FortiGate 3140B
DATASHEET
FortiGate -3040B/3140B
®
10-GbE Consolidated Security Appliances
FortiGate-3040B and FortiGate-3140B consolidated security appliances offer
exceptional levels of performance, deployment flexibility, and security for large
enterprise networks. Built from the ground up by Fortinet, these appliances deliver
superior performance through a combination of custom hardware, including
FortiASIC™ processors, high port density, and consolidated security features from
the FortiOS™ operating system. Whether protecting virtualized infrastructure,
cloud-providing infrastructure, or traditional IT infrastructure, 10-Gigabit Ethernet
(10-GbE) ports and up to 58 Gbps of firewall throughput make these appliances
ideal for securing high-bandwidth networks.
High-Performance Hardware
The FortiGate-3140B appliance provides up to 58 Gbps of firewall throughput
and the FortiGate-3040B delivers up to 40 Gbps of firewall performance through
the use of innovative FortiASIC processors and the latest generation of general
purpose CPUs. Impressive consolidated security performance and support for a
variety of configurations ensure that essential security functions keep up with the
rest of your network.
FortiGate-3040B/3140B Benefits
• Outstanding value as 10-GbE
network security appliances
with best-in-class firewall
price-performance
• Highest 10-GbE port density in
their class
• Complete Content Protection
provides application control
coupled with identity-based
policy enforcement
• IPv6 certified platform
• Strong authentication options
for policy compliance
High 10-GbE Port Density
You can protect your data center and other high-bandwidth applications with
the 10-GbE interfaces that ship standard on the FortiGate-3040B/3140B
appliances. Each platform includes system ports supporting SFP+, SFP, and RJ-45
connections, providing maximum flexibility.
Consolidated Security
Using the advanced FortiOS operating system, FortiGate-3040B/3140B appliances
effectively neutralize a wide range of network security threats. Whether deployed
as high-performance firewalls or as comprehensive multi-threat security solutions,
these dedicated appliances protect assets with some of the most effective security
available today.
FortiGate Certifications
Data Center
10-GbE
1-GbE
FortiGate-3040B / 3140B
Ideal for protecting datacenters and
enabling cloud services (IaaS and SaaS)
LAN
The FortiASIC Advantage
FortiGate-3040B/3140B appliances include our latest FortiASIC Network
Processors (NP) and Content Processors (CP). These purpose-built, highperformance processors use proprietary digital engines to accelerate resourceintensive security services.
FortiASIC™- NP4
0849
A905ES
The FortiASIC NP4 works inline with firewall and VPN functions delivering:
•
•
•
•
Wire-speed firewall performance for any size packets
VPN acceleration
Anomaly-based intrusion prevention, checksum offload and packet
defragmentation
Traffic shaping and priority queuing
The FortiASIC CP7 works outside of the direct flow of traffic, providing highspeed cryptography and content inspection services including:
•
•
FortiASIC-CP7
TS4KJ-000
0846 CO
Encryption and decryption offloading
Signature-based content inspection acceleration
FortiGate-3140B appliance includes the custom FortiASIC Security Processor
(SP) chip. The FortiASIC SP2 provides additional intrusion prevention system
(IPS) and firewall acceleration for the most demanding environments.
FortiGate-3040B Appliance (Front)
FortiGate-3040B Appliance (Back)
FortiGate-3140B Appliance (Front)
FortiGate-3140B Appliance (Back)
FortiGuard® Security Subscription Services deliver dynamic, automated updates for Fortinet products. The Fortinet Global Security Research
Team creates these updates to ensure up-to-date protection against sophisticated threats. Subscriptions include antivirus, intrusion prevention,
web filtering, antispam, vulnerability management, application control, and database security services. For more information about FortiGuard
Services, please visit www.fortiguard.com.
FortiCare™ Support Services provide global support for all Fortinet products and services. FortiCare support enables your Fortinet products to
perform optimally. Support plans start with 8x5 Enhanced Support with return and replace hardware support or 24x7 Comprehensive Support
with advanced hardware replacement. Options include Premium Support, Premium RMA, and Professional Services. All hardware products
include a 1-year limited hardware warranty and a 90-day limited software warranty. Additionally, Fortinet Professional Services can be engaged
to expedite critical projects and initial deployments.
FortiGuard Subscription Services
Products
Antivirus
FortiGate-3040B
FortiGate-3140B
Supported
Supported
Intrusion
Prevention
Supported
Supported
Web Filtering
Antispam
Supported
Supported
Supported
Supported
Application
Control
Supported
Supported
Vulnerability
Management
Supported
Supported
Firewall
Intrusion Prevention
Fortinet firewall technology delivers complete content and network
protection by combining stateful inspection with a comprehensive
suite of powerful security features. Application control, antivirus,
IPS, Web filtering and VPN, along with advanced features such
as an extreme threat database, vulnerability management, flowbased inspection and active profiling work in concert to identify
and mitigate the latest complex security threats. The securityhardened FortiOS operating system works together with purposebuilt FortiASIC processors to accelerate inspection throughput and
identification of malware.
IPS technology protects against current and emerging networklevel threats. In addition to signature-based threat detection, IPS
performs anomaly-based detection which alerts users to any traffic
that matches attack behavior profiles. The Fortinet threat research
team analyzes suspicious behavior, identifies and classifies
emerging threats, and generate new signatures to include with
FortiGuard Service updates.
Features
Features
NAT, PAT and Transparent (Bridge)
Policy-Based NAT
SIP/H.323/SCCP NAT Traversal
VLAN Tagging (802.1Q)
Vulnerability Management
IPv6 Support
Automatic Database Updates
Protocol Anomaly Support
IPS and DoS Prevention Sensor
Custom Signature Support
IPv6 Support
Throughput
1518 Byte Packets
512 Byte Packets
64 Byte Packets
FG-3040B
FG-3140B
40 Gbps
40 Gbps
40 Gbps
58 Gbps
55 Gbps
43 Gbps
Throughput
IPS
FG-3040B
FG-3140B
6 Gbps
8.4 Gbps
Antivirus / Antispyware
VPN
Antivirus content inspection technology protects against viruses,
spyware, worms, and other forms of malware which can infect
network infrastructure and endpoint devices. By intercepting
and inspecting application-based traffic and content, antivirus
protection ensures that malicious threats hidden within legitimate
application content are identified and removed from data streams
before they can cause damage. FortiGuard subscription services
ensure that FortiGate devices are updated with the latest malware
signatures for high levels of detection and mitigation.
Fortinet VPN technology provides secure communications between
multiple networks and hosts, using SSL and IPsec VPN technologies.
Both services leverage our custom FortiASIC processors to provide
acceleration in the encryption and decryption steps. The FortiGate
VPN service enforces complete content inspection and multithreat protections including antivirus, intrusion prevention and
Web filtering. Traffic optimization provides prioritization for critical
communications traversing VPN tunnels.
Features
Features
Automatic Database Updates
Proxy-based Antivirus
Flow-based Antivirus
File Quarantine
IPv6 Support
IPSec and SSL VPN
DES, 3DES, AES and SHA-1/MD5 Authentication
PPTP, L2TP, VPN Client Pass Through
SSL Single Sign-On Bookmarks
Two-Factor Authentication
Throughput
Antivirus (Proxy-based)
Antivirus (Flow-based)
FG-3040B
FG-3140B
2.3 Gbps
4.5 Gbps
2.3 Gbps
5.7 Gbps
Performance
FG-3040B
FG-3140B
IPSec VPN Throughput
SSL VPN Throughput
Maximum SSL VPN Users
Recommended
17 Gbps
500 Mbps
22,000
22 Gbps
500 Mbps
22,000
WAN Optimization
Wide Area Network (WAN) optimization accelerates applications
over geographically dispersed networks, while ensuring multithreat inspection of all network traffic. WAN optimization eliminates
unnecessary and malicious traffic, optimizes legitimate traffic, and
reduces the amount of bandwidth required to transmit data between
applications and servers. Improved application performance and
delivery of network services reduces bandwidth and infrastructure
requirements, along with associated expenditures.
SSL-Encrypted Traffic Inspection
SSL-encrypted traffic inspection protects endpoint clients and
Web and application servers from hidden threats. SSL Inspection
intercepts encrypted traffic and inspects it for threats prior to
routing it to its final destination. It can be applied to client-oriented
SSL traffic, such as users connecting to cloud-based CRM site,
and to inbound Web and application server traffic. SSL inspection
enables you to enforce appropriate use policies on encrypted Web
content and to protect servers from threats which may be hidden
inside encrypted traffic flows.
Features
Features
Gateway-to-Gateway Optimization
Bidirectional Gateway-to-client Optimization
Web Caching
Secure Tunnel
Transparent Mode
Protocol support:
HTTPS, SMTPS, POP3S, IMAPS
Inspection support:
Antivirus, Web Filtering, Antispam, Data Loss Prevention, SSL Offload
Endpoint NAC
Endpoint NAC can enforce the use of FortiClient Endpoint Security
for users connecting to corporate networks. Endpoint NAC verifies
FortiClient Endpoint Security installation, firewall operation and upto-date antivirus signatures before allowing network access. Noncompliant endpoints, such as endpoints running applications that
violate security policies can be quarantined or sent to remediation.
Data Loss Prevention
DLP uses a sophisticated pattern-matching engine to identify and
prevent the transfer of sensitive information outside of your network
perimeter, even when applications encrypt their communications.
In addition to protecting your organization’s critical data, Fortinet
DLP provides audit trails to aid in policy compliance. You can select
from a wide range of configurable actions to log, block, and archive
data, and quarantine or ban users.
Features
Features
Monitor & Control Hosts Running FortiClient
Vulnerability Scanning of Network Nodes
Quarantine Portal
Application Detection and Control
Built-in Application Database
Identification and Control Over Data in Motion
Built-in Pattern Database
RegEx Based Matching Engine
Common File Format Inspection
International Character Sets Supported
Flow-based DLP
Web Filtering
Web filtering protects endpoints, networks and sensitive information
against Web-based threats by preventing users from accessing
known phishing sites and sources of malware. In addition,
administrators can enforce policies based on Website categories
to easily prevent users from accessing inappropriate content and
clogging networks with unwanted traffic.
Logging, Reporting & Monitoring
FortiGate consolidated security appliances provide extensive
logging capabilities for traffic, system, and network protection
functions. They also allow you to assemble drill-down and graphical
reports from detailed log information. Reports can provide historical
and current analysis of network activity to aid with identification of
security issues and to prevent network misuse and abuse.
Features
Features
HTTP/HTTPS Filtering
URL / Keyword / Phrase Block
Blocks Java Applet, Cookies or Active X
MIME Content Header Filtering
Flow-based Web Filtering
IPv6 Support
Internal Log storage and Report Generation
Graphical Real-Time and Historical Monitoring
Graphical Report Scheduling Support
Graphical Drill-down Charts
Optional FortiAnalyzer Logging (including per VDOM)
Optional FortiGuard Analysis and Management Service
High Availability
High Availability (HA) configurations enhance reliability and increase
performance by clustering multiple FortiGate appliances into a
single entity. FortiGate High Availability supports Active-Active and
Active-Passive options to provide maximum flexibility for utilizing
each member within the HA cluster. The HA feature is included
as part of the FortiOS operation system and is available with most
FortiGate appliances.
Application Control
Application control enables you to define and enforce policies for
thousands of applications running across networks regardless of
port or the protocol used for communication. The explosion of new
Internet-based and Web 2.0 applications bombarding networks
today make application control essential, as most application
traffic looks like normal Web traffic to traditional firewalls. Fortinet
application control provides granular control of applications along
with traffic shaping capabilities and flow-based inspection options.
Features
Features
Active-Active and Active-Passive
Stateful Failover (FW and VPN)
Link State Monitor and Failover
Device Failure Detection and Notification
Server Load Balancing
Identify and Control Over 1,800 Applications
Traffic Shaping (Per Application)
Control Popular Apps Regardless of Port or Protocol
Popular Applications include:
AOL-IM Yahoo
MSN
KaZaa
ICQ
Gnutella BitTorrent MySpace
WinNY
Skype eDonkey Facebook
and more
Virtual Domains
Virtual Domains (VDOMs) enable a single FortiGate system to
function as multiple independent virtual FortiGate systems. Each
VDOM contains its own virtual interfaces, security profiles, routing
table, administration, and many other features. FortiGate VDOMs
reduce the complexity of securing disparate networks by virtualizing
security resources on the FortiGate platform, greatly reducing
the power and footprint required as compared to multiple point
products. Ideal for large enterprise and managed service providers.
Setup / Configuration Options
Fortinet provides administrators with a variety of methods and
wizards for configuring FortiGate appliances during deployment.
From the easy-to-use Web-based interface to the advanced
capabilities of the command-line interface, FortiGate systems offer
the flexibility and simplicity you need.
Features
Features
Separate Firewall / Routing Domains
Separate Administrative Domains
Separate VLAN Interfaces
Maximum VDOMs: 250
Default VDOMs: 10
Web-based User Interface
Command Line Interface Over Serial Connection
Pre-configured Settings from USB Drive
Wireless Controller
All FortiGate and FortiWiFi™ consolidated security platforms have
an integrated wireless controller, enabling centralized management
of FortiAP™ secure access points and wireless LANs. Unauthorized
wireless traffic is blocked, while allowed traffic is subject to identityaware firewall policies and multi-threat security inspection. From a
single console you can control network access, update security
policies, and enable automatic identification and suppression of
rogue access points.
Features
Unified WiFi and Access Point Management
Automatic Provisioning of APs
On-wire Detection and Blocking of Rogue APs
Supports Virtual APs with Different SSIDs
Supports Multiple Authentication Methods
Technical Specifications
FortiGate-3040B
FortiGate-3140B
20
22
Hardware
Total Network Interfaces
Hardware Accelerated 10-GbE SFP+ Interfaces
8
10
Hardware Accelerated GbE SFP Interfaces
10
Non-Accelerated 10/100/1000 Interfaces
2
Transceivers Included
2x SR SFP+
Fortinet Storage Module (FSM) Expansion Slots (Total)
4
Local Solid State Disk Storage Included
2
RJ45 Serial Console
1
• Advanced Layer-2/3 routing for data
center traffic optimization
System Performance
Firewall Throughput (1518 / 512 / 64 byte UDP packets)
Firewall Latency (64 byte UDP packets)
Firewall Throughput (Packets Per Second)
40 / 40 / 40 Gbps
58 / 55 / 43 Gbps
4 μs
4 μs
60 Mpps
65 Mpps
Concurrent Sessions (TCP)
10 Million
New Sessions/Sec (TCP)
200,000
Firewall Policies
17 Gbps
22 Gbps
Gateway-to-Gateway IPSec VPN Tunnels
10,000
Client-to-Gateway IPSec VPN Tunnels
64,000
SSL-VPN Throughput
IPS Throughput
22,000
6 Gbps
Antivirus Throughput (Proxy Based / Flow Based)
8.4 Gbps
2.3 / 4.5 Gbps
Virtual Domains (Default / Max)
• Traffic Shaping and Prioritization ensure
performance of critical traffic
• WAN Optimization and Web Caching for
improved performance and lower costs
500 Mbps
Concurrent SSL-VPN Users (Recommended Max)
• High Availability (Active/Active, Active/
Passive, Clustering) for maximum uptime
• Virtual Domains (VDOMs) for multitenant environments
100,000
IPSec VPN Throughput (512 byte packets)
• Multiple deployment modes
(Transparent/Routing) for ease of
installation
• Integrated Switch Fabric for very low
latency
64 GB SSD (1x FSM-064)
USB Server
FortiGate-3040B/3140B consolidated
security appliances also include:
2.3 / 5.7 Gbps
• Local event logging and reporting for
compliance and auditing
10 / 250
Max Number of FortiAPs
1,024
Max Number of FortiTokens
5,000
Max Number of Registered FortiClients
MANAGEMENT OPTIONS
• Local Web-Based Management Interface
8,000
High Availability Configurations
Active/Active, Active/Passive, Clustering
Unlimited User Licenses
Yes
Dimensions and Power
Height x Width x Length
3.46 x 17.40 x 21.85 in (8.8 x 44.2 x 55.5 cm)
Weight
35 lb (15.9 kg)
Rack Mountable
41 lb (18.6 kg)
• Command Line Management Interface
(CLI)
• Centralized management and analysis
by FortiManager and FortiAnalyzer
Yes
100 - 240 VAC, 50-60 Hz,
3.50-1.75 A (Max)
100 - 240 VAC, 50-60 Hz,
4.18-2.09 A (Max)
Power Consumption (Avg / Max)
315 / 378 W
383 / 460 W
Heat Dissipation
1290 BTU/h
AC Power Supply
1570 BTU/h
DC Power Supply (FG-3040B-DC / FG-3140B-DC)
-48V VDC
Redundant Power Supplies (Hot Swappable)
Yes
Operating Environment and Certifications
Operating Temperature
Storage Temperature
32 – 104 deg F (0 – 40 deg C)
-31 – 158 deg F (-35 – 70 deg C)
Humidity
20 to 90% non-condensing
Compliance
FCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CB
Certifications
ICSA Labs: Firewall, IPSec, IPS, Antivirus, SSL VPN
Note: All performance values are “up to” and vary depending on system
configuration. Antivirus performance is measured using 44 Kbyte HTTP files.
IPS performance is measured using 1 Mbyte HTTP files.
Ordering Info
Product
SKU
FortiGate-3040B
FG-3040B
FortiGate-3140B
FG-3140B
FortiGate-3040B-DC
FG-3040B-DC
FortiGate-3140B-DC
FG-3140B-DC
Optional Accessories
SKU
Fortinet Storage Module (FSM), 64 GB Solid State Drive for FortiGate with FSM slot
FSM-064
10-Gig transceiver, Short Range SFP+ module for all FortiGate models with SFP+ interfaces
FG-TRAN-SFP+SR
10-Gig transceiver, Long Range SFP+ module for all FortiGate models with SFP+ interfaces
FG-TRAN-SFP+LR
GLOBAL HEADQUARTERS
EMEA SALES OFFICE – FRANCE
APAC SALES OFFICE – SINGAPORE
Fortinet Incorporated
1090 Kifer Road, Sunnyvale, CA 94086 USA
Tel +1.408.235.7700
Fax +1.408.235.7737
www.fortinet.com/sales
Fortinet Incorporated
120 rue Albert Caquot
06560, Sophia Antipolis, France
Tel +33.4.8987.0510
Fax +33.4.8987.0501
Fortinet Incorporated
300 Beach Road #20-01 The Concourse,
Singapore 199555
Tel +65-6513-3734
Fax +65-6295-0015
CCopyright© 2013 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard® are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective
owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding
commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according
to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise
this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-GT3K2
FG-3040B-3140B-DAT-R9-201301
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement