Transcription

DATA SHEETFortiGate 1100E SeriesNext Generation FirewallSegmentationSecure Web GatewayIPSMobile SecurityFG-1100E/-DC and FG-1101EThe FortiGate 1100E series delivers high performance next generation firewall (NGFW)capabilities for large enterprises and service providers. With multiple high-speed interfaces,high-port density, and high-throughput, ideal deployments are at the enterprise edge, hybriddata center core, and across internal segments. Leverage industry-leading IPS, SSL inspection,and advanced threat protection to optimize your network performance. Fortinet’s SecurityDriven Networking approach provides tight network integration to the new security generation.Securityn Identifies thousands of applications inside network trafficfor deep inspection and granular policy enforcementnnProtects against malware, exploits, and maliciouswebsites in both encrypted and non-encrypted trafficPrevent and detect against known and unknown attacksusing continuous threat intelligence from AI-poweredFortiGuard Labs security servicesPerformancen Delivers industry’s best threat protection performance andultra-low latency using purpose-built security processor(SPU) technologynProvides industry-leading performance and protection forSSL encrypted trafficCertificationn Independently tested and validated best securityeffectiveness and performancenReceived unparalleled third-party certifications from NSSLabsNetworkingn Delivers advanced networking capabilities that seamlesslyintegrate with advanced layer 7 security and virtualdomains (VDOMs) to offer extensive deploymentflexibility, multi-tenancy and effective utilization ofresourcesnDelivers high-density, flexible combination of varioushigh-speed interfaces to enable best TCO for customersfor data center and WAN deploymentsManagementn Includes a management console that is effective, simpleto use, and provides comprehensive network automationand visibilitynnProvides Zero Touch Integration with Security Fabric’sSingle Pane of Glass ManagementPredefined compliance checklist analyzes the deploymentand highlights best practices to improve overall securitypostureSecurity Fabricn Enables Fortinet and Fabric-ready partners’ productsto provide broader visibility, integrated end-to-enddetection, threat intelligence sharing, and automatedremediationFirewallIPSNGFWThreat Protection80 Gbps12.5 Gbps9.8 Gbps7.1 GbpsInterfacesMultiple GE RJ45, 25 GE SFP28 / 10 GE SFP / GE SFP,and 40 GE QSFP slotsRefer to specification table for details1

DATA SHEET FortiGate 1100E SeriesDEPLOYMENTN ext GenerationFirewall (NGFW)§ Reduce the complexity and maximize your ROI byintegrating threat protection security capabilities intoa single high-performance network security appliance,powered by Fortinet’s Security Processing Unit (SPU)§ Full visibility into users, devices, and applications acrossthe entire attack surface and consistent security policyenforcement irrespective of asset location§ Protect against network exploitable vulnerabilities withindustry-validated IPS security effectiveness, low latency,and optimized network performance§ Automatically block threats on decrypted traffic using theindustry’s highest SSL inspection performance, includingthe latest TLS 1.3 standard with mandated ciphers§ Proactively block newly discovered sophisticatedattacks in real-time with AI-powered FortiGuard Labsand advanced threat protection services included in theFortinet Security FabricSegmentation§ Segmentation that adapts to any network topology,delivering end-to-end security from the branch level todata centers and extending to multiple clouds§ Reduce security risks by improving network visibility fromthe components of the Fortinet Security Fabric, whichadapt access permissions to current levels of trust andenforce access control effectively and efficiently§ Delivers defense in depth security powered by highperformance L7 inspection and remediation by Fortinet’sSPU, while delivering third party validated TCO of perprotected MbpsI PS§ Purpose-built security processors delivering industryvalidated IPS performance with high throughput and lowlatency§ Deploy virtual patches at the network level to protectagainst network exploitable vulnerabilities and optimizenetwork protection time§ Deep packet inspection at wire speeds offers unparalleledthreat visibility into network traffic including trafficencrypted with the latest TLS 1.3§ Proactively block newly discovered sophisticated attacksin real-time with advanced threat protection provided bythe intelligence services of the Fortinet Security Fabric Mobile Securityfor 4G, 5G, and IOT§ SPU accelerated, high performance CGNAT and IPv6migration option including: NAT44, NAT444, NAT64/DNS64,NAT46 for 4G Gi/sGi and 5G N6 connectivity and security§ RAN Access Security with highly scalable and bestperforming IPsec aggregation and control security gateway(SecGW)§ User plane security enabled by full Threat Protection andvisibility into GTP-U inspection§ 4G and 5G security for user and data plane traffic includingSCTP, GTP-U, and SIP that provides protection againstattacks§ High-speed interfaces to enable deployment flexibility§ Protects critical business applications and helps implementany compliance requirements without network redesignsFortiClientVPN ClientSecure Web Gateway§ Secure web access from both internal and external risks,even for encrypted traffic at high performance§ Enhanced user experience with dynamic web and mentationFortiManagerSingle Pane-of-GlassManagement§ Block and control web access based on user or usergroups across URLs and domains§ Prevent data loss and discover user activity to known andunknown cloud applicationsFortiAnalyzerAnalytics-poweredSecurity & Log Management§ Block DNS requests against malicious domains§ Multi-layered advanced protection against zero-daymalware threats delivered over the webData Center Deployment(IPS/NGFW, Intent-based Segmentation)2

DATA SHEET FortiGate 1100E SeriesHARDWAREFortiGate 1100E/-DC and 2426SFP 27292830SFP2831QSFP 333234FortiGate SCONNECT ALLPOWER CORDSBEFORE SERVICINGFAN1FAN2FAN3Interfaces1.2.3.4.5.6.7.8.2x USB Ports1x Console Port2x GE RJ45 MGMT/HA Ports16x GE RJ45 Ports8x GE SFP Slots4x 10 GE SFP Slots / GE SFP Slots4x 25 GE SFP28 / 10 GE SFP / GE SFP Slots2x 40 GE QSFP SlotsHardware FeaturesNP6CP92U40GE25GEACDUAL/960GBNetwork ProcessorPowered by SPUnnnFortinet’s custom SPU processorsdeliver the power you need to detectmalicious content at multi-GigabitspeedsOther security technologies cannot protect againsttoday’s wide range of content- and connectionbased threats because they rely on general-purposeCPUs, causing a dangerous performance gapSPU processors provide the performance neededto block emerging threats, meet rigorous third-partycertifications, and ensure that your network securitysolution does not become a network bottleneckFortinet’s new, breakthrough SPU NP6 network processorworks inline with FortiOS functions delivering:§ Superior firewall performance for IPv4/IPv6, SCTP andmulticast traffic with ultra-low latency§ VPN, CAPWAP, and IP tunnel acceleration§ Anomaly-based intrusion prevention, checksum offload,and packet defragmentation§ Traffic shaping and priority queuingContent ProcessorFortinet’s ninth generation custom SPU CP9 contentprocessor works outside of the direct flow of traffic andaccelerates the inspection.High-Speed ConnectivityHigh-speed connectivity is essential for network securitysegmentation at the core of data networks. The FortiGate1100E series provides 40 GE and 25 GE interfaces, simplifyingnetwork designs without relying on additional devices tobridge desired connectivity.3

