8.1 5.4

The following table summarizes information about outstanding and exercisable stock options as of December 31, 2018, as follows (in millions,
except exercise prices and contractual life):

Options Outstanding Options Exercisable


Weighted-
Average Weighted- Weighted-
Remaining Average Average
Range of Exercise Number Contractual Exercise Number Exercise
Prices Outstanding Life (Years) Price Exercisable Price
$19.94–24.92 1.0 3.34 23.50 0.7 23.37
26.49–33.31 0.7 1.69 29.30 0.6 28.90
36.70–39.49 0.4 5.06 37.42 0.2 37.50
48.83–49.06 0.8 5.74 49.02 0.1 48.85
58.29–76.22 0.1 6.52 68.29 — —
3.0 1.6

Employee Stock Purchase Plan

In determining the fair value of the ESPP, which was terminated in February 2019, we use the Black-Scholes option pricing model that employs the
following weighted-average assumptions:

Year Ended December 31,


2018 2017 2016
Expected term in years 0.5 0.5 0.5
Volatility 28.9% 29.5% 39.4%
Risk-free interest rate 2.0% 0.9% 0.4%
Dividend rate —% —% —%

Additional information related to the ESPP is provided below (in millions, except per share amounts):

Year Ended December 31,


2018 2017 2016
Weighted-average fair value per share granted $ 14.14 $ 8.73 $ 7.68
Shares issued under the ESPP 1.1 1.1 1.2
Weighted-average price per share issued $ 35.32 $ 29.52 $ 21.01

95
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

Shares Reserved for Future Issuances

The following table presents the common stock reserved for future issuance (in millions):

December 31,
2018
Reserved for future equity award grants 52.7
Outstanding stock options and RSUs 10.8
Reserved for future ESPP issuances 1.9
Total common stock reserved for future issuances 65.4

Stock-based Compensation Expense

Stock-based compensation expense is included in costs and expenses as follows (in millions):

Year Ended December 31,


2018 2017 2016
Cost of product revenue $ 1.5 $ 1.4 $ 1.2
Cost of service revenue 10.8 9.5 8.8
Research and development 36.4 32.2 30.1
Sales and marketing 95.6 78.0 68.1
General and administrative 18.6 16.1 14.2
Total stock-based compensation expense $ 162.9 $ 137.2 $ 122.4

The following table summarizes stock-based compensation expense by award type (in millions):

Year Ended December 31,


2018 2017 2016
RSUs $ 143.9 $ 119.8 $ 107.1
Stock options 8.8 7.3 6.6
ESPP 10.2 10.1 8.7
Total stock-based compensation expense $ 162.9 $ 137.2 $ 122.4

Total income tax benefit associated with stock-based compensation that is recognized in the consolidated statements of income is as follows (in
millions):

Year Ended December 31,


2018 2017 2016
Income tax benefit associated with stock-based compensation $ 24.9 $ 30.9 $ 29.2

Share Repurchase Program

In January 2016, our board of directors approved the Share Repurchase Program (the “Repurchase Program”), which authorized the repurchase of up
to $200.0 million of our outstanding common stock through December 31, 2017. In 2016 and 2017, our board of directors approved the increases in the
aggregate authorized repurchase amount under the Repurchase Program by $100.0 million and $700.0 million, respectively, to a total of $1.0 billion. In July
2018, our board of directors approved a $500.0 million increase in the authorized stock repurchase under the Repurchase program and extended the term of
the Repurchase Program to December 31, 2019, bringing the aggregate amount authorized to be repurchased to $1.5 billion of our outstanding common stock
through December 31, 2019. Under the Repurchase Program, share repurchases may be made by us from time to time in privately negotiated transactions or
in open market transactions. The Repurchase Program does not require us to purchase a minimum number of shares, and may be suspended, modified or
discontinued at any time without prior notice. In 2018, we repurchased 3.8 million shares of common stock under the Repurchase Program in open market

96
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

transactions for an aggregate purchase price of $209.1 million. As of December 31, 2018, $733.8 million remained available for future share repurchases
under the Repurchase Program.

12. INCOME TAXES

Income before income taxes consisted of the following (in millions):

Year Ended December 31,


2018 2017 2016
Domestic $ 0.3 $ (40.7) $ (49.7)
Foreign 250.6 164.7 92.8
Total income before income taxes $ 250.9 $ 124.0 $ 43.1

The provision for (benefit from) income taxes consisted of the following (in millions):

Year Ended December 31,


2018 2017 2016
Current:
Federal $ (12.6) $ 34.7 $ 7.9
State 2.0 0.8 0.8
Foreign 36.9 27.7 17.8
Total current $ 26.3 $ 63.2 $ 26.5
Deferred:
Federal $ (125.5) $ 39.1 $ (10.0)
State 14.4 (9.3) (4.9)
Foreign 3.5 (0.4) (0.7)
Total deferred (107.6) 29.4 (15.6)
Provision for (benefit from) income taxes $ (81.3) $ 92.6 $ 10.9

