WIXLIB

DATA SHEETNext Generation FirewallSegmentationIPSMobile SecurityFortiGate 2000E The FortiGate 2000E delivers high performance threat protection and SSL inspection for large enterprisesand service providers, with the flexibility to be deployed at the enterprise/cloud edge, in the data centercore or internal segments. The multiple high-speed interfaces, high port density, superior security efficacyand high throughput of the 2000E keeps your network connected and secure.Security§§ Identifies thousands of applications inside network traffic fordeep inspection and granular policy enforcement§§ Protects against malware, exploits, and malicious websites inboth encrypted and non-encrypted traffic§§ Prevent and detect against known and unknown attacks usingcontinuous threat intelligence from AI powered FortiGuard Labssecurity servicesNetworking§§ Delivers advanced networking capabilities that seamlesslyintegrate with advanced layer 7 security and virtual domains(VDOMs) to offer extensive deployment flexibility, multi-tenancyand effective utilization of resources§§ Delivers high-density, flexible combination of various highspeed interfaces to enable best TCO for customers for datacenter and WAN deploymentsPerformance§§ Delivers industry’s best threat protection performance andultra-low latency using purpose-built security processor (SPU)technology§§ Provides industry-leading performance and protection for SSLencrypted trafficManagement§§ Includes management console that is effective, simple to use,and provides comprehensive network automation & visibility.§§ Provides Zero Touch Integration with Security Fabric’s SinglePane of Glass Management§§ Predefined compliance checklist analyzes the deployment andhighlights best practices to improve overall security postureCertification§§ Independently tested and validated best security effectivenessand performance§§ Received unparalleled third-party certifications from NSS LabsSecurity Fabric§§ Enables Fortinet and Fabric-ready partners’ products to providebroader visibility, integrated end-to-end detection, threatintelligence sharing and automated remediationFirewallIPSNGFWThreat ProtectionInterfaces90 Gbps11.5 Gbps9 Gbps5.4 GbpsMultiple GE RJ45 and 10 GE SFP slotsRefer to specification table for details

DATA SHEET FortiGate 2000EDeploymentN ext GenerationFirewall (NGFW)§§ Reduce complexity by combiningSegmentationI PS§§ Intent-based Segmentation builds§§ Highly cost-effective mitigation ofthreat protection security capabilitiesrobust security framework whileunpatched vulnerability for hard-to-into single high-performance networkproactively reducing risk, cost andpatch systems such as IOT, ICS, andsecurity appliance§§ Identify and stop threats with powerfulcomplexityScada§§ Integrates with Security Fabric§§ Protect sensitive data to achieve variousintrusion prevention beyond port andseamlessly to allow third party solutionsregulatory compliance such as PCI,protocol that examines the actualand continuous trust assessment andHIPPA, PII, GDPRapplications in your network traffic§§ Delivers industry’s highest SSLthereby prevent sophisticated attacks§§ Multiple inspection engines, threat§§ Protects critical business applicationsintelligence feeds and advanced threatinspection performance using industry-and helps implement any complianceprotection options to defend againstmandated ciphers while maximizing ROIwithout network redesignsunknown threats in real-time§§ Proactively blocks newly discovered§§ Best of breed intrusion prevention withsophisticated attacks in real-time withhigh-performance SSL inspectionadvanced threat protectionCAMPUSFortiAPSecure AccessPoint Mobile Securityfor 4G, 5G and IOT§§ SGi LAN security powered by multipleSPUs to provide high performanceCGNAT and accelerate IPv4 and IPv6FortiGate 2000E deployment in largecampus networks (NGFW, Intent-basedSegmentation)FortiSandboxAdvanced point WFortiManagerSingle Pane-of-GlassManagement§§ RAN Access Security with highlyFortiAnalyzerAnalytics-poweredSecurity & Log Managementscalable and best performing IPsecaggregation and control securitygateway (SecGW)§§ Various high-speed interfaces toenable deployment flexibilityFortiClientVPN ClientDATACENTERFortiGate 2000E deployment in datacenter (IPS/NGFW, SegmentationFortiManagerSingle eredSecurity & Log Management2

DATA SHEET FortiGate 2000EHardwareFortiGate P HAPOWERUSB283FAN14FAN2 FAN3385FAN4 . Console Port2. USB Port3. 2x GE RJ45 Management Ports4. 32x GE RJ45 Ports5. 6x 10 GE SFP SlotsNP DirectNetwork ProcessorBy removing the Internal Switch Fabric, the NP Direct architectureFortinet’s new, breakthrough SPU NP6 network processor worksprovides direct access to the SPU-NP for the lowest latencyinline with FortiOS functions delivering:forwarding. NGFW deployments require some attention to network§§ Superior firewall performance for IPv4/IPv6, SCTP and multicastdesign to ensure optimal use of this technology.traffic with ultra-low latency down to 2 microseconds§§ VPN, CAPWAP and IP tunnel acceleration§§ Anomaly-based intrusion prevention, checksum offload andPowered by SPUpacket defragmentation§§ Traffic shaping and priority queuing§§ Custom SPU processors deliver thepower you need to detect maliciousContent Processorcontent at multi-Gigabit speedsFortinet’s new, breakthrough SPU CP9 content processor works§§ Other security technologies cannot protect againsttoday’s wide range of content- and connection-basedthreats because they rely on general-purpose CPUs,causing a dangerous performance gap§§ SPU processors provide the performance neededto block emerging threats, meet rigorous third-partyoutside of the direct flow of traffic and accelerates the inspection ofcomputationally intensive security features:§§ Enhanced IPS performance with unique capability of fullsignature matching at ASIC§§ SSL Inspection capabilities based on the latest industrymandated cipher suites§§ Encryption and decryption offloadingcertifications, and ensure that your network securitysolution does not become a network bottleneck10 GE ConnectivityHigh speed connectivity is essential for network securitysegmentation at the core of data networks. The FortiGate 2000Eprovides high 10 GE port densities, simplifying network designswithout relying on additional devices to bridge desired connectivity.3

DATA SHEET FortiGate 2000EFortinet Security FabricSecurity FabricThe Security Fabric delivers broad visibility, integrated AI-driven breachprevention, and automated operations, orchestration, and responseacross all Fortinet and its ecosystem deployments. It allows security todynamically expand and adapt as more and more workloads and dataare added. Security seamlessly follows and protects data, users, andapplications as they move between IoT, devices, and cloud environmentsthroughout the network. All this is ties together under a single pane ofglass management for significantly thereby delivering leading securitycapabilities across your entire environment while also significantly reducingcomplexity.FortiGates are the foundation of Security Fabric, expanding securityvia visibility and control by tightly integrating with other Fortinet securityproducts and Fabric-Ready Partner solutions.FortiOSControl all security and networking capabilities across the entireFortiGate platform with one intuitive operating system. Reducecomplexity, costs, and response time with a truly consolidatednext-generation security platform.§§ A truly consolidated platform with a single OS and pane-of-glassfor all security and networking services across all FortiGateplatforms.§§ Industry-leading protection: NSS Labs Recommended, VB100,AV Comparatives, and ICSA validated security and performance.Ability to leverage latest technologies such as deception-basedsecurity.§§ Control thousands of applications, block the latest exploits, andfilter web traffic based on millions of real-time URL ratings inaddition to true TLS 1.3 support.§§ Prevent, detect, and mitigate advanced attacks automaticallyin minutes with integrated AI-driven breach prevention andadvanced threat protection.§§ Fulfil your networking needs with extensive routing, switching,and SD-WAN capabilities along with intent-based segmentation.§§ Utilize SPU hardware acceleration to boost security capabilityperformance.ServicesFortiGuard Security ServicesFortiCare Support ServicesFortiGuard Labs offers real-time intelligence on the threatOur FortiCare customer support team provides global technicallandscape, delivering comprehensive security updates acrosssupport for all Fortinet products. With support staff in the Americas,the full range of Fortinet’s solutions. Comprised of securityEurope, Middle East, and Asia, FortiCare offers services to meetthreat researchers, engineers, and forensic specialists, thethe needs of enterprises of all sizes.team collaborates with the world’s leading threat monitoringorganizations and other network and security vendors, as well aslaw enforcement agencies.4For more information, please refer to forti.net/fortiguardand forti.net/forticare

DATA SHEET FortiGate 2000ESpecificationsFORTIGATE 2000EHardware SpecificationsFORTIGATE 2000EDimensionsHardware Accelerated 10 GE SFP Slots6Height x Width x Length (inches)Hardware Accelerated GE RJ45 Ports32Height x Width x Length (mm)GE RJ45 Management / HA Ports2Weight37.0 lbs (16.8 kg)USB Ports1Form FactorRack Mount, 2 RUConsole Port1PowerOnboard StorageIncluded Transceivers1x 480 GB SSDAC Power Supply2x SFP (SR 10GE)Maximum CurrentSystem Performance — Enterprise Traffic MixIPS Throughput 2NGFW Throughput 2, 4Threat Protection Throughput 2, 5Power Consumption (Average / Maximum)11.5 Gbps9 Gbps5.4 GbpsSystem Performance90 / 90 / 60 GbpsIPv6 Firewall Throughput(1518 / 512 / 86 byte, UDP)90 / 90 / 60 Gbps2 μsFirewall Throughput (Packet per Second)90 MppsConcurrent Sessions (TCP)20 MillionNew Sessions/Second (TCP)500,000Firewall Policies100,000IPsec VPN Throughput (512 byte) 165 GbpsGateway-to-Gateway IPsec VPN Tunnels20,000Client-to-Gateway IPsec VPN Tunnels100,000SSL-VPN Throughput6 GbpsConcurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)30,000SSL Inspection Throughput (IPS, avg. HTTPS) 39.4 GbpsSSL Inspection CPS (IPS, avg. HTTPS) 32 MillionApplication Control Throughput (HTTP 64K) 220 GbpsCAPWAP Throughput (1444 byte, UDP)21 GbpsVirtual Domains (Default / Maximum)10 / 500Maximum Number of FortiSwitches Supported128Maximum Number of FortiAPs (Total / Tunnel)4,096 / 1,024Maximum Number of Registered FortiClientsHigh Availability Configurations89 x 442 x 555100–240V AC, 50–60 Hz9A280 / 430 W1,467 BTU/hYes, Hot swappableOperating Environment and Certifications32–104 F (0–40 C)Storage Temperature-31–158 F (-35–70 C)Humidity10–90% non-condensingNoise LevelOperating Altitude58 dBAUp to 7,400 ft (2,250 m)ComplianceFCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CBCertificationsICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN5,500SSL Inspection Concurrent Session(IPS, avg. HTTPS) 3Maximum Number of FortiTokensRedundant Power SuppliesOperating TemperatureIPv4 Firewall Throughput(1518 / 512 / 64 byte, UDP)Firewall Latency (64 byte, UDP)Heat Dissipation3.5 x 17.4 x 21.920,00020,000Active-Active, Active-Passive, ClusteringNote: All performance values are “up to” and vary depending on system configuration.1. IPsec VPN performance test uses AES256-SHA256.2. IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.3. SSL Inspection performance values use an average of HTTPS sessions of different cipher suites.4. NGFW performance is measured with Firewall, IPS and Application Control enabled.5. Threat Protection performance is measured with Firewall, IPS, Application Control and MalwareProtection enabled.5