DATA SHEET

Fortinet Secure SD-WAN

A Unified WAN Edge, Powered by a Single OS, to Transform
and Secure the WAN

Key Features
n World’s
only ASIC-accelerated
SD-WAN
n 5000+ applications identified
with real-time SSL inspection
n Self-healing
capabilities for
enhanced user experience
n Cloud on-ramp for efficient
SaaS adoption
n Simplifiedoperations with
As the use of business-critical, cloud-based applications continues to increase,
NOC/SOC management and
organizations with a distributed infrastructure of remote offices and an expanding
analytics
remote workforce need to adapt. The most effective solution is to switch from
n Enhanced granular analytics
static, performance-inhibited wide-area networks (WANs) to software-defined WAN
(SD-WAN) architectures. for end-to-end visibility and
control
Traditional WANs may utilize SLA-backed private multiprotocol label switching
(MPLS) or leased line links to an organizations’ main data centers for all application
and security needs. But that comes at a premium price for connectivity. While a
legacy hub-and-spoke architecture may provide centralized protection, it increases
latency and slows down network performance to distributed cloud services for
application access and compute. The result is operational complexity and limited
visibility associated with multiple point products. This scenario adds significant
management overhead and difficulties, especially when trying to troubleshoot and
resolve issues.

Fortinet’s Security-driven Networking strategy tightly integrates an organization’s

network infrastructure and security architecture, enabling networks to transform
at scale without compromising security. This next-generation approach provides
consistent security enforcement across flexible perimeters by combining a next-
generation firewall with advanced SD-WAN networking capabilities. This scheme
eliminates MPLS-required traffic backhaul and delivers improved user experience
without ever compromising on security. This integrated approach enables simplified,
single-console management for all networking and security needs, while extending
SD-WAN into wired and wireless access points of branch offices. As a result,
network security and controls can be more deeply integrated, enabling consistent
security enforcement into branch LAN networks.

1
DATA SHEET | Fortinet Secure SD-WAN
BUSINESS OUTCOMES
Improved User Experience
An application-driven approach provides
broad application steering with accurate
identification, advanced WAN remediation,
and accelerated cloud on-ramp for optimized
network and application performance
Accelerated Convergence
The industry’s only organically developed,
purpose-built, and ASIC-powered SD-WAN
enables thin edge (SD-WAN, routing) and WAN
Edge (SD-WAN, routing, NGFW) to secure all
applications, users, and data anywhere
CORE COMPONENTS
Fortinet Secure SD-WAN consists of the industry’s only
organically developed software complemented by an ASIC-
accelerated platform to deliver the most comprehensive
SD-WAN solution.
FortiGate
Provides a broad portfolio available in different
form factors: physical appliance and virtual
appliances, with the industry’s only ASIC
acceleration using the SOC4 SPU or vSPU.
§ Reduce cost and complexity with next generation firewall,
SD-WAN, and advanced routing on a unified platform that
allows customers to eliminate multiple point products at the
WAN edge
§ ASIC acceleration of SD-WAN overlay tunnels, application
identification, steering, remediation, and prioritization
ensure the best user experience for business-critical,
SaaS, and UCaaS applications
FortiOS
Fortinet’s unified operating system delivers a
OS
security-driven strategy to secure and accelerate
network and user experience. Continued
innovation and enhancement enable:
§ Real-time application optimization for a consistent and
resilient application experience
§ Advanced next generation firewall protection and prevention
from internal and external threats while providing visibility
across entire attack surface
§ Dynamic Cloud connectivity and security are enabled
through effective cloud integration and automation
Efficient Operations
Simplify operations with centralized
orchestration and enhanced analytics for SD-
WAN, security, and SD-Branch at scale
Natively Integrated Security
A built-in next-generation firewall (NGFW)
combines SD-WAN and security capabilities in
a unified solution to preserve the security and
availability of the network
Fabric Management Center
Simplify centralized management, deployment,
and automation to save time and respond quickly
to business demands with end-to-end visibility.
With a single pane of glass management that
offers deployment at scale, customers can:
§ Centrally manage 100K+ devices, including firewalls,
switches, access points, and LTE/5G extenders from a
single console
§ Provision and monitor Secure SD-WAN at the application
and network level across branch offices, datacenters, and
cloud
§ Reduce complexity by leveraging automation enabled by
REST APIs, scripting tools such as Ansible/Terraform, and
fabric connectors
§ Separate and manage domains leveraging ADOMS for
compliance and operational efficiency
§ Role-based access control to provide management flexibility
and separation
FortiGuard Security Services
Enhances SD-WAN security with advanced
protection to help organizations stay ahead of
today’s sophisticated threats:
§ Coordinated real-time detection and prevention against
known and unknown protecting content, application, people,
and devices
§ Real-time insights are achieved by processing extensive
amounts of data at cloud-scale, analyzing that data with
advanced AI, and then automatically distributing the
resulting intelligence back for enforcement and protection
2
 DATA SHEET | Fortinet Secure SD-WAN

CORE COMPONENTS

FortiGuard FortiCare Services

Orchestration Integration Automation Centralized

Management

SD-WAN NGFW Advanced ZTNA Security-Driven

Networking Enforcement Networking

ASIC
ASIC Virtual FortiOS
Acceleration

Features Description

FortiOS — SD-WAN Application Identification and Control 5000+ application signatures, first packet Identification, deep packet inspection, custom application
signatures, SSL decryption, TLS1.3 with mandated ciphers, and deep inspection

SD-WAN Granular application policies, application SLA based path selection, dynamic bandwidth measurement
(Application aware traffic control) of SD-WAN paths, active/active and active/standby forwarding, overlay support for encrypted transport,
Application session-based steering, probe-based SLA measurements

Advanced SD-WAN Forward Error Correction (FEC) for packet loss compensation, packet duplication for best real-time
(WAN remediation) application performance, Active Directory integration for user based SD-WAN steering policies, per packet
link aggregation with packet distribution across aggregate members

SD-WAN deployment Flexible deployment – hub-to-spoke (partial mesh), spoke-to-spoke (full mesh), multi-WAN transport
support

FortiOS — Networking QoS Traffic shaping based on bandwidth limits per application and WAN link, rate limits per application and
WAN link, prioritize application traffic per WAN link, mark/remark DSCP bits for influencing traffic QoS on
egress devices, application steering based on ToS marking

Advanced Routing (IPv4/IPv6) Static routing, Internal Gateway (iBGP, OSPF v2/v3 , RIP v2), External Gateway(eBGP), VRF, route
redistribution, route leaking, BGP confederation, router reflectors, summarization and route-aggregation,
route asymmetry

VPN/Overlay Site-to-site ADVPN – dynamic VPN tunnels, policy-based VPN, IKEv1, IKEv2, DPD, PFS, ESP and ESP-
HMAC support, symmetric cipher support (IKE/ESP): AES-128 and AES-256 modes: CBC, CNTR, XCBC,
GCM, Pre-shared and PKI authentication with RSA certificates, Diffie-Hellman key exchange (Group 1, 2, 5,
14 through 21 and 27 through 32), MD5, and SHA-based HMAC

Multicast Multicast forwarding, PIM spare (rfc 4601), dense mode (rfc 3973), PIM rendezvous point

Advanced Networking DHCP v4/v6, DNS, NAT – source, destination, static NAT, destination NAT, PAT, NAPT, Full IPv4/v6 support

FortiOS — Security Security Next Generation Firewall with FortiGuard threat intelligence – SSL inspection, application control, Intrusion
prevention, antivirus, web filtering, DLP, and advanced threat protection. Segmentation – micro, macro,
single task VDOM, multi VDOM

Fabric Management Center Centralized Management and Provisioning FortiManager – zero touch provisioning, centralized configuration, change management, dashboard,
application policies, QoS, security policies, application specific SLA, active probe configuration, RBAC,
multi-tenant

Cloud Orchestration FortiManager Cloud through FortiCloud, Single Sign-on portal to manage Fortinet NGFW and SD-WAN,
Cloud-based network management to streamline FortiGate provisioning and management, extensive
automation-enabled management of Fortinet devices

Enhanced Analytics Bandwidth consumption, SLA metrics – jitter, packet loss, and latency, real-time monitoring, filter based
on time slot, WAN link SLA reports, per-application session usage, threat information - malware signature,
malware domain or URL, infected host, threat level, malware category, indicator of compromise

Cloud On-ramp Cloud integration – AWS, Azure, Alibaba, Oracle, Google. AWS – transit, direct and VPC connectivity, transit
gateways, Azure – Virtual WAN connectivity, Oracle – OCI connectivity

FortiGate Redundancy/High-availability FortiGate dual device HA – primary and backup, FortiManager HA, bypass interface, interface redundancy,
redundant power supplies

Integration RESTful API/Ansible for configuration, zero touch provisioning, reporting, and third-party integration

Virtual environments VMware ESXi v5.5 / v6.0 / v6.5/ v6.7, VMware NSX-T v2.3
Microsoft Hyper-V Server 2008 R2 / 2012 / 2012 R2 / 2016
Citrix Xen XenServer v5.6 sp2, v6.0, v6.2 and later
Open source Xen v3.4.3, v4.1 and later
KVM qemu 0.12.1 & libvirt 0.10.2 and later for Red Hat Enterprise Linux / CentOS 6.4 and later / Ubuntu
16.04 LTS (generic kernel) ,KVM qemu 2.3.1 for SuSE Linux Enterprise Server 12 SP1 LTSS
Nutanix AHV (AOS 5.10, Prisim Central 5.10)
Cisco Cloud Services Platform 2100

Built-in Variants POE, LTE, WiFi, ADSL/VDSL

3
DATA SHEET | Fortinet Secure SD-WAN

PRODUCT OFFERINGS
BRANCHES

Appliances 40F 60F 80F 100F 200F

IPsec VPN Throughput1 4.4 Gbps 6.5 Gbps 6.5 Gbps 11.5 Gbps 13 Gbps
Max IPsec Tunnels 200 200 200 2,000 2,000
Threat Protection2 600 Mbps 700 Mbps 900 Mbps 1 Gbps 3 Gbps
Application Control Throughput3 990 Mbps 1.8 Gbps 1.8 Gbps 2.2 Gbps 13 Gbps
SSL Inspection Throughput 310 Mbps 630 Mbps 715 Mbps 1 Gbps 4 Gbps
Unrestricted Bandwidth ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
Zero Trust Network Access (ZTNA) ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
Connectivity
Interfaces 5 x GE RJ45 10 x GE RJ45 8 x GE RJ45 18 x GE RJ45 18 x GE RJ45
2 x Shared Port Pairs 8 x GE SFP 8 x GE SFP
2 x 10 GE SFP+ 4 x 10 GE SFP+
4 x Shared Port Pairs
Hardware Variants WiFi, 3G4G WiFi, Storage WiFi, Bypass, POE, Storage Storage
Storage
5G/LTE Connectivity Supports FortiExtender
Extensibility Supports FortiAP, FortiSwitch
Form Factor Desktop Desktop Desktop 1RU 1RU
Power Supply Single AC PS Single AC PS Single AC PS, dual inputs Dual AC PS Dual AC PS

1 The IPsec VPN performance test uses AES256-SHA256

2 SSL Inspection performance values use an average of HTTPS sessions of different cipher suites
3 IPS, Application Control, NGFW, and Threat Protection are measured with logging enabled

BRANCH BUNDLES

FortiGate 40F 60F 80F 100F 200F

Unified Threat Protection
Base FG-40F-BDL-950-DD FG-60F-BDL-950-DD FG-80F-BDL-950-DD FG-100F-BDL-950-DD FG-200F-BDL-950-DD
Wifi Variant FWF-40F-A-BDL-950-DD FWF-60F-A-BDL-950-DD FWF-80F-2R-A-BDL-950-DD
LTE Variant FG-40F-3G4G-BDL-950-DD
Wifi + LTE Variant FWF-40F-3G4G-A-BDL-
950-DD
Storage Variant FG-61F-BDL-950-DD FG-81E-BDL-950-DD FG-101F-BDL-950-DD FG-201F-BDL-950-DD
Wifi + Storage Variant FWF-61F-A-BDL-950-DD FWF-81F-2R-A-BDL-950-DD
Bypass FG-80F-BYPASS-BDL-
950-DD
POE FG-80F-POE-BDL-950-DD
Renewal
Base FC-10-0040F-950-02-DD FC-10-0060F-950-02-DD FC-10-0080F-928-02-DD FC-10-F100F-928-02-DD FC-10-F200F-928-02-DD
Wifi Variant FC-10-W040F-928-02-DD FC-10-W060F-950-02-DD FC-10-W080F-950-02-DD
LTE Variant FC-10-F40FG-950-02-DD
Wifi + LTE Variant FC-10-F40FI-950-02-DD
Storage Variant FC-10-0061F-950-02-DD FC-10-0081F-950-02-DD FC-10-F101F-950-02-DD FC-10-F201F-950-02-DD
Wifi + Storage Variant FC-10-W061F-950-02-DD FC-10-W081F-950-02-DD
Bypass FC-10-F80FC-950-02-DD
POE FC-10-F80FP-950-02-DD