97
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

The provision for (benefit from) income taxes differs from the amount computed by applying the statutory federal income tax rate as follows (in
millions):

Year Ended December 31,


2018 2017 2016
Tax at federal statutory tax rate $ 52.7 $ 43.4 $ 15.1
Foreign income taxed at different rates (21.5) (19.5) (13.7)
Foreign withholding taxes 20.1 17.4 15.0
Stock-based compensation expense (14.3) 9.5 10.0
Foreign tax credit (15.8) (12.8) (35.0)
State taxes—net of federal benefit 1.2 (3.5) (4.2)
Research and development credit (5.0) (4.0) (2.7)
Valuation allowance 14.9 — —
Dividend distribution (3.8) — 27.3
Impact of the 2017 Tax Act:
Deferred tax asset remeasurement due to reduction in the federal corporate
income tax rate — 47.9 —
One-time transition tax 32.6 15.2 —
Global Intangible Low-Taxed Income 20.5 — —
Book-to-Tax Basis differences (164.0) — —
Other 1.1 (1.0) (0.9)
Total provision for (benefit from) income taxes $ (81.3) $ 92.6 $ 10.9

There are permanent differences that arise from the portion of stock-based compensation expense that is not expected to generate a tax deduction,
such as stock-based compensation expense on stock grants to certain foreign employees, this is offset by the actual tax benefits in the current periods from
shares held by our U.S. employees. In 2018, this excess tax benefit was greater than the non-deductible stock-based compensation expense.

We have realigned our tax structure in order to maximize the tax efficiency of our group structure and better align with our business operations as a
result of the Tax Cuts and Jobs Act (the “2017 Tax Act”). This realignment resulted in a book-to-tax basis difference for previously taxed off-shore deferred
revenue as well as other book-to-tax difference. The basis differences resulted in a $164.0 million benefit to the 2018 tax provision.

In December 2017, the U.S. federal government enacted the 2017 Tax Act. The 2017 Tax Act reduced the U.S. federal corporate income tax rate
from 35% to 21% effective January 1, 2018 and created a territorial tax system with a one-time mandatory tax on foreign earnings of U.S. subsidiaries not
previously subject to U.S. income tax. Under GAAP, changes in tax rates and tax law are accounted for in the period of enactment and deferred tax assets and
liabilities are measured at the enacted tax rate. In December 2017, the staff of the Securities and Exchange Commission (the “SEC”) issued Staff Accounting
Bulletin No. 118, Income Tax Accounting Implications of the Tax Cuts and Jobs Act (“SAB 118”), which allowed us to record provisional amounts during a
measurement period not to extend beyond one year of the enactment date. As a result, we previously provided a provisional estimate of the effect of the 2017
Tax Act in our financial statements. In the fourth quarter of 2018, we completed our analysis to determine the effect of the 2017 Tax Act within the
measurement period under the SEC guidance, and reflected an additional $32.6 million increase related to the transition tax in the 2018 income tax expense.
We expect further guidance may be forthcoming from the FASB and the SEC, as well as regulations, interpretations and rulings from federal and state tax
agencies, which could result in additional impacts. The 2017 Tax Act also creates a new requirement that Global Intangible Low-Taxed Income (“GILTI”)
earned by controlled foreign corporations (“CFCs”) must be included currently in the gross income of a CFC’s U.S. shareholder. In 2018, there was also a
$20.5 million expense for the GILTI tax regime that was introduced by the 2017 Tax Act.

Under GAAP, we are allowed to make an accounting policy choice of either (i) treating taxes due on future U.S. inclusions in taxable income related
to GILTI as a current-period expense when incurred (the “period cost method”) or (ii) factoring such amounts into a company’s measurement of its deferred
taxes. Our selection of an accounting policy for 2018 with respect to the GILTI tax rules was to treat GILTI tax as a current period expense under the period
cost method.

98
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

The tax effects of temporary differences that give rise to significant portions of the deferred tax assets as of the years ended are presented below (in
millions):

December 31, December 31,


2018 2017
Deferred tax assets:
General business credit carryforward $ 29.5 $ 49.9
Deferred revenue 223.9 37.4
Reserves and accruals 26.6 23.0
Net operating loss carryforward 13.5 15.7
Stock-based compensation expense 16.2 12.3
Depreciation and amortization 3.3 8.8
Other — (0.2)
Total deferred tax assets 313.0 146.9
Less: Valuation allowance (14.9) —
Deferred tax assets, net of valuation allowance 298.1 146.9
Deferred tax liabilities:
Deferred contract costs (52.1) —
Total deferred tax liabilities (52.1) —
Net deferred tax assets $ 246.0 $ 146.9

In assessing the realizability of deferred tax assets, we considered whether it is more likely than not that some portion or all of our deferred tax assets
will be realized. This realization is dependent upon the generation of future taxable income during the periods in which those temporary differences become
deductible. We concluded that it is more likely than not that we would be able to realize the benefits of our deferred tax assets in the future except for
California research and development (“R&D”) credits carryforward. We anticipate having sufficient current year generated California R&D credits to cover
the same year California tax liability for tax year 2018 and subsequent years. As a result, we recorded a valuation allowance of $14.9 million against
California R&D credits carryforwards (net of the unrecognized tax benefits), as it is more likely than not these deferred tax assets will not be realized.

As of December 31, 2018, we had $47.3 million in federal net operating loss carryforwards to offset future income, which is limited by Section 382
of the Internal Revenue Code (“Section 382”) due to the acquisition of Meru, AccelOps and Bradford. With the acquisition of Meru, we had $22.6 million in
federal net operating loss carryforwards which is limited by Section 382 available from year 2020. With the acquisition of AccelOps, we had $19.9 million in
federal net operating loss carryforwards from 2016 and that are limited by Section 382. With the acquisition of Bradford, we had $8.6 million in federal net
operating loss carryforwards from 2018 and that are limited by Section 382 available from July 2018. In 2018, it is estimated that the NOL carryforwards of
$3.0 million from AccelOps and $0.8 million from Bradford will be utilized. We had $7.8 million federal tax credits to offset future federal taxes. As of
December 31, 2018, we had $36.7 million in California net operating loss carryforwards including $22.1 million from Meru and $14.6 million from
AccelOps, both of which are limited by Section 382. We had state tax credit carryforwards of $24.0 million available to offset our future state taxes. The state
credits carry forward indefinitely.

Under the 2017 Tax Act, starting on January 1, 2018, we are no longer subject to federal income tax on earnings remitted from our foreign
subsidiaries. We have analyzed our global working capital and cash requirements and the potential tax liabilities attributable to repatriation, and have
determined that we will be repatriating certain unremitted foreign earnings which was previously deemed indefinitely reinvested. For those investments from
which we were able to make a reasonable estimate of the tax effects of such repatriation, we have recorded a provisional estimate for withholding and state
taxes. For those investments from which we were not able to make a reasonable estimate, we have not recorded any deferred taxes.

We operate under a tax incentive agreement in Singapore, which is effective through December 31, 2021, and may be extended if certain additional
requirements are satisfied. The tax incentive agreement is conditional upon our meeting certain employment and investment thresholds.

99
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

As of December 31, 2018, we had $63.5 million of unrecognized tax benefits, of which, if recognized, $58.8 million would favorably affect our
effective tax rate. Our policy is to include accrued interest and penalties related to uncertain tax benefits in income tax expense. As of December 31, 2018,
2017 and 2016, accrued interest and penalties were $11.6 million, $13.5 million and $9.5 million, respectively.

The aggregate changes in the balance of unrecognized tax benefits are as follows (in millions):

Year Ended December 31,


2018 2017 2016
Unrecognized tax benefits, beginning of year $ 72.5 $ 65.5 $ 59.7
Gross increases for tax positions related to the current year 8.6 13.2 4.8
Gross decreases for tax positions related to the current year — (10.7) —
Gross increases for tax positions related to the prior year 6.0 7.0 1.7
Gross decreases for tax positions related to prior year (9.5) (0.9) (0.7)
Gross decreases for tax positions related to prior year audit settlements (6.4) (1.6) —
Gross decreases for tax positions related to expiration of statute of limitations (7.7) — —
Unrecognized tax benefits, end of year $ 63.5 $ 72.5 $ 65.5

As of December 31, 2018, 2017 and 2016, $77.5 million, $90.2 million and $68.6 million, respectively, of the amounts reflected above were
recorded as Income tax liabilities—non-current in our consolidated balance sheet.

We recorded a net decrease of gross unrecognized tax benefits of approximately $9.0 million during the year ended December 31, 2018. The net
decrease was primarily due to the reversal of gross unrecognized tax benefit in connection with the lapse of statutes of limitations in foreign jurisdictions and
the audit settlement, offset by the increases related to 2018 gross unrecognized tax benefits.

It is reasonably possible that our gross unrecognized tax benefits will decrease by up to $10.1 million in the next 12 months, primarily due to the
lapse of the statute of limitations. These adjustments, if recognized, would positively impact our effective tax rate, and would be recognized as additional tax
benefits.

We file income tax returns in the U.S. federal jurisdiction and in various U.S. state and foreign jurisdictions. Generally, we are no longer subject to
U.S. state and non-U.S. income tax examinations by tax authorities for tax years prior to 2009. We are no longer subject to examination by U.S federal
income tax authorities for tax years prior to 2015. We have closed the Internal Revenue Service audit for tax years 2012, 2013 and 2014 at the field level. In
March 2018, we received a refund of $6.8 million for a carry-back claim approved in this audit. In October 2018, the French tax authorities notified us that
they had closed the permanent establishment audits of Fortinet, Inc. and Fortinet Singapore for tax years from 2007 to 2015 with no tax adjustments. We
currently have ongoing tax audits in the United Kingdom, Israel, India and Italy. The focus of these audits is the inter-company profit allocation.

