Overview:
Enterprises require a high-speed, high-capacity firewall to stay ahead of ever-increasing network performance requirements as well as continued evolution of the threat landscape, at datacenter and campus locations.
Eliminate Security Bottlenecks
With 52 Gbps of firewall throughput and low latency, the FortiGate 1000D represents an excellent entry model for small data centers and delivers a high performance, high capacity data center firewall. IPv6 parity, 10 GE ports and dramatic increases in VPN performance enable you to keep pace with your evolving network.
Deeper Visibility
At the same time, 8 Gbps of next generation threat prevention performance allows you to run top rated intrusion prevention, application control and antimalware capabilities for deeper inspection of content, applications, user and device activity. Rich console views and reports together with a flexible policy engine provide the visibility and control to empower employees yet secure your enterprise.
Breakthrough Performance
This breakthrough performance — including 10x data center and 5x next generation performance — is made possible by custom hardware, including the latest FortiASIC™ NP6 and CP8 processors, as well as the consolidated security features of the FortiOS network security platform.
High Performance, Reliability and Security
- 10x data center and 5x next generation performance
- Top rated security capabilities
- Flexible firewall personalities for core or edge deployment
- Low latency and IPv6 parity
- Option to add Advanced Threat Protection, Strong Authentication and more
Superior firewall throughput, ultralow latency |
10x data center firewall performance eliminates performance bottlenecks |
Impressive throughput |
5x next generation performance enables multi-function inspection on one appliance |
Custom FortiASIC NP6 and CP8 processors |
The latest in purpose-built processors enable best-in-class performance and superior cost per gigabit protected |
High speed, high density ports |
2x 10 GE and 32x GE ports support evolving network requirements and avoid security bottlenecks |
Top rated security technologies |
Increases protection from advanced threats |
Hardware:
FortiGate 1000D
Interfaces
- USB Management Port
- USB Port
- Console Port
- 2x GE RJ45 Management Ports
- 16x GE SFP Slots
- 16x GE RJ45 Ports
- 2x 10 GE SFP+ Slots
NP Direct
By removing the Internal Switch Fabric, the NP Direct architecture provides direct access to the SPU-NP for the lowest latency forwarding. NGFW deployments require some attention to network design to ensure optimal use of this technology.
Powered by SPU
- Custom SPU processors deliver the power you need to detect malicious content at multi-Gigabit speeds
- Other security technologies cannot protect against today’s wide range of content- and connection-based threats because they rely on general-purpose CPUs, causing a dangerous performance gap
- SPU processors provide the performance needed to block emerging threats, meet rigorous third-party certifications, and ensure that your network security solution does not become a network bottleneck
Network Processor
Fortinet’s new, breakthrough SPU NP6 network processor works inline with FortiOS functions delivering:
- Superior firewall performance for IPv4/IPv6, SCTP and multicast traffic with ultra-low latency down to 2 microseconds
- VPN, CAPWAP and IP tunnel acceleration
- Anomaly-based intrusion prevention, checksum offload and packet defragmentation
- Traffic shaping and priority queuing
Content Processor
The SPU CP8 content processor works outside of the direct flow of traffic, providing high-speed cryptography and content inspection services including:
- Signature-based content inspection acceleration
- Encryption and decryption offloading
10 GE Connectivity
High speed connectivity is essential for network security segmentation. The FortiGate 1000D provides 10 GE slots that simplify network designs without relying on additional devices to bridge desired connectivity
Software:
FortiOS
Control all the security and networking capabilities across the entire FortiGate platform with one intuitive operating system. Reduce operating expenses and save time with a truly consolidated next generation security platform.
- A truly consolidated platform with one OS for all security and networking services for all FortiGate platforms.
- Industry-leading protection: NSS Labs Recommended, VB100, AV Comparatives and ICSA validated security and performance.
- Control thousands of applications, block the latest exploits, and filter web traffic based on millions of real-time URL ratings.
- Detect, contain and block advanced attacks automatically in minutes with integrated advanced threat protection framework.
- Solve your networking needs with extensive routing, switching, WiFi, LAN and WAN capabilities.
- Activate all the ASIC-boosted capabilities you need on the fastest firewall platform available.
Services:
FortiGuard Security Services
FortiGuard Labs offers real-time intelligence on the threat landscape, delivering comprehensive security updates across the full range of Fortinet’s solutions. Comprised of security threat researchers, engineers, and forensic specialists, the team collaborates with the world’s leading threat monitoring organizations, other network and security vendors, as well as law enforcement agencies:
- Real-time Updates — 24x7x365 Global Operations research security intelligence, distributed via Fortinet Distributed Network to all Fortinet platforms.
- Security Research — FortiGuard Labs have discovered over 170 unique zero-day vulnerabilities to date, totaling millions of automated signature updates monthly
- Validated Security Intelligence — Based on FortiGuard intelligence, Fortinet’s network security platform is tested and validated by the world’s leading third-party testing labs and customers globally.
FortiCare Support Services
Our FortiCare customer support team provides global technical support for all Fortinet products. With support staff in the Americas, Europe, Middle East and Asia, FortiCare offers services to meet the needs of enterprises of all sizes:
- Enhanced Support — For customers who need support during local business hours only.
- Comprehensive Support — For customers who need around- the-clock mission critical support, including advanced exchange hardware replacement.
- Advanced Services — For global or regional customers who need an assigned Technical Account Manager, enhanced service level agreements, extended software support, priority escalation, on-site visits and more.
- Professional Services — For customers with more complex security implementations that require architecture and design services, implementation and deployment services, operational services and more.
Enterprise Bundle
FortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform. You can easily optimize the protection capabilities of your FortiGate with the FortiGuard Enterprise Bundle. This bundle contains the full set of FortiGuard security services plus FortiCare service and support offering the most flexibility and broadest range of protection all in one package.
Deployment:
FortiGate deployed as data center core firewall
Data Center Core Firewall
Organizations deploying the NP (Network Processor) 6 powered FortiGate 1000 Series firewalls at their data center will enjoy superior protection and performance with industryleading, high capacity firewall technologies that deliver exceptional throughput and ultra-low latency, enabling the security, flexibility, scalability and manageability expected on a core platform. These firewalls come with numerous high-speed 40 GE and 10 GE interfaces which are ideal for segmenting network physically. Running on the latest FortiOS, these platform are virtualization and cloud-ready. They support next-generation data center architectures, multi-tenant requirements, provide APIs for rapid orchestration and easy integration with third-party ecosystems.
Mid-Enterprise Edge Firewall
Fortinet’s FortiGate 1000 Series firewalls are perfect for growing large enterprises with their agile and high performance network security capabilities. These FortiGates not only deliver protection exceeding expectations, they are suitable for consolidating other security components. This allows organizations to significantly reduce TCOs and simplifies the network. Unlike other NGFWs (Next Generation Firewalls), the FortiGates are powered by FortiASICs which provide security without compromises performance. They run on the World’s most advanced security operating systems that meet each organizations unique requirements. Advanced features such as integrated endpoint control and token server helps organizations to rapidly deploy enhanced security to their mobile workforce while device-based policies aid to implement BYOD securely. FortiGate deployed as data center core firewall FortiGate deployed.
FortiGate deployed as mid-enterprise edge firewall
Specifications:
FortiGate 1000D Specifications |
Hardware Accelerated GE/10 GE SFP/SFP+ Slots |
2 |
Hardware Accelerated GE SFP Slots |
16 |
Hardware Accelerated GE RJ45 Ports |
16 |
GE RJ45 Management / HA Ports |
2 |
USB Ports (Client / Server) |
1 / 2 |
Console Port |
1 |
Onboard Storage |
256 GB |
Included Transceivers |
0 |
IPv4 Firewall Throughput (1518 / 512 / 64 byte, UDP) |
52 / 52 / 33 Gbps |
IPv6 Firewall Throughput (1518 / 512 / 86 byte, UDP) |
52 / 52 / 33 Gbps |
Firewall Latency (64 byte, UDP) |
3 μs |
Firewall Throughput (Packet per Second) |
49.5 Mpps |
Concurrent Sessions (TCP) |
11 Mil |
New Sessions per Second (TCP) |
280,000 |
Firewall Policies |
100,000 |
IPsec VPN Throughput (512 byte) |
25 Gbps |
Gateway-to-Gateway IPsec VPN Tunnels |
20,000 |
Client-to-Gateway IPsec VPN Tunnels |
50,000 |
SSL-VPN Throughput |
3.6 Gbps |
Concurrent SSL-VPN Users (Recommended Maximum) |
10,000 |
IPS Throughput (HTTP / Enterprise Mix) 1 |
8 / 4.2 Gbps |
SSL Inspection Throughput 2 |
4 Gbps |
Application Control Throughput 3 |
8 Gbps |
NGFW Throughput 4 |
5 Gbps |
Threat Protection Throughput 5 |
3 Gbps |
CAPWAP Throughput 6 |
11 Gbps |
Virtual Domains (Default / Maximum) |
10 / 250 |
Maximum Number of FortiAPs (Total / Tunnel) |
4,096 / 1,024 |
Maximum Number of FortiTokens |
5,000 |
Maximum Number of Registered Endpoints |
8,000 |
High Availability Configurations |
Active-Active, Active-Passive, Clustering |
Height x Width x Length (inches) |
3.48 x 17.20 x 17.95 |
Height x Width x Length (mm) |
88.5 x 437 x 456 |
Weight |
24.70 lbs (11.20 kg) |
Form Factor |
Rack Mount, 2 RU |
AC Power Supply |
100–240V AC, 50–60 Hz |
Power Consumption (Average / Maximum) |
153 W / 220.8 W |
Current (Maximum) |
100V / 5A, 240V / 3A |
Heat Dissipation |
753.40 BTU/h |
Redundant Power Supplies |
Yes, Hot swappable |
Operating Temperature |
32–104°F (0–40°C) |
Storage Temperature |
-31–158°F (-35–70°C) |
Humidity |
20–90% non-condensing |
Operating Altitude |
Up to 7,400 ft (2,250 m) |
Compliance |
FCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CB |
Certifications |
ICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN; USGv6/IPv6 |
Note: All performance values are “up to” and vary depending on system configuration. IPsec VPN performance is based on 512 byte UDP packets using AES-256+SHA1.
1. IPS performance is measured using 1 Mbyte HTTP and Enterprise Traffic Mix.
2. SSL Inspection is measured with IPS enabled and HTTP traffic, using TLS v1.2 with AES256-SHA.
3. Application Control performance is measured with 64 Kbytes HTTP traffic.
4. NGFW performance is measured with IPS and Application Control enabled, based on Enterprise Traffic Mix.
5. Threat Protection performance is measured with IPS and Application Control and Malware protection enabled, based on Enterprise Traffic Mix.
6. CAPWAP performance is based on 1444 byte UDP packets.
* Maximum loading on each PoE/+ port is 30 W (802.3at).
Documentation:
Download the Fortinet FortiGate 1000D Data Sheet (PDF).