WIXLIB

FortiGate Virtual AppliancesConsolidated Security for Virtualized EnvironmentsComplete end-to-end security ecosystem for theSoftware Defined Data Center. Fortinet enables andfacilitates the enterprise’s journey through the DataCenter consolidation process.Fortinet delivers both physical and virtualized security appliancesto secure unique data planes. It offers on one side, unmatchedperformance and security capabilities while allowing for the growthand evolution of the consolidating Data Center with no servicedegradation or bottlenecks, no compromise on security, and withan unmatched ROI — fulfilling the outcomes of a robust softwaredefined security framework.FortiGate Virtual Appliances allow you to mitigate blind spots byimplementing critical security controls within your virtual infrastructure.They also allow you to rapidly provision security infrastructurewhenever and wherever it is needed. FortiGate virtual appliancesfeature all of the security and networking services common totraditional hardware-based FortiGate appliances. With the addition ofvirtual appliances from Fortinet, you can deploy a mix of hardwareand virtual appliances, operating together and managed from acommon centralized management platform.FortiGate VirtualAppliance BenefitsFortiGate virtual appliances offer protectionfrom a broad array of threats, with supportfor all of the security and networkingservices offered by the FortiOS operatingsystem. In addition, the appliances offer:§§ Increased visibility within virtualized infrastructure§§ Rapid deployment capability§§ Ability to manage virtual appliances andphysical appliances from a single paneof glass management platform§§ Simple licensing with no per-user fees§§ Support for multiple virtualization andCloud platformsFortiADC-VMFortiAnalyzer-VM MFortiGate-VMHypervFortiSandbox-VM§§ Full support for FortiHypervisordeployments enabling line-speedsecurity in vCPE requirement§§ Wide array of licensing choices to fit anyinfrastructure requirement§§ VDOM-enabled models for M-VMFortiWAN-VMFortiWLC-VMFortiWeb ManagerFortinet’s comprehensive security virtual appliance lineup supports in excess of 16 solutions.DATA SHEET

FortiGate Virtual AppliancesPLATFORMChoice of Form FactorMulti-Threat SecurityFew organizations use 100% hardware or 100% virtual ITUsing the advanced FortiOS operating system, FortiGateinfrastructure today, creating a need for both hardware appliancesappliances effectively neutralize a wide range of security threatsand virtual appliances in your security strategy. Fortinet allowsfacing your virtualized environment. Whether deployed at the edgeyou to build the security solution that’s right for your environmentas a front-line defense, or deep within the virtual infrastructure forwith hardware and virtual appliances to secure the core, the edgeinter-zone security, FortiGate appliances protect your infrastructureand increase visibility and control over communications within thewith some of the most effective security available today by enablingvirtualized infrastructure. FortiManager virtual or physical appliancessecurity features you need.allow you to easily manage and update your Fortinet security assets— hardware, virtual or both — from a single pane of TMVM5Zone 1 to 2VM Secure Inter-VM traffic in sameInter-Zone / Inter-VMSecurity1tVM7,8oVbroadcast domain Transparent VDOM to bridge VLANs Inter-Zone L3 VDOM withinFortiGate-VM instance No hypervisor API dependencyM2VM1VM3,4Zone 1192.168.2.xVM6VM2Zone 2192.168.1.xHypervisor LayerAll Inter-VM traffic in Bravo Zones are subject to full UTM scan through L2 VDOM.Inter-Zone traffic subject to full Next Gen Firewall and UTM scan by L3 VDOM.Alpha Zone VMs can all talk to each other freely.Alpha ZonesVLAN1021VLAN103110221032FortiGate-VMVLAN trunk toL2 VDOMAlpha Port Group(VLAN 101)!vSwitch AlphaVLAN trunk to L2 VDOMBravo1 Bravo2To L3VDOMvSwitchInter-ZONEBravo 1 Port Gr !VLAN 102{1-n} !Bravo 2 Port GrVLAN 103{1-n}vSwitch Bravo 1-nInter-VMvSwitch FabricHypervisor Layer2www.fortinet.com

FortiGate Virtual AppliancesSOFTWAREFortiOSControl all the security and networking capabilities across the entireFortiGate platform with one intuitive operating system. Reduceoperating expenses and save time with a truly consolidated nextgeneration security platform.§§ A truly consolidated platform with one OS for all security andnetworking services for all FortiGate platforms.§§ Industry-leading protection: NSS Labs Recommended, VB100,AV Comparatives and ICSA validated security and performance.§§ Control thousands of applications, block the latest exploits, andfilter web traffic based on millions of real-time URL ratings.§§ Detect, contain and block advanced attacks automatically inminutes with integrated advanced threat protection framework.§§ Solve your networking needs with extensive routing, switching,WiFi, LAN and WAN capabilities.§§ Activate all the SPU-boosted capabilities you need on thefastest firewall platform available.For more information, please refer to the FortiOS datasheet available at www.fortinet.comSERVICESFortiGuard Security ServicesFortiCare Support ServicesFortiGuard Labs offers real-time intelligence on the threatOur FortiCare customer support team provides global technicallandscape, delivering comprehensive security updates acrosssupport for all Fortinet products. With support staff in the Americas,the full range of Fortinet’s solutions. Comprised of securityEurope, Middle East and Asia, FortiCare offers services to meet thethreat researchers, engineers, and forensic specialists, theneeds of enterprises of all sizes:team collaborates with the world’s leading threat monitoring§§ Enhanced Support — For customers who need supportorganizations, other network and security vendors, as well as lawenforcement agencies:during local business hours only.§§ Comprehensive Support — For customers who need around-§§ Real-time Updates — 24x7x365 Global Operations researchsecurity intelligence, distributed via Fortinet Distributed Networkto all Fortinet platforms.§§ Security Research — FortiGuard Labs have discovered overthe-clock mission critical support, including advanced exchangehardware replacement.§§ Advanced Services — For global or regional customers whoneed an assigned Technical Account Manager, enhanced170 unique zero-day vulnerabilities to date, totaling millions ofservice level agreements, extended software support, priorityautomated signature updates monthly.escalation, on-site visits and more.§§ Validated Security Intelligence — Based on FortiGuard§§ Professional Services — For customers with more complexintelligence, Fortinet’s network security platform is tested andsecurity implementations that require architecture and designvalidated by the world’s leading third-party testing labs andservices, implementation and deployment services, operationalcustomers globally.services and more.Enterprise BundleFortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform.You can easily optimize the protection capabilities of your FortiGate with the FortiGuard Enterprise Bundle. Thisbundle contains the full set of FortiGuard security services plus FortiCare service and support offering the mostflexibility and broadest range of protection all in one package.3

FortiGate Virtual 01/01VFORTIGATE-VM02/02VFORTIGATE-VM04/04VvCPU Support (Minimum / Maximum)1/11/11/21/4Network Interface Support (Minimum / Maximum)1 / 101 / 101 / 101 / 10Memory Support (Minimum / Maximum)1 GB / 2 GB1 GB / 2 GB1 GB / 4 GB1 GB / 6 GBStorage Support (Minimum / Maximum)32 GB / 2 TB32 GB / 2 TB32 GB / 2 TB32 GB / 2 TBWireless Access Points Controlled (Tunnel / Global)32 / 3232 / 64256 / 512256 / 512Virtual Domains (Default / Maximum)1/11 / 1010 / 2510 / 50Firewall Policies (VDOM / System)5,00020,000 / 40,00050,000 / 100,00050,000 / 100,000Maximum Number of FortiTokens1,0001,0001,0005,000Maximum Number of Registered EndpointsN/A2,0002,0008,000Unlimited User LicenseYesYesYesYesFirewall Throughput (UDP Packets, SR-IOV Enabled)9.0 Gbps11.5 Gbps15.0 GbpsConcurrent Sessions (TCP)1.0 Million2.6 Million4.3 MillionNew Sessions / Second (TCP)85,000100,000125,000IPsec VPN Throughput (AES256 SHA1, 512 Byte)850 Mbps1.15 Gbps2.65 GbpsGateway-to-Gateway IPsec VPN Tunnels2,0002,0002,000Client-to-Gateway IPsec VPN Tunnels6,00012,00020,000SSL-VPN Throughput500 Mbps750 Mbps1.5 GbpsConcurrent SSL-VPN Users (Recommended Maximum)1,0002,0004,500IPS Throughput (HTTP / Enterprise Mix) 13.0 Gbps / 950 Mbps4.4 Gbps / 1.7 Gbps7.5 Gbps / 3.0 GbpsApplication Control Throughput 21.5 Gbps2.6 Gbps4.0 GbpsNGFW Throughput 3550 Mbps1.3 Gbps2.2 GbpsThreat Protection Throughput 4450 Mbps1.0 Gbps1.7 GbpsCAPWAP Throughput 51.0 Gbps1.6 Gbps2.4 VM32/32VFORTIGATE-VMUL/ULVvCPU Support (Minimum / Maximum)1/81 / 161 / 321 / unlimitedNetwork Interface Support (Minimum / Maximum)1 / 101 / 101 / 101 / 10Memory Support (Minimum / Maximum)1 GB / 12 GB1 GB / 24 GB1 GB / 48 GB1 GB / Unlimited GBStorage Support (Minimum / Maximum)32 GB / 2 TB32 GB / 2 TB32 GB / 2 TB32 GB / 2 TBWireless Access Points Controlled (Tunnel / Global)1,024 / 4,0961,024 / 4,0961,024 / 4,0961,024 / 4,096Virtual Domains (Default / Maximum)10 / 25010 / 50010 / 50010 / 500Firewall Policies (VDOM / System)50,000 / 100,00050,000 / 100,00050,000 / 100,00050,000 / 100,000Maximum Number of FortiTokens5,0005,0005,0005,000Maximum Number of Registered Endpoints20,00020,00020,00020,000Unlimited User LicenseYesYesYesYesFirewall Throughput (UDP Packets, SR-IOV Enabled)20.0 Gbps25.0 GbpsConcurrent Sessions (TCP)8.5 Million18.0 Million38.0 MillionNew Sessions / Second (TCP)150,000175,000200,000IPsec VPN Throughput (AES256 SHA1, 512 Byte)5.2 Gbps6.25 Gbps6.85 GbpsGateway-to-Gateway IPsec VPN Tunnels40,00040,00040,000Client-to-Gateway IPsec VPN Tunnels40,00050,00064,000SSL-VPN Throughput3.5 Gbps6.0 Gbps7.3 GbpsConcurrent SSL-VPN Users (Recommended Maximum)10,00025,00040,000IPS Throughput (HTTP / Enterprise Mix) 113.5 Gbps / 5.5 Gbps16.5 Gbps / 9.5 Gbps18.3 Gbps / 15.5 GbpsApplication Control Throughput 28.0 Gbps11.0 Gbps14.0 GbpsNGFW Throughput 34.0 Gbps5.5 Gbps11.0 GbpsThreat Protection Throughput 43.2 Gbps4.5 Gbps8.8 GbpsTechnical SpecificationsSystem PerformanceTechnical SpecificationsSystem PerformanceActual performance may vary depending on the network and system configuration. Performance metrics were observed using a Del R730 Server (Intel E5-2687W 3.1 GHz, 2x 10 GE interfaces) running FOS v5.6. 1. IPS performance is measured using 1 Mbyte HTTPand Enterprise Traffic Mix. 2. Application Control performance is measured with 64 Kbytes HTTP traffic. 3. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 4. Threat Protection performance is measured with IPSand Application Control and Malware protection enabled, based on Enterprise Traffic Mix.4www.fortinet.com