WIXLIB

Next Generation FirewallInternal Segmentation FirewallData Center Firewall and IPSCarrier-Class FirewallFortiGate 3400E Series FG-3400E and 3401EThe FortiGate 3400E series delivers high performance threat protection for mid-sized to large enterprisesand service providers, with the flexibility to be deployed at the Internet or cloud edge, in the data centercore or internal segments. The multiple high-speed interfaces, high port density, industry-leading securityefficacy and high throughput of the 3400E series keeps your network connected and secure.SecurityNetworking§§ Protects against known exploits, malware and malicious§§ Delivers extensive routing, high-speed interfaces, and highwebsites using continuous threat intelligence provided byperformance VPN capabilities to address performanceFortiGuard Labs security servicesand connectivity needs of large-scale data center and§§ Protects against unknown attacks using dynamic analysis andprovides automated mitigation to stop targeted attackscloud applications§§ Enables flexible deployment modes that fit into organizations’evolving network infrastructurePerformance§§ Delivers industry’s best threat protection performance andultra-low latency using purpose-built security processor (SPU)technologyManagement§§ Single Pane of Glass with Network Operations Center (NOC)view provides 360 visibility to identify issues quickly§§ Provides industry-leading performance and protection for SSLencrypted trafficand intuitively§§ Predefined compliance checklist analyzes the deployment andhighlights best practices to improve overall security postureCertification§§ Independently tested and validated best security effectivenessand performanceSecurity Fabric§§ Enables Fortinet and Fabric-ready partners’§§ Received unparalleled third-party certifications from NSS Labs,ICSA, Virus Bulletin and AV Comparativesproducts to collaboratively integrate andprovide end-to-end security across the entireattack surfaceFirewall240 GbpsIPS44 GbpsNGFW34 GbpsThreat ProtectionInterfaces23 GbpsMultiple GE RJ45, 10 GE SFP / GE SFP and100 GE QSFP28 / 40 GE QSFP slotsRefer to specification table for detailsDATA SHEET

FortiGate 3400E Series DEPLOYMENTN ext GenerationFirewall (NGFW)§§ Security gateway to the Internetfor enterprises§§ Enforce security policies withgranular control and visibility ofI nternal SegmentationFirewall (ISFW)§§ Segmentation solution for end-to-endlow latency firewall for data center edgecompliance requirementsand core§§ High port density and acceleratedtraffic processing capacity, todiscrete applicationsprotect multiple segments withoutintrusion prevention beyond port and§§ High availability, high throughput andprotection against threats while meetingusers and devices for thousands of§§ Identify and stop threats with powerfulD ata Center Firewalland IPS (DCFW-IPS)§§ High session scale for accommodatinglarge network and user traffic forInternet and cloud-facing data centerscompromising performance§§ High-speed interfaces for future-proof§§ Deploy transparently and rapidlyprotocol that examines the actualinto existing environments withcontent of your network trafficminimal disruptionconnectivity while compact sizecontributes to greener data centers§§ Performance optimized IPS engine todetect and deter latest known and zeroday threats Carrier-ClassFirewall (CCFW)CAMPUSFortiGate 3400E deployment in largecampus networks (NGFW, ISFW)FortiSandboxAdvanced ThreatProtectionFortiAPSecure AccessPoint§§ Reliable high capacity firewall designedfor service providersFortiSwitchSwitching§§ Powered by multiple SPU NetworkProcessors that accelerate processingfor both IPv4 and IPv6 traffic§§ Supports Carrier License upgrade thatFortiGateNGFWFortiClientEndpoint teISFWunlocks features and protocol supportfor mobile networks such as GTPFortiAnalyzerLogging, Analysis,Reportingand SCTP§§ High-speed interfaces for future-proofconnectivityFortiClientVPN ClientDATACENTERFortiGate 3400E deployment in datacenter (DCFW-IPS/NGFW, rCentralizedManagementFortiAnalyzerLogging, Analysis,Reporting2www.fortinet.com

FortiGate 3400E Series HARDWAREFortiGate 4161820222425FortiGate 3401ESTATUSALARMHAPOWERUSBCONSOLEMGMT21 2 34SFP ortiCarrier/4TBInterfaces1. USB Management Port2. Console Port3. 2x GE RJ45 Management Ports4. 2x 10 GE SFP / GE HA SFP Slots5. 22x 10 GE SFP / GE SFP Slots6. 4x 100 GE QSFP28 / 40 GE QSFP SlotsNetwork ProcessorPowered by SPUFortinet’s new, breakthrough SPU NP6 network processor works§§ Custom SPU processors deliver the§§ Superior firewall performance for IPv4/IPv6, SCTP and multicastpower you need to detect maliciouscontent at multi-Gigabit speeds§§ Other security technologies cannot protect againsttoday’s wide range of content- and connection-basedthreats because they rely on general-purpose CPUs,causing a dangerous performance gap§§ SPU processors provide the performance neededto block emerging threats, meet rigorous third-partycertifications, and ensure that your network securitysolution does not become a network bottleneckinline with FortiOS functions delivering:traffic with ultra-low latency down to 2 microseconds§§ VPN, CAPWAP and IP tunnel acceleration§§ Anomaly-based intrusion prevention, checksum offload andpacket defragmentation§§ Traffic shaping and priority queuingContent ProcessorFortinet’s new, breakthrough SPU CP9 content processor worksoutside of the direct flow of traffic and accelerates the inspection ofcomputationally intensive security features:§§ Enhanced IPS performance with unique capability of fullsignature matching at SPU§§ SSL Inspection capabilities based on the latest industrymandated cipher suites§§ Encryption and decryption offloading100 GE Connectivity for NetworkHigh speed connectivity is essential for network securitysegmentation at the core of data networks. The FortiGate 3400Eprovides multiple 100 GE QSFP28 slots, simplifying network designswithout relying on additional devices to bridge desired connectivity.3

FortiGate 3400E Series FORTINET SECURITY FABRICFortiManagerFortiAnalyzerFortiSIEMSecurity FabricThe Security Fabric allows security to dynamically expand andPartner APIadapt as more and more workloads and data are added. SecurityFortiGateVMseamlessly follows and protects data, users, and applicationsas they move between IoT, devices, and cloud environmentsFortiOSthroughout the network.FortiClientFortiGates are the foundation of Security Fabric, expanding securityFortiWebFortiGatevia visibility and control by tightly integrating with other Fortinetsecurity products and Fabric-Ready Partner rtiSandboxFortiOSControl all the security and networking capabilities across the entireFortiGate platform with one intuitive operating system. Reduceoperating expenses and save time with a truly consolidated nextgeneration security platform.§§ A truly consolidated platform with one OS for all security andnetworking services for all FortiGate platforms.§§ Industry-leading protection: NSS Labs Recommended, VB100,AV Comparatives, and ICSA validated security and performance.§§ Control thousands of applications, block the latest exploits, andfilter web traffic based on millions of real-time URL ratings.§§ Prevent, detect, and mitigate advanced attacks automatically inminutes with integrated advanced threat protection.§§ Fulfill your networking needs with extensive routing, switching,and SD-WAN capabilities.§§ Ultilize SPU hardware acceleration to boost security capabilityperformance.For more information, please refer to the FortiOS datasheet available at www.fortinet.comSERVICESFortiGuard Security ServicesFortiCare Support ServicesFortiGuard Labs offers real-time intelligence on the threatOur FortiCare customer support team provides global technicallandscape, delivering comprehensive security updates acrosssupport for all Fortinet products. With support staff in the Americas,the full range of Fortinet’s solutions. Comprised of securityEurope, Middle East, and Asia, FortiCare offers services to meetthreat researchers, engineers, and forensic specialists, thethe needs of enterprises of all sizes.team collaborates with the world’s leading threat monitoringorganizations and other network and security vendors, as well aslaw enforcement agencies.4For more information, please refer to forti.net/fortiguardand forti.net/forticarewww.fortinet.com

FortiGate 3400E Series SPECIFICATIONSFORTIGATE 3400EFORTIGATE 3401EInterfaces and ModulesFORTIGATE 3400E100 GE QSFP28 / 40 GE QSFP Slots4Height x Width x Length (inches)10 GE SFP / GE SFP Slots22Height x Width x Length (mm)GE RJ45 Management Ports2WeightUSB Ports (Client / Server)Included TransceiversAC Power Supply1NIL3.5 x 17.44 x 21.8988.9 x 443 x 55643.1 lbs (19.6 kg)Form Factor1/1Console PortInternal StorageFORTIGATE 3401EDimensions and Power2x 2 TB SSD2x SFP (SR 10 GE)Power Consumption (Average / Maximum)Maximum CurrentHeat DissipationSystem Performance — Enterprise Traffic MixRedundant Power SuppliesIPS Throughput 244 GbpsNGFW Throughput 2, 434 GbpsOperating Environment and CertificationsThreat Protection Throughput 2, 523 GbpsOperating TemperatureSystem Performance and CapacityFirewall Throughput (1518 / 512 / 64 byte, UDP)240 / 238 / 150 GbpsIPv6 Firewall Throughput(1518 / 512 / 86 byte, UDP)240 / 238 / 150 Gbps44.5 lbs (20.2 kg)2 RU100–240V AC, 60–50 Hz503 W / 815 W516 W / 830 W12@100V, 9A@240V2781 BTU/h2832 BTU/hYes, Hot Swappable32–104 F (0–40 C)Storage Temperature-31–158 F (-35–70 C)Humidity10–90% non-condensingNoise LevelOperating Altitude63 dBAUp to 7,400 ft (2,250 m)4 µsComplianceFCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CBFirewall Throughput (Packet per Second)225 MppsCertificationsConcurrent Sessions (TCP)50 MillionICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN;USGv6/IPv6New Sessions/Second (TCP)460,000Firewall Latency (64 byte, UDP)Firewall Policies200,000IPsec VPN Throughput (512 byte) 1140 GbpsGateway-to-Gateway IPsec VPN Tunnels40,000Client-to-Gateway IPsec VPN Tunnels200,000SSL-VPN Throughput11 GbpsConcurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)30,000SSL Inspection Throughput (IPS, avg. HTTPS) 330 GbpsSSL Inspection CPS (IPS, avg. HTTPS) 314,000SSL Inspection Concurrent Session(IPS, avg. HTTPS) 34.9 MillionApplication Control Throughput (HTTP 64K) 286 GbpsCAPWAP Throughput (HTTP 64K)15 GbpsVirtual Domains (Default / Maximum)10 / 500Maximum Number of Switches SupportedMaximum Number of FortiAPs(Total / Tunnel Mode)2564,096 / 1,024Maximum Number of FortiTokens5,000Maximum Number of Registered FortiClients50,000High Availability ConfigurationsActive / Active, Active / Passive, ClusteringNote: All performance values are “up to” and vary depending on system configuration.1. IPsec VPN performance test uses AES256-SHA256.2. IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.3. SSL Inspection performance values use an average of HTTPS sessions of different cipher suites.4. NGFW performance is measured with Firewall, IPS and Application Control enabled.5. Threat Protection performance is measured with Firewall, IPS, Application Control and MalwareProtection enabled.5