WIXLIB

FortiGate 3700D FortiGate 3700D, 3700D-NEBS, 3700D-DC and 3700D-DC-NEBSNext Generation FirewallInternal Segmentation FirewallData Center Firewall and IPSCarrier-Class FirewallThe FortiGate 3700D series delivers high performance threat protection for mid-sized to large enterprisesand service providers, with the flexibility to be deployed at the Internet or cloud edge, in the data centercore or internal segments. The multiple high-speed interfaces, high port density, industry-leading securityefficacy and high throughput of the 3700D series keeps your network connected and secure.SecurityNetworking Protects against known exploits, malware and malicious Delivers extensive routing, high-speed interfaces, and highwebsites using continuous threat intelligence provided byperformance VPN capabilities to address performanceFortiGuard Labs security servicesand connectivity needs of large-scale data center and Protects against unknown attacks using dynamic analysis andprovides automated mitigation to stop targeted attackscloud applications Enables flexible deployment modes that fit into organizations’evolving network infrastructurePerformance Delivers industry’s best threat protection performance andultra-low latency using purpose-built security processor (SPU)technologyManagement Single Pane of Glass with Network Operations Center (NOC)view provides 360 visibility to identify issues quickly Provides industry-leading performance and protection for SSLand intuitively Predefined compliance checklist analyzes the deployment andencrypted traffichighlights best practices to improve overall security postureCertification Independently tested and validated best security effectivenessSecurity Fabric Enables Fortinet and Fabric-ready partners’and performance Received unparalleled third-party certifications from NSS Labs,ICSA, Virus Bulletin and AV Comparativesproducts to collaboratively integrate andprovide end-to-end security across the entireattack surfaceFirewallIPSNGFWThreat ProtectionInterfaces160 Gbps28 Gbps20 Gbps13 GbpsMultiple 40 GE QSFP , 10 GE SFP and GE SFPRefer to specification table for detailsDATA SHEET

FortiGate 3700DDEPLOYMENTNext GenerationFirewall (NGFW) Security gateway to the Internetfor enterprises Enforce security policies withgranular control and visibility ofInternal SegmentationFirewall (ISFW) Segmentation solution for end-to-endlow latency firewall for data center edgecompliance requirementsand core High port density and acceleratedtraffic processing capacity, todiscrete applicationsprotect multiple segments withoutintrusion prevention beyond port and High availability, high throughput andprotection against threats while meetingusers and devices for thousands of Identify and stop threats with powerfulData Center Firewalland IPS (DCFW-IPS) High session scale for accommodatinglarge network and user traffic forInternet and cloud-facing data centers High-speed interfaces for future-proofcompromising performance Deploy transparently and rapidlyprotocol that examines the actualinto existing environments withcontent of your network trafficminimal disruptionconnectivity while compact sizecontributes to greener data centers Performance optimized IPS engine todetect and deter latest known and zeroday threatsCarrier-ClassFirewall (CCFW)FortiGate 3700D deployment in largecampus networks (NGFW, ISFW)FortiSandboxCAMPUSAdvanced ThreatProtectionFortiAPSecure AccessPoint Reliable high capacity firewall designedfor service providersFortiSwitchSwitching Powered by multiple SPU NetworkProcessors that accelerate processingfor both IPv4 and IPv6 traffic Supports Carrier License upgrade thatFortiGateNGFWFortiClientEndpoint teISFWunlocks features and protocol supportfor mobile networks such as GTPFortiAnalyzerLogging, Analysis,Reportingand SCTP High-speed interfaces for future-proofconnectivityFortiClientVPN ClientDATACENTERFortiGate 3700D deployment in datacenter (DCFW/NGFW, rCentralizedManagementFortiAnalyzerLogging, Analysis,Reporting2www.fortinet.com

FortiGate 3700DHARDWAREFortiGate 3700DX3SFP MGMT 32CONSOLESTATUSQSFP ALARMHAPOWERUSB MGMT1USBMGMT nterfaces1.2.3.4.5.USB Management PortUSB PortConsole Port2x GE RJ45 Management Ports4x 40 GE QSFP Slots6. 20x 10 GE SFP / GE SFP Slots7. 8x 10 GE SFP Slots (Ultra-low latency)Network ProcessorPowered by SPU Custom SPU processors deliver thepower you need to detect maliciouscontent at multi-Gigabit speeds Other security technologies cannot protect againsttoday’s wide range of content- and connection-basedthreats because they rely on general-purpose CPUs,Fortinet’s new, breakthrough SPU NP6 network processor worksinline with FortiOS functions delivering: Superior firewall performance for IPv4/IPv6, SCTP and multicasttraffic with ultra-low latency down to 2 microseconds VPN, CAPWAP and IP tunnel acceleration Anomaly-based intrusion prevention, checksum offload andpacket defragmentation Traffic shaping and priority queuingcausing a dangerous performance gap SPU processors provide the performance neededContent Processorto block emerging threats, meet rigorous third-partyThe SPU CP8 content processor works outside of the direct flow ofcertifications, and ensure that your network securitytraffic, providing high-speed cryptography and content inspectionsolution does not become a network bottleneckservices including: Signature-based content inspection acceleration Encryption and decryption offloading40 GE Connectivity for Core InfrastructureHigh speed connectivity is essential for network securitysegmentation at the core of data networks. The FortiGate 3700Dprovides one of the highest 40 GE and 10 GE port densities in themarket, simplifying network designs without relying on additionaldevices to bridge desired connectivity.3

FortiGate 3700DFORTINET SECURITY FABRICFortiManagerFortiAnalyzerFortiSIEMSecurity FabricThe Security Fabric allows security to dynamically expand andPartner APIFortiGateVMadapt as more and more workloads and data are added. Securityseamlessly follows and protects data, users, and applicationsas they move between IoT, devices, and cloud environmentsFortiOSthroughout the network.FortiClientFortiW ebFortiGates are the foundation of Security Fabric, expanding securityFortiGatevia visibility and control by tightly integrating with other Fortinetsecurity products and Fabric-Ready Partner rtiSandboxFortiOSControl all the security and networking capabilities across the entireFortiGate platform with one intuitive operating system. Reduceoperating expenses and save time with a truly consolidated nextgeneration security platform. A truly consolidated platform with one OS for all security andnetworking services for all FortiGate platforms. Industry-leading protection: NSS Labs Recommended, VB100,AV Comparatives, and ICSA validated security and performance. Control thousands of applications, block the latest exploits, andfilter web traffic based on millions of real-time URL ratings. Prevent, detect, and mitigate advanced attacks automatically inminutes with integrated advanced threat protection. Fulfill your networking needs with extensive routing, switching,and SD-WAN capabilities. Ultilize SPU hardware acceleration to boost security capabilityperformance.For more information, please refer to the FortiOS datasheet available at www.fortinet.comSERVICESFortiGuard Security ServicesFortiCare Support ServicesFortiGuard Labs offers real-time intelligence on the threatOur FortiCare customer support team provides global technicallandscape, delivering comprehensive security updates acrosssupport for all Fortinet products. With support staff in the Americas,the full range of Fortinet’s solutions. Comprised of securityEurope, Middle East, and Asia, FortiCare offers services to meetthreat researchers, engineers, and forensic specialists, thethe needs of enterprises of all sizes.team collaborates with the world’s leading threat monitoringorganizations and other network and security vendors, as well aslaw enforcement agencies.4For more information, please refer to forti.net/fortiguardand forti.net/forticarewww.fortinet.com

FortiGate 3700DSPECIFICATIONSFORTIGATE 3700D AND 3700D-DCInterfaces and ModulesFORTIGATE 3700D AND 3700D-DCDimensions and Power40 GE QSFP Slots4Height x Width x Length (inches)10 GE SFP / GE SFP Slots20Height x Width x Length (mm)133 x 437 x 57910 GE SFP Slots (Ultra-low Latency)8Weight46.9 lbs (21.3 kg)GE RJ45 Management Ports2Form FactorUSB Ports (Client / Server)Console PortInternal StorageIncluded Transceivers1/112x 2 TB HDD2x SFP (SR 10GE)AC Power SupplyDC Power Supply (FG-3700D-DC)Power Consumption (Average / Maximum)Heat DissipationRedundant Power SuppliesSystem Performance — Enterprise Traffic Mix5.25 x 17.2 x 22.83 RU100–240V AC, 50–60 Hz40–72V DC609.6 / 840 W2,871 BTU/hYes, Hot SwappableIPS Throughput 228 GbpsOperating Environment and CertificationsNGFW Throughput 2, 420 GbpsOperating TemperatureThreat Protection Throughput 2, 513 GbpsStorage Temperature-31–158 F (-35–70 C)Humidity10–90% non-condensingSystem Performance and CapacityFirewall Throughput(1518 / 512 / 64 byte, UDP)IPv6 Firewall Throughput(1518 / 512 / 86 byte, UDP)160 / 160 / 110 GbpsOperating Altitude160 / 160 / 110 Gbps2 µs165 MppsConcurrent Sessions (TCP)50 MillionNew Sessions/Second (TCP)400,000Firewall Policies200,000IPsec VPN Throughput (512 byte) 1100 GbpsGateway-to-Gateway IPsec VPN Tunnels40,000Client-to-Gateway IPsec VPN Tunnels200,000SSL-VPN ThroughputConcurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)SSL Inspection Throughput(IPS, avg. HTTPS) 310 Gbps30,00022 GbpsMaximum Number ofRegistered FortiClientsHigh Availability ConfigurationsICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN;USGv6/IPv6Yes40 Gbps10 / 500Maximum Number of FortiTokensFCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CB8,5003.5 MillionVirtual Domains (Default / Maximum)Maximum Number of FortiAPs(Total / Tunnel Mode)NEBS Certified60 dBAUp to 7,400 ft (2,250 m)15.5 GbpsCAPWAP Throughput (1444 byte, UDP)Maximum Number of Switches SupportedComplianceCertificationsFirewall Latency (64 byte, UDP)Firewall Throughput (Packet per Second)SSL Inspection CPS (IPS, avg. HTTPS) 3SSL Inspection Concurrent Session(IPS, avg. HTTPS) 3Application Control Throughput(HTTP 64K) 2Noise Level32–104 F (0–40 C)2564,096 / 1,0245,000100,000Active / Active, Active / Passive, ClusteringNote: All performance values are “up to” and vary depending on system configuration.1. IPsec VPN performance test uses AES256-SHA256.2. IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.3. SSL Inspection performance values use an average of HTTPS sessions of different cipher suites.4. NGFW performance is measured with Firewall, IPS and Application Control enabled.5. Threat Protection performance is measured with Firewall, IPS, Application Control and MalwareProtection enabled.5