FortiGate VM ESXi

DATA SHEET
FortiGate®-VM Next Generation Firewall
on VMware ESXi
The FortiGate-VM on VMware ESXi delivers next generation firewall capabilities for organizations
of all sizes. It protects against cyber threats with high performance, security efficacy, and deep
visibility.
Security Networking
n Identifies thousands of applications inside network traffic n Delivers advanced networking capabilities that
for deep inspection and granular policy enforcement seamlessly integrate with advanced layer 7 security and
n Protectsagainst malware, exploits, and malicious virtual domains (VDOMs) to offer extensive deployment
websites in both encrypted and non-encrypted traffic flexibility, multitenancy, and effective utilization of
resources (only BYOL supports VDOM)
n Prevent and detect against known and unknown attacks
n Delivers high-density, flexible combination of various
using continuous threat intelligence from AI-powered
FortiGuard Labs security services high-speed interfaces to enable best TCO for customers
for data center and WAN deployments
Performance
n Delivers industry’s best threat protection performance Management
n Includes a management console that is effective, simple
and ultra-low latency using purpose-built security
processor (SPU) technology with DPDK+vNP offloading to use, and provides comprehensive network automation
and SR-IOV technologies and visibility
n Provides Zero Touch Integration with Fortinet’s Security
n Providesindustry-leading performance and protection for
SSL encrypted traffic Fabric’s single pane of glass management
n Predefined compliance checklist analyzes the deployment
Certification
and highlights best practices to improve overall security
n Independently tested and validated for best-in-class
posture
security effectiveness and performance
Security Fabric
n Received unparalleled third-party certifications from NSS n Enables Fortinet and Fabric-ready partners’ products
Labs to provide broader visibility, integrated end-to-end
detection, threat intelligence sharing, and automated
remediation
n Out-of-the-box integration and orchestration with leading
SDN platforms
FortiManager FortiAnalyzer FortiSandbox FortiAuthenticator FortiSIEM FortiWeb FortiMail
Fortinet’s comprehensive security virtual appliance lineup supports VMware ESXi
1
DATA SHEET | FortiGate®-VM on VMware ESXi
DEPLOYMENT
N
ext Generation
Firewall (NGFW)
§ Reduce complexity by combining threat protection security § Delivers the industry’s highest SSL inspection performance
capabilities into single high-performance network security using industry-mandated ciphers while maximizing ROI
appliances § Proactively blocks newly discovered sophisticated attacks
§ Identify and stop threats with powerful intrusion prevention in real-time with advanced threat protection
beyond port and protocol that examines the actual
applications in your network traffic
Gain comprehensive visibility and apply consistent control
TECHNOLOGIES
SR-IOV (Single Root I/O Virtualization) Data Plane Development Kit (DPDK)
In enabling SR-IOV on the KVM host, you can partition a single and vNP Offloading
physical network controller into multiple virtual interfaces DPDK and vNP enhance FortiGate-VM performance by
(called virtual functions (VFs)), consisting of an ESXi virtual offloading part of packet processing to userspace while
network pool of adapters, which can be used by local host bypassing kernel within the operating system. You must
processors or directly by VMs like the FortiGate-VM. The VM enable and configure the capability with FortiGate CLI
then talks directly to the network adapters through Direct commands.
Memory Access (DMA) by bypassing virtualization transports,
which improves north-south network performance.
2
FORTINET SECURITY FABRIC
Security Fabric
The industry’s highest-performing cybersecurity platform,
powered by FortiOS, with a rich ecosystem designed to Fabric Mgmt.
Center
Fabric Security
Operations
span the extended digital attack surface, delivering fully
automated, self-healing network security. NOC SOC
§ Broad: Coordinated detection and enforcement across the

entire digital attack surface and lifecycle with converged
networking and security across edges, clouds, endpoints, Adaptive Cloud
Security
and users 
§ Integrated: Integrated and unified security, operation, Zero Trust
Access
and performance across different technologies, location,

FORTI OS
deployment options, and the richest ecosystem
§ Automated: Context-aware self-healing network and
security posture leveraging cloud-scale and advanced AI
to automatically deliver near-real-time, user-to-application
coordinated protection across the Fabric 
Security-Driven Open
Networking Ecosystem
The Fabric empowers organizations of any size to secure and FortiGuard

Threat Intelligence
simplify their hybrid infrastructure on the journey to digital

innovation.
FortiOS™
Operating System
FortiOS, Fortinet’s leading operating system, enables the The release of FortiOS 7 dramatically expands the Fortinet
convergence of high performing networking and security Security Fabric’s ability to deliver consistent security across
across the Fortinet Security Fabric delivering consistent hybrid deployment models consisting on appliances, software
and context-aware security posture across the network, and As-a-Service with SASE, ZTNA and other emerging
endpoints, and clouds. The organically built best of breed cybersecurity solutions.
capabilities and unified approach allow organizations to
run their businesses without compromising performance
or protection, supports seamless scalability, and simplifies
innovation consumption.
SERVICES
FortiGuard™ FortiCare™
Security Services Services
FortiGuard Labs offers real-time intelligence on the threat Fortinet is dedicated to helping our customers succeed, and
landscape, delivering comprehensive security updates across every year FortiCare services help thousands of organizations
the full range of Fortinet’s solutions. Comprised of security get the most from their Fortinet Security Fabric solution. We
threat researchers, engineers, and forensic specialists, the have more than 1,000 experts to help accelerate technology
team collaborates with the world’s leading threat monitoring implementation, provide reliable assistance through advanced
organizations and other network and security vendors, as well support, and offer proactive care to maximize security and
as law enforcement agencies. performance of Fortinet deployments.
3
SPECIFICATIONS
FORTIGATE-VM01/01V/01S FORTIGATE-VM02/02V/02S
Technical Specifications
vCPU Support (Minimum / Maximum) 1/1 1/2

Memory Support (Minimum) 2 GB 2 GB
Network Interface Support (Minimum / Maximum) 1 1 / 10 1 / 10
Storage Support (Minimum / Maximum) 32 GB / 2 TB 32 GB / 2 TB
Wireless Access Points Controlled (Tunnel / Global) 32 / 64 512 / 1024
Virtual Domains (Default / Maximum) 2 10 / 10 10 / 25

Firewall Policies 10 000 10 000
Maximum Number of Registered Endpoints 2 000 2 000
Unlimited User License Yes Yes
System Performance Paravirtualized SR-IOV/vSPU-off SR-IOV/vSPU-on Paravirtualized SR-IOV/vSPU-off SR-IOV/vSPU-on
Firewall Throughput (UDP Packets, 1518 Byte) 9.1 Gbps 11.9 Gbps N/A 14.1 Gbps 15.1 Gbps 38 Gbps
New Sessions / Second (TCP) 110K 110K N/A 160K 160K 160K
IPsec VPN Throughput (AES256+SHA1, UDP Packets, 1.2 Gbps 1.2 Gbps N/A 2.2 Gbps 2.2 Gbps N/A
1360 Byte)
Gateway-to-Gateway IPsec VPN Tunnels 2K 2K N/A 2K 2K 2K
Client-to-Gateway IPsec VPN Tunnels 10K 10K N/A 32K 32K 32K
SSL VPN Throughput 1.2 Gbps 1.5 Gbps N/A 1.4 Gbps 1.7 Gbps N/A
Concurrent SSL VPN Users (Recommended Maximum) 10K 10K N/A 24K 24K 24K
IPS Throughput (Enterprise Mix) 3 1.9 Gbps 1.7 Gbps N/A 3.5 Gbps 3 Gbps 3.9 Gbps
IPS Throughput (HTTP 1M) 3.4 Gbps 3.1 Gbps N/A 5.9 Gbps 5.4 Gbps 6.8 Gbps
Application Control Throughput (HTTP 64K) 4 2.3 Gbps 1.7 Gbps N/A 3.8 Gbps 3 Gbps 3.2 Gbps
NGFW Throughput (Enterprise Mix) 5 1.5 Gbps 1.2 Gbps N/A 2.7 Gbps 2.4 Gbps 2.7 Gbps
Threat Protection Throughput (Enterprise Mix) 6 1.2 Gbps 1.4 Gbps N/A 2.2 Gbps 2.2 Gbps 2.6 Gbps
Note. All performance values are “up to” and vary depending on system configuration. 1. Applicable to 6.4.0+. The actual working number of consumable network interfaces varies
Actual performance may vary depending on the network and system configuration. Note that depending on VMware ESXi instance types/sizes and may be less.
these metrics are updated periodically as the product performance keeps improving through 2. FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default.
internal testing. The discrepancy in the performance numbers may be noted in different You can add it by applying separate VDOM addition perpetual licenses. See ORDER
versions of the document so ensure that you refer to the latest datasheets. INFORMATION for VDOM SKUs.
Performance metrics were observed using DELL R740 (CPU Intel Xeon Platinum 8168 @ 2.7 3. IPS performance is measured using Enterprise Traffic Mix and 1 Mbyte HTTP.
GHz, 96 cores, Intel X710 network adapters). Tested with FortiOS 6.4.4 running on VMware 4. Application Control performance is measured with 64 Kbyte HTTP traffic.
vSphere ESXi 6.5.0 Update 1. 5. NGFW performance is measured with IPS and Application Control enabled, based on
vSPU refers to the combination of FortiOS vNP and DPDK libraries in the FortiGate-VM. vNP is Enterprise Traffic Mix.
the software emulation of a subset of Fortinet’s Network Processor (NP). 6. Threat Protection performance is measured with IPS and Application Control and Malware
VMXNET3 was used as the paravirtualized NIC. protection enabled, based on Enterprise Traffic Mix.
4
vCPU Support (Minimum / Maximum) 1/4 1/8


Maