Transcription

FortiGate 200D SeriesNext Generation FirewallEnterprise BranchSecure SD-WAN FortiGate 200D, 200D-POE, 240D, 240D-POE and 280D-POEThe FortiGate 200D series delivers next generation firewall capabilities for mid-sized to large enterprises,with the flexibility to be deployed at the campus or enterprise branch. Protect against cyber threats withsecurity processor powered high performance, security efficacy and deep visibility.Security§§ Protects against known exploits, malware and maliciouswebsites using continuous threat intelligence provided byFortiGuard Labs security services§§ Identify thousands of applications including cloud applicationsfor deep inspection into network traffic§§ Detects unknown attacks using dynamic analysis and providesautomated mitigation to stop targeted attacksPerformance§§ Delivers industry’s best threat protection performance andultra-low latency using purpose-built security processor(SPU) technology§§ Provides industry-leading performance and protection for SSLencrypted trafficCertification§§ Independently tested and validated best security effectivenessand performance§§ Received unparalleled third-party certifications from NSS Labs,ICSA, Virus Bulletin and AV ComparativesFirewall3–4 GbpsIPS350 MbpsNGFW330 MbpsNetworking§§ Delivers an extensive routing, switching, wireless controllerand high performance IPsec VPN capabilities to consolidatenetworking and security functionality§§ Enables flexible deployment such as Next Generation Firewalland Secure SD-WANManagement§§ Single Pane of Glass with Network Operations Center (NOC)view provides 360 visibility to identify issues quicklyand intuitively§§ Predefined compliance checklist analyzes the deployment andhighlights best practices to improve overall security postureSecurity Fabric§§ Enables Fortinet and Fabric-ready partners’products to collaboratively integrate andprovide end-to-end security across the entireattack surface§§ Automatically builds Network Topology visualizations whichdiscover IoT devices and provide complete visibility intoFortinet and Fabric-ready partner productsThreat ProtectionInterfaces310 MbpsMultiple GE RJ45, GE SFP Slots PoE VariantsRefer to specification table for detailsDATA SHEET

FortiGate 200D Series DEPLOYMENTN ext GenerationFirewall (NGFW)S ecureSD-WAN§§ Combines threat prevention security capabilities into single high§§ Secure direct Internet access for Cloud applications forperformance network security applianceimproved latency and reduce WAN cost spending§§ Reduces complexity by creating campus topology view§§ Effective, cost-efficient and high performance threatand providing granular visibility of devices, users andprevention capabilitiesthreat information§§ WAN Path Controller and Link Health Monitoring for better§§ Identify and stop threats with powerful intrusion preventionbeyond port and protocol that examines the actual content ofapplication performance§§ Security Processor powered industry’s best IPsec VPN and SSLyour network trafficInspection performance§§ Delivers industry’s highest SSL inspection performance using§§ Centralized Management and Zero-Touch deploymentindustry-mandated ciphers§§ Proactively detect malicious unknown threats using integratedcloud-based sandbox serviceFortiSandboxAdvanced ementFortiAnalyzerLogging, Analysis,ReportingFortiGateNGFWFortiAPSecure AccessPointFortiClientEndpoint ProtectionFortiExtender3G/4G LTEWireless WANExtenderFortiAPSecure AccessPointCAMPUS ecIPsFortiGateSecure SD-WANFortiManagerCentralizedManagement nt ProtectionFortiGate 200D deployment in campus(NGFW)2FortiDeploy (via FortiCloud)Zero-touch Bulk ProvisioningFortiGate 200D deployment in branch office(Secure SD-WAN)www.fortinet.com

FortiGate 200D Series HARDWAREFortiGate 240D(-POE)FortiGate 200D(-POE)331 264 58NP4InterfacesLITECP81U64GBRPS7( )POE1.2.3.4.5.6.USB Management PortManagement PortConsole PortUSB Port2x GE RJ45 WAN Interfaces 16x GE RJ45 LAN Interfaces / 8x GE RJ45 LAN and8x GE RJ45 PoE Interfaces on POE Model7. 2x GE SFP DMZ Interfaces8. FRPS Connector1 2764 58NP4InterfacesLITECP81U64GBRPS( )POE1.2.3.4.5.6.USB Management PortManagement PortConsole PortUSB Port2x GE RJ45 WAN Interfaces4 0x GE RJ45 LAN Interfaces / 16x GE RJ45 LAN and24x GE RJ45 PoE Interfaces on POE Model7. 2x GE SFP DMZ Interfaces8. FRPS ConnectorFortiGate 280D-POE367NP4LITE1 24 568CP82U64GBRPS( )POEInterfaces1.2.3.4.USB Management PortManagement PortConsole PortUSB Port5.6.7.8.2x GE RJ45 WAN Interfaces52x GE RJ45 LAN Interfaces32x GE RJ45 PoE LAN Interfaces4x GE SFP DMZ InterfacesNetwork ProcessorPowered by SPU§§ Custom SPU processors provide theperformance needed to block emergingthreats, meet rigorous third-partycertifications, and ensure that your network securitysolution does not become a network bottleneckThe SPU NP4Lite network processor works inline with firewall andVPN functions delivering:§§ Wire-speed firewall performance for any size packets§§ VPN acceleration§§ Anomaly-based intrusion prevention, checksum offload andpacket defragmentation§§ Traffic shaping and priority queuingContent ProcessorThe SPU CP8 content processor works outside of the direct flow oftraffic, providing high-speed cryptography and content inspectionservices including:§§ Signature-based content inspection acceleration§§ Encryption and decryption offloading3

FortiGate 200D Series FORTINET SECURITY FABRICSecurity FabricAdvanced ThreatIntelligenceNOC/SOCThe Security Fabric allows security to dynamically expand andadapt as more and more workloads and data are added. Securityseamlessly follows and protects data, users, and applicationsCloudClientas they move between IoT, devices, and cloud environmentsthroughout the network.FortiGates are the foundation of Security Fabric, expanding securityNetworkAccessApplicationvia visibility and control by tightly integrating with other Fortinetsecurity products and Fabric-Ready Partner solutions.Partner APIFortiOSControl all the security and networking capabilities across the entireFortiGate platform with one intuitive operating system. Reduceoperating expenses and save time with a truly consolidated nextgeneration security platform.§§ A truly consolidated platform with one OS for all security andnetworking services for all FortiGate platforms.§§ Industry-leading protection: NSS Labs Recommended, VB100,AV Comparatives, and ICSA validated security and performance.§§ Control thousands of applications, block the latest exploits, andfilter web traffic based on millions of real-time URL ratings.§§ Prevent, detect, and mitigate advanced attacks automatically inminutes with integrated advanced threat protection.§§ Fulfill your networking needs with extensive routing, switching,and SD-WAN capabilities.§§ Ultilize SPU hardware acceleration to boost security capabilityperformance.For more information, please refer to the FortiOS datasheet available at www.fortinet.comSERVICESFortiGuard Security ServicesFortiCare Support ServicesFortiGuard Labs offers real-time intelligence on the threatOur FortiCare customer support team provides global technicallandscape, delivering comprehensive security updates acrosssupport for all Fortinet products. With support staff in the Americas,the full range of Fortinet’s solutions. Comprised of securityEurope, Middle East, and Asia, FortiCare offers services to meetthreat researchers, engineers, and forensic specialists, thethe needs of enterprises of all sizes.team collaborates with the world’s leading threat monitoringorganizations and other network and security vendors, as well aslaw enforcement agencies.4For more information, please refer to forti.net/fortiguardand forti.net/forticarewww.fortinet.com