DATA SHEET FortiGate 1100E SeriesFORTINET SECURITY FABRICSecurity FabricThe industry’s highest-performing cybersecurity platform,powered by FortiOS, with a rich ecosystem designed tospan the extended digital attack surface, delivering fullyautomated, self-healing network security.Fabric ManagementCenterFabric SecurityOperationsNOCSOC§ Broad: Coordinated detection and enforcement across theentire digital attack surface and lifecycle with convergednetworking and security across edges, clouds, endpoints,and usersAdaptive CloudSecurity§ Integrated: Integrated and unified security, operation,and performance across different technologies, location,deployment options, and the richest ecosystemZero TrustAccessFORTI OS§ Automated: Context aware, self-healing network andsecurity posture leveraging cloud-scale and advanced AIto automatically deliver near-real-time, user-to-applicationcoordinated protection across the FabricThe Fabric empowers organizations of any size to secure andsimplify their hybrid infrastructure on the journey to systemFortiGuardThreat IntelligenceFortiOS Operating SystemFortiOS, Fortinet’s leading operating system enable theconvergence of high performing networking and securityacross the Fortinet Security Fabric delivering consistent andcontext-aware security posture across network endpoint, andclouds. The organically built best of breed capabilities andunified approach allows organizations to run their businesseswithout compromising performance or protection, supportsseamless scalability, and simplifies innovation consumption.The release of FortiOS 7 dramatically expands the FortinetSecurity Fabric’s ability to deliver consistent security acrosshybrid deployment models of Hardware, Software, andSoftware As-a-Service with SASE and ZTNA, among others.SERVICESFortiGuard Security ServicesFortiGuard Labs offer real-time intelligence on the threatlandscape, delivering comprehensive security updates acrossthe full range of Fortinet’s solutions. Comprised of securitythreat researchers, engineers, and forensic specialists, theteam collaborates with the world’s leading threat monitoringorganizations and other network and security vendors, as wellas law enforcement agencies.FortiCare ServicesFortinet is dedicated to helping our customers succeed, andevery year FortiCare services help thousands of organizationsget the most from their Fortinet Security Fabric solution. Wehave more than 1,000 experts to help accelerate technologyimplementation, provide reliable assistance through advancedsupport, and offer proactive care to maximize security andperformance of Fortinet deployments.4

DATA SHEET FortiGate 1100E SeriesSPECIFICATIONSFG-1100E/-DCFG-1101EInterfaces and ModulesFG-1100E/-DCDimensions and PowerHardware Accelerated 40 GE QSFP Slots2Hardware Accelerated 25 GE SFP28 / 10GE SFP / GE SFP Slots4Hardware Accelerated 10 GE SFP Slots/ GE SFP Slots4Form Factor(supports EIA/ non-EIA standardsHardware Accelerated GE SFP Slots8AC Power Input16Power Consumption(Average / Maximum)Hardware Accelerated GE RJ45 PortsGE RJ45 Management / HA PortsIncluded Transceivers2x 480 GB SSD2x SFP (SX 1 GE)System Performance — Enterprise Traffic MixIPS Throughput 212.5 GbpsNGFW Throughput 2, 49.8 GbpsThreat Protection Throughput 2, 57.11 GbpsSystem Performance and Capacity80 / 80 / 45 GbpsIPv6 Firewall Throughput(1518 / 512 / 86 byte, UDP)80 / 80 / 45 GbpsFirewall Throughput (Packet per Second)2.76 μs67.5 MppsConcurrent Sessions (TCP)8 MillionNew Sessions/Second (TCP)500,000Firewall Policies100,000IPsec VPN Throughput (512 byte) 148 GbpsGateway-to-Gateway IPsec VPN Tunnels20,000Client-to-Gateway IPsec VPN Tunnels100,000SSL-VPN Throughput8.4 GbpsConcurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)SSL Inspection Throughput(IPS, avg. HTTPS) 3SSL Inspection CPS (IPS, avg. HTTPS) 326 GbpsCAPWAP Throughput (HTTP 64K)43 GbpsVirtual Domains (Default / Maximum)10 / 250High Availability Configurations222 W / 346 [email protected], [email protected],147 BTU/h1,181 BTU/h-48V DC--11.5A--Yes, Hot swappableOperating Environment and CertificationsOperating TemperatureStorage TemperatureHumidityForced AirflowOperating Altitude32–104 F (0–40 C)-31–158 F (-35–70 C)10–90% non-condensing66.7 dBAFront to BackUp to 7,400 ft (2,250 m)ComplianceFCC ICES, CE, RCM, VCCI, BSMI, UL/cUL,CBCertificationsICSA Labs: Firewall, IPsec, IPS, Antivirus,SSL-VPN, USGv6/IPv61964,096 / 2,04820,000Active-Active, Active-Passive, ClusteringNote: All performance values are “up to” and vary depending on system configuration.1. IPsec VPN performance test uses AES256-SHA256.2. IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured withLogging enabled.3. SSL Inspection performance values use an average of HTTPS sessions of different ciphersuites.5100–240V AC, 50/60 Hz217 W / 336 W6,500Application Control Throughput(HTTP 64K) 2Maximum Number of FortiTokensRedundant Power Supplies25.4 lbs (11.55 kg)Rack Mount, 2 RU10 Gbps780,000Maximum Number of FortiAPs(Total / Tunnel)DC Current (Maximum)24.9 lbs (11.3kg)10,000SSL Inspection Concurrent Session(IPS, avg. HTTPS) 3Maximum Number of FortiSwitchesSupportedDC Power Input (FG-1100E-DC)Noise LevelIPv4 Firewall Throughput(1518 / 512 / 64 byte, UDP)Firewall Latency (64 byte, UDP)88.9 x 443 x 447.4Heat Dissipation103.5 x 17.44 x 17.62Height x Width x Length (mm)AC Current (Maximum)1/2Console PortHeight x Width x Length (inches)Weight2USB Ports (Client / Server)Onboard StorageFG-1101E4. NGFW performance is measured with Firewall, IPS and Application Control enabled.5. Threat Protection performance is measured with Firewall, IPS, Application Control andMalware Protection enabled.

DATA SHEET FortiGate 1100E SeriesORDERING INFORMATIONPRODUCTSKUDESCRIPTIONFortiGate 1100EFG-1100E2x 40 GE QSFP slots, 4x 25 GE SFP28 slots, 4x 10 GE SFP slots, 8x GE SFP slots, 18x GE RJ45ports (including 16x ports, 2x management/HA ports) SPU NP6 and CP9 hardware accelerated,and 2 AC power supplies.FortiGate 1101EFG-1101E2x 40 GE QSFP slots, 4x 25 GE SFP28 slots, 4x 10 GE SFP slots, 8x GE SFP slots, 18x GE RJ45ports (including 16x ports, 2x management/HA ports) SPU NP6 and CP9 hardware accelerated,960 GB SSD onboard storage, and 2 AC power supplies.FortiGate 1100E-DCFG-1100E-DC2x 40 GE QSFP slots, 4x 25 GE SFP28 slots, 4x 10 GE SFP slots, 8x GE SFP slots, 18x GE RJ45ports (including 16x ports, 2x management/HA ports) SPU NP6 and CP9 hardware accelerated,and 2 DC power supplies.Optional AccessoriesSKUDescription1 GE SFP LX Transceiver ModuleFN-TRAN-LX1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP slots.1 GE SFP RJ45 Transceiver ModuleFN-TRAN-GC1 GE SFP RJ45 transceiver module for all systems with SFP and SFP/SFP slots.1 GE SFP SX Transceiver ModuleFN-TRAN-SX1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP slots.10 GE SFP RJ45 Transceiver ModuleFN-TRAN-SFP GC10 