FortiGate® 200F Series


FortiGate® 200F Series

FortiGate 200F and 201F

Next Generation Firewall
Secure SD-WAN
Secure Web Gateway

The FortiGate 200F series provides an application-centric, scalable and secure SD-WAN solution with next generation firewall (NGFW) capabilities for mid-sized to large enterprises deployed at the campus or enterprise branch level. Protects against cyber threats with system-on-a-chip acceleration and industry leading secure SD-WAN in a simple, affordable, and easy to deploy solution. Fortinet’s Security-Driven Networking approach provides tight integration of the network to the new generation of security.


  • Identifies thousands of applications inside network traffic for deep inspection and granular policy enforcement 
  • Protects against malware, exploits, and malicious websites in both encrypted and non-encrypted traffic 
  • Prevents and detects against known attacks using continuous threat intelligence from AI-powered FortiGuard Labs security services 
  • Proactively blocks unknown sophisticated attacks in real-time with the Fortinet Security Fabric integrated AI-powered FortiSandbox 


  • Engineered for innovation using Fortinet’s purpose-built security processors (SPU) to deliver the industry’s best threat protection performance and ultra-low latency 
  • Provides industry-leading performance and protection for SSL encrypted traffic including the first firewall vendor to provide TLS 1.3 deep inspection 


  • Independently tested and validated best security effectiveness and performance 
  • Received unparalleled third-party certifications from NSS Labs, ICSA, Virus Bulletin, and AV Comparatives


  • Dynamic Path Selection over any WAN transport to provide better application experience based on self-healing SD-WAN capabilities 
  • Provides industry-leading performance and protection for SSL encrypted traffic including the first firewall vendor to provide TLS 1.3 deep inspection


  • SD-WAN Orchestration provides intuitive and simplified workflow for centralized management and provisioning of business policies in a few easy clicks
  • Expedited deployment with Zero touch provisioning well-suited for large and distributed infrastructure aggregation and encrypted WAN paths 
  • Automated VPN tunnels for flexible hub-to-spoke and full-mesh deployment at scale to provide bandwidth aggregation and encrypted WAN paths
  • Predefined compliance checklists analyze the deployment and highlight best practices to improve the overall security posture

Security Fabric 

  • Enables Fortinet and Fabric-ready partners’ products to provide broader visibility, integrated end-to-end detection, threat intelligence sharing, and automated remediation 
  • Automatically builds Network Topology visualizations which discover IoT devices and provide complete visibility into Fortinet and Fabric-ready partner products 
 Firewall IPS  NGFW  Threat Protection  Interfaces
 27 Gbps  5 Gbps  3.5 Gbps  3 Gbps  Multiple GE RJ45, GE SFP and 10 GE SFP+ slots


Next Generation Firewall (NGFW)

  • Reduce the complexity and maximize your ROI by integrating threat protection security capabilities into a single high-performance network security appliance, powered by Fortinet’s Security Processing Unit (SPU) 
  • Full visibility into users, devices, and applications across the entire attack surface, and consistent security policy enforcement irrespective of asset location 
  • Protect against network exploitable vulnerabilities with industry-validated IPS that offers low latency and optimized network performance 
  • Automatically block threats on decrypted traffic using the industry’s highest SSL inspection performance, including the latest TLS 1.3 standard with mandated ciphers 
  • Proactively block newly discovered sophisticated attacks in real-time with AI-powered FortiGuard Labs and advanced threat protection services included in the Fortinet Security Fabric 

Secure Web Gateway (SWG)

  • Secure web access from both internal and external risks, even for encrypted traffic at high performance 
  • Enhanced user experience with dynamic web and video caching 
  • Block and control web access based on user or user groups across URLs and domains 
  • Prevent data loss and discover user activity to known and unknown cloud applications 
  • Block DNS requests against malicious domains 
  • Multi-layered advanced protection against zero-day malware threats delivered over the web 

Secure SD-WAN

  • Consistent business application performance with accurate detection, dynamic WAN path steering on any best-performing WAN transport 
  • Accelerated multi-cloud access for faster SaaS adoption with cloud-on-ramp 
  • Self-healing networks with WAN edge high availability, sub-second traffic switchover-based and real-time bandwidth compute-based traffic steering 
  • Automated overlay tunnels provides encryption and abstracts physical hybrid WAN making it simple to manage 
  • Simplified and intuitive workflow with SD-WAN orchestrator for management and zero touch deployment 
  • Enhanced analytics both real-time and historical provides visibility into network performance and identifies anomalies 
  • Strong security posture with next generation firewall and real-time threat protection 

Next Generation Firewall (NGFW)


FortiGate 200F/201F


  • (1) 2x GE RJ45 HA/MGMT Ports
  • (2) 16x GE RJ45 Ports
  • (3) 2x 10 GE SFP+ Slots
  • (4) 2x 10 GE SFP+ FortiLink Slots
  • (5) 8x GE SFP Slots

Extends Security to Access Layer with
FortiLink Ports

FortiLink protocol enables you to converge security and the network access by integrating the FortiSwitch into the FortiGate as a logical extension of the NGFW. These FortiLink enabled ports can be reconfigured as regular ports as needed.

Powered by Purpose-built
Powered by SPU

  • Combines a RISC-based CPU with Fortinet’s proprietary Security Processing Unit (SPU) content and network processors for unmatched performance
  • Simplifies appliance design and enables breakthrough performance for smaller networks
  • Supports firewall acceleration across all packet sizes for maximum throughput
  • Delivers accelerated UTM content processing for superior performance and protection
  • Accelerates VPN performance for high speed and secure remote access

Content Processor

Fortinet’s new, breakthrough SPU CP9 content processor works outside of the direct flow of traffic and accelerates the inspection of computationally intensive security features: 

  • Enhanced IPS performance with unique capability of full signature matching at ASIC 
  • SSL Inspection capabilities based on the latest industry mandated cipher suites 
  • Encryption and decryption offloading 

Network Processor

The SPU NP6XLite network processor enhances firewall and VPN functions delivering: 

  • Optimized firewall processing for all types of IP payloads and Ethernet frames 
  • Hardware-accelerated VPN encryption 
  • Anomaly-based intrusion prevention, checksum offload, and packet defragmentation 
  • Traffic shaping and priority queuing 

Trusted Platform Module (TPM)

The FortiGate 200F Series features a dedicated module that hardens physical networking appliances by generating, storing, and authenticating cryptographic keys. Hardware-based security mechanisms protect against malicious software and phishing attacks. 

Fortinet Security Fabric

Security Fabric

The Security Fabric is the cybersecurity platform that enables digital innovations. It delivers broad visibility of the entire attack surface to better manage risk. Its unified and integrated solution reduces the complexity of supporting multiple-point products, while automated workflows increase operational speeds and reduce response times across the Fortinet deployment ecosystem. The Fortinet Security Fabric overs the following key areas under a single management center: 

  • Security-Driven Networking that secures, accelerates, and unifies the network and user experience 
  • Zero Trust Network Access that identifies and secures users and devices in real-time, on and off of the network 
  • Dynamic Cloud Security that protects and controls cloud infrastructures and applications 
  • AI-Driven Security Operations that automatically prevents, detects, isolates, and responds to cyber threats 


FortiGates are the foundation of the Fortinet Security Fabric—the core is FortiOS. All security and networking capabilities across the entire FortiGate platform are controlled with one intuitive operating system. FortiOS reduces complexity, costs, and response times by truly consolidating next-generation security products and services into one platform. 

  • A truly consolidated platform with a single OS and pane-of-glass across the entire digital attack surface 
  • Industry-leading protection: NSS Labs Recommended, VB100, AV Comparatives, and ICSA validated security and performance 
  • Leverage the latest technologies such as deception-based security 
  • Control thousands of applications, block the latest exploits, and filter web traffic based on millions of real-time URL ratings in addition to true TLS 1.3 support 
  • Automatically prevent, detect, and mitigate advanced attacks within minutes with an integrated AI-driven security and advanced threat protection 
  • Improve and unify the user experience with innovative SD-WAN capabilities with the ability to detect, contain, and isolate threats with automated segmentation 
  • Utilize SPU hardware acceleration to boost network security performance 


FortiGuard™ Security Services

FortiGuard Labs offers real-time intelligence on the threat landscape, delivering comprehensive security updates across the full range of Fortinet’s solutions. Comprised of security threat researchers, engineers, and forensic specialists, the team collaborates with the world’s leading threat monitoring organizations and other network and security vendors, as well as law enforcement agencies.

FortiCare™ Support Services

Our FortiCare customer support team provides global technical support for all Fortinet products. With support staff in the Americas, Europe, Middle East, and Asia, FortiCare offers services to meet the needs of enterprises of all sizes.

For more information, please refer to and


Hardware Specifications
GE RJ45 Ports 16
GE RJ45 Management/HA/DMZ Ports 1 / 1
GE SFP Slots 8
10GE SFP+ FortiLink Slots (default) 2
GE RJ45 WAN Ports 2
GE RJ45 or SFP Shared Ports * 1
USB Ports 1
Console (RJ45) 1
Internal Storage 1x 480 GB SSD
Included Transcievers 0
System Performance — Enterprise Traffic Mix
IPS Throughput 2 5 Gbps
NGFW Throughput 2, 4 3.5
Threat Protection Throughput 2, 5 3 Gbps
System Performance
Firewall Throughput (1518 / 512 / 64 byte UDP packets) 27/27/11 Gbps
Firewall Latency (64 byte UDP packets) 4.78 μs
Firewall Throughput (Packets Per Second) 16.5 Mpps
Concurrent Sessions (TCP) 3 Million
New Sessions/Second (TCP) 280,000
Firewall Policies 10,000
IPsec VPN Throughput (512 byte) 1 13 Gbps
Gateway-to-Gateway IPsec VPN Tunnels 2,500
Client-to-Gateway IPsec VPN Tunnels 16,000
SSL-VPN Throughput 2 Gbps
Concurrent SSL-VPN Users (Recommended Maximum, Tunnel Mode) 500
SSL Inspection Throughput (IPS, avg. HTTPS) 3 4 Gbps
SSL Inspection CPS (IPS, avg. HTTPS) 3 3,500
SSL Inspection Concurrent Session (IPS, avg. HTTPS) 3 300,000
Application Control Throughput (HTTP 64K) 2 13 Gbps
CAPWAP Throughput (HTTP 64K) 20 Gbps
Virtual Domains (Default / Maximum) 10 / 10
Maximum Number of FortiSwitches Supported 64
Maximum Number of FortiAPs (Total / Tunnel Mode) 256 / 128
Maximum Number of FortiTokens 5,000
High Availability Configurations Active / Active, Active / Passive, Clustering
Height x Width x Length (inches) 1.73 x 17.01 x 13.47
Height x Width x Length (mm) 44 x 432 x 342
Form Factor (supports EIA / non-EIA standards) Ear Mount, 1 RU
Weight 9.92 lbs (4.5 kg) 10.14 lbs (4.6 kg)
Operating Environment and Certifications
Power Required 100–240V AC, 50-60
Maximum Current 100V / 2A, 240V / 1.2A
Power Consumption (Average / Maximum) 101.92 W / 118.90 W 104.52 W / 121.94 W
Heat Dissipation 405.70 BTU/h 436.98 BTU/h
Redundant Power Supplies Yes
Operating Temperature 32–104°F (0–40°C)
Storage Temperature -31–158°F (-35–70°C)
Operating Altitude Up to 7,400 ft (2,250 m)
Humidity 20–90% non-condensing
Noise Level 49.9 dBA
Compliance FCC Part 15B, Class A, CE, RCM, VCCI, UL/cUL, CB, BSMI
Certifications ICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN, IPv6

Note: All performance values are “up to” and vary depending on system configuration.

  1. IPsec VPN performance test uses AES256-SHA256
  2. IPS (Enterprise Mix), Application Control, NGFW, and Threat Protection are measured with Logging enabled.
  3. SSL Inspection performance values use an average of HTTPS sessions of different cipher suites
  1. NGFW performance is measured with Firewall, IPS, and Application Control enabled.
  2. Threat Protection performance is measured with Firewall, IPS, Application Control, and Malware Protection enabled.

Order Information

Product SKU Description
FortiGate 200F FG-200F 18 x GE RJ45 (including 1 x MGMT port, 1 X HA port, 16 x switch ports), 8 x GE SFP slots, 4 x 10GE SFP+ slots, SoC4 and CP9 hardware accelerated.
FortiGate 201F FG-201F 18 x GE RJ45 (including 1 x MGMT port, 1 X HA port, 16 x switch ports), 8 x GE SFP slots, 4 x 10GE SFP+ slots, SoC4 and CP9 hardware accelerated, 480GB onboard SSD storage.
Optional Accessories
1 GE SFP RJ45 transceiver module FN-TRAN-GC 1 GE SFP RJ45 transceiver module for all systems with SFP and SFP/SFP+slots
1 GE SFP SX transceiver module FN-TRAN-SX 1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots.
1 GE SFP LX transceiver module FN-TRAN-LX 1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots.
10 GE SFP+ RJ45 transceiver module FN-TRAN-SFP+GC 10 GE SFP+ RJ45 transceiver module for systems with SFP+ slots.
10 GE SFP+ transceiver module, short range FG-TRAN-SFP+SR 10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots.
10 GE SFP+ transceiver module, long range FN-TRAN-SFP+LR 10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots
10 GE SFP+ transceivers, extended range FN-TRAN-SFP+ER 10 GE SFP+ transceiver module, extended range for all systems with SFP+ and SFP/SFP+ slots.



FortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform. You can easily optimize the protection capabilities of your FortiGate with one of these FortiGuard Bundles. 

360 Protection Enterprise Protection Unified Threat Protection Threat Protection
FortiCare ASE 1 24×7 24×7 24×7
FortiGuard App Control Service
FortiGuard IPS Service
FortiGuard Advanced Malware Protection (AMP) — Antivirus, Mobile Malware, Botnet, CDR, Virus Outbreak Protection and FortiSandbox Cloud Service
FortiGuard Web Filtering Service  
FortiGuard Antispam Service  
FortiGuard Security Rating Service    
FortiGuard Industrial Service    
FortiGuard IoT Detection Service 2    
FortiConverter Service    
IPAM Cloud 2      
SD-WAN Orchestrator Entitlement 2      
SD-WAN Cloud Assisted Monitoring      
SD-WAN Overlay Controller VPN Service      
FortiAnalyzer Cloud      
FortiManager Cloud