On July 24, 2018, the U.S. Court of Appeals for the Ninth Circuit overturned the U.S. Tax Court’s unanimous 2015 decision in Altera Corp v.
Commissioner, holding that the IRS did not violate the rulemaking procedures required by the Administrative Procedures Act. On August 7, 2018, the Ninth
Circuit withdrew the opinions filed July 24, 2018 to allow time for the reconstituted panel to confer on the appeal. In the Altera case, the taxpayer challenged
IRS regulations that required participants in qualified cost sharing arrangements to share stock-based compensation costs. We continue to treat our stock-
based compensation expense in accordance with Tax Court Opinion. We also continue to monitor developments in this case and any impact it could have on
our tax provision.

100
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

13. DEFINED CONTRIBUTION PLANS

Our tax-deferred savings plan under our 401(k) Plan, permits participating U.S. employees to defer a portion of their pre-tax earnings. In Canada, we
have a Group Registered Retirement Savings Plan Program (the “RRSP”), which permits participants to make tax deductible contributions. Our board of
directors approved 50% matching contributions on employee contributions up to 4% of each employee’s eligible earnings. Our matching contributions to our
401(k) Plan and the RRSP for 2018, 2017 and 2016 were $5.7 million, $4.7 million and $4.4 million, respectively.

14. SEGMENT INFORMATION

Operating segments are defined as components of an enterprise about which separate financial information is available that is evaluated regularly by
the chief operating decision maker in deciding how to allocate resources and in assessing performance. Our chief operating decision maker is our chief
executive officer. Our chief executive officer reviews financial information presented on a consolidated basis, accompanied by information about revenue by
geographic region for purposes of allocating resources and evaluating financial performance. We have one business activity, and there are no segment
managers who are held accountable for operations, operating results and plans for levels or components below the consolidated unit level. Accordingly, we
have determined that we have one operating segment, and therefore, one reportable segment.
Revenue by geographic region is based on the billing address of our distributors and direct customer. The following tables set forth revenue and
property and equipment—net by geographic region (in millions):

Year Ended December 31,


Revenue 2018 2017 2016
Americas:
United States $ 577.2 $ 496.9 $ 426.4
Latin America (“LATAM”) 120.8 92.1 66.0
Canada 64.9 53.3 44.3
Total Americas 762.9 642.3 536.7
Europe, Middle East and Africa (“EMEA”) 678.0 554.6 477.4
Asia Pacific (“APAC”) 360.3 298.0 261.3
Total revenue $ 1,801.2 $ 1,494.9 $ 1,275.4

December 31, December 31,


Property and Equipment—net 2018 2017
Americas:
United States $ 132.1 $ 115.6
Canada 113.5 103.8
LATAM 0.4 0.3
Total Americas 246.0 219.7
EMEA 16.2 17.7
APAC 9.2 8.0
Total property and equipment—net $ 271.4 $ 245.4

101
Table of Contents
FORTINET, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS—(Continued)

15. ACCUMULATED OTHER COMPREHENSIVE LOSS

The following table summarizes the changes in accumulated balances of other comprehensive loss for 2017 (in millions):

Year Ended December 31, 2017


Tax benefit
(provision) related
to unrealized gains
Unrealized Losses or losses on
on Investments investments Total
Beginning balance $ (1.2) $ 0.4 $ (0.8)
Other comprehensive income before reclassifications (0.9) 0.3 (0.6)
Amounts reclassified from accumulated other comprehensive loss 0.8 (0.2) 0.6
Net current-period other comprehensive income (0.1) 0.1 —
Ending balance $ (1.3) $ 0.5 $ (0.8)

Amounts reclassified from accumulated other comprehensive loss for unrealized losses on investments and tax provision related to unrealized gains
or losses on investments are recorded in Other income (expense)—net and in Provision for income taxes, respectively. We do not have any material changes
to accumulated other comprehensive income during 2018.

16. SUBSEQUENT EVENTS

Share Repurchase Program

Subsequent to December 31, 2018, through the filing of this Annual Report on Form 10-K, we repurchased 0.8 million shares of our common stock,
for an aggregate purchase price of $56.3 million at an average price of $72.19 per share, under the Repurchase Program.

2011 Employee Stock Purchase Plan

Our board of directors voluntarily determined to terminate the ESPP, effective February 2019 at the completion of the prior offering period.

102
Table of Contents

ITEM 9. Changes in and Disagreements With Accountants on Accounting and Financial Disclosure

None.

ITEM 9A. Controls and Procedures

Evaluation of Disclosure Controls and Procedures

Our management, with the participation of our chief executive officer and chief financial officer, evaluated the effectiveness of our disclosure
controls and procedures (as defined in Rule 13a-15(e) or 15d-15(e) under the Securities Exchange Act of 1934 (the “Exchange Act”) as of the end of the
period covered by this Annual Report on Form 10-K. In designing and evaluating the disclosure controls and procedures, management recognized that any
controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving the desired control objectives. In
addition, the design of disclosure controls and procedures must reflect the fact that there are resource constraints and that management is required to apply its
judgment in evaluating the benefits of possible controls and procedures relative to their costs.

Based on that evaluation, our chief executive officer and chief financial officer concluded that our disclosure controls and procedures were effective
as of December 31, 2018 to provide reasonable assurance that information we are required to disclose in reports that we file or submit under the Exchange
Act is recorded, processed, summarized and reported within the time periods specified in SEC rules and forms, and that such information is accumulated and
communicated to our management, including our chief executive officer and chief financial officer, as appropriate, to allow timely decisions regarding
required disclosure.

Management’s Report on Internal Control Over Financial Reporting

Our management is responsible for establishing and maintaining adequate internal control over financial reporting, as defined in Rule 13a-15(f) and
15d-15(f) under the Exchange Act. Management conducted an evaluation of the effectiveness of our internal control over financial reporting based on the
framework in Internal Control—Integrated Framework (2013) set forth by the Committee of Sponsoring Organizations of the Treadway Commission.

Based on this evaluation, management concluded that our internal control over financial reporting was effective as of December 31, 2018.
Management reviewed the results of its assessment with our Audit Committee. The effectiveness of our internal control over financial reporting as of
December 31, 2018 has been audited by Deloitte & Touche LLP, an independent registered public accounting firm, as stated in its report, which appears in
this Item under the heading “Report of Independent Registered Public Accounting Firm.”

Changes in Internal Control over Financial Reporting

In January 2018, we implemented certain internal controls over financial reporting in connection with our adoption of Topic 606. There were no
other changes in our internal control over financial reporting (as defined in Rules 13a-15(f) or 15d-15(f) under the Exchange Act) during 2018 that have
materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.

103
Table of Contents

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the stockholders and the Board of Directors of Fortinet, Inc.

Opinion on Internal Control over Financial Reporting

We have audited the internal control over financial reporting of Fortinet, Inc. and subsidiaries (the “Company”) as of December 31, 2018, based on criteria
established in Internal Control — Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission
(COSO). In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2018, based
on criteria established in Internal Control — Integrated Framework (2013) issued by COSO.

We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated
financial statements as of and for the year ended December 31, 2018, of the Company and our report dated February 26, 2019, expressed an unqualified
opinion on those financial statements and included an explanatory paragraph related to the Company’s change in its method of accounting for revenue due to
adoption of the new revenue standard.

Basis for Opinion

The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of
internal control over financial reporting, included in the accompanying Management’s Report on Internal Control over Financial Reporting. Our responsibility
is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the
PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and
regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable
assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an
understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating
effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We
believe that our audit provides a reasonable basis for our opinion.

Definition and Limitations of Internal Control over Financial Reporting

A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and
the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over
financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect
the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit
preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being
made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or
timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.

Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of
effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance
with the policies or procedures may deteriorate.

/s/ DELOITTE & TOUCHE LLP

San Jose, California


February 26, 2019

104
Table of Contents

ITEM 9B. Other Information

None.

Part III

ITEM 10. Directors, Executive Officers and Corporate Governance

Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2019 Annual Meeting of
Stockholders to be filed with the SEC within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.

As part of our system of corporate governance, our board of directors has adopted a code of business conduct and ethics. The code applies to all of
our employees, officers (including our principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing
similar functions), agents and representatives, including our independent directors and consultants, who are not our employees, with regard to their Fortinet-
related activities. Our code of business conduct and ethics is available on our website at www.fortinet.com under “Corporate—Investor Relations—Corporate
Governance.” We will post on this section of our website any amendment to our code of business conduct and ethics, as well as any waivers of our code of
business conduct and ethics, that are required to be disclosed by the rules of the SEC or the Nasdaq Stock Market.

ITEM 11. Executive Compensation

Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2019 Annual Meeting of
Stockholders to be filed with the SEC within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.

ITEM 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2019 Annual Meeting of
Stockholders to be filed with the SEC within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.

ITEM 13. Certain Relationships and Related Transactions, and Director Independence

Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2019 Annual Meeting of
Stockholders to be filed with the SEC within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.

ITEM 14. Principal Accounting Fees and Services

Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2019 Annual Meeting of
Stockholders to be filed with the SEC within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.

105
Table of Contents

Part IV

ITEM 15. Exhibits, Financial Statement Schedules

(a) The following documents are filed as part of this Annual Report on Form 10-K:

1. Financial Statements: The information concerning Fortinet’s financial statements and the Report of Independent Registered Public
Accounting Firm required by this Item 15(a)(1) is incorporated by reference herein to the section of this Annual Report on Form 10-K in
Part II, Item 8, titled “Financial Statements and Supplementary Data.”

2. Financial Statement Schedule: The following financial statement schedule of Fortinet, Inc., for the fiscal years ended December 31,
2018, 2017 and 2016, is filed as part of this Annual Report on Form 10-K and should be read in conjunction with our consolidated financial
statements.

