FortiGate® 200F Series
FortiGate 200F and 201F
Next Generation Firewall
Secure SD-WAN
Secure Web Gateway
The FortiGate 200F series provides an application-centric, scalable and secure SD-WAN solution with next generation firewall (NGFW) capabilities for mid-sized to large enterprises deployed at the campus or enterprise branch level. Protects against cyber threats with system-on-a-chip acceleration and industry leading secure SD-WAN in a simple, affordable, and easy to deploy solution. Fortinet’s Security-Driven Networking approach provides tight integration of the network to the new generation of security.
Security
- Identifies thousands of applications inside network traffic for deep inspection and granular policy enforcement
- Protects against malware, exploits, and malicious websites in both encrypted and non-encrypted traffic
- Prevents and detects against known attacks using continuous threat intelligence from AI-powered FortiGuard Labs security services
- Proactively blocks unknown sophisticated attacks in real-time with the Fortinet Security Fabric integrated AI-powered FortiSandbox
Performance
- Engineered for innovation using Fortinet’s purpose-built security processors (SPU) to deliver the industry’s best threat protection performance and ultra-low latency
- Provides industry-leading performance and protection for SSL encrypted traffic including the first firewall vendor to provide TLS 1.3 deep inspection
Certification
- Independently tested and validated best security effectiveness and performance
- Received unparalleled third-party certifications from NSS Labs, ICSA, Virus Bulletin, and AV Comparatives
Networking
- Dynamic Path Selection over any WAN transport to provide better application experience based on self-healing SD-WAN capabilities
- Provides industry-leading performance and protection for SSL encrypted traffic including the first firewall vendor to provide TLS 1.3 deep inspection
Management
- SD-WAN Orchestration provides intuitive and simplified workflow for centralized management and provisioning of business policies in a few easy clicks
- Expedited deployment with Zero touch provisioning well-suited for large and distributed infrastructure aggregation and encrypted WAN paths
- Automated VPN tunnels for flexible hub-to-spoke and full-mesh deployment at scale to provide bandwidth aggregation and encrypted WAN paths
- Predefined compliance checklists analyze the deployment and highlight best practices to improve the overall security posture
Security Fabric
- Enables Fortinet and Fabric-ready partners’ products to provide broader visibility, integrated end-to-end detection, threat intelligence sharing, and automated remediation
- Automatically builds Network Topology visualizations which discover IoT devices and provide complete visibility into Fortinet and Fabric-ready partner products
| Firewall | IPS | NGFW | Threat Protection | Interfaces |
| 27 Gbps | 5 Gbps | 3.5 Gbps | 3 Gbps | Multiple GE RJ45, GE SFP and 10 GE SFP+ slots |
Deployment
Next Generation Firewall (NGFW)
- Reduce the complexity and maximize your ROI by integrating threat protection security capabilities into a single high-performance network security appliance, powered by Fortinet’s Security Processing Unit (SPU)
- Full visibility into users, devices, and applications across the entire attack surface, and consistent security policy enforcement irrespective of asset location
- Protect against network exploitable vulnerabilities with industry-validated IPS that offers low latency and optimized network performance
- Automatically block threats on decrypted traffic using the industry’s highest SSL inspection performance, including the latest TLS 1.3 standard with mandated ciphers
- Proactively block newly discovered sophisticated attacks in real-time with AI-powered FortiGuard Labs and advanced threat protection services included in the Fortinet Security Fabric
Secure Web Gateway (SWG)
- Secure web access from both internal and external risks, even for encrypted traffic at high performance
- Enhanced user experience with dynamic web and video caching
- Block and control web access based on user or user groups across URLs and domains
- Prevent data loss and discover user activity to known and unknown cloud applications
- Block DNS requests against malicious domains
- Multi-layered advanced protection against zero-day malware threats delivered over the web
Secure SD-WAN
- Consistent business application performance with accurate detection, dynamic WAN path steering on any best-performing WAN transport
- Accelerated multi-cloud access for faster SaaS adoption with cloud-on-ramp
- Self-healing networks with WAN edge high availability, sub-second traffic switchover-based and real-time bandwidth compute-based traffic steering
- Automated overlay tunnels provides encryption and abstracts physical hybrid WAN making it simple to manage
- Simplified and intuitive workflow with SD-WAN orchestrator for management and zero touch deployment
- Enhanced analytics both real-time and historical provides visibility into network performance and identifies anomalies
- Strong security posture with next generation firewall and real-time threat protection
Next Generation Firewall (NGFW)
Hardware
Interfaces
- (1) 2x GE RJ45 HA/MGMT Ports
- (2) 16x GE RJ45 Ports
- (3) 2x 10 GE SFP+ Slots
- (4) 2x 10 GE SFP+ FortiLink Slots
- (5) 8x GE SFP Slots
Extends Security to Access Layer with
FortiLink Ports
FortiLink protocol enables you to converge security and the network access by integrating the FortiSwitch into the FortiGate as a logical extension of the NGFW. These FortiLink enabled ports can be reconfigured as regular ports as needed.
Powered by Purpose-built
Powered by SPU
- Combines a RISC-based CPU with Fortinet’s proprietary Security Processing Unit (SPU) content and network processors for unmatched performance
- Simplifies appliance design and enables breakthrough performance for smaller networks
- Supports firewall acceleration across all packet sizes for maximum throughput
- Delivers accelerated UTM content processing for superior performance and protection
- Accelerates VPN performance for high speed and secure remote access
Content Processor
Fortinet’s new, breakthrough SPU CP9 content processor works outside of the direct flow of traffic and accelerates the inspection of computationally intensive security features:
- Enhanced IPS performance with unique capability of full signature matching at ASIC
- SSL Inspection capabilities based on the latest industry mandated cipher suites
- Encryption and decryption offloading
Network Processor
The SPU NP6XLite network processor enhances firewall and VPN functions delivering:
- Optimized firewall processing for all types of IP payloads and Ethernet frames
- Hardware-accelerated VPN encryption
- Anomaly-based intrusion prevention, checksum offload, and packet defragmentation
- Traffic shaping and priority queuing
Trusted Platform Module (TPM)
The FortiGate 200F Series features a dedicated module that hardens physical networking appliances by generating, storing, and authenticating cryptographic keys. Hardware-based security mechanisms protect against malicious software and phishing attacks.
Fortinet Security Fabric
The Security Fabric is the cybersecurity platform that enables digital innovations. It delivers broad visibility of the entire attack surface to better manage risk. Its unified and integrated solution reduces the complexity of supporting multiple-point products, while automated workflows increase operational speeds and reduce response times across the Fortinet deployment ecosystem. The Fortinet Security Fabric overs the following key areas under a single management center:
- Security-Driven Networking that secures, accelerates, and unifies the network and user experience
- Zero Trust Network Access that identifies and secures users and devices in real-time, on and off of the network
- Dynamic Cloud Security that protects and controls cloud infrastructures and applications
- AI-Driven Security Operations that automatically prevents, detects, isolates, and responds to cyber threats
FortiGates are the foundation of the Fortinet Security Fabric—the core is FortiOS. All security and networking capabilities across the entire FortiGate platform are controlled with one intuitive operating system. FortiOS reduces complexity, costs, and response times by truly consolidating next-generation security products and services into one platform.
- A truly consolidated platform with a single OS and pane-of-glass across the entire digital attack surface
- Industry-leading protection: NSS Labs Recommended, VB100, AV Comparatives, and ICSA validated security and performance
- Leverage the latest technologies such as deception-based security
- Control thousands of applications, block the latest exploits, and filter web traffic based on millions of real-time URL ratings in addition to true TLS 1.3 support
- Automatically prevent, detect, and mitigate advanced attacks within minutes with an integrated AI-driven security and advanced threat protection
- Improve and unify the user experience with innovative SD-WAN capabilities with the ability to detect, contain, and isolate threats with automated segmentation
- Utilize SPU hardware acceleration to boost network security performance
Services
FortiGuard™ Security Services
FortiGuard Labs offers real-time intelligence on the threat landscape, delivering comprehensive security updates across the full range of Fortinet’s solutions. Comprised of security threat researchers, engineers, and forensic specialists, the team collaborates with the world’s leading threat monitoring organizations and other network and security vendors, as well as law enforcement agencies.
FortiCare™ Support Services
Our FortiCare customer support team provides global technical support for all Fortinet products. With support staff in the Americas, Europe, Middle East, and Asia, FortiCare offers services to meet the needs of enterprises of all sizes.
For more information, please refer to forti.net/fortiguard and forti.net/forticare
Specifications
| FORTIGATE 200F | FORTIGATE 201F | |
| Hardware Specifications | ||
| GE RJ45 Ports | 16 | |
| GE RJ45 Management/HA/DMZ Ports | 1 / 1 | |
| GE SFP Slots | 8 | |
| 10GE SFP+ FortiLink Slots (default) | 2 | |
| GE RJ45 WAN Ports | 2 | |
| GE RJ45 or SFP Shared Ports * | 1 | |
| USB Ports | 1 | |
| Console (RJ45) | 1 | |
| Internal Storage | 1x 480 GB SSD | |
| Included Transcievers | 0 | |
| System Performance — Enterprise Traffic Mix | ||
| IPS Throughput 2 | 5 Gbps | |
| NGFW Throughput 2, 4 | 3.5 | |
| Threat Protection Throughput 2, 5 | 3 Gbps | |
| System Performance | ||
| Firewall Throughput (1518 / 512 / 64 byte UDP packets) | 27/27/11 Gbps | |
| Firewall Latency (64 byte UDP packets) | 4.78 μs | |
| Firewall Throughput (Packets Per Second) | 16.5 Mpps | |
| Concurrent Sessions (TCP) | 3 Million | |
| New Sessions/Second (TCP) | 280,000 | |
| Firewall Policies | 10,000 | |
| IPsec VPN Throughput (512 byte) 1 | 13 Gbps | |
| Gateway-to-Gateway IPsec VPN Tunnels | 2,500 | |
| Client-to-Gateway IPsec VPN Tunnels | 16,000 | |
| SSL-VPN Throughput | 2 Gbps | |
| Concurrent SSL-VPN Users (Recommended Maximum, Tunnel Mode) | 500 | |
| SSL Inspection Throughput (IPS, avg. HTTPS) 3 | 4 Gbps | |
| SSL Inspection CPS (IPS, avg. HTTPS) 3 | 3,500 | |
| SSL Inspection Concurrent Session (IPS, avg. HTTPS) 3 | 300,000 | |
| Application Control Throughput (HTTP 64K) 2 | 13 Gbps | |
| CAPWAP Throughput (HTTP 64K) | 20 Gbps | |
| Virtual Domains (Default / Maximum) | 10 / 10 | |
| Maximum Number of FortiSwitches Supported | 64 | |
| Maximum Number of FortiAPs (Total / Tunnel Mode) | 256 / 128 | |
| Maximum Number of FortiTokens | 5,000 | |
| High Availability Configurations | Active / Active, Active / Passive, Clustering |
| FORTIGATE 200F | FORTIGATE 201F | |
| Dimensions | ||
| Height x Width x Length (inches) | 1.73 x 17.01 x 13.47 | |
| Height x Width x Length (mm) | 44 x 432 x 342 | |
| Form Factor (supports EIA / non-EIA standards) | Ear Mount, 1 RU | |
| Weight | 9.92 lbs (4.5 kg) | 10.14 lbs (4.6 kg) |
| Operating Environment and Certifications | ||
| Power Required | 100–240V AC, 50-60 | |
| Maximum Current | 100V / 2A, 240V / 1.2A | |
| Power Consumption (Average / Maximum) | 101.92 W / 118.90 W | 104.52 W / 121.94 W |
| Heat Dissipation | 405.70 BTU/h | 436.98 BTU/h |
| Redundant Power Supplies | Yes | |
| Operating Temperature | 32–104°F (0–40°C) | |
| Storage Temperature | -31–158°F (-35–70°C) | |
| Operating Altitude | Up to 7,400 ft (2,250 m) | |
| Humidity | 20–90% non-condensing | |
| Noise Level | 49.9 dBA | |
| Compliance | FCC Part 15B, Class A, CE, RCM, VCCI, UL/cUL, CB, BSMI | |
| Certifications | ICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN, IPv6 |
Note: All performance values are “up to” and vary depending on system configuration.
- IPsec VPN performance test uses AES256-SHA256
- IPS (Enterprise Mix), Application Control, NGFW, and Threat Protection are measured with Logging enabled.
- SSL Inspection performance values use an average of HTTPS sessions of different cipher suites
- NGFW performance is measured with Firewall, IPS, and Application Control enabled.
- Threat Protection performance is measured with Firewall, IPS, Application Control, and Malware Protection enabled.
Order Information
| Product | SKU | Description |
| FortiGate 200F | FG-200F | 18 x GE RJ45 (including 1 x MGMT port, 1 X HA port, 16 x switch ports), 8 x GE SFP slots, 4 x 10GE SFP+ slots, SoC4 and CP9 hardware accelerated. |
| FortiGate 201F | FG-201F | 18 x GE RJ45 (including 1 x MGMT port, 1 X HA port, 16 x switch ports), 8 x GE SFP slots, 4 x 10GE SFP+ slots, SoC4 and CP9 hardware accelerated, 480GB onboard SSD storage. |
| Optional Accessories | ||
| 1 GE SFP RJ45 transceiver module | FN-TRAN-GC | 1 GE SFP RJ45 transceiver module for all systems with SFP and SFP/SFP+slots |
| 1 GE SFP SX transceiver module | FN-TRAN-SX | 1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots. |
| 1 GE SFP LX transceiver module | FN-TRAN-LX | 1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots. |
| 10 GE SFP+ RJ45 transceiver module | FN-TRAN-SFP+GC | 10 GE SFP+ RJ45 transceiver module for systems with SFP+ slots. |
| 10 GE SFP+ transceiver module, short range | FG-TRAN-SFP+SR | 10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots. |
| 10 GE SFP+ transceiver module, long range | FN-TRAN-SFP+LR | 10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots |
| 10 GE SFP+ transceivers, extended range | FN-TRAN-SFP+ER | 10 GE SFP+ transceiver module, extended range for all systems with SFP+ and SFP/SFP+ slots. |
Bundles
FortiGuard
Bundle
FortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform. You can easily optimize the protection capabilities of your FortiGate with one of these FortiGuard Bundles.
| 360 Protection | Enterprise Protection | Unified Threat Protection | Threat Protection | |
|---|---|---|---|---|
| FortiCare | ASE 1 | 24×7 | 24×7 | 24×7 |
| FortiGuard App Control Service | ||||
| FortiGuard IPS Service | ||||
| FortiGuard Advanced Malware Protection (AMP) — Antivirus, Mobile Malware, Botnet, CDR, Virus Outbreak Protection and FortiSandbox Cloud Service | ||||
| FortiGuard Web Filtering Service | ||||
| FortiGuard Antispam Service | ||||
| FortiGuard Security Rating Service | ||||
| FortiGuard Industrial Service | ||||
| FortiGuard IoT Detection Service 2 | ||||
| FortiConverter Service | ||||
| IPAM Cloud 2 | ||||
| SD-WAN Orchestrator Entitlement 2 | ||||
| SD-WAN Cloud Assisted Monitoring | ||||
| SD-WAN Overlay Controller VPN Service | ||||
| FortiAnalyzer Cloud | ||||
| FortiManager Cloud |