FortiGate 200D Series SPECIFICATIONSFORTIGATE 200DFORTIGATE 200D-POEFORTIGATE 240DFORTIGATE 240D-POEFORTIGATE 280D-POEHardware SpecificationsGE RJ45 WAN Interfaces22222GE RJ45 LAN Interfaces168401652GE RJ45 PoE LAN Interfaces–8–2432GE SFP DMZ Interfaces22224USB (Client / Server)1/11/11/11/11/1Console (RJ45)11111Local Storage64 GB64 GB64 GB64 GB64 GBIncluded Transceivers00000System PerformanceFirewall Throughput (1518 / 512 / 64 byte UDP packets)3 / 3 / 3 Gbps3 / 3 / 3 Gbps4 / 4 / 4 Gbps4 / 4 / 4 Gbps4 / 4 / 4 GbpsFirewall Latency (64 byte UDP packets)2 μs2 μs6 μs6 μs2 μsFirewall Throughput (Packets Per Second)4.5 Mpps4.5 Mpps6 Mpps6 Mpps6 MppsConcurrent Sessions (TCP)2 Million2 Million2 Million2 Million2 MillionNew Sessions/Second (TCP)77,00077,00077,00077,00077,000Firewall Policies10,00010,00010,00010,00010,000IPsec VPN Throughput (512 byte packets) 11.3 Gbps1.3 Gbps1.3 Gbps1.3 Gbps1.3 GbpsGateway-to-Gateway IPsec VPN Tunnels2,0002,0002,0002,0002,000Client-to-Gateway IPsec VPN Tunnels10,00010,00010,00010,00010,000SSL-VPN Throughput400 Mbps400 Mbps400 Mbps400 Mbps400 MbpsConcurrent SSL-VPN Users(Recommended Maximum, Tunnel Mode)300300300300300SSL Inspection Throughput (IPS, HTTP) 3340 Mbps340 Mbps340 Mbps340 Mbps340 MbpsApplication Control Throughput (HTTP 64K) 21.5 Gbps1.5 Gbps1.5 Gbps1.5 Gbps1.5 GbpsCAPWAP Throughput (1444 byte, UDP)1.8 Gbps1.8 Gbps1.8 Gbps1.8 Gbps1.8 GbpsVirtual Domains (Default / Maximum)10 / 1010 / 1010 / 1010 / 1010 / 10Maximum Number of Switches Supported2424242424Maximum Number of FortiAPs (Total / Tunnel Mode)128 / 64128 / 64128 / 64128 / 64128 / 64Maximum Number of FortiTokens1,0001,0001,0001,0001,000Maximum Number of Registered FortiClients600600600600600High Availability ConfigurationsActive / Active, Active / Passive, ClusteringSystem Performance — Optimal Traffic MixIPS Throughput 21.7 Gbps1.7 Gbps2.1 Gbps2.1 Gbps2.1 GbpsIPS Throughput 2420 Mbps420 Mbps420 Mbps420 Mbps420 MbpsNGFW Throughput 2, 4330 Mbps330 Mbps330 Mbps330 Mbps330 MbpsThreat Protection Throughput 2, 5310 Mbps310 Mbps310 Mbps310 Mbps310 MbpsSystem Performance — Enterprise Traffic MixDimensionsHeight x Width x Length (inches)1.75 x 17.01 x 11.731.75 x 17.01 x 13.141.75 x 17.01 x 11.731.75 x 17.01 x 13.143.5 x 17.2 x 11.8Height x Width x Length (mm)44 x 432 x 29844 x 432 x 33444 x 432 x 29844 x 432 x 33489 x 437 x 300Weight10.5 lbs (4.8 kg)12.6 lbs (5.7 kg)10.5 lbs (4.8 kg)13.2 lbs (6.0 kg)17.0 lbs (7.6 kg)Form FactorRack Mount, 1 RURack Mount, 1 RURack Mount, 1 RURack Mount, 1 RURack Mount, 2 RUNote: All performance values are “up to” and vary depending on system configuration.1. IPsec VPN performance test uses AES256-SHA256.2. IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.3. SSL Inspection performance test uses TLS v1.2 with AES128-SHA256.4. NGFW performance is measured with Firewall, IPS and Application Control enabled.5. Threat Protection performance is measured with Firewall, IPS, Application Control and MalwareProtection enabled.5

FortiGate 200D Series SPECIFICATIONSFORTIGATE 200DFORTIGATE 200D-POEFORTIGATE 240DFORTIGATE 240D-POEFORTIGATE 280D-POEEnvironmentPower100–240V AC, 50–60 Hz100–240V AC, 50–60 Hz100–240V AC, 50–60 Hz100–240V AC, 50–60 Hz100–240V AC, 50–60 HzMaximum Current110 V / 3 A, 220 V / 1.5 A110 V / 7 A, 220 V / 3.5 A110 V / 3 A, 220 V / 1.5 A110 V / 7 A, 220 V / 3.5 A110 V / 7 A, 220 V / 3.5 ATotal Available PoE Power Budget*–270 W–270 W270 WPower Consumption (Average / Maximum)49 / 83 W122 / 205 W66 / 99 W211 / 375 W228 / 418 WHeat Dissipation283 BTU / h700. BTU / h338 BTU / h1280 BTU / h1426 BTU/hOperating Temperature32–104 F (0–40 C)32–104 F (0–40 C)32–104 F (0–40 C)32–104 F (0–40 C)32–104 F (0–40 C)Storage Temperature-31–158 F (-35–70 C)-31–158 F (-35–70 C)-31–158 F (-35–70 C)-31–158 F (-35–70 C)-31–158 F (-35–70 C)Humidity10–90% non-condensing10–90% non-condensing10–90% non-condensing10–90% non-condensing10–90% non-condensingOperating AltitudeUp to 7,400 ft (2,250 m)Up to 7,400 ft (2,250 m)Up to 7,400 ft (2,250 m)Up to 7,400 ft (2,250 m)Up to 7,400 ft (2,250 m)ComplianceFCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CBCertificationsICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN; USGv6/IPv6* Maximum loading on each PoE port is 15.4 W (802.3af).ORDER INFORMATIONProductSKUDescriptionFortiGate 200DFG-200D18x GE RJ45 (including 16x LAN ports, 2x WAN ports), 2x GE SFP DMZ ports, SPU NP4Lite and CP8 hardware accelerated, 64 GB onboard SSD storage.FortiGate 200D-POEFG-200D-POE18x GE RJ45 (including 8x LAN and 2x WAN, 8x POE), 2x SFP, SPU NP4Lite and CP8 hardware accelerated, 64 GB onboard SSD storage.FortiGate 240DFG-240D42x GE RJ45 ports (including 40x LAN ports, 2x WAN ports), 2x GE SFP DMZ ports, SPU NP4Lite and CP8 hardware accelerated, 64 GB onboard SSD storage.FortiGate 240D-POEFG-240D-POE42x GE RJ45 ports (including 16x LAN ports, 2x WAN ports, 24x POE ports), 2x GE SFP slots, SPU NP4Lite and CP8 hardware accelerated,64 GB onboard SSD storage.FortiGate 280D-POEFG-280D-POE86x GE RJ45 ports (including 52x LAN ports, 2x WAN ports, 32x PoE ports), 4x GE SFP DMZ ports, SPU NP4Lite and CP8 hardware accelerated,64 GB onboard SSD storage.External redundant AC power supplyFRPS-100External redundant AC power supply for up to 4 units: FG-300C, FG-310B, FS-348B and FS-448B. Up to 2 units: FG-200B, FG-200D, FG-240D and FG-300D,FG-400D, FG-500D, FG-600D, FHV-500D, FDD-200B, FDD-400B, FDD-600B and FDD-800B.Redundant AC power supplyFRPS-740-FGRedundant AC power supply for up to 2 units: FG-240D-POE and FG-280D-POE.Optional AccessoriesEnterprise BundleFortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform. Youcan easily optimize the protection capabilities of your FortiGate with the FortiGuard Enterprise Bundle. This bundlecontains the full set of FortiGuard security services plus FortiCare service and support offering the most flexibilityand broadest range of protection all in one package.GLOBAL HEADQUARTERSFortinet Inc.899 KIFER ROADSunnyvale, CA 94086United StatesTel: 1.408.235.7700www.fortinet.com/salesEMEA SALES OFFICE905 rue Albert Einstein06560 ValbonneFranceTel: 33.4.8987.0500APAC SALES OFFICE300 Beach Road 20-01The ConcourseSingapore 199555Tel: 65.6395.2788LATIN AMERICA SALES OFFICESawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430Sunrise, FL 33323United StatesTel: 1.954.368.9990Copyright 2017 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All otherproduct or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affectperformance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified productwill perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as inFortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuanthereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.FST-PROD-DS-GT2HSFG-200D-DAT-R17-201708

D S FortiGate 200D Series FortiGate 200D, 200D-POE, 240D, 240D-POE and 280D-POE Next Generation Firewall Enterprise Branch Secure SD-WAN The FortiGate 200D series delivers next generation