106
Table of Contents

SCHEDULE II—VALUATION AND QUALIFYING ACCOUNTS

Year Ended December 31,


2018 (1) 2017 2016
(in millions)
Sales Returns Reserve and Allowance for Doubtful Accounts:
Beginning balance $ 14.5 $ 11.2 $ 6.2
Charged to costs and expenses, net of deductions — 3.3 5.0
Reclassification due to adoption of Topic 606 (1) (13.6) — —
Ending balance $ 0.9 $ 14.5 $ 11.2
(1)
Effective January 1, 2018, we reclassified our sales returns reserve in the amount of $13.6 million from accounts receivable to accrued liabilities, in
connection with the adoption of Topic 606. The ending balance for the year ended December 31, 2018 consists only of the allowance for doubtful accounts.

Schedules not listed above have been omitted because they are not applicable or are not required or the information required to be set forth therein is
included in the consolidated financial statements or notes thereto.

3. Exhibits: See Item 15(b) below. We have filed, or incorporated into this Annual Report on Form 10-K by reference, the exhibits listed on the
accompanying Exhibit Index immediately preceding the signature page of this Annual Report on Form 10-K.

(b) Exhibits:

The exhibit list in the Exhibit Index immediately preceding the signature page of this Annual Report on Form 10-K is incorporated herein by
reference as the list of exhibits required by this Item 15(b).

(c) Financial Statement Schedules: See Item 15(a) above.

107
Table of Contents

EXHIBIT INDEX
Exhibit
Number Description Incorporated by reference herein
Exhibit
Form Date Number

3.1 Amended and Restated Certificate of Incorporation Current Report on Form 8-K (File No. 001-34511) June 28, 2018 3.1

3.2 Amended and Restated Bylaws Current Report on Form 8-K (File No. 001-34511) June 28, 2018 3.2

4.1 Specimen common stock certificate of the Company Registration Statement on Form S-l, as amended (File No. 333- November 2, 2009 4.1
161190)

10.1† Forms of Indemnification Agreement between the Company and Registration Statement on Form S-l (File No. 333-161190) August 10, 2009 10.1
its directors and officers

10.2† 2000 Stock Plan and forms of agreement thereunder Registration Statement on Form S-l (File No. 333-161190) August 10, 2009 10.2

10.3† 2008 Stock Plan and forms of agreement thereunder Registration Statement on Form S-l (File No. 333-161190) August 10, 2009 10.3

10.4† 2009 Equity Incentive Plan and forms of restricted stock unit Registration Statement on Form S-l (File No. 333-161190) August 10, 2009 10.4
award and restricted stock agreement thereunder

10.5† Forms of stock option agreement under 2009 Equity Incentive Annual Report on Form 10-K (File No. 001-34511) February 28, 2012 10.5
Plan

10.6† Form of performance stock unit award agreement under 2009 Quarterly Report on Form 10-Q (File No. 001-34511) August 6, 2013 99.1
Equity Incentive Plan

10.7† Forms of restricted stock unit award and performance stock unit Annual Report on Form 10-K (File No. 001-34511) March 2, 2015 10.7
award agreement under 2009 Equity Incentive Plan (Additional
Forms)

10.8† Fortinet, Inc. 2011 Employee Stock Purchase Plan Current Report on Form 8-K (File No. 001-34511) June 27, 2011 10.1

10.9† Meru Networks, Inc. 2010 Equity Incentive Plan Registration Statement on Form S-8 (File No. 333-205958) July 30, 2015 99.1

10.10† Meru Networks, Inc. 2013 New Employee Stock Inducement Plan Registration Statement on Form S-8 (File No. 333-205958) July 30, 2015 99.2

10.11† Forms of Fortinet, Inc. Restricted Stock Unit Assumption Registration Statement on Form S-8 (File No. 333-205958) July 30, 2015 99.3
Agreement

10.12† Fortinet, Inc. Bonus Plan Current Report on Form 8-K (File No. 001-34511) January 26, 2010 10.1

10.13† Fortinet, Inc. Cash and Equity Incentive Plan Quarterly Report on Form 10-Q (File No. 001-34511) November 5, 2013 10.1

10.14† Form of Change of Control Agreement between the Company and Quarterly Report on Form 10-Q (File No. 001-34511) August 4, 2015 10.1
its directors

10.15† Amended and Restated Change of Control Agreement, dated as of Annual Report on Form 10-K (File No. 001-34511) February 26, 2016 10.15
February 4, 2016, between the Company and Ken Xie

10.16† Amended and Restated Change of Control Agreement, dated as of Annual Report on Form 10-K (File No. 001-34511) February 26, 2016 10.16
February 4, 2016, between the Company and Michael Xie

10.17† Amended and Restated Change of Control Agreement, dated as of Annual Report on Form 10-K (File No. 001-34511) February 26, 2016 10.17
February 4, 2016, between the Company and John Whittle

108
Table of Contents

10.18† Amended and Restated Change of Control Agreement, dated as of Annual Report on Form 10-K (File No. 001-34511) February 26, 2016 10.18
February 4, 2016, between the Company and Andrew Del Matto

10.19† Offer Letter, dated as of October 23, 2006, by and between the Registration Statement on Form S-l, as amended (File No. 333- August 10, 2009 10.10
Company and John Whittle 161190)

10.20† Offer Letter, dated as of December 17, 2013, by and between the Current Report on Form 8-K (File No. 001-34511) December 20, 2013 99.1
Company and Andrew Del Matto

10.21† Letter regarding stock grants, dated as of December 17, 2013, Current Report on Form 8-K (File No. 001-34511) December 20, 2013 99.2
between the Company and Andrew Del Matto

10.22† Offer Letter, dated as of April 3, 2014, by and between the Annual Report on Form 10-K (File No. 001-34511) February 26, 2018 10.22
Company and Keith Jensen

10.23† Change of Control Severance Agreement, dated as of February 4, Annual Report on Form 10-K (File No. 001-34511) February 26, 2018 10.23
2016, between the Company and Keith Jensen

10.25† Amendment No. 1 to Change of Control Severance Agreement, Quarterly Report on Form 10-Q (File No. 001-34511) May 8, 2018 10.1
dated as of May 1, 2018, between the Company and Keith Jensen

21.1* List of subsidiaries

23.1* Consent of Independent Registered Public Accounting Firm

24.1* Power of Attorney (incorporated by reference to the signature


page of this Annual Report on Form 10-K)

31.1* Certification of Chief Executive Officer pursuant to Exchange Act Rules 13a-14(a) and 15d-14(a), as adopted pursuant to Section 302 of the Sarbanes-Oxley Act of 2002

31.2* Certification of Chief Financial Officer pursuant to Exchange Act Rules 13a-14(a) and 15d-14(a), as adopted pursuant to Section 302 of the Sarbanes-Oxley Act of 2002

32.1* Certifications of Chief Executive Officer and Chief Financial Officer pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002

101.SCH* XBRL Taxonomy Extension Schema Document

101.CAL* XBRL Taxonomy Extension Calculation Linkbase Document

101.PRE* XBRL Taxonomy Extension Presentation Linkbase Document

101.DEF* XBRL Taxonomy Extension Definition Linkbase Document

101.LAB* XBRL Taxonomy Extension Label Linkbase Document

101.INS* XBRL Instance Document

________________________________

† Indicates management compensatory plan, contract or arrangement.

* Filed herewith.

109
Table of Contents

SIGNATURES

Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on
its behalf by the undersigned, thereunto duly authorized, on February 26, 2019.

FORTINET, INC.

By: /s/ Ken Xie


Ken Xie, Chief Executive Officer and Chairman

(Duly Authorized Officer and Principal Executive Officer)

FORTINET, INC.

By: /s/ Keith Jensen


Keith Jensen, Chief Financial Officer

(Duly Authorized Officer and Principal Financial Officer and Principal Accounting Officer)

110
Table of Contents

POWER OF ATTORNEY

KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints Ken Xie and Keith
Jensen, jointly and severally, his or her attorney-in-fact, with the power of substitution, for him or her in any and all capacities, to sign any amendments to this
Annual Report on Form 10-K and to file the same, with exhibits thereto and other documents in connection therewith, with the Securities and Exchange
Commission, hereby ratifying and confirming all that each of said attorneys-in-fact, or his substitute or substitutes, may do or cause to be done by virtue
hereof.

Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the
registrant and in the capacities and on the dates indicated.

Signature Title Date

/s/ Ken Xie Chief Executive Officer and Chairman February 26, 2019
Ken Xie (Principal Executive Officer)

/s/ Keith Jensen Chief Financial Officer February 26, 2019


Keith Jensen (Principal Financial Officer and Principal Accounting Officer)

/s/ Michael Xie President, Chief Technology Officer and Director February 26, 2019
Michael Xie

/s/ Peter D. Cohen Director February 26, 2019


Peter D. Cohen

/s/ Ming Hsieh Director February 26, 2019


Ming Hsieh

/s/ Gary Locke Director February 26, 2019


Gary Locke

/s/ William H. Neukom Director February 26, 2019


William H. Neukom

/s/ Christopher B. Paisley Director February 26, 2019


Christopher B. Paisley

/s/ Judith Sim Director February 26, 2019


Judith Sim

111
Exhibit 21.1

FORTINET, INC. SUBSIDIARIES

Entity Jurisdiction of Incorporation

Fortinet International, Inc. Cayman Islands


Fortinet UK, Ltd. United Kingdom
Fortinet Technologies (Canada), ULC Canada
Fortinet Japan K.K. Japan
Fortinet Information Technology (Beijing) Co., Ltd. China
Fortinet Information Technology (Tianjin) Co., Ltd. China
Fortinet Malaysia SDN. BHD. Malaysia
Fortinet Singapore Private Limited Singapore
Fortinet Technologies India Private Limited India
Fortinet S.A.R.L. France
Fortinet GmbH Germany
Fortinet Federal, Inc. U.S.A.
Fortinet BV Netherlands
Fortinet Mexico, S. de R.L. de C.V. Mexico
Fortinet Network Security Brazil Limitada Brazil
Fortinet Colombia S.A.S Colombia
Fortinet Security NZ Limited New Zealand
Fortinet Security Israel Ltd. Israel
Fortinet Security Korea Ltd. Korea
Fortinet Security LLC Qatar
Fortinet Security Italy S.R.L. Italy
Fortinet Networks Romania S.R.L. Romania
Fortinet Holding LLC U.S.A.
Accelops HK Hong Kong
Accelops China China
Fortinet Turkey Güvenlik Sistemleri Limited Şirketi Turkey
Fortinet Security Spain S.L Spain
Fortinet Networks Mauritius Ltd Mauritius
Bradford Networks, Inc. U.S.A.
Bradford Networks Europe Limited United Kingdom
ZoneFox Holding Limited United Kingdom
ZoneFox Limited United Kingdom
Exhibit 23.1

CONSENT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

We consent to the incorporation by reference in the Registration Statements Nos. 333-223246, 333-216362, 333-209783, 333-205958, 333-202402, 333-
194281, 333-186921, 333-179751, 333-175985, 333-172459 and, 333-163367 on Form S-8 of our reports dated February 26, 2019, relating to the
consolidated financial statements and consolidated financial statement schedule of Fortinet, Inc. and subsidiaries (the “Company”) (which expresses an
unqualified opinion and included an explanatory paragraph related to the Company’s change in method of accounting for revenue in fiscal 2018 due to
adoption of the new revenue standard), and the effectiveness of the Company's internal control over financial reporting, appearing in the Annual Report on
Form 10-K of the Company for the year ended December 31, 2018.

/s/ DELOITTE & TOUCHE LLP

San Jose, California


February 26, 2019
Exhibit 31.1

CERTIFICATION

I, Ken Xie, certify that:

1. I have reviewed this Annual Report on Form 10-K of Fortinet, Inc.;

2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the
statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this
report;

3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the
financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;

4. The registrant’s other certifying officer(s) and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in
Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-
15(f)) for the registrant and have:

a. Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision,
to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within
those entities, particularly during the period in which this report is being prepared;

b. Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our
supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for
external purposes in accordance with generally accepted accounting principles;

c. Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the
effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and

d. Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most
recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely
to materially affect, the registrant’s internal control over financial reporting; and

5. The registrant’s other certifying officer(s) and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to
the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions):

a. All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are
reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and

b. Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal
control over financial reporting.

Date: February 26, 2019

/s/ Ken Xie


Ken Xie
Chief Executive Officer and Chairman
(Principal Executive Officer)
Exhibit 31.2

CERTIFICATION

I, Keith Jensen, certify that:

1. I have reviewed this Annual Report on Form 10-K of Fortinet, Inc.;

2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the
statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this
report;

3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the
financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;

4. The registrant’s other certifying officer(s) and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in
Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-
15(f)) for the registrant and have:

a. Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision,
to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within
those entities, particularly during the period in which this report is being prepared;

b. Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our
supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for
external purposes in accordance with generally accepted accounting principles;

c. Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the
effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and

d. Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most
recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely
to materially affect, the registrant’s internal control over financial reporting; and

5. The registrant’s other certifying officer(s) and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to
the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions):

a. All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are
reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and

b. Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal
control over financial reporting.

Date: February 26, 2019

/s/ Keith Jensen


Keith Jensen
Chief Financial Officer
(Principal Financial Officer and Principal Accounting Officer)
Exhibit 32.1

CERTIFICATIONS OF CHIEF EXECUTIVE OFFICER AND CHIEF FINANCIAL OFFICER

PURSUANT TO
18 U.S.C. SECTION 1350,
AS ADOPTED PURSUANT TO
SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002

I, Ken Xie, certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that the Annual Report
on Form 10-K of Fortinet, Inc. for the fiscal year ended December 31, 2018 fully complies with the requirements of Section 13(a) or 15(d) of the Securities
Exchange Act of 1934, as amended (the “Exchange Act”), and that information contained in this Annual Report on Form 10-K fairly presents, in all material
respects, the financial condition and results of operations of Fortinet, Inc.

By: /s/ Ken Xie


Date: February 26, 2019 Name: Ken Xie
Title: Chief Executive Officer and Chairman
(Principal Executive Officer)

I, Keith Jensen, certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that the Annual
Report on Form 10-K of Fortinet, Inc. for the fiscal year ended December 31, 2018 fully complies with the requirements of Section 13(a) or 15(d) of the
Exchange Act and that information contained in this Annual Report on Form 10-K fairly presents, in all material respects, the financial condition and results
of operations of Fortinet, Inc.

By: /s/ Keith Jensen


Date: February 26, 2019 Name: Keith Jensen
Title: Chief Financial Officer
(Principal Financial Officer and Principal Accounting Officer)

This certification is being furnished pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 and will
not be deemed “filed” for purposes of Section 18 of the Exchange Act, or otherwise subject to the liability of that section. This certification will not be
incorporated by reference into any filing under the Securities Act of 1933, as amended, or the Exchange Act, except as shall be expressly set forth by specific
reference in such a filing.