FortiProxy™

FortiProxy 400E, 2000E, 4000E and VM

FortiProxy is a secure web proxy that protects

employees against internet-borne attacks by
incorporating multiple detection techniques such
as web filtering, DNS filtering, data loss prevention,
antivirus, intrusion prevention and advanced threat
protection. It helps enterprises enforce internet compliance using granular application control.
High-performance physical and virtual appliances deploy on-site to serve small, medium and
large enterprises.

SSL Inspection Highlights

Powerful hardware that can perform

SSL inspection to effectively remove
blind spots in encrypted traffic, without
compromising on performance.
Protection against
sophisticated web attacks
§§ Advanced Protection against threats
– Integration with FortiGuard Threat
Intelligence Service
– Web, DNS filtering and
application control
– Integration with FortiSandbox cloud
and on-premise appliance
– AV, IPS, DLP and Content Analysis

Integration with proven FortiGuard §§ High performance and scalability

Threat Intelligence Service and
FortiSandbox Cloud to protect enterprises
from the latest sophisticated threats.
– Custom –built security processing
units for high performance
– Scalability from small to large
organizations
– HA availability for redundancy

Authenticated web §§ Content Caching and WAN Optimization

application control
Granular application control policies to
restrict access to social websites using
user or group identity.
– Static and dynamic content caching
– Multiple Content Delivery Network
– Decrease Network Latency
– Lower bandwidth overhead

DATA SHEET
FortiProxy
™
FEATURES
Multi-layered Detection
FortiProxy provides multiple detection methods such as reputation
lookup, signature-based detection and sandboxing to protect
against known malware, emerging threats and zero-day malware.
Integration with FortiGuard Threat Intelligence
The threat landscape is rapidly evolving, requiring security teams to
be continuously vigilant of new threats. FortiGuard Threat Intelligence
service is a collection of services delivered by FortiGuard Labs to
defend against the changing threat landscape. FortiGuard Labs
comprises of more than 200 researchers across 31 countries. It
offers 15 different security services and constantly discovers new
threats. The following protection services offered by FortiProxy are
continuously updated with the latest information from FortiGuard
Threat Intelligence.
§§ DNS and Web Filtering
With the help of FortiGuard Threat Intelligence service, malicious,
suspicious and newly generated domain names are blocked
immediately. More than 150,000 websites are blocked per
minute by the FortiGuard WebFiltering Service. Dynamic
category-based web filtering ensure employees abide by the
company’s acceptable use policy. Static whitelisting and
blacklisting capabilities are also available to allow or block
specific websites.
§§ Dynamic Analysis using Sandboxing
Top-rated FortiSandbox is integrated with FortiProxy to defend
against targeted advanced attacks. Suspicious and at-risk files
can automatically be sent to FortiSandbox for further analysis.
The sample is analyzed in a contained environment to uncover
the full attack lifecycle using system activity and call back
detection. Reports provide rich threat intelligence and actionable
insight for security teams to take action.
§§ Antivirus and DLP
Fortinet consistently receives superior effectiveness results in
industry testing with AV Comparatives and Virus Bulletin. Data
Loss Prevention protects against exfiltration of sensitive data.
Sensitive files can be fingerprinted or watermarked and the
outgoing traffic is examined to identify any data leakage.
§§ Content Analysis Service
FortiProxy includes content scanning technologies from Image
Analyzer™, the industry leader in offensive image and video
detection to prevent access to inappropriate content.
2 www.fortinet.com
§§ Intrusion Prevention
FortiProxy uses a combination of signature as well as signature-
less engines to prevent intrusions. IPS signatures can be
based on exploits, known vulnerabilities or anomaly patterns.
Signature-less techniques are used to detect SQL injection,
domain generation algorithm attacks, java and flash exploits.
FortiGuard Labs generates more than 100 IPS rules every week,
blocking more than 4 million network intrusion attempts.
FortiGuard Threat
Intelligence
Website
Reputation
Antivirus Sandboxing DLP
Analysis
User accessing web
Inspection of Encrypted Traffic
More than 60% of the internet traffic is encrypted and visibility is
a big challenge. FortiProxy offers SSL and SSH deep inspection
without requiring any additional license or appliance. It can be used
to inspect encrypted traffic by acting as a man in the middle. It
also has the flexibility to add exclusion categories so that banking,
healthcare and other such sites won’t be monitored. When SSL
Deep inspection is not possible it also supports Certificate based
inspection.
Granular Application Control
With the constant increase in the usage of social apps, it’s vital for
organizations to provide very granular controls. For instance, they
may want to allow access but prevent specific actions like posts.
FortiProxy supports all major social websites (including Facebook,
LinkedIn, Twitter, Instagram), and supports more than 3000 apps.
In addition, SaaS Apps can be classified using the cloud database
that’s maintained by FortiGuard.
Authenticated Web Access
FortiProxy supports advanced authentication methods including
SAML, Kerberos and Single Sign-on. These features are built-in
without requiring a separate appliance. It also gives administrators
the flexibility to configure policies based on users and roles.
WAN Optimization and Advanced Caching
Today at many locations, bandwidth is a bottleneck, and to keep
operation costs low, it may be prohibitive to provide additional
bandwidth. In these environments, FortiProxy is also able to greatly
optimize and accelerate the network by enabling caching of
content and by enabling WAN Optimization features.
 FortiProxy
™