GE SFP RJ45 transceiver module for systems with SFP slots.10 GE SFP Transceiver Module, Short RangeFN-TRAN-SFP SR10 GE SFP transceiver module, short range for all systems with SFP and SFP/SFP slots.10 GE SFP Transceiver Module, Long RangeFN-TRAN-SFP LR10 GE SFP transceiver module, long range for all systems with SFP and SFP/SFP slots.10 GE SFP Transceiver Module, Extended RangeFN-TRAN-SFP ER10 GE SFP transceiver module, extended range for all systems with SFP and SFP/SFP slots.10 GE SFP Active Direct Attach Cable, 10m / 32.8 ftSP-CABLE-ADASFP 10 GE SFP active direct attach cable, 10m / 32.8 ft for all systems with SFP and SFP/SFP slots.25 GE SFP28 Transceiver Module, Short RangeFN-TRAN-SFP28-SR25 GE SFP28 transceiver module, short range for all systems with SFP28 slots.25 GE SFP28 Transceiver Module, Long RangeFG-TRAN-SFP28-LR25 GE SFP28 transceiver module, long range for all systems with SFP28 slots40 GE QSFP Transceiver Module, Short RangeFN-TRAN-QSFP SR40 GE QSFP transceiver module, short range for all systems with QSFP slots.40 GE QSFP Transceivers, Short Range, BiDiFG-TRAN-QSFP SR-BIDI40 GE QSFP transceivers, short range BiDi for systems with QSFP slots.40 GE QSFP Transceiver Module, Long RangeFN-TRAN-QSFP LR40 GE QSFP transceiver module, long range for all systems with QSFP slots.40 GE QSFP to 4x 10 GE SFP Optical BreakoutFG-TRAN-QSFP 4XSFP40 GE QSFP Parallel Breakout Active Optical Cable with 1m length for all systems with QSFP slots.QSFP to 4xSFP Optical breakout 5mFG-TRAN-QSFP 4SFP-540 GE QSFP Parallel Breakout MPO to 4xLC connectors, 5m reach, transceivers not included.Rack Mount Sliding RailsSP-FG3040B-RAILRack mount sliding rails for FG-1000C/-DC, FG-1100/1101E, FG-1200D, FG-1500D/-DC, FG-2000E,FG-2500E, FG-3040B/-DC, FG-3140B/-DC, FG-3240C/-DC, FG-3000D/-DC, FG-3100D/-DC, FG3200D/-DC, FG-3400/3401E, FG-3600/3601E, FG-3700D/-DC, FG-3700DX, FG-3810D/-DC andFG-3950B/-DC.AC Power SupplySP-FG300E-PSAC power supply for FG-300/301E, FG-400/401E, FG-500/501E, FG-600/601E, FG-1100/1101E,FAZ-200F/FAZ-300F/FMG-200F and FAZ-800F/FMG-300F.DC Power SupplySP-FG300E-DC-PSDC power supply for d Labs deliversa number of securityintelligence services toaugment the FortiGatefirewall platform. Youcan easily optimize theprotection capabilities ofyour FortiGate with one ofthese FortiGuard Bundles.FortiCareEnterprise ProtectionUnified Threat ProtectionAdvanced ThreatProtection24x724x724x7FortiGuard App Control Service FortiGuard IPS Service FortiGuard Advanced Malware Protection (AMP) — Antivirus,Mobile Malware, Botnet, CDR, Virus Outbreak Protection andFortiSandbox Cloud Service FortiGuard Web and Video1 Filtering Service FortiGuard Antispam Service FortiGuard Security Rating Service FortiGuard IoT Detection Service FortiGuard Industrial Service FortiConverter Service 1. Available when running FortiOS 7.0www.fortinet.comCopyright 2021 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other productor company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and otherconditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaserthat expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, anysuch warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwiserevise this publication without notice, and the most current version of the publication shall be applicable.FG-1100E-DAT-R20-20211029

SSL Inspection CPS (IPS, avg. HTTPS) 3 6,500 SSL Inspection Concurrent Session (IPS, avg. HTTPS) 3 780,000 Application Control Throughput (HTTP 64K) 2 26 Gbps CAPWAP Throughput (HTTP 64K) 43 Gbps Virtual Domains (Default / Maximum) 10 / 250 Maximum Number of FortiSwitches Supported 196