FortiGate-VM on VMware ESXi Datasheet

1 1 FortiGate -VM on VMware ESXiThe FortiGate-VM on VMware ESXi delivers next generation firewall capabilities for organizations of all sizes. It protects against cyber threats with high performance, security efficacy, and deep nIdentifies thousands of applications inside network traffic for deep inspection and granular policy enforcement nProtects against malware, exploits, and malicious websites in both encrypted and non-encrypted traffic nPrevent and detect against known and unknown attacks using continuous threat intelligence from AI-powered FortiGuard Labs security servicesPerformance nDelivers industry s best threat protection performance and ultra-low latency using purpose-built security processor (SPU) technology with DPDK+vNP offloading and SR-IOV technologies nProvides industry-leading performance and protection for SSL encrypted trafficCertification nIndependently tested and validated for best-in-class security effectiveness and performance nReceived unparalleled third-party certifications from NSS LabsNetworking nDelivers advanced networking capabilities that seamlessly integrate with advanced layer 7 security and virtual domains (VDOMs) to offer extensive deployment flexibility, multitenancy, and effective utilization of resources (only BYOL supports VDOM)

2 NDelivers high-density, flexible combination of various high-speed interfaces to enable best TCO for customers for data center and WAN deploymentsManagement nIncludes a management console that is effective, simple to use, and provides comprehensive network automation and visibility nProvides Zero Touch Integration with Fortinet s Security Fabric s single pane of glass management nPredefined compliance checklist analyzes the deployment and highlights best practices to improve overall security posture Security Fabric nEnables Fortinet and Fabric-ready partners products to provide broader visibility, integrated end-to-end detection, threat intelligence sharing, and automated remediation nOut-of-the-box integration and orchestration with leading SDN platformsFortinet s comprehensive security virtual appliance lineup supports VMware ESXiFortiManagerFortiAnalyzerFortiAuthen ticatorFortiSIEMF ortiWebFortiMailFortiSandboxNext Generation FirewallDATA SHEET2 DATA SHEET | FortiGate -VM on VMware ESXiDEPLOYMENT Next Generation Firewall (NGFW)

3 Reduce complexity by combining threat protection security capabilities into single high-performance network security appliances Identify and stop threats with powerful intrusion prevention beyond port and protocol that examines the actual applications in your network traffic Delivers the industry s highest SSL inspection performance using industry-mandated ciphers while maximizing ROI Proactively blocks newly discovered sophisticated attacks in real-time with advanced threat protectionGain comprehensive visibility and apply consistent controlTECHNOLOGIESSR-IOV (Single Root I/O Virtualization)In enabling SR-IOV on the KVM host, you can partition a single physical network controller into multiple virtual interfaces (called virtual functions (VFs)), consisting of an ESXi virtual network pool of adapters, which can be used by local host processors or directly by VMs like the FortiGate-VM . The VM then talks directly to the network adapters through Direct Memory Access (DMA) by bypassing virtualization transports, which improves north-south network Plane Development Kit (DPDK) and vNP OffloadingDPDK and vNP enhance FortiGate-VM performance by offloading part of packet processing to userspace while bypassing kernel within the operating system.

4 You must enable and configure the capability with FortiGate CLI SHEET | FortiGate -VM on VMware ESXiFORTINET SECURITY FABRICF ortiOS Operating SystemFortiOS, Fortinet s leading operating system, enables the convergence of high performing networking and security across the Fortinet Security Fabric delivering consistent and context-aware security posture across the network, endpoints, and clouds. The organically built best of breed capabilities and unified approach allow organizations to run their businesses without compromising performance or protection, supports seamless scalability, and simplifies innovation release of FortiOS 7 dramatically expands the Fortinet Security Fabric s ability to deliver consistent security across hybrid deployment models consisting on appliances, software and As-a-Service with SASE, ZTNA and other emerging cybersecurity FabricThe industry s highest-performing cybersecurity platform, powered by FortiOS, with a rich ecosystem designed to span the extended digital attack surface, delivering fully automated, self-healing network security.

5 Broad: Coordinated detection and enforcement across the entire digital attack surface and lifecycle with converged networking and security across edges, clouds, endpoints, and users integrated : integrated and unified security, operation, and performance across different technologies, location, deployment options, and the richest ecosystem Automated: Context-aware self-healing network and security posture leveraging cloud-scale and advanced AI to automatically deliver near-real-time, user-to-application coordinated protection across the Fabric The Fabric empowers organizations of any size to secure and simplify their hybrid infrastructure on the journey to digital Security ServicesFortiGuard Labs offers real-time intelligence on the threat landscape, delivering comprehensive security updates across the full range of Fortinet s solutions. Comprised of security threat researchers, engineers, and forensic specialists, the team collaborates with the world s leading threat monitoring organizations and other network and security vendors, as well as law enforcement SecurityOperationsAdaptive Cloud SecuritySecurity-DrivenNetworkingZero TrustAccessFortiGuardThreat IntelligenceFORTIOSSOCNOCF ortiCare ServicesFortinet is dedicated to helping our customers succeed, and every year FortiCare services help thousands of organizations get the most from their Fortinet Security Fabric solution.

6 We have more than 1,000 experts to help accelerate technology implementation, provide reliable assistance through advanced support, and offer proactive care to maximize security and performance of Fortinet SHEET | FortiGate -VM on VMware ESXiSPECIFICATIONSFORTIGATE-VM01/01V/01 SFORTIGATE-VM02/02V/02 STechnical SpecificationsvCPU Support (Minimum / Maximum)1 / 11 / 2 Memory Support (Minimum)2 GB2 GBNetwork Interface Support (Minimum / Maximum) 11 / 101 / 10 Storage Support (Minimum / Maximum)32 GB / 2 TB32 GB / 2 TBWireless Access Points Controlled (Tunnel / Global)32 / 64512 / 1024 Virtual Domains (Default / Maximum) 210 / 1010 / 25 Firewall Policies10 00010 000 Maximum Number of Registered Endpoints2 0002 000 Unlimited User LicenseYesYesSystem PerformanceParavirtualizedSR-IOV/vSPU-of fSR-IOV/vSPU-onParavirtualizedSR-IOV/vSP U-offSR-IOV/vSPU-onFirewall Throughput (UDP Packets, 1518 Byte) Gbps38 GbpsNew Sessions / Second (TCP)110K110KN/A160K160K160 KIPsec VPN Throughput (AES256+SHA1, UDP Packets, 1360 Byte) GbpsN/AGateway-to-Gateway IPsec VPN Tunnels2K2KN/A2K2K2 KClient-to-Gateway IPsec VPN Tunnels10K10KN/A32K32K32 KSSL VPN GbpsN/AConcurrent SSL VPN Users (Recommended Maximum)10K10KN/A24K24K24 KIPS Throughput (Enterprise Mix) Gbps3 GbpsIPS Throughput (HTTP 1M) GbpsApplication Control Throughput (HTTP 64K) Gbps3 GbpsNGFW Throughput (Enterprise Mix) GbpsThreat Protection Throughput (Enterprise Mix) GbpsNote.

7 All performance values are up to and vary depending on system performance may vary depending on the network and system configuration. Note that these metrics are updated periodically as the product performance keeps improving through internal testing. The discrepancy in the performance numbers may be noted in different versions of the document so ensure that you refer to the latest metrics were observed using DELL R740 (CPU Intel Xeon Platinum 8168 @ GHz, 96 cores, Intel X710 network adapters). Tested with FortiOS running on VMware vSphere ESXi Update refers to the combination of FortiOS vNP and DPDK libraries in the FortiGate-VM . vNP is the software emulation of a subset of Fortinet s Network Processor (NP).VMXNET3 was used as the paravirtualized Applicable to +. The actual working number of consumable network interfaces varies depending on VMware ESXi instance types/sizes and may be FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default.

8 You can add it by applying separate VDOM addition perpetual licenses. See ORDER INFORMATION for VDOM SKUs. 3. IPS performance is measured using Enterprise Traffic Mix and 1 Mbyte HTTP. 4. Application Control performance is measured with 64 Kbyte HTTP NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic SHEET | FortiGate -VM on VMware ESXiFORTIGATE-VM04/04V/04 SFORTIGATE-VM08/08V/08 STechnical SpecificationsvCPU Support (Minimum / Maximum)1 / 41 / 8 Memory Support (Minimum)2 GB2 GBNetwork Interface Support (Minimum / Maximum) 11 / 101 / 10 Storage Support (Minimum / Maximum)32 GB / 2 TB32 GB / 2 TBWireless Access Points Controlled (Tunnel / Global)512 / 10241024 / 4096 Virtual Domains (Default / Maximum) 210 / 5010 / 500 Firewall Policies10 000200 000 Maximum Number of Registered Endpoints800020 000 Unlimited User LicenseYesYesSystem PerformanceParavirtualizedSR-IOV/vSPU-of fSR-IOV/vSPU-onParavirtualizedSR-IOV/vSP U-offSR-IOV/vSPU-onFirewall Throughput (UDP Packets, 1518 Byte)20 Gbps67 GbpsNew Sessions / Second (TCP)270K270K270K450K450K450 KIPsec VPN Throughput (AES256+SHA1, UDP Packets, 1360 Byte) GbpsN/AGateway-to-Gateway IPsec VPN Tunnels2K2K2K40K40K40 KClient-to-Gateway IPsec VPN Tunnels40K40K40K50K50K50 KSSL VPN GbpsN/AConcurrent SSL VPN Users (Recommended Maximum)35K35K35K75K75K75 KIPS Throughput (Enterprise Mix) GbpsIPS Throughput (HTTP 1M)3 GbpsApplication Control Throughput (HTTP 64K) 46 GbpsNGFW Throughput (Enterprise Mix) GbpsThreat Protection Throughput (Enterprise Mix) 64 Gbps8 GbpsNote.

9 All performance values are up to and vary depending on system performance may vary depending on the network and system configuration. Note that these metrics are updated periodically as the product performance keeps improving through internal testing. The discrepancy in the performance numbers may be noted in different versions of the document so ensure that you refer to the latest metrics were observed using DELL R740 (CPU Intel Xeon Platinum 8168 @ GHz, 96 cores, Intel X710 network adapters). Tested with FortiOS running on VMware vSphere ESXi Update refers to the combination of FortiOS vNP and DPDK libraries in the FortiGate-VM . vNP is the software emulation of a subset of Fortinet s Network Processor (NP).VMXNET3 was used as the paravirtualized Applicable to +. The actual working number of consumable network interfaces varies depending on VMware ESXi instance types/sizes and may be FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default.

10 You can add it by applying separate VDOM addition perpetual licenses. See ORDER INFORMATION for VDOM SKUs. 3. IPS performance is measured using Enterprise Traffic Mix and 1 Mbyte HTTP. 4. Application Control performance is measured with 64 Kbyte HTTP NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic SHEET | FortiGate -VM on VMware ESXiSPECIFICATIONSFor the sizing guide, please refer to the sizing document available on SpecificationsvCPU Support (Minimum / Maximum)1 / 161 / 32 Memory Support (Minimum)2 GB2 GBNetwork Interface Support (Minimum / Maximum) 11 / 101 / 10 Storage Support (Minimum / Maximum)32 GB / 2 TB32 GB / 2 TBWireless Access Points Controlled (Tunnel / Global)1024 / 40961024 / 4096 Virtual Domains (Default / Maximum) 210 / 50010 / 500 Firewall Policies200 000200 000 Maximum Number of Registered Endpoints20 00020 000 Unlimited User LicenseYesYesSystem PerformanceParavirtualizedSR-IOV/vSPU-of fSR-IOV/vSPU-onParavirtualizedSR-IOV/vSP U-offSR-IOV/vSPU-onFirewall Throughput (UDP Packets, 1518 Byte) Gbps30 Gbps75 GbpsNew Sessions / Second (TCP)660K660K660K850K850K850 KIPsec VPN Throughput (AES256+SHA1, UDP Packets, 1360 Byte) GbpsGateway-to-Gateway IPsec VPN Tunnels40K40K40K40K40K40 KClient-to-Gateway IPsec VPN Tunnels50K50K50K50K50K50 KSSL VPN Gbps10 GbpsN/AConcurrent SSL VPN Users (Recommended Maximum)150K150K150K320K320K320 KIPS Throughput (Enterprise Mix) GbpsIPS Throughput (HTTP 1M) GbpsApplication Control Throughput (HTTP 64K) 416 Gbps19 GbpsNGFW Throughput (Enterprise Mix) 512 GbpsThreat Protection Throughput (Enterprise Mix) Gbps14 GbpsNote.