4
 DATA SHEET | Fortinet Secure SD-WAN

PRODUCT OFFERINGS
HUBS

Appliances 400E 600E 1100E 1800F 2200E 2600F

IPsec VPN Throughput1 20 Gbps 20 Gbps 48 Gbps 55 Gbps 98 Gbps 55 Gbps
Max IPsec Tunnels1 50 000 50 000 100 000 100 000 100 000 100 000
Threat Protection2 5 Gbps 7 Gbps 7.1 Gbps 9.1 Gbps 11 Gbps 17 Gbps
SSL Inspection Throughput3 4.8 Gbps 8 Gbps 10 Gbps 12 Gbps 17 Gbps 20 Gbps
(IPS, avg. HTTPS)
Connectivity
100GE QSFP28 ⃝✓
40GE QSFP+ ⃝✓ ⃝✓ ⃝✓ ⃝✓
25GE SFP28 ⃝✓ ⃝✓ ⃝✓ ⃝✓
10GE SFP+ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
1GE SFP/RJ45 ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
Hardware Variants
Built-in Storage ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
Bypass ⃝✓
Redundant Hot-Swap PSUs Optional Optional ⃝✓ ⃝✓ ⃝✓ ⃝✓
DC Power ⃝✓ ⃝✓ ⃝✓

HUBS

Appliances 3000F 3300E 3400E 3500F 3600E 3960E 3980E 4200F 4400F
IPsec VPN Throughput1 105 Gbps 98 Gbps 140 Gbps 165 Gbps 140 Gbps 280 Gbps 400 Gbps 210 Gbps 310 Gbps
Max IPsec Tunnels1 200 000 200 000 200 000 200 000 200 000 200 000 200 000 200 000 200 000
Threat Protection2 33 Gbps 17 Gbps 25 Gbps 63 Gbps 30 Gbps 13.5 Gbps 20 Gbps 45 Gbps 75 Gbps
SSL Inspection Throughput3 29 Gbps 21 Gbps 30 Gbps 63 Gbps 34 Gbps 23 Gbps 26 Gbps 50 Gbps 86 Gbps
(IPS, avg. HTTPS)
Connectivity
100GE QSFP28 ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
40GE QSFP+ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
25GE SFP28 ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
10GE SFP+ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
1GE SFP/RJ45 ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
Hardware Variants
Built-in Storage ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓
Bypass
Redundant Hot-Swap PSUs ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ 2+2
DC Power ⃝✓ 3600E Only ⃝✓ ⃝✓ ⃝✓ ⃝✓

1 The IPsec VPN performance test uses AES256-SHA256

2 SSL Inspection performance values use an average of HTTPS sessions of different cipher suites
3 IPS, Application Control, NGFW, and Threat Protection are measured with logging enabled

5
DATA SHEET | Fortinet Secure SD-WAN

PRODUCT OFFERINGS
HUB BUNDLES

FortiGate 400E 600E 1100E 1800F 2200E 2600F 3000F 3300E

Unified Threat
Protection
Base FG-400E-BDL- FG-600E-BDL- FG-1100E-BDL- FG-1800F-BDL- FG-2200E-BDL- FG-2600F-BDL- FG-3000F-BDL- FG-3300E-BDL-
950-DD 950-DD 950-DD 950-DD 950-DD 950-DD 950-DD 950-DD
Storage Variant FG-401E-BDL- FG-601E-BDL- FG-1101E-BDL- FG-1801F-BDL- FG-2201E-BDL- FG-2601F-BDL- FG-3001F-BDL- FG-3301E-BDL-
950-DD 950-DD 950-DD 950-DD 950-DD 950-DD 950-DD 950-DD
Bypass FG-400E-
BYPASS-BDL-
950-DD
DC Power Variant FG-1100E-DC- FG-1800F-DC- FG-2600F-DC-
BDL-950-DD BDL-950-DD BDL-950-DD
Storage + DC Power FG-1801F-DC- FG-2601F-DC-
Variant BDL-950-DD BDL-950-DD
Renewal
Base FC-10-0400E- FC-10-F6H0E- FC-10-F11HE- FC-10-F18HF- FC-10-F22HE- FC-10-F26HF- FC-10-F3K0F- FC-10-F33HE-
950-02-DD 950-02-DD 950-02-DD 950-02-DD 950-02-DD 950-02-DD 950-02-DD 950-02-DD
Storage Variant FC-10-0401E- FC-10-F6H1E- FC-10-F11E1- FC-10-F18F1- FC-10-F22E1- FC-10-F26F1- FC-10-F3K1F- FC-10-F33E1-
950-02-DD 950-02-DD 950-02-DD 950-02-DD 950-02-DD 950-02-DD 950-02-DD 950-02-DD
Bypass FC-10-F4HBE-
950-02-DD
DC Power FC-10-F11DE- FC-10-D18HF- FC-10-FD26F-
950-02-DD 950-02-DD 950-02-DD
Storage + DC Power FC-10-D18F1- FC-10-FD261-
Variant 950-02-DD 950-02-DD
Licenses
HyperScale LIC-FGT-HYPSC LIC-FGT-HYPSC
Carrier

HUB BUNDLES

FortiGate 3400E 3500F 3600E 3960E 3980E 4200F 4400F

Unified Threat
Protection
Base FG-3400E-BDL- FG-3500F-BDL- FG-3600E-BDL- FG-3960E-BDL- FG-3980E-BDL- FG-4200F-BDL- FG-4400F-BDL-
950-DD 950-DD 950-DD 950-DD 950-DD 950-DD 950-DD
Storage Variant FG-3401E-BDL- FG-3501F-BDL- FG-3601E-BDL- FG-4201F-BDL- FG-4401F-BDL-
950-DD 950-DD 950-DD 950-DD 950-DD
Bypass
DC Power Variant FG-3400E-DC-BDL- FG-3600E-DC-BDL- FG-3960E-DC-BDL- FG-3980E-DC-BDL- FG-4200F-DC-BDL- FG-4400F-DC-BDL-
950-DD 950-DD 950-DD 950-DD 950-DD 950-DD
Storage + DC Power FG-3401E-DC-BDL- FG-4201F-BDL- FG-4401F-DC-BDL-
Variant 950-DD 950-DD 950-DD
Renewal
Base FC-10-F3K4E-950- FC-10-F3K5F-950- FC-10-F3K6E-950- FC-10-03961-950- FC-10-03981-950- FC-10-F42HF-950- FC-10-F44HF-950-
02-DD 02-DD 02-DD 02-DD 02-DD 02-DD 02-DD
Storage Variant FC-10-F34E1-950- FC-10-F35F1-950- FC-10-F36E1-950- FC-10-F421F-950- FC-10-F441F-950-
02-DD 02-DD 02-DD 02-DD 02-DD
Bypass
DC Power FC-10-FD3K4-950- FC-10-FD3K6-950- FG-3960E-DC-BDL- FC-10-03980-950- FC-10-D42HF-950- FC-10-D44HF-950-
02-DD 02-DD 950-DD 02-DD 02-DD 02-DD
Storage + DC Power FC-10-FD34E-950- FC-10-F421F-950- FC-10-D441F-950-
Variant 02-DD 02-DD 02-DD
Licenses
HyperScale LIC-FGT-HYPSC LIC-FGT-HYPSC
Carrier FCR-EUPG FCR-EUPG FCR-EUPG FCR-EUPG

6
 DATA SHEET | Fortinet Secure SD-WAN

PRODUCT OFFERINGS
FORTIGATE VM: PRIVATE CLOUD SUPPORT MATRIX

VMware VSphere Citrix Xen Xen KVM Microsoft Hyper-V Nutanix AHV
FG-VM ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓ ⃝✓

FORTIGATE VM: PUBLIC CLOUD SUPPORT MATRIX

Amazon AWS Microsoft Azure Oracle OCI / OPC Google GCP Alibaba AliCloud
FG-VM ⃝✓ / # ⃝✓ / # ⃝✓ / # ⃝✓ / # ⃝✓ / #

FORTIMANAGER: CENTRALIZED MANAGEMENT PLATFORM

HARDWARE SUBSCRIPTION
200G 400G 1000F 3000G 3700G Cloud VM
Default Devices/VDOMs 30 150 1000 4000 10 000 10
Max Devices/VDOMs with add-on 8000 100 000 10 000 100 000
license
Default ADOMs 30 150 1000 4000 10 000 Add-On
Max ADOMs with add-on license 8000 12 000 1200
Management Extension Application ⃝✓ ⃝✓ ⃝✓
(MEA) enabled
Additional Services
FortiCare Premium Contract Subscription ⃝✓ ⃝✓
FortiCare Elite Contract Subscription
FortiCare Best Practice Services (BPS) Included in hardware bundle ⃝✓ ⃝✓
Replacement Disks ⃝✓ ⃝✓ ⃝✓
How to Buy Hardware Bundle Hardware Bundle Hardware Bundle Hardware Bundle Hardware Bundle FortiGate VM Subscription
Subscription

FORTIMANAGER BUNDLES
Appliances 200G 400G 1000F 3000G 3700G

Hardware Bundle FMG-200G-BDL-447-DD FMG-400G-BDL-447-DD FMG-1000F-BDL-447-DD FMG-3000G-BDL-447-DD FMG-3700G-BDL-447-DD

Renew Bundle
Support-only Renewal
Replacement Disks
Replacement Disk SKU
Replacement PSUs
Replacement PSU SKU
FC-10-M200G-447-02-DD FC-10-M400G-447-02-DD FC-10-FM1KF-447-02-DD FC-10-M03KG-447-02-DD FC-10-M3K7G-447-02-DD
FC-10-M200G-247-02-DD FC-10-M400G-247-02-DD FC-10-FM1KF-247-02-DD FC-10-M03KG-247-02-DD FC-10-M3K7G-247-02-DD
SP-FMG1KF-HDD SP-D4TC SP-DAM37G4T
SP-FAD400F-PS SP-FAZ800G-PS SP-FMG400E-PS SP-FAZ3000G-PS SP-FAZ3700F-PS

FORTIMANAGER VM
10 Devices 100 Devices 1000 Devices Description
Subscription Bundles FC1-10-FMGVS-448- FC2-10-FMGVS-448- FC3-10-FMGVS-448-01-DD All in one subscription bundle including FortiManager VM
01-DD 01-DD S-series, 24x7 FortiCare support and FortiCare Best Practice
services. Fully stackable.
10 Devices 100 Devices 1000 Devices 5000 Devices Description
Perpetual License FMG-VM-10-UG FMG-VM-100-UG FMG-VM-1000-UG FMG-VM-5000-UG Perpetual license. Purchase 24x7 FortiCare support and
FortiCare Best Practices services separately. Only the
number of managed devices is stackable.

FORTIMANAGER CLOUD
10 Devices 100 Devices 1000 Devices
Multi-Device Subscription FC1-10-MVCLD-227-01-DD FC2-10-MVCLD-227-01-DD FC3-10-MVCLD-227-01-DD FortiManager Cloud Central Management & Orchestration
Service including 24x7 FortiCare support. Fully Stackable.

7
 DATA SHEET | Fortinet Secure SD-WAN

CONSIDERATIONS FOR BRANCH AND HUB SELECTION

Selecting the Branch or HUB devices depends on multiple factors that are unique to each deployment. Speak with a Fortinet specialist for assistance selecting
the right devices for your environment. Below are the most common selection criteria and some commonly selected Hub devices, based on deployment sizes
(for reference purposes only).
Branch Selection HUB Selection Hub Sizing Examples (Reference Only)
• Security requirements • Security requirements • Up to 500 Sites (400E-600E)
• Number of users • IPsec throughput • Up to 2000 Sites (1100E-1800F)
• Throughput • Total IPsec Tunnels • Up to 5000 Sites (2200E-2600F)
• Interface connectivity • Interface connectivity • Up to 10 000 Sites (3000F-3600E)
• Wireless requirements • Redundancy (Ports, Device, Power, Intra-site) • Beyond 10 000+ Sites (3960E-4400F)
• Redundancy (WAN, Power, IPsec Tunnels, Device) • AC or DC Power

NSE TRAINING AND CERTIFICATION

Fortinet NSE 7: SD-WAN Pre-requisites
Instructor-led learning of the most common SD-WAN scenarios, from Advanced networking skills and hands-on experiene with FortiGate and
single Enterprise location with SASE, to multi-data center and custom apps FortiManager. The following courses are recommended:
deployments: • NSE4 - FortiGate Security
• FT-SD-WAN - NSE7/SD-WAN Training - three days • NSE4 - FortiGate Infrastructure
Certification Exams • NSE5 - FortiManager
NSE7 Network Security Architect: References
• NSE-EX-CERT
Training Library click here.

FREQUENTLY ASKED QUESTIONS

Is there an extra license to use SD-WAN with FortiGate? How is “Threat Protection” measured and what does it include?
No, SD-WAN is a feature included in FortiOS at no additional cost. Fortinet Threat Protection performance is measured with Firewall, IPS, Application
recommends purchasing security subscription services as necessary and Control, URL Filtering and Malware Protection enabled, Enterprise Mix traffic
utilizing a FortiManager for central management.
What does the “Unified Threat Protection” license include?
Are there any bandwidth licensing or restrictions? The Unified Threat Protection license includes: IPS, Advanced Malware
Fortinet does not charge for bandwidth usage and you are free to use as Protection, Application Control, Botnet DB, Mobile Malware, Outbreak
much as the box will physically support. Prevention, Web & Video Filtering, Cloud sandbox, Secure DNS filtering,
AntiSpam Service, and 24x7 support. For more information, please visit:
I don’t see any Orchestration models or pricing, is that an additional cost?
FortiGate SD-WAN intelligence and self-healing is built into the box without FortiGuard Security Services datasheet click here.
the need of a traditional orchestrator. There is no additional cost or sizing
considerations for an orchestrator.
Can model variants be mixed for HA deployments?
To centrally manage and monitor your SD-WAN devices, we recommend
No. HA models must be the same model number to form a cluster. If you
purchasing the FortiManager based on total number of devices that will be
purchase the hardware variant of a model, all models in the HA cluster must
managed.
be the same.
Where can I deploy a FortiGate SD-WAN device?
What are the maximum values for SD-WAN components, such as rules and
FortiGate models are available as a physical appliance or as a virtual machine performance SLA’s?
that can be deployed in private or public clouds. Please see the FortiGate-VM
The maximum system values for all FortiGates can be found here:
Support Matrix for a comprehensive list of supported hypervisors and public
cloud marketplaces: Maximum Values Table click here.

FortiGate VM datasheets click here.

What do I need for Zero Touch Provisioning (ZTP)?
Which FortiGate models can be utilized as a SD-WAN Hub? ZTP can be accomplished a number of different ways. For most deployments,
Any FortiGate model can be utilized as an SD-WAN Hub or Branch. This guide we recommend purchasing FortiDeploy (FDP-SINGLE-US) with your purchase
provides guidance on Branch and Hub models based on common deployment order. FortiDeploy will link the serial numbers in your order to your FortiCloud
use cases. account. A FortiManager IP address can be assigned to your devices
automatically so they retrieve their configuration automatically from the
Which interfaces can be utilized as WAN ports?
FortiManager of your choice.
There is no restriction on how you use any of the interfaces. Physical models
will traditionally have designated “WAN” ports but you may also utilize any of
the available LAN or DMZ ports as a WAN interface.

www.fortinet.com

Copyright © 2022 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights and ethical business practices, making possible a digital world you can always trust. You represent and warrant to Fortinet that you will not use Fortinet’s
products and services to engage in, or support in any way, violations or abuses of human rights, including those involving illegal censorship, surveillance, detention, or excessive use of force. Users of Fortinet products are required to comply with the Fortinet EULA
(https://www.fortinet.com/content/dam/fortinet/assets/legal/EULA.pdf) and report any suspected violations of the EULA via the procedures outlined in the Fortinet Whistleblower Policy (https://secure.ethicspoint.com/domain/media/en/gui/19775/Whistleblower_Policy.pdf).

SSD-WAN-DAT-R14-20220805