FEATURES

Security Fabric High Performance, scalability and low TCO

The Fortinet Security Fabric delivers broad protection and visibility
to every network segment, device, and appliance, whether virtual,
in the cloud, or on-premises. It can automatically synchronize
security resources to enforce policies, coordinate automated
responses to threats detected anywhere in your network, and easily
manage different security solutions and products through a single
console. FortiProxy integrates with key security fabric components
such as FortiSandbox and FortiAnalyzer. It can also integrate with
third-party security devices using ICAP and WCCP protocols.
FortiProxy uses specialized ASICs in order to accelerate
performance of the network and security modules. FortiProxy
supports proxy speeds up to 15 Gbps, and can scale from small
enterprises with 500 users all the way to larger enterprises of
50,000 users. FortiProxy provides great value to customers while
maintaining a low total cost of ownership.

DEPLOYMENT
FortiProxy allows you to choose from 3 modes of deployment to meet your specific requirements, while reducing
infrastructure changes and service disruptions:

Inline Deployment

FortiProxy FortiGate

§§ Suitable for smaller enterprises (less than 500 users)

§§ Deployed behind the NGFW
§§ Interesting traffic that needs to be inspected configured on Proxy,
and the remaining traffic is automatically bypassed to the NGFW.

Explicit Deployment

FortiGate

FortiProxy

§§ Suitable for larger enterprises

§§ Proxy can be deployed in any location within the enterprise
§§ Support for multiple pac files allows flexibility

3
FortiProxy
™

DEPLOYMENT
WCCP/PBR Deployment

FortiGate

FortiProxy

§§ Suitable for larger deployments

§§ If distribution of pac files is not convenient, WCCP or PBR mode is supported
§§ Policies are configured on the NGFW/router to direct the interesting traffic to the proxy

FEATURES SUMMARY

System Authentication
§§ Wide range of deployment options: §§ Support for various authentication modes including Radius,
– Inline, Forward Proxy, Explicit proxy, WCCP/PBR SAML, LDAP, NTLM, Kerberos, FortiToken One-Time Password
– Hardware or virtual appliance §§ In-built authentication requiring no additional device
§§ IPv4 and IPv6 address support
Advanced Caching
§§ Application Support including HTTP/S
§§ Web and video caching
§§ HA available as active-active and active-backup with session
§§ Reverse web cache
synchronization
§§ Traffic Shaping and QoS policies to prioritize Apps
Threat Protection §§ Dynamic adaptive streaming over HTTP
§§ Integration with FortiGuard threat intelligence services for real- §§ Dynamic adaptive streaming over RTP and RTMPT
time threat updates
WAN Optimization
§§ Integration with cloud sandbox to detect advanced threats
§§ Protocol Optimization – support HTTP, MAPI, CIFS, FTP and TCP
§§ In-built security services requiring no additional appliance
§§ Secure tunneling over across WAN
§§ DNS and Web-Filtering
§§ Wan Optimization peers
– Dynamic categorization of websites
– Blocking of malicious and suspicious domains and URLs Management and Reporting
– Static blacklists and whitelists §§ FortiView Integration
§§ Application Control §§ FortiAnalyzer Integration
– Granular web application control for social websites §§ Support Syslog server
– Support for 3000+ applications §§ Granular role based access
§§ Antivirus, bonet and DLP §§ Reporting and Logging
§§ Content Analysis §§ Policy tests for ease of deployment
§§ Multiple ICAP servers support
§§ IPS signature & filters
§§ Web Rating Override
§§ SSL/SSH Inspection
§§ Custom Application Signature

4 www.fortinet.com
 FortiProxy
™

SPECIFICATIONS

FORTIPROXY 400E FORTIPROXY 2000E FORTIPROXY 4000E

System Information
License Capacity 500–2,500 users 2,500–25,000 users 15,000–50,000 users
Deployment Modes Inline Proxy, Transparent/WCCP Proxy, Explicit Proxy, Routed Proxy

Hardware Specifications
Memory 8 GB 64 GB 128 GB
Management HTTP/S, SSH, CLI, SNMP, Console RJ45 HTTP/S, SSH, CLI, SNMP, Console DB9 HTTP/S, SSH, CLI, SNMP, Console DB9
Network Interfaces 4x GE RJ45 2x 10 GE SFP+, 2x GE SFP ports, 4x 10 GE SFP+, 2x GE SFP ports,
2x GE RJ45 ports 4x GE RJ45 ports
Bypass Interfaces — 2x GE RJ45 ports 2x GE RJ45 ports
Storage 4 TB (2 TB x2) Hard Disk 8 TB (2 TB x4) Hard Disk 8 TB (2 TB x4) Hard Disk
Power Supply Single (Optional Dual) Dual Dual

Environment
Form Factor 1U Appliance 2U Appliance 2U Appliance
Input Voltage 100–240V, AC 60–50 Hz 100–240V, AC 50–60 Hz 100–240V, AC 50–60 Hz
Power Consumption (Average / Maximum) 120 W / 151 W 244 W / 265 W 462 W / 493 W
Maximum Current 100V/5A, 240V/3A 100V/10A, 240V/3.5A 100V/9.8A, 240V/5A
Heat Dissipation 550 BTU/h 940 BTU/h 1,717 BTU/h
Operating Temperature 32–104°F (0–40°C) 50–95°F (10–35°C) 50–95°F (10–35°C)
Storage Temperature -13–158°F (-25–70°C) -40–158°F (-40–70°C) -40–158°F (-40–70°C)
Humidity 5–95% non-condensing 8–90% non-condensing 8–90% non-condensing

Dimensions
Height x Width x Length (inches) 1.73 x 17.24 x 16.38 3.5 x 17.2 x 25.5 3.5 x 17.2 x 25.5
Height x Width x Length (mm) 44 x 438 x 416 89 x 437 x 647 89 x 437 x 647
Weight 25 lbs (11 kg) 32 lbs (14.5 kg) 43 lbs (19.5 kg)

Compliance
Safety FCC, ICES, CE, RCM, VCCI, BSMI (Class A), UL/cUL, CB

VIRTUAL APPLIANCE FORTIPROXY VM

System Information
Hypervisor Support VMware ESX/ESXi, KVM Platform
License Capacity 25-25000 Users

Hardware Specifications
Network Interface Support (Maximum) 10
Management HTTP/S, SSH, CLI, SNMP

FortiProxy400E FortiProxy 2000E FortiProxy 4000E

5
FortiProxy ™

ORDER INFORMATION

Product SKU Description

FortiProxy 400E FPX-400E FortiProxy 400E, 4x GE RJ45 (up to 2,500 users).
FortiProxy 2000E FPX-2000E FortiProxy 2000E, 2x RJ45 GE, 2x RJ45 GE Bypass, 2x SFP GE, 2x SFP+ 10 GE (from 2,500 users up to 25,000 users).
FortiProxy 4000E FPX-4000E FortiProxy 4000E, 4x 10/100/1000 RJ45 Ports, 2x 10/100/1000 RJ45 Bypass Ports, 2x GE SFP Ports, 4x 10 GE SFP+ Ports (from 15,000 users up to 50,000 users).
FortiProxy-VM LIC-FPRXY-VM FortiProxy-VM software virtual appliance designed for VMware ESX/ESXi and KVM platforms (up to 25,000 users).
FortiProxy 400E FC-10-XY400-620-02-DD SWG Protection Bundle [Web Filtering, DNS Filtering, Application Control, DLP, AV, Botnet (IP/Domain), Sandbox Cloud] 100 User license with SWG Protection.
FortiProxy 2000E FC-10-XY2KE-620-02-DD
FortiProxy 4000E FC-10-XY4KE-620-02-DD
FortiProxy-VM FC-10-XYVM1-622-02-DD SWG Protection Bundle [Web Filtering, DNS Filtering, Application Control, DLP, AV, Botnet (IP/Domain), Sandbox Cloud] 25 User license with SWG Protection.
FortiProxy 400E FC-10-XY400-160-02-DD 100 User license with Content Analysis Service.
FortiProxy 2000E FC-10-XY2KE-160-02-DD
FortiProxy 4000E FC-10-XY4KE-160-02-DD
FortiProxy-VM FC-10-XYVM1-160-02-DD 25 User license with Content Analysis Service.

GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA SALES OFFICE
Fortinet Inc. 905 rue Albert Einstein 300 Beach Road 20-01 Sawgrass Lakes Center
899 KIFER ROAD 06560 Valbonne The Concourse 13450 W. Sunrise Blvd., Suite 430
Sunnyvale, CA 94086 France Singapore 199555 Sunrise, FL 33323
United States Tel: +33.4.8987.0500 Tel: +65.6395.2788 United States
Tel: +1.408.235.7700 Tel: +1.954.368.9990
www.fortinet.com/sales

Copyright© 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other
product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect
performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product
will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in
Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant
hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-FPX FPX-DAT-R2-201804