FortiGate 5000 Series Data Sheet
FortiGate® 5000 Series
Scalable Data Center and Carrier-Graded Security Systems
FortiGate 5000 series chassis-based security systems
use highly-flexible AdvancedTCA™ (ATCA)-compliant
architecture that enable the FortiGate 5000 series
to protect complex, multi-tenant cloud-based
security-as-a-service and infrastructure-as-a-service
environments. Purpose-built by Fortinet, the
FortiGate 5000 series integrates modular carrier-class
hardware components with advanced Security
Processing Unit (SPU) acceleration and consolidated
security from the FortiOS™ operating system.
Consolidated Security Solutions
FortiGate 5000 series appliances give you the ability to deploy a wide
range of Fortinet’s UTM inspection capabilities, including firewall,
IPS, application control, VPN, and web filtering. These features can
be scaled as required by adding more security blades. Each system
also supports FortiGuard® security subscription services to deliver
dynamic, automated updates and ensure up-to-date protection
against sophisticated threats. In addition, the devices support a
web-based GUI, ‘single pane of glass’ management console, and
on-board reporting.
By consolidating multiple security enforcement technologies into
a single system, the FortiGate 5000 series eliminates disparate
hardware devices and software solutions, greatly simplifying security
gateway implementation and reducing total cost of ownership.
Highlights
§§ Ideal for high-speed service provider,
large enterprise or telecommunications
carrier network
§§ Security blades that are powered by SPUs
that provide outstanding Firewall, VPN and
UTM performance
§§ Runs on FortiOS 5 — the most powerful
security operating system in the world
§§ Backed by world class technical support
and threat research team
DATA SHEET
FortiGate 5000 Series
®
ARCHITECTURE
Flexible and Scalable
§§ Chassis and blades systems that can be configured for
various resiliency and network requirements.
§§ Security blades can be added as demand grows.
§§ Ease of maintenance and minimum disruption with hot
swappable components
Chassis
Security Blades
The chassis enables the flexible system to scale effortlessly and
High performance, ASICs powered security blades run on FortiOS
with little disruptions by allowing blades to be hot swapped
or FortiCarrier which apply access policies and security profiles on
according to desired requirements. The system can also be
the traffic they received from the networking blades via backplane
configured for various resilience designs within the chassis as
or front panel interfaces. These blades may operate in NAT/route
well as between chassis. The rack mount ATCA chassis provides
and/or transparent mode. They also support VDOMs within the
centralized and redundant power supplies to its blades. With the
cluster.
exception of the FortiGate 5020, the chassis may be powered
by either DC or AC with additional power interface. It facilitates
Networking Blades
backplane communications between the blades which may be
Up to two networking blades may be installed on a FortiGate 5060,
used for HA heartbeat and other control and data communications.
FortiGate 5140B and FortiGate 5144C in designated slots. These
The FortiGate 5060, FortiGate 5140B and FortiGate 5144C may
house shelf managers that control chassis power allocation,
monitor chassis operating parameters, monitor and control chassis
cooling, and can signal alerts via alarm module if the chassis
encounters problems.
blades connect the system to the network while connected
to the multiple security blades via the chassis’s backplane.
The networking blade clusters the security blades with traffic
distribution.
Networking blades can assign security blades into service groups
which are isolated clusters coexisting in a single chassis. Two
networking blades may either operate as active-passive HA or
separately with its own clusters.
2
www.fortinet.com
FortiGate 5000 Series
®
DEPLOYMENT
FortiAnalyzer
Next Generation Perimeter Security
Firewalls alone aren’t enough to block today’s blended
FortiManager
threats and attacks. Data centers require multi-layered
security technologies that examine entire packet flows,
from content inspection through reassembly, stopping
threats at the perimeter. The FortiGate 5000 series offers
FortiGate
this critical functionality without compromising performance
D
at
a
ce
nt
er
and scalability.
FortiAnalyzer
MSSP Core Security
FortiManager
The FortiGate 5000 series delivers comprehensive
security for Managed Security Service Providers (MSSPs).
m
er
s
The full suite of ASIC-accelerated security modules allows
us
to
for customizable features for specific customers, while
C
FortiGate
virtualization features like VDOMs provide up to 6,000
separate security domains. Finally, the full suite of Fortinet
integrated management applications — including granular
S
e
O cu
p
C e rit
en ra y
te tio
r n
reporting features — offer unprecedented visibility into
the security posture of customers while identifying their
highest risks.
FortiAnalyzer
FortiManager
Carrier-Graded Security
The ATCA chassis and components of the FortiGate
FortiGate
te
m
s
5000 series are ideal for telecommunication operators
w
S
or
N
t
en
eg
m
iS
G
O
p
ob
ile
er
at
io
N
ns
et
w
in
g
M
near future.
ks
et
A
V
P
essential as data networks continue to grow rapidly in the
ee
r
reliability and robustness. Its unbeatable high capacity is
or
S
ks
ys
and service providers with standard-based assurance for
3
FortiGate 5000 Series
®
CHASSIS
FortiGate 5020
FortiGate 5060
Compact 4U chassis that contains two redundant AC power
Mid-sized 5U 19-inch rack mount ATCA chassis that contains two
modules and can install one or two FortiGate 5000 security blades.
redundant hot swappable DC Power Entry Modules (PEMs) and
can install up to six FortiGate 5000 series blades.
ESD socket
Primary
Shelf Manager Shelf Alarm
(SM 1)
Panel (SAP)
Hot swappable FortiGate 5020/5050
power supplies (behind panel)
CONSOLE
USB
1
2
3
4
5
6
7
8
STA IPM
PWR ACC
ACT
LINK
7
1
2
3
4
5
8
6
CONSOLE
OOS
FortiGate 5001SX
module
USB
BASE
ACT
USB
FABRIC
LINK
ACC
STATUS
FortiGate 5005FA2
module
IPM
Hot swappable cooling fan tray
(accessable from back panel)
ETH0
Service
SM2
5060SAP
SERIAL
1
RESET
FortiGate 5060
FAN TRAY
SERIAL
2
6
1
6
5
1
5
4
1
4
3
1
3
FILTER
FortiGate 5001B
boards, slots 3,
4, 5, and 6
Hot swappable
cooling fan tray 1
FortiSwitch 5003B
boards
slots 1 and 2
STATUS
ETH0 ETH1
PSU B
SAP
Hot Swap
SM1
5000SM
10/100
link/Act
10/100
link/Act
ALARM
1
RESET
FAN TRAY
PSU A
TOP
Power LEDs
PSU B
PSU A
Secondary
Shelf Manager
(SM 2) Slot Cover
2
2
1
1
2
Front replacable
air filter
Hot swappable
cooling fan tray 2
FortiGate 5140B
13U 19-inch rack mount ATCA chassis that contains two
redundant hot swappable DC Power Entry Modules (PEMs) and
can install up to 14 FortiGate 5000 series blades. It also includes
four hot swappable front pluggable cooling fan trays.
AdvancedTCA™-compliant Chassis
§§ Based on industry’s conforming standards assuring
§§ Highly scalable with minimum service disruptions as hot
carrier-grade performance, reliability, 99.999% availability
swapped blades may be added to increase capacity with
and serviceability.
ease.
§§ Redundant fans, power modules and self managers and
alarm modules options.*
§§ Comprehensive management and monitoring facilities via
shelf managers and alarm modules.**
* Available options depending on chassis models ** Available on 5060 and 5140B
4
www.fortinet.com
FortiGate 5000 Series
®
CHASSIS
FortiGate 5144C
Next Generation 14U 19-inch rack mount ATCA chassis with 40 Gbps Backplane and capable of Dual-Dual-Star topology. It can install up
to 14 FortiGate 5000 series blades.
Front Fan Tray 1
Back Fan Tray 3
Front Fan Tray 2
Back Fan Tray 4
FortiController 5903C
Boards
Slots 1 and 2
FortiGate 5001D
Boards
Slots 4, 6, 8, 10,
12, and 14
FortiGate 5001D
Boards
Slots 3, 5, 7, 9,
11, and 13
H/S
ACT
H/S
OOS
H/S
!
ACT
H/S
OOS
!
RTM
Slot Numbers
Slot
Numbers
RTM
Air Baffle
Slot Covers
Air Filter
Frame
ESD
Socket
Primary Shelf Manager
Secondary Shelf Manager
Primary Power
Entry Modules
Chassis
Ground
Connector
Backup Power
Entry Modules
FORTIGATE 5020
FORTIGATE 5060
FORTIGATE 5140B
FORTIGATE 5144C
Available Slots
2
6
14
14
High Availability Backplane Fabric
Built-in
Built-in
Built-in
Built-in
40 Gbps Backplane Support
–
–
–
Yes
Shelf Manager (Default / Maximum)
–
1/2
1/2
1/2
Dual Networking Blade Support
No
Yes
Yes
Yes
Height x Width x Length (inches)
5.25 x 17 x 15.5
8.86 x 17.64 x 18.82
22.63 x 19 x 22.6
24.44 x 19.06 x 21.63
Height x Width x Length (cm)
13.3 x 43.2 x 39.4
22 x 44.8 x 47.8
57.5 x 48.3 x 57.4
62.1 x 48.4 x 55.0
Weight
35.5 lb (16.1 kg)
38 (17.3 kg)
84 lb (38 kg)
108 lb (50 kg)
160 Gbps
480 Gbps
1.12 Tbps
1.12 Tbps
Hardware Specifications
Dimensions
Maximum Capacity**
Firewall Throughput
Power and Environment
Power Required
AC
DC/AC1
DC/AC1
DC/AC1
Chassis Only Power Consumption (Maximum) ***
–
350 W
530 W
960 W
Heat Dissipation (Maximum) ***
–
1194 BTU/h
1808 BTU/h
3,276 BTU/h
Operating Temperature
32–104°F (0–40°C)
41–104°F (5–40°C)
32–104°F (0–40°C)
32–104°F (0–40°C)
Storage Temperature
-13–158°F (-35–70°C)
23–131°F (-5–55°C)
-13–158°F (-35–70°C)
-13–158°F (-35–70°C)
Humidity
5–90% non-condensing
5–85% non-condensing
5–90% non-condensing
5–90% non-condensing
–
–
Compliance
Certifications
NEBS Certified
FCC Part 15 Class A, C-Tick, VCCI, CE, BSMI, UL/cUL
Yes
Yes
Optional FortiGate 5053B Power Supply Shelf used to provide AC power to the FortiGate
** Based on fully populated FortiGate 5001D
*** Please refer to respective Chassis Guide for computation of total power requirement.
1
5
FortiGate 5000 Series
®
SECURITY BLADE
FortiGate 5001C
FortiGate 5001D
Security blade that is powered by CP8 and NP4 for superior firewall
Latest purpose-built FortiGate security blade with carrier-class
and UTM performance.
capacity and protection.
MGMT 1 and MGMT 2
10/100/1000 Copper
Management Interfaces
GE Copper
Management Interface
Fabric & Base
Network
Activity LEDs
1 and 2
40 Gig
QSFP+ Network
Interfaces
RJ-45
Console
RJ45
Console Port
USB
Retention
Screw
10 GE SFP+
Network Interface Slots
Extraction
Lever
NP4
CP8
10GE
128GB
OOS
LED
Interfaces
S TA
LED
PWR
LED
ACC
LED
Forti
Carrier
Powered by SPU
§§ Combines a RISC-based CPU with
Fortinet’s proprietary Security Processing
Unit (SPU) content and network processors
for unmatched performance
§§ Supports firewall acceleration across all packet sizes for
maximum throughput
3 and 4
10 G ig
SFP+ Network
IPM
LED
(board
po s ition)
NP6
CP8
Retention
Screw
Factory Use
Base and Fabric
network activity
LEDs
Extraction
Lever
NMI Switch
40GE
200GB
Forti
Carrier
NEBS
Content Processor: Accelerate
computationally intensive tasks
§§ Accelerates packet content matching with signatures
§§ High performance VPN bulk data engine
§§ Key Exchange Processor support high performance IKE and
RSA computation
§§ Message authentication module offers high performance
cryptographic engine, used by applications such as WAN
optimization and SSL Inspection
§§ Delivers accelerated UTM content processing for
superior performance and protection
§§ Accelerates VPN performance for high speed, secure
remote access
Network Processor: The heart of low latency
and high performance traffic processing
§§ Supports firewall acceleration with large capacity, including
multicast traffic
§§ Provides IPsec ESP encryption/decryption processing at
blazing speed
§§ Scale firewall throughput independent of packet size
§§ Operates at the interface level to provide an ultra low latency
performance
§§ Up to 10 million sessions of searching and dynamic network
address translation (DNAT)
6
www.fortinet.com
FortiGate 5000 Series
®
Networking blade with 4x 40 G QSFP+ fabric ports and 2x SFP+ base ports
SECURITY BLADE
FortiController 5902D
FortiSwitch 5203B
Hybrid blade that can operate either as networking or security
Flexible security blade that provides investment protection by
blade, benefits users who need to scale up UTM performance as
transforming into a networking blade when scalability is required.
traffic grows.
Base Network
Activity LEDs
MGMT
10/100/1000 Copper
Management Interface
F1 to F4 40G
Fabric Channel
QSFP+ Interfaces
RJ-45
Console
NMI Switch
Retention
Screw
Extraction
Lever
OOS
LED
STA
LED
PWR
LED
Fabric Network
Activity LEDs
B1 and B2
10G Base Channel
SFP+ Interfaces
ACC
LED
IPM LED
(board position)
Base Network
Activity LEDs
Fabric Network
Activity LEDs
RJ45
Console Port
10 GE SFP+
Network Interface Slots
10 GE SFP+
Base Channel Interface Slots
NMI Switch
Retention
Screw
Extraction
Lever
GE Copper
Management Interface
Factory Use
NP6
40GE
128GB
NP4
CP7
10GE
64GB
FORTIGATE 5001C
FORTIGATE 5001D
FORTISWITCH 5203B*
FORTICONTROLLER 5902D*
40 GE QSFP+ Ports
–
2
–
4
10 GE SFP+ Ports
2
2
10
2
GE RJ45 Ports
2
2
1
1
RJ45 Console Port
1
1
1
1
Included Transceivers
2x 10 GE SFP+ SR
2x 10 GE SFP+ SR
2x 10 GE SFP+ SR
2x 10 GE SFP+ SR
Local Storage
128 GB
200 GB
64 GB
128 GB
Firewall Throughput (1518 / 512 / 64 byte UDP packets)
40 / 40 / 40 Gbps
80 / 80 / 45 Gbps
40 / 40 / 40 Gbps
80 / 80 / 50 Gbps
Firewall Latency (64 byte UDP packets)
4 μs
3 μs
4 μs
3 μs
Firewall Throughput (Packets Per Second)
60 Mpps
67.5 Mpps
60 Mpps
75 Mpps
Concurrent Sessions (TCP)
29.5 Million
23 Million
20 Million
50 Million
New Sessions/Second (TCP)
210,000
565,000
170,000
155,000
Maximum Firewall Policies
200,000
200,000
200,000
200,000
IPsec VPN Throughput (512 byte packets)
17 Gbps
25 Gbps
17 Gbps
15 Gbps
Gateway-to-Gateway IPsec VPN Tunnels
40,000
40,000
40,000
40,000
Client-to-Gateway IPsec VPN Tunnels
64,000
64,000
64,000
64,000
SSL-VPN Throughput
3.6 Gbps
6.5 Gbps
1.3 Gbps
6.5 Gbps
Concurrent SSL-VPN Users (Recommended Maximum)
20,000
25,000
20,000
25,000
IPS Throughput
12 Gbps
18 Gbps
7.8 Gbps
18 Gbps
Virtual Domains (Default / Maximum)
10 / 500
10 / 500
10 / 500
10 / 500
Maximum Number of FortiTokens
5,000
5,000
5,000
5,000
Maximum Number of Registered FortiClients
20,000
20,000
20,000
20,000
Maximum Number of FortiAPs (Total / Tunnel)
4,096 / 1,024
4,096 / 1,024
4,096 / 1,024
4,096 / 1,024
Power Consumption (Average / Maximum)
187 / 225 W
189 / 226 W
210 / 250 W
223 / 270 W
Heat Dissipation (Average)
768 BTU/h
774 BTU/h
853 BTU/h
919 BTU/h
Operating Temperature
32–104°F (0–40°C)
32–104°F (0–40°C)
32–104°F (0–40°C)
32–104°F (0–40°C)
Storage Temperature
-13–158°F (-25–70°C)
-13–158°F (-25–70°C)
-13–158°F (-25–70°C)
-13–158°F (-25–70°C)
Humidity
20–90% non-condensing
20–90% non-condensing
20–90% non-condensing
20–90% non-condensing
Interfaces and Storage
System Performance
Power and Environment
Compliance
Certifications
NEBS Certified
FCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CB, ICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN
–
Yes
–
–
* Operating in Standalone Mode
Note: All performance values are “up to” and vary depending on system configuration. IPS performance is measured using 1 Mbyte HTTP files. IPsec VPN performance is based on 512 byte UDP packets using AES-256+SHA1.
7
FortiGate 5000 Series
®
NETWORKING BLADE
FortiSwitch 5003B
FortiSwitch 5203B
Basic L2 switching blade for aggregating security blades within
Flexible networking blade that can either operate as a standalone
a chassis.
full featured FortiGate or in content cluster mode, as a FortiGate
unit (weighted) load balancing traffic to one or more security blades.
Base Network
Activity LEDs
Fabric Network
Activity LEDs
RJ45
Console Port
Base Network
Activity LEDs
10 GE SFP+
Network Interface Slots
Fabric Network
Activity LEDs
10 GE SFP+
Base Channel Interface Slots
RJ45
Console Port
10 GE SFP+
Network Interface Slots
10 GE SFP+
Base Channel Interface Slots
NMI Switch
Networking blade with 4x 40 G QSFP+ fabric ports and 2x SFP+ base ports
GE Copper
Management Interface
GE Copper
Management Interface
FortiController 5103B
FortiController 5902D
As a high capacity stateful load balancer, this networking blade
Hybrid blade that can operate either as networking or security
distributes sessions to multiple FortiGate security blades using
blade, benefits users who need to scale up UTM performance as
state of the art FortiASIC TP acceleration.
traffic grows.
Base Network
Activity LEDs
Fabric Network
Activity LEDs
RJ45
Console Port
MGMT
10/100/1000 Copper
Management Interface
10 GE SFP+
Network Interface Slots
10 GE SFP+
Base Channel Interface Slots
F1 to F4 40G
Fabric Channel
QSFP+ Interfaces
RJ-45
Console
NMI Switch
Retention
Screw
Extraction
Lever
GE Copper
Management Interface
FORTISWITCH 5003B
FORTISWITCH 5203B*
FORTICONTROLLER
5103B
OOS
LED
B1 and B2
10G Base Channel
SFP+ Interfaces
Base Network
Activity LEDs
Fabric Network
Activity LEDs
STA
LED
PWR
LED
ACC
LED
FORTICONTROLLER
5902D*
IPM LED
(board position)
FORTICONTROLLER
5903C
Retention
Screw
Extraction
Lever
Factory Use
FORTICONTROLLER
5913C
Interfaces
Fabric Channel Interfaces
8x 10 GE SFP+
8x 10 GE SFP+
8x 10 GE SFP+
4x 40 GE QSFP+
4x 40 GE QSFP+
2x 100 GE CFP2
Base Channel Interfaces
2x 10 GE SFP+
2x 10 GE SFP+
2x 10 GE SFP+
2x 10 GE SFP+
2x 10 GE SFP+
2x 10 GE SFP+
Management Interfaces
1x GE RJ45
1x GE RJ45
1x GE RJ45
1x GE RJ45
1x GE RJ45
1x GE RJ45
Included Transceivers
2x 10 GE SFP+ SR
2x 10 GE SFP+ SR
2x 10 GE SFP+ SR
2x 10 GE SFP+ SR
2x 10 GE SFP+ SR
2x 10 GE SFP+ SR
40 GE Backplane Fabric Support
–
–
–
Yes
Yes
Yes
10 GE Backplane Fabric Support
Yes
Yes
Yes
Yes
Yes
Yes
GE Backplane Fabric Support
Yes
Yes
Yes
–
–
–
System Performance
Maximum Traffic Throughput
80 Gbps
40 Gbps
60 Gbps
80 Gbps
120 Gbps
200 Gbps
Maximum Concurrent Sessions
–
20 Million
110 Million
50 Million
135 Million
135 Million
New Sessions/Second (TCP)
–
170,000
1.26 Million
155,000
3.2 Million
3.6 Million
Power and Environment
Power Consumption (Average / Maximum)
150 / 180 W
210 / 250 W
213 / 255 W
223 / 270 W
250 / 400 W
280 / 400 W
Heat Dissipation
614 BTU/h
853 BTU/h
754 BTU/h
919 BTU/h
1360 BTU/h
955 BTU/h
32–104°F (0–40°C)
32–104°F (0–40°C)
32–104°F (0–40°C)
32–104°F (0–40°C)
32–104°F (0–40°C)
Operating Temperature
32–104°F (0–40°C)
Storage Temperature
-13–158°F (-35–70°C) -13–158°F (-35–70°C) -13–158°F (-35–70°C) -13–158°F (-35–70°C) -13–158°F (-35–70°C) -13–158°F (-35–70°C)
Humidity
20–90% non-condensing 20–90% non-condensing 20–90% non-condensing 20–90% non-condensing 20–90% non-condensing 5–90% non-condensing
Compliance
Certifications
NEBS Certified
FCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CB
–
–
–
–
Yes
Yes
* Operating in Distribution Mode
8
www.fortinet.com
FortiGate 5000 Series
®
NETWORKING BLADE
FortiController 5903C/5913C
High Performance networking blade that provides 10/40-gigabit fabric and 1-gigabit base backplane channel layer-2 switching in a
dual star architecture.
Base Network
Activity LEDs
Fabric Network
Activity LEDs
RJ-45
Console
40 GE QSFP+
Network
Interface Slots
RJ-45
Console
10 GE SFP+
Base Channel Interface Slots
USB
Retention
Screw
GE Copper
Management Interface
Extraction
Lever
OOS
LED
F1 and F2
100 Gig Fabric Channel
CFP2 Network
Interfaces (data)
B1 and B2
10 Gig Base Channel
SFP+ Interfaces
(heartbeat and
management)
IPM
LED
(board
position)
Retention
Screw
STA
LED
MGMT
10/100/1000 Copper
Management Interface
PWR
LED
Extraction
Lever
CLUSTERING OPTIONS
FortiGate 5000 Series Clustering
The networking blades, security blades and the chassis together form clusters. This technique load balances
network traffic across the cluster, helping to enhance the scalability, reliability, and availability of mission-critical
IP-based services, such as firewall, antivirus, web filtering and IPS. It also provides high availability by detecting
host failures and automatically redistributing traffic to the hosts within a chassis. Clustering simplifies large
scale security gateway deployment as configuration synchronization and firmware upgrades can be executed
automatically within the clusters.
CONTENT CLUSTERING (CC)
SESSION-AWARE LOAD BALANCING CLUSTER (SLBC)
Technology
Modified FortiOS Active-Active HA cluster with Chassis
Intelligent Network load balancing within Chassis
Ideal Use Case
Scaling UTM performance for MSSP
High performance CGN and Internet security gateway for Service Provider
Configuration Synchronization and Firmware Upgrades
Yes
Yes
Session Termination (eg, VPN, Explicit Proxy)
Yes
Yes. On Primary Security Blade
Multi-segmentation
Yes
Limited
High Availability Setup
Intra Chassis
Inter & Intra Chassis
FSW-5203B
FCTRL-5103B, FCTRL-5903C, FCTRL-5913C
FG-5001B, FG-5001C, FG-5101C, FG-5001D
FG-5001B, FG-5001C, FG-5101C, FG-5001D
Clustering Features
Networking Blades
Supported Networking Blades
Security Blades
Supported Security Blades
9
FortiGate 5000 Series
®
AC POWER SUPPLIES
FortiGate 5053B and Power Supply Unit 5000B
The FortiGate 5053B is a 1U 19-inch rack mount power supply shelf with PSU-5000B hot swappable power supplies to convert AC power
to DC power and to supply power to a FortiGate 5000 series chassis.
NON-REDUNDANT
REDUNDANT
Number of PSUs
1
2
3
4
1+1
2+1
3+1
5053B with PSU-5000B
(185–307V AC High Line Input)
2,725 W
5,450 W
8,175 W
10,900 W
2,725 W
5,450 W
8,175 W
5053B with PSU-5000B
(100–184V AC Low Line Input, North America, Mexico, Japan, etc.)
1,200 W
2,400 W
3,600 W
4,800 W
1,200 W
2,400 W
3,600 W
SOFTWARE FEATURES
FortiOS Dashboard — Single Pane of Glass Management
Ease of Use
Comprehensive Systems Integration
FortiOS lowers operation costs and reduces IT staff workloads.
Integration with external systems is possible with wide range
Physical or virtual FortiGate appliances give you the flexibility to
of interfacing protocol support and certified solution partners.
match your security to your environment while enforcing a uniform
Network operators can rely on facilities such as SNMP, sFlow
security policy. Single pane of glass management and centralized
and syslog for monitoring purposes. Integration with provisioning
analysis ensure consistent policy creation and enforcement while
systems and custom portals are also possible with Web Service
minimizing deployment and configuration challenges.
APIs via FortiManager. Scripting using various scripting languages
is also supported by manipulating CLI commands.
10
www.fortinet.com
FortiGate 5000 Series
®
SOFTWARE FEATURES
Superior IPS Capabilities
Proven with Industry Validation
The FortiGuard IPS subscription service provides FortiGate
customers with the latest defenses against stealthy network-level
threats. With signatures of more than 4000 known threats, it enables
FortiGate to stop attacks that evade conventional firewall defenses.
It also provides behavior-based heuristics, enabling the system to
recognize threats for which no signature has yet been developed.
FortiGate received the most industry’s certifications among its
competitions, assuring top-notch feature quality to provide you with
air tight security and best-of-breed security protection.
Unique Visibility and Control
FortiOS allows greater traffic visibility and more consistent,
granular control over users, devices, applications and sensitive
data. Dashboard widgets allow administrators to quickly view and
understand real-time network activities and threat situations.
Robust Virtual Systems
FortiOS VDOMs is a proven method of dividing a FortiGate
unit/cluster into two or more virtual units that function as multiple
independent units. It has the industry’s most comprehensive
virtualization capabilities that meet today’s complex MSSP
deployments.
Flexible Role-based Administration
Access profiles can be defined to provide granular access to
VDOMs and system functionalities. This is valuable in facilitating
enterprise-class or complaint security operation workflows.
Identity-Centric Enforcement
FortiOS supports both local and remote authentication services
such as LDAP, RADIUS and TACACS+ to identify users and apply
appropriate access policies and security profiles accordingly. It may
also simplify identity-based implementations and also provide
seamless users authorization experience with various single sign-on
capabilities. One such application is to retrieve subscriber’s
information via RADIUS accounting messages and apply appropriate
security services dynamically for a managed service provider.
FortiOS has strong PKI and certificate-based authentication
services and also integrates an internal two-factor token server for
additional security.
Powerful Policy Management
It is common in service provider and data center networks to have
hundreds, if not thousands of security policies, hence to be able to
manage these policies effectively is critical to minimize configuration
errors and complexity.
FortiOS has the unique ability to provide two forms of policy
management views — Global and Section view helps administrators
to choose an option that they are most familiar with or suit their
requirements best. It also provides powerful features such as policy
object search, tagging, sorting and filtering. Policy objects can
easily be edited from the policy table.
With FortiManager integration, customers may also have the ability
to setup sophisticated policy implementation and provisioning
workflows for compliance or operation requirements. Detailed
configuration audit trail is supported and can reside externally for
secured storage with FortiAnalyzer.
Extensive Network Support
FortiOS supports numerous network design requirements and
interops with other networking devices. This includes support for a
wealth of routing, multicasting and network resiliency protocols.
Administrators can also configure interfaces for VLANs, VLAN
trunks, port aggregation and one-arm sniffer mode.
Broad IPv6 Support
Maintaining security for both IPv4 and IPv6 traffic will be crucial to
the success of mixed networks. Malware and network threats are
independent of IPv4 or IPv6. FortiOS is able to use IPv6 security
policies to provide access control and UTM protection for IPv6 traffic.
FortiOS has been successfully evaluated as compliant with core
protocol and interoperability tests defined by IPv6 Ready Logo
Phase 2.
More Features with FortiCarrier Software License
§§ SIP/IMS signaling firewall protects
internal infrastructure and service
against malicious messages and
overload while providing NAT services
and redundancy, providing VoIP
edge scalability and a platform for
managed security services
§§ MMS security — content scanning
and protection (keyword blocking,
antivirus, file-type blocking, antispam
detection) with per-user services
provide enhanced end-user security
for increased uptime and higher
customer satisfaction
§§ GTP firewall delivers protocol
anomaly detection and prevention
with multiple filter options for end-toend security
* For complete, up-to-date and detailed feature set, please refer to the Administration Handbook and FortiOS Datasheet.
11
FortiGate 5000 Series
®
ORDER INFORMATION
PRODUCT
SKU
DESCRIPTION
FortiGate 5020 Chassis
FG-5020AC
4U 2-slot chassis, 1 fan unit, front air baffles, dual AC power supplies
FortiGate 5020 Power Supply
FG-5020PS
FortiGate 5020/5050 power supply
FortiGate 5020 Fan Tray
FG-5020FA
Fan tray for FG-5020 chassis
FortiGate 5060 Chassis
FG-5060-DC
5U 6-slot chassis with Dual Star fabric backplane, 2 PEMs, 2 fan units, 2 shelf FRU data modules, 1 shelf manager, front and RTM air
baffles, and 2 pairs DC cables for connecting to FG-5053B power shelves
FortiGate 5060 Fan Tray
FG-5060FA
Fan tray for FG-5060 chassis
FortiGate 5060 Shelf Manager
FG-5060SM
Shelf manager for FG-5060 chassis
FortiGate 5060 Shelf Alarm Panel
FG-5060SAP
Shelf alarm panel for FG-5060 chassis
FortiGate 5140B Chassis
FG-5140B-DC
13U 14-slot chassis with 40G Dual Star fabric backplane, 2 PEMs, 4 fan units, 2 shelf FRU data modules, 1 shelf manager, front and
RTM air baffles, and 2 pairs DC cables for connecting to FG-5053B power shelves
FortiGate 5140B Fan Tray
FG-5140B-FAN
FG-5140B fan unit
FortiGate 5140B Shelf Manager
FG-5140B-SM
FG-5140B shelf manager with mezzanine card
FortiGate 5140B Shelf Alarm Manager
FG-5140B-SAM
Shelf alarm manager for FG-5140B
FortiGate 5144C Chassis
FG-5144C-DC
14U 14-slot chassis with 40G Dual Dual Star fabric backplane, 4 PEMs, 4 fan units, 2 shelf FRU data modules, 1 shelf manager, front
and RTM air baffles, and 4 pairs DC cables for connecting to FG-5053B power shelves
FortiGate 5144C-DC Chassis
FG-5144C-DC-NEBS
14U 14-slot chassis with 40G Dual Dual Star fabric backplane, 4 PEMs, 4 fan units, 2 shelf FRU data modules, 1 shelf manager, front
and RTM air baffles, and 4 pairs DC cables for connecting to FG-5053B power shelves, NEBS certified
FortiGate 5144C Shelf Manager
FG-5144C-SM
5144C shelf manager with ShMM-700R mezzanine card and radial IPMB bus
FortiGate 5144C Fan Tray
FG-5144C-FAN-F
FG-5144C fan tray front
FortiGate 5144C Fan Tray
FG-5144C-FAN-R
FG-5144C fan tray rear
FortiGate 5144C Shelf FRU Data Module
FG-5144C-SFRU
FG-5144C shelf FRU data module
FortiGate 5144C Power Entry Module
FG-5144C-PEM
FG-5144C PEM, power entry module
FortiGate 5144C Air Filter
FG-5144C-AF
FG-5144C air filter
FortiGate 5144C Blank Panel
FG-5144C-ABF
5000 front slot blank panel with air baffle (aluminum/plastic)
FortiGate 5144C Blank Panel
FG-5144C-ABR
5000 RTM slot blank panel with air baffle (aluminum/plastic)
FortiGate 5053B Power Converter Tray
FG-5053B
AC power converter shelf for high capacity 5000 chassis, supports up to 4 PSU-5000B power supply units, unpopulated
FortiGate 5000 Series Power Supply Unit
PSU-5000B
Power supply unit for FG-5000 series, AC power supply unit, 1,200 Watts maximum, requires FortiGate 5053B shelf
FortiGate 5001C
FG-5001C
Security blade with 2x 10 GE SFP+ slots, 2x GE RJ45 management ports, 128 GB SSD onboard storage
FortiGate 5001D
FG-5001D
Security blade with 2x 40 GE QSFP+, 2x 10 GE SFP+/GE SFP slots, 2x GE RJ45 management ports, 200 GB SSD onboard storage
FortiSwitch 5203B
FS-5203B
Networking blade with 8x 10 GE SFP+ fabric slots, 2x 10 GE SFP+ base slots, 1x GE RJ45 management port
FortiController 5902D
FCTRL-5902D
Security blade with 4x 40 G QSFP+ fabric ports and 2x SFP+ base ports
FortiSwitch 5003B
FS-5003B
Networking blade with 8x 10 GE SFP+ fabric ports, 2x GE SFP base slots, 1x GE RJ45 management port
FortiSwitch 5203B
FS-5203B
Networking blade with 8x 10 GE SFP+ fabric slots, 2x 10 GE SFP+ base slots, 1x GE RJ45 management port
FortiController 5103B
FCTRL-5103B
Networking blade with 1x GE RJ45 port, 8x 10 GE SFP+ fabric ports and 2x 10 GE SFP+ base ports
FortiController 5902D
FCTRL-5902D
Networking blade with 4x 40 G QSFP+ fabric ports and 2x SFP+ base ports
FortiController 5903C
FCTRL-5903C
Networking blade with 1x GE RJ45 port, 4x 40 GE SFP+ fabric slots and 2x 10 GE SFP+ base slots
FortiController 5913C
FCTRL-5913C
Networking blade with 2x 100 GE CFP2 fabric ports and 2x 10 GE SFP+ base ports, includes 2 SR SFP+
1 GE SFP LX Transceiver Module
FG-TRAN-LX
1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots
1 GE SFP RJ45 Transceiver Module
FG-TRAN-GC
1 GE SFP RJ45 transceiver module for all systems with SFP and SFP/SFP+ slots
1 GE SFP SX Transceiver Module
FG-TRAN-SX
1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots
10 GE SFP+ Transceiver Module, Short Range
FG-TRAN-SFP+SR
10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots
10 GE XFP Transceiver Module, Short Range
FG-TRAN-XFPSR
10 GE XFP transceiver module, short range for all systems with XFP slots
10 GE SFP+ Transceiver Module, Long Range
FG-TRAN-SFP+LR
10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots
10 GE XFP Transceiver Module, Long Range
FG-TRAN-XFPLR
10 GE XFP transceiver module, long range for all systems with XFP slots
40 GE QSFP+ Transceivers, Short Range
FG-TRAN-QSFP+SR
40 GE QSFP+ transceivers, short range for all systems with QSFP+ slots
100 GE CFP2 Transceivers, Long Range
FG-TRAN-CFP2-LR4
100 GE CFP2 transceivers, long range, over single mode fiber, for all systems with CFP2 slots
100 GE CFP2 Transceivers, Short Range
FG-TRAN-CFP2-SR10
100 GE CFP2 transceivers, 10 channel parallel fiber, short range for all systems with CFP2 slots
10 GE SFP+ Active Direct Attach Cable
SP-CABLE-ADASFP+
10 GE SFP+ active direct attach cable, 10m / 32.8 ft for all systems with SFP+ and SFP/SFP+ slots
Chassis
Security Blades
Networking Blades
Optional Accessories
12
www.fortinet.com
FortiGate 5000 Series
®
GLOBAL HEADQUARTERS
Fortinet Inc.
899 KIFER ROAD
Sunnyvale, CA 94086
United States
Tel: +1.408.235.7700
www.fortinet.com/sales
EMEA SALES OFFICE
905 rue Albert Einstein
06560 Valbonne
France
Tel: +33.4.8987.0500
APAC SALES OFFICE
300 Beach Road 20-01
The Concourse
Singapore 199555
Tel: +65.6395.2788
LATIN AMERICA SALES OFFICE
Sawgrass Lakes Center
13450 W. Sunrise Blvd., Suite 430
Sunrise, FL 33323
United States
Tel: +1.954.368.9990
Copyright© 2017 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other
product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect
performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product
will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in
Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant
hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-GT5KFG-5000-DAT-R30-201704
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement