WIXLIB

FortiGate 2000ENext Generation FirewallInternal Segmentation FirewallData Center Firewall and IPS The FortiGate 2000E delivers high performance threat protection for mid-sized to large enterprises andservice providers, with the flexibility to be deployed at the Internet or cloud edge, in the data center coreor internal segments. The multiple high-speed interfaces, high port density, industry-leading securityefficacy and high throughput of the 2000E keeps your network connected and secure.SecurityNetworking§§ Protects against known exploits, malware and malicious§§ Delivers an extensive routing, switching, wireless controllerwebsites using continuous threat intelligence provided byand high performance IPsec VPN capabilities to consolidateFortiGuard Labs security servicesnetworking and security functionality§§ Protects against unknown attacks using dynamic analysis andprovides automated mitigation to stop targeted attacks§§ Enables flexible deployment modes that fit into organizations’evolving network infrastructure requirements with high portdensity and high-speed interfacesPerformance§§ Delivers industry’s best threat protection performance andultra-low latency using purpose-built security processor(SPU) technologyManagement§§ Single Pane of Glass with Network Operations Center (NOC)view provides 360 visibility to identify issues quickly§§ Provides industry-leading performance and protection for SSLencrypted trafficand intuitively§§ Predefined compliance checklist analyzes the deployment andhighlights best practices to improve overall security postureCertification§§ Independently tested and validated best security effectivenessand performanceSecurity Fabric§§ Enables Fortinet and Fabric-ready partners’§§ Received unparalleled third-party certifications from NSS Labs,ICSA, Virus Bulletin and AV Comparativesproducts to collaboratively integrate andprovide end-to-end security across the entireattack surfaceFirewallIPSNGFWThreat ProtectionInterfaces90 Gbps11.5 Gbps9 Gbps5.4 GbpsMultiple GE RJ45 and 10 GE SFP slotsRefer to specification table for detailsDATA SHEET

FortiGate 2000E DEPLOYMENTN ext GenerationFirewall (NGFW)I nternal SegmentationFirewall (ISFW)§§ Security gateway to the Internetfor enterprises§§ Enforce security policies withgranular control and visibility of§§ Segmentation solution for end-to-endlow latency firewall for data center edgecompliance requirementsand core§§ High port density and acceleratedtraffic processing capacity, todiscrete applicationsprotect multiple segments withoutintrusion prevention beyond port and§§ High availability, high throughput andprotection against threats while meetingusers and devices for thousands of§§ Identify and stop threats with powerfulD ata Center Firewalland IPS (DCFW-IPS)compromising performance§§ Deploy transparently and rapidlyprotocol that examines the actualinto existing environments withcontent of your network trafficminimal disruption§§ High session scale for accommodatinglarge network and user traffic forInternet and cloud-facing data centers§§ High-speed interfaces for future-proofconnectivity while compact sizecontributes to greener data centers§§ Performance optimized IPS engine todetect and deter latest known and zeroday threatsCAMPUSFortiSandboxAdvanced ThreatProtectionFortiAPSecure AccessPointFortiClientVPN Endpoint ing, Analysis,ReportingFortiAnalyzerLogging, Analysis,ReportingFortiGate 2000E deployment in large campus networks(NGFW, ISFW)2FortiGate 2000E deployment in data center(DCFW-IPS/NGFW, ISFW)www.fortinet.com

FortiGate 2000E HARDWAREFortiGate P RMHAPOWERUSB283FAN14FAN2 FAN35FAN4 . Console Port2. USB Port3. 2x GE RJ45 Management Ports4. 32x GE RJ45 Ports5. 6x 10 GE SFP SlotsNP DirectNetwork ProcessorBy removing the Internal Switch Fabric, the NP Direct architectureFortinet’s new, breakthrough SPU NP6 network processor worksprovides direct access to the SPU-NP for the lowest latencyinline with FortiOS functions delivering:forwarding. NGFW deployments require some attention to network§§ Superior firewall performance for IPv4/IPv6, SCTP and multicastdesign to ensure optimal use of this technology.traffic with ultra-low latency down to 2 microseconds§§ VPN, CAPWAP and IP tunnel acceleration§§ Anomaly-based intrusion prevention, checksum offload andpacket defragmentationPowered by SPU§§ Custom SPU processors deliver thepower you need to detect maliciouscontent at multi-Gigabit speeds§§ Other security technologies cannot protect againsttoday’s wide range of content- and connection-basedthreats because they rely on general-purpose CPUs,causing a dangerous performance gap§§ SPU processors provide the performance neededto block emerging threats, meet rigorous third-partycertifications, and ensure that your network securitysolution does not become a network bottleneck§§ Traffic shaping and priority queuingContent ProcessorFortinet’s new, breakthrough SPU CP9 content processor worksoutside of the direct flow of traffic and accelerates the inspection ofcomputationally intensive security features:§§ Enhanced IPS performance with unique capability of fullsignature matching at ASIC§§ SSL Inspection capabilities based on the latest industrymandated cipher suites§§ Encryption and decryption offloading10 GE ConnectivityHigh speed connectivity is essential for network securitysegmentation at the core of data networks. The FortiGate 2000Eprovides high 10 GE port densities, simplifying network designswithout relying on additional devices to bridge desired connectivity.3

FortiGate 2000E FORTINET SECURITY FABRICFortiManagerFortiAnalyzerFortiSIEMSecurity FabricThe Security Fabric allows security to dynamically expand andPartner APIadapt as more and more workloads and data are added. SecurityFortiGateVMseamlessly follows and protects data, users, and applicationsas they move between IoT, devices, and cloud environmentsFortiOSthroughout the network.FortiClientFortiGates are the foundation of Security Fabric, expanding securityFortiWebFortiGatevia visibility and control by tightly integrating with other Fortinetsecurity products and Fabric-Ready Partner rtiSandboxFortiOSControl all the security and networking capabilities across the entireFortiGate platform with one intuitive operating system. Reduceoperating expenses and save time with a truly consolidated nextgeneration security platform.§§ A truly consolidated platform with one OS for all security andnetworking services for all FortiGate platforms.§§ Industry-leading protection: NSS Labs Recommended, VB100,AV Comparatives, and ICSA validated security and performance.§§ Control thousands of applications, block the latest exploits, andfilter web traffic based on millions of real-time URL ratings.§§ Prevent, detect, and mitigate advanced attacks automatically inminutes with integrated advanced threat protection.§§ Fulfill your networking needs with extensive routing, switching,and SD-WAN capabilities.§§ Ultilize SPU hardware acceleration to boost security capabilityperformance.For more information, please refer to the FortiOS datasheet available at www.fortinet.comSERVICESFortiGuard Security ServicesFortiCare Support ServicesFortiGuard Labs offers real-time intelligence on the threatOur FortiCare customer support team provides global technicallandscape, delivering comprehensive security updates acrosssupport for all Fortinet products. With support staff in the Americas,the full range of Fortinet’s solutions. Comprised of securityEurope, Middle East, and Asia, FortiCare offers services to meetthreat researchers, engineers, and forensic specialists, thethe needs of enterprises of all sizes.team collaborates with the world’s leading threat monitoringorganizations and other network and security vendors, as well aslaw enforcement agencies.4For more information, please refer to forti.net/fortiguardand forti.net/forticarewww.fortinet.com

FortiGate 2000E SPECIFICATIONSFORTIGATE 2000EHardware SpecificationsFORTIGATE 2000EDimensionsHardware Accelerated 10 GE SFP Slots6Height x Width x Length (inches)3.5 x 17.4 x 21.9Hardware Accelerated GE RJ45 Ports32Height x Width x Length (mm)89 x 442 x 555GE RJ45 Management / HA Ports2Weight37.0 lbs (16.8 kg)USB Ports1Form FactorRack Mount, 2 RUConsole Port1Onboard StoragePower1x 480 GB SSDAC Power Supply100–240V AC, 50–60 HzIncluded Transceivers2x SFP (SR 10GE)Maximum Current9APower Consumption (Average / Maximum)280 / 430 WHeat Dissipation1,467 BTU/hRedundant Power SuppliesYes, Hot swappableSystem PerformanceIPv4 Firewall Throughput(1518 / 512 / 64 byte, UDP)90 / 90 / 60 GbpsIPv6 Firewall Throughput(1518 / 512 / 86 byte, UDP)90 / 90 / 60 GbpsFirewall Latency (64 byte, UDP)2 μsOperating Temperature32–104 F (0–40 C)Firewall Throughput (Packet per Second)90 MppsStorage Temperature-31–158 F (-35–70 C)Concurrent Sessions (TCP)20 MillionHumidity10–90% non-condensingNew Sessions/Second (TCP)500,000Noise Level58 dBA100,000Operating AltitudeUp to 7,400 ft (2,250 m)FCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CBICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPNFirewall PoliciesOperating Environment and Certifications65 GbpsComplianceGateway-to-Gateway IPsec VPN Tunnels20,000CertificationsClient-to-Gateway IPsec VPN Tunnels100,000SSL-VPN Throughput6 GbpsConcurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)10,000SSL Inspection Throughput (IPS, HTTP) 312.5 GbpsApplication Control Throughput(HTTP 64K) 220 GbpsCAPWAP Throughput (1444 byte, UDP)21 GbpsVirtual Domains (Default / Maximum)10 / 500Maximum Number of Switches Supported128Maximum Number of FortiAPs(Total / Tunnel)4,096 / 1,024Maximum Number of FortiTokens5,000Maximum Number of Registered Endpoints20,000High Availability ConfigurationsActive-Active, Active-Passive, ClusteringIPsec VPN Throughput (512 byte)1System Performance — Optimal Traffic MixIPS Throughput 225 GbpsSystem Performance — Enterprise Traffic MixIPS Throughput 211.5 GbpsNGFW Throughput 2, 49 GbpsThreat Protection Throughput 2, 55.4 GbpsNote: All performance values are “up to” and vary depending on system configuration.1. IPsec VPN performance test uses AES256-SHA256.2. IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.3. SSL Inspection performance test uses TLS v1.2 with AES128-SHA256.4. NGFW performance is measured with Firewall, IPS and Application Control enabled.5. Threat Protection performance is measured with Firewall, IPS, Application Control and MalwareProtection enabled.5