FortiGate 400D Data Sheet

traffic with ultra-low latency down to 2 microseconds § VPN, CAPWAP and IP tunnel acceleration § Anomaly-based intrusion prevention, checksum offload ...

0 downloads 46 Views 1MB Size
DATA SHEET

FortiGate® 400D Distributed Enterprise Firewall Next Generation Firewall

FortiGate 400D Validated Security

The Fortinet Enterprise Firewall Solution

One Network OS

Performance

The Fortinet Enterprise Firewall Solution delivers end-to-end network security with one platform, one network security operating system and unified policy management with a single pane of glass — for the industry’s best protection against the most advanced security threats and targeted attacks.

Single Pane of Glass

Universal Platform Support

One Enterprise Firewall Solution across the Extended Enterprise The FortiGate family of network appliances represents the industry’s broadest range of enterprise firewall platforms. FortiGate is based on FortiASIC, a purpose-built integrated architecture that provides extremely high throughput and exceptionally low latency, while delivering industry-leading security effectiveness and consolidation which is routinely validated by independent real-world tests. Targeted for enterprises, Targeted for mid-enterprises, the FortiGate 400D contains superior security inspection functionality, deep visibility and high performance.

FortiGate appliances, interconnected with the Fortinet Security Fabric, form the backbone of the Fortinet Enterprise Solution

forti.net/sf

Highlights Firewall

IPS

NGFW

Threat Protection

Interfaces

1.5 Gbps

Multiple GE RJ45, GE SFP and GE RJ45 Management

Enterprise Traffic Mix

FG-400D

Security Fabric Extensions

16 Gbps

2 Gbps

1.7 Gbps

FortiAP

FortiClient

FortiToken

FortiSwitch

FortiSandbox

forti.net/fap

forti.net/fct

forti.net/ftk

forti.net/fsw

forti.net/fsa

DATA SHEET: FortiGate® 400D

HARDWARE FortiGate 400D

FortiGate 400D

CONSOLE

1

MGMT 1

1

MGMT 2

2

3

5

7

9

4

6

8

10

11

13

15

12

14

16

USB

2

3

5

4

6

NP6

CP8

1U

RPS

Interfaces 1. Console Port (RJ45) 2. 2x USB Ports 3. 2x GE RJ45 Management Ports

4. 8x GE SFP Slots 5. 8x GE RJ45 Ports 6. FRPS Connector

Content Processor The FortiASIC CP8 content processor works outside of the direct

Powered by FortiASICs

flow of traffic, providing high-speed cryptography and content inspection services including: §§ Signature-based content inspection acceleration §§ Encryption and decryption offloading

§§ Custom FortiASIC™ processors deliver the power you need to detect malicious content at multi-Gigabit speeds. §§ Other security technologies cannot protect against today’s wide range of content and connection-based threats well because they rely on general-purpose CPUs, causing a dangerous performance gap. §§ FortiASIC processors provide the performance needed to block emerging threats, met rigorous third-party certifications, and ensure that your network security

Network Processor Fortinet’s new, breakthrough FortiASIC NP6 network processor works inline with FortiOS functions delivering: §§ Superior firewall performance for IPv4/IPv6, SCTP and multicast traffic with ultra-low latency down to 2 microseconds §§ VPN, CAPWAP and IP tunnel acceleration §§ Anomaly-based intrusion prevention, checksum offload and packet defragmentation §§ Traffic shaping and priority queuing

solution does not become a network bottleneck.

2

www.fortinet.com

DATA SHEET: FortiGate® 400D

SOFTWARE FortiOS Control all the security and networking capabilities across the entire FortiGate platform with one intuitive operating system. Reduce operating expenses and save time with a truly consolidated next generation security platform.

§§ A truly consolidated platform with one OS for all security and networking services for all FortiGate platforms. §§ Industry-leading protection: NSS Labs Recommended, VB100, AV Comparatives and ICSA validated security and performance. §§ Control thousands of applications, block the latest exploits, and filter web traffic based on millions of real-time URL ratings. §§ Detect, contain and block advanced attacks automatically in minutes with integrated advanced threat protection framework. §§ Solve your networking needs with extensive routing, switching, WiFi, LAN and WAN capabilities. §§ Activate all the ASIC-boosted capabilities you need on the fastest firewall platform available.

For more information, please refer to the FortiOS data sheet available at www.fortinet.com

SERVICES FortiGuard™ Security Services

FortiCare™ Support Services

FortiGuard Labs offers real-time intelligence on the threat

Our FortiCare customer support team provides global technical

landscape, delivering comprehensive security updates across

support for all Fortinet products. With support staff in the Americas,

the full range of Fortinet’s solutions. Comprised of security

Europe, Middle East and Asia, FortiCare offers services to meet the

threat researchers, engineers, and forensic specialists, the

needs of enterprises of all sizes:

team collaborates with the world’s leading threat monitoring

§§ Enhanced Support — For customers who need support

organizations, other network and security vendors, as well as law enforcement agencies:

during local business hours only. §§ Comprehensive Support — For customers who need around-

§§ Real-time Updates — 24x7x365 Global Operations research security intelligence, distributed via Fortinet Distributed Network to all Fortinet platforms. §§ Security Research — FortiGuard Labs have discovered over

the-clock mission critical support, including advanced exchange hardware replacement. §§ Advanced Services — For global or regional customers who need an assigned Technical Account Manager, enhanced

170 unique zero-day vulnerabilities to date, totaling millions of

service level agreements, extended software support, priority

automated signature updates monthly.

escalation, on-site visits and more.

§§ Validated Security Intelligence — Based on FortiGuard

§§ Professional Services — For customers with more complex

intelligence, Fortinet’s network security platform is tested and

security implementations that require architecture and design

validated by the world’s leading third-party testing labs and

services, implementation and deployment services, operational

customers globally.

services and more.

Enterprise Bundle FortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform. You can easily optimize the protection capabilities of your FortiGate with the FortiGuard Enterprise Bundle. This bundle contains the full set of FortiGuard security services plus FortiCare service and support offering the most flexibility and broadest range of protection all in one package.

3

DATA SHEET: FortiGate® 400D

SPECIFICATIONS FORTIGATE 400D

FORTIGATE 400D Dimensions and Power

Interfaces and Modules GE RJ45 Interfaces

8

Height x Width x Length (inches)

1.73 x 17 x 12.68

GE SFP Slots

8

Height x Width x Length (mm)

44 x 432 x 322

GE RJ45 Management Ports

2

Weight

10.5 lbs (4.8 kg)

USB (Client / Server)

1/2

Form Factor

1 RU

RJ45 Console Port

1

Power Consumption (Average / Maximum)

113 W / 202 W

Local Storage

N/A

Power Source

100–240V AC, 60–50 Hz

Included Transceivers

2x SFP (SX 1 GE)

Current (Maximum)

110V/4A, 220V/2A

Heat Dissipation

690 BTU/h

System Performance and Capacity IPv4 Firewall Throughput (1518 / 512 / 64 byte, UDP)

16 / 16 / 16 Gbps

Operating Environment and Certifications

Firewall Latency (64 byte, UDP)

3 μs

Operating Temperature

32–104°F (0–40°C)

Firewall Throughput (Packet per Second)

24 Mpps

Storage Temperature

31–158°F (-35–70°C)

Concurrent Sessions (TCP)

5.5 Million

Humidity

20–90% non-condensing

New Sessions/Second (TCP)

200,000

Operating Altitude

Up to 7,400 ft (2,250 m)

Firewall Policies

10,000

Compliance

IPsec VPN Throughput (512 byte)

14 Gbps

FCC Part 15 Class A, C-Tick, VCCI, CE, UL/ cUL, CB

Gateway-to-Gateway IPsec VPN Tunnels

2,000

Certifications

Client-to-Gateway IPsec VPN Tunnels

10,000

ICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN; USGv6/IPv6

SSL-VPN Throughput

350 Mbps

Note: All performance values are “up to” and vary depending on system configuration. IPsec VPN performance is based on 512 byte UDP packets using AES-256+SHA1. 1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix. 2. SSL Inspection is measured with IPS enabled and HTTP traffic, using TLS v1.2 with AES256-SHA. 3. Application Control performance is measured with 64 Kbytes HTTP traffic. 4. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix. 5. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix. 6. CAPWAP performance is based on 1444 byte UDP packets.

Concurrent SSL-VPN Users (Recommended Maximum)

500

IPS Throughput (HTTP / Enterprise Mix) 1

2.8 / 2 Gbps

SSL Inspection Throughput 2

1.9 Gbps

Application Control Throughput 3

2.5 Gbps

NGFW Throughput 4

1.7 Gbps

Threat Protection Throughput 5

1.5 Gbps

CAPWAP Throughput 6

6 Gbps

Virtual Domains (Default / Maximum)

10 / 10

Maximum Number of FortiAPs (Total / Tunnel)

512 / 256

Maximum Number of FortiTokens

1,000

Maximum Number of Registered Endpoints

600

High Availability Configurations

Active-Active, Active-Passive, Clustering

For complete, up-to-date and detailed feature set, please refer to the Administration Handbook and FortiOS Datasheet.

ORDER INFORMATION Product

SKU

Description

FortiGate 400D

FG-400D

10x GE RJ45 ports, 8x GE SFP slots, FortiASIC NP6 and CP8 hardware accelerated.

FRPS-100

External redundant AC power supply for up to 4 units: FG-300C, FG-310B, FS-348B and FS-448B. Up to 2 units: FG-200B, FG-200D, FG-240D and FG-300D, FG-400D, FG-500D, FG-600D, FHV-500D, FDD-200B, FDD-400B, FDD-600B and FDD-800B

Optional Accessories External Redundant AC Power Supply 1 GE SFP LX Transceiver Module

FG-TRAN-LX

1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots.

1 GE SFP RJ45 Transceiver Module

FG-TRAN-GC

1 GE SFP RJ45 transceiver module for all systems with SFP and SFP/SFP+slots..

1 GE SFP SX Transceiver Module

FG-TRAN-SX

1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots.

GLOBAL HEADQUARTERS Fortinet Inc. 899 Kifer Road Sunnyvale, CA 94086 United States Tel: +1.408.235.7700 www.fortinet.com/sales

EMEA SALES OFFICE 905 rue Albert Einstein Valbonne 06560 Alpes-Maritimes, France Tel: +33.4.8987.0500

APAC SALES OFFICE 300 Beach Road 20-01 The Concourse Singapore 199555 Tel: +65.6395.2788

LATIN AMERICA SALES OFFICE Sawgrass Lakes Center 13450 W. Sunrise Blvd., Suite 430 Sunrise, FL 33323 United States Tel: +1.954.368.9990

Copyright© 2016 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary and may be significantly less effective than the metrics stated herein. Network variables, different network environments and other conditions may negatively affect performance results and other metrics stated herein. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet and any such commitment shall be limited by the disclaimers in this paragraph and other limitations in the written contract. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests, and in no event will Fortinet be responsible for events or issues that are outside of its reasonable control. Notwithstanding anything to the contrary, Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. FST-PROD-DS-GT4H FG-400D-DAT-R4-201604