FortiGate® 400D Distributed Enterprise Firewall Next Generation Firewall
FortiGate 400D Validated Security
The Fortinet Enterprise Firewall Solution
One Network OS
The Fortinet Enterprise Firewall Solution delivers end-to-end network security with one platform, one network security operating system and unified policy management with a single pane of glass — for the industry’s best protection against the most advanced security threats and targeted attacks.
Single Pane of Glass
Universal Platform Support
One Enterprise Firewall Solution across the Extended Enterprise The FortiGate family of network appliances represents the industry’s broadest range of enterprise firewall platforms. FortiGate is based on FortiASIC, a purpose-built integrated architecture that provides extremely high throughput and exceptionally low latency, while delivering industry-leading security effectiveness and consolidation which is routinely validated by independent real-world tests. Targeted for enterprises, Targeted for mid-enterprises, the FortiGate 400D contains superior security inspection functionality, deep visibility and high performance.
FortiGate appliances, interconnected with the Fortinet Security Fabric, form the backbone of the Fortinet Enterprise Solution
Multiple GE RJ45, GE SFP and GE RJ45 Management
Enterprise Traffic Mix
Security Fabric Extensions
DATA SHEET: FortiGate® 400D
HARDWARE FortiGate 400D
Interfaces 1. Console Port (RJ45) 2. 2x USB Ports 3. 2x GE RJ45 Management Ports
4. 8x GE SFP Slots 5. 8x GE RJ45 Ports 6. FRPS Connector
Content Processor The FortiASIC CP8 content processor works outside of the direct
Powered by FortiASICs
flow of traffic, providing high-speed cryptography and content inspection services including: §§ Signature-based content inspection acceleration §§ Encryption and decryption offloading
§§ Custom FortiASIC™ processors deliver the power you need to detect malicious content at multi-Gigabit speeds. §§ Other security technologies cannot protect against today’s wide range of content and connection-based threats well because they rely on general-purpose CPUs, causing a dangerous performance gap. §§ FortiASIC processors provide the performance needed to block emerging threats, met rigorous third-party certifications, and ensure that your network security
Network Processor Fortinet’s new, breakthrough FortiASIC NP6 network processor works inline with FortiOS functions delivering: §§ Superior firewall performance for IPv4/IPv6, SCTP and multicast traffic with ultra-low latency down to 2 microseconds §§ VPN, CAPWAP and IP tunnel acceleration §§ Anomaly-based intrusion prevention, checksum offload and packet defragmentation §§ Traffic shaping and priority queuing
solution does not become a network bottleneck.
DATA SHEET: FortiGate® 400D
SOFTWARE FortiOS Control all the security and networking capabilities across the entire FortiGate platform with one intuitive operating system. Reduce operating expenses and save time with a truly consolidated next generation security platform.
§§ A truly consolidated platform with one OS for all security and networking services for all FortiGate platforms. §§ Industry-leading protection: NSS Labs Recommended, VB100, AV Comparatives and ICSA validated security and performance. §§ Control thousands of applications, block the latest exploits, and filter web traffic based on millions of real-time URL ratings. §§ Detect, contain and block advanced attacks automatically in minutes with integrated advanced threat protection framework. §§ Solve your networking needs with extensive routing, switching, WiFi, LAN and WAN capabilities. §§ Activate all the ASIC-boosted capabilities you need on the fastest firewall platform available.
For more information, please refer to the FortiOS data sheet available at www.fortinet.com
SERVICES FortiGuard™ Security Services
FortiCare™ Support Services
FortiGuard Labs offers real-time intelligence on the threat
Our FortiCare customer support team provides global technical
landscape, delivering comprehensive security updates across
support for all Fortinet products. With support staff in the Americas,
the full range of Fortinet’s solutions. Comprised of security
Europe, Middle East and Asia, FortiCare offers services to meet the
threat researchers, engineers, and forensic specialists, the
needs of enterprises of all sizes:
team collaborates with the world’s leading threat monitoring
§§ Enhanced Support — For customers who need support
organizations, other network and security vendors, as well as law enforcement agencies:
during local business hours only. §§ Comprehensive Support — For customers who need around-
§§ Real-time Updates — 24x7x365 Global Operations research security intelligence, distributed via Fortinet Distributed Network to all Fortinet platforms. §§ Security Research — FortiGuard Labs have discovered over
the-clock mission critical support, including advanced exchange hardware replacement. §§ Advanced Services — For global or regional customers who need an assigned Technical Account Manager, enhanced
170 unique zero-day vulnerabilities to date, totaling millions of
service level agreements, extended software support, priority
automated signature updates monthly.
escalation, on-site visits and more.
§§ Validated Security Intelligence — Based on FortiGuard
§§ Professional Services — For customers with more complex
intelligence, Fortinet’s network security platform is tested and
security implementations that require architecture and design
validated by the world’s leading third-party testing labs and
services, implementation and deployment services, operational
services and more.
Enterprise Bundle FortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform. You can easily optimize the protection capabilities of your FortiGate with the FortiGuard Enterprise Bundle. This bundle contains the full set of FortiGuard security services plus FortiCare service and support offering the most flexibility and broadest range of protection all in one package.
DATA SHEET: FortiGate® 400D
SPECIFICATIONS FORTIGATE 400D
FORTIGATE 400D Dimensions and Power
Interfaces and Modules GE RJ45 Interfaces
Height x Width x Length (inches)
1.73 x 17 x 12.68
GE SFP Slots
Height x Width x Length (mm)
44 x 432 x 322
GE RJ45 Management Ports
10.5 lbs (4.8 kg)
USB (Client / Server)
RJ45 Console Port
Power Consumption (Average / Maximum)
113 W / 202 W
100–240V AC, 60–50 Hz
2x SFP (SX 1 GE)
System Performance and Capacity IPv4 Firewall Throughput (1518 / 512 / 64 byte, UDP)
16 / 16 / 16 Gbps
Operating Environment and Certifications
Firewall Latency (64 byte, UDP)
Firewall Throughput (Packet per Second)
Concurrent Sessions (TCP)
New Sessions/Second (TCP)
Up to 7,400 ft (2,250 m)
IPsec VPN Throughput (512 byte)
FCC Part 15 Class A, C-Tick, VCCI, CE, UL/ cUL, CB
Gateway-to-Gateway IPsec VPN Tunnels
Client-to-Gateway IPsec VPN Tunnels
ICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN; USGv6/IPv6
Note: All performance values are “up to” and vary depending on system configuration. IPsec VPN performance is based on 512 byte UDP packets using AES-256+SHA1. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. SSL Inspection is measured with IPS enabled and HTTP traffic, using TLS v1.2 with AES256-SHA. 3. Application Control performance is measured with 64 Kbytes HTTP traffic. 4. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 5. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix. 6. CAPWAP performance is based on 1444 byte UDP packets.
Concurrent SSL-VPN Users (Recommended Maximum)
IPS Throughput (HTTP / Enterprise Mix) 1
2.8 / 2 Gbps
SSL Inspection Throughput 2
Application Control Throughput 3
NGFW Throughput 4
Threat Protection Throughput 5
CAPWAP Throughput 6
Virtual Domains (Default / Maximum)
10 / 10
Maximum Number of FortiAPs (Total / Tunnel)
512 / 256
Maximum Number of FortiTokens
Maximum Number of Registered Endpoints
High Availability Configurations
Active-Active, Active-Passive, Clustering
For complete, up-to-date and detailed feature set, please refer to the Administration Handbook and FortiOS Datasheet.
ORDER INFORMATION Product
10x GE RJ45 ports, 8x GE SFP slots, FortiASIC NP6 and CP8 hardware accelerated.
External redundant AC power supply for up to 4 units: FG-300C, FG-310B, FS-348B and FS-448B. Up to 2 units: FG-200B, FG-200D, FG-240D and FG-300D, FG-400D, FG-500D, FG-600D, FHV-500D, FDD-200B, FDD-400B, FDD-600B and FDD-800B
Optional Accessories External Redundant AC Power Supply 1 GE SFP LX Transceiver Module
1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots.
1 GE SFP RJ45 Transceiver Module
1 GE SFP RJ45 transceiver module for all systems with SFP and SFP/SFP+slots..
1 GE SFP SX Transceiver Module
1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots.
GLOBAL HEADQUARTERS Fortinet Inc. 899 Kifer Road Sunnyvale, CA 94086 United States Tel: +1.408.235.7700 www.fortinet.com/sales
EMEA SALES OFFICE 905 rue Albert Einstein Valbonne 06560 Alpes-Maritimes, France Tel: +33.4.8987.0500
APAC SALES OFFICE 300 Beach Road 20-01 The Concourse Singapore 199555 Tel: +65.6395.2788
LATIN AMERICA SALES OFFICE Sawgrass Lakes Center 13450 W. Sunrise Blvd., Suite 430 Sunrise, FL 33323 United States Tel: +1.954.368.9990
Copyright© 2016 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary and may be significantly less effective than the metrics stated herein. Network variables, different network environments and other conditions may negatively affect performance results and other metrics stated herein. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet and any such commitment shall be limited by the disclaimers in this paragraph and other limitations in the written contract. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests, and in no event will Fortinet be responsible for events or issues that are outside of its reasonable control. Notwithstanding anything to the contrary, Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. FST-PROD-DS-GT4H FG-400D-DAT-R4-201604