WIXLIB

Next Generation FirewallInternal Segmentation FirewallData Center Firewall and IPSCarrier-Class FirewallFortiGate 3000D FG-3000D and 3000D-DCThe FortiGate 3000D series delivers high performance threat protection for mid-sized to large enterprisesand service providers, with the flexibility to be deployed at the Internet or cloud edge, in the data centercore or internal segments. The multiple high-speed interfaces, high port density, industry-leading securityefficacy and high throughput of the 3000D series keeps your network connected and secure.SecurityNetworking Protects against known exploits, malware and malicious Delivers extensive routing, high-speed interfaces, and highwebsites using continuous threat intelligence provided byperformance VPN capabilities to address performanceFortiGuard Labs security servicesand connectivity needs of large-scale data center and Protects against unknown attacks using dynamic analysis andprovides automated mitigation to stop targeted attackscloud applications Enables flexible deployment modes that fit into organizations’evolving network infrastructurePerformance Delivers industry’s best threat protection performance andultra-low latency using purpose-built security processor(SPU) technologyManagement Single Pane of Glass with Network Operations Center (NOC)view provides 360 visibility to identify issues quickly Provides industry-leading performance and protection for SSLand intuitively Predefined compliance checklist analyzes the deployment andencrypted traffichighlights best practices to improve overall security postureCertification Independently tested and validated best security effectivenessSecurity Fabric Enables Fortinet and Fabric-ready partners’and performance Received unparalleled third-party certifications from NSS Labs,ICSA, Virus Bulletin and AV Comparativesproducts to collaboratively integrate andprovide end-to-end security across the entireattack surfaceFirewallIPSNGFWThreat ProtectionInterfaces80 Gbps23 Gbps22 Gbps13 GbpsMultiple 10 GE SFP Multiple GE SFPand GE RJ45Refer to specification table for detailsDATA SHEET

FortiGate 3000DDEPLOYMENTNext GenerationFirewall (NGFW) Security gateway to the Internetfor enterprises Enforce security policies withgranular control and visibility ofInternal SegmentationFirewall (ISFW) Segmentation solution for end-to-endlow latency firewall for data center edgecompliance requirementsand core High port density and acceleratedtraffic processing capacity, todiscrete applicationsprotect multiple segments withoutintrusion prevention beyond port and High availability, high throughput andprotection against threats while meetingusers and devices for thousands of Identify and stop threats with powerfulData Center Firewalland IPS (DCFW-IPS) High session scale for accommodatinglarge network and user traffic forInternet and cloud-facing data centers High-speed interfaces for future-proofcompromising performance Deploy transparently and rapidlyprotocol that examines the actualinto existing environments withcontent of your network trafficminimal disruptionconnectivity while compact sizecontributes to greener data centers Performance optimized IPS engine todetect and deter latest known and zeroday threatsCarrier-ClassFirewall (CCFW)FortiGate 3000D deployment in largecampus networks (NGFW, ISFW)FortiSandboxCAMPUSAdvanced ThreatProtectionFortiAPSecure AccessPoint Reliable high capacity firewall designedfor service providersFortiSwitchSwitching Powered by multiple SPU NetworkProcessors that accelerate processingfor both IPv4 and IPv6 traffic Supports Carrier License upgrade thatFortiGateNGFWFortiClientEndpoint teISFWunlocks features and protocol supportfor mobile networks such as GTPFortiAnalyzerLogging, Analysis,Reportingand SCTP High-speed interfaces for future-proofconnectivityFortiClientVPN ClientDATACENTERFortiGate 3000D deployment in datacenter (DCFW/NGFW, rCentralizedManagementFortiAnalyzerLogging, Analysis,Reporting2www.fortinet.com

FortiGate 3000DHARDWAREFortiGate 3000D/-DC1SFP MGMT 11357MGMT 3CAUTIONDISCONNECT ALL POWERCORDS BEFORE SERVICINGPOWER1POWER2FANFAN FANFAN erfaces1. Console Port2. USB Management Port3. 2x GE RJ45 Management Ports4. 16x 10G SFP /GE SFP SlotsNetwork ProcessorPowered by SPU Custom SPU processors deliver thepower you need to detect maliciouscontent at multi-Gigabit speeds Other security technologies cannot protect againsttoday’s wide range of content- and connection-basedthreats because they rely on general-purpose CPUs,Fortinet’s new, breakthrough SPU NP6 network processor worksinline with FortiOS functions delivering: Superior firewall performance for IPv4/IPv6, SCTP and multicasttraffic with ultra-low latency down to 2 microseconds VPN, CAPWAP and IP tunnel acceleration Anomaly-based intrusion prevention, checksum offload andpacket defragmentation Traffic shaping and priority queuingcausing a dangerous performance gap SPU processors provide the performance neededto block emerging threats, meet rigorous third-partycertifications, and ensure that your network securitysolution does not become a network bottleneckContent ProcessorThe SPU CP8 content processor works outside of the direct flow oftraffic, providing high-speed cryptography and content inspectionservices including: Signature-based content inspection acceleration Encryption and decryption offloading10 GE Connectivity for Network SegmentationHigh speed connectivity is essential for network securitysegmentation at the core of data networks. The FortiGate 3000Dprovides the highest 10 GE port densities in the market, simplifyingnetwork designs without relying on additional devices to bridgedesired connectivity.3

FortiGate 3000DFORTINET SECURITY FABRICFortiManagerFortiAnalyzerFortiSIEMSecurity FabricThe Security Fabric allows security to dynamically expand andPartner APIFortiGateVMadapt as more and more workloads and data are added. Securityseamlessly follows and protects data, users, and applicationsas they move between IoT, devices, and cloud environmentsFortiOSthroughout the network.FortiClientFortiW ebFortiGates are the foundation of Security Fabric, expanding securityFortiGatevia visibility and control by tightly integrating with other Fortinetsecurity products and Fabric-Ready Partner rtiSandboxFortiOSControl all the security and networking capabilities across the entireFortiGate platform with one intuitive operating system. Reduceoperating expenses and save time with a truly consolidated nextgeneration security platform. A truly consolidated platform with one OS for all security andnetworking services for all FortiGate platforms. Industry-leading protection: NSS Labs Recommended, VB100,AV Comparatives, and ICSA validated security and performance. Control thousands of applications, block the latest exploits, andfilter web traffic based on millions of real-time URL ratings. Prevent, detect, and mitigate advanced attacks automatically inminutes with integrated advanced threat protection. Fulfill your networking needs with extensive routing, switching,and SD-WAN capabilities. Ultilize SPU hardware acceleration to boost security capabilityperformance.For more information, please refer to the FortiOS datasheet available at www.fortinet.comSERVICESFortiGuard Security ServicesFortiCare Support ServicesFortiGuard Labs offers real-time intelligence on the threatOur FortiCare customer support team provides global technicallandscape, delivering comprehensive security updates acrosssupport for all Fortinet products. With support staff in the Americas,the full range of Fortinet’s solutions. Comprised of securityEurope, Middle East, and Asia, FortiCare offers services to meetthreat researchers, engineers, and forensic specialists, thethe needs of enterprises of all sizes.team collaborates with the world’s leading threat monitoringorganizations and other network and security vendors, as well aslaw enforcement agencies.4For more information, please refer to forti.net/fortiguardand forti.net/forticarewww.fortinet.com

FortiGate 3000DSPECIFICATIONSFORTIGATE 3000D AND 3000D-DCInterfaces and ModulesFORTIGATE 3000D AND 3000D-DCDimensions and Power10 GE SFP / GE SFP Slots16Height x Width x Length (inches)GE RJ45 Management Ports2Height x Width x Length (mm)88 x 442 x 555USB Ports (Server)1Weight37.5 lbs (17.0 kg)1Form FactorConsole PortInternal StorageIncluded Transceivers1x 480 GB SSD2x SFP (SR 10GE)System Performance — Enterprise Traffic MixIPS Throughput 223 GbpsNGFW Throughput 2, 422 GbpsThreat Protection Throughput 2, 513 GbpsFirewall Throughput(1518 / 512 / 64 byte, UDP)80 / 80 / 50 GbpsIPv6 Firewall Throughput(1518 / 512 / 86 byte, UDP)80 / 80 / 50 Gbps2 RU100–240V AC, 50–60 HzDC Power Supply (FG-3000D-DC)40.5–57V DCPower Consumption (Average / Maximum)310 W / 427 WHeat DissipationRedundant Power Supplies1457 BTU/hYes, Hot SwappableOperating Environment and CertificationsOperating TemperatureSystem Performance and CapacityFirewall Latency (64 byte, UDP)AC Power Supply3.5 x 17.4 x 21.932–104 F (0–40 C)Storage Temperature-31–158 F (-35–70 C)Humidity10–90% non-condensingNoise LevelOperating Altitude50 dBAUp to 7,400 ft (2,250 m)3 µsComplianceFCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CBFirewall Throughput (Packet per Second)75 MppsCertificationsConcurrent Sessions (TCP)50 MillionICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN;USGv6/IPv6New Sessions/Second (TCP)400,000Firewall Policies200,000IPsec VPN Throughput (512 byte) 150 GbpsGateway-to-Gateway IPsec VPN Tunnels40,000Client-to-Gateway IPsec VPN Tunnels200,000SSL-VPN Throughput8 GbpsConcurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)30,000SSL Inspection Throughput(IPS, avg. HTTPS) 315 GbpsSSL Inspection CPS (IPS, avg. HTTPS) 3SSL Inspection Concurrent Session(IPS, avg. HTTPS) 3Application Control Throughput(HTTP 64K) 28,0003.5 Million40 GbpsCAPWAP Throughput (1444 byte, UDP)22 GbpsVirtual Domains (Default / Maximum)10 / 500Maximum Number of Switches SupportedMaximum Number of FortiAPs(Total / Tunnel Mode)2564,096 / 1,024Maximum Number of FortiTokens5,000Maximum Number ofRegistered FortiClients50,000High Availability ConfigurationsActive/Active, Active/Passive, ClusteringNote: All performance values are “up to” and vary depending on system configuration.1. IPsec VPN performance test uses AES256-SHA256.2. IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.3. SSL Inspection performance values use an average of HTTPS sessions of different cipher suites.4. NGFW performance is measured with Firewall, IPS and Application Control enabled.5. Threat Protection performance is measured with Firewall, IPS, Application Control and MalwareProtection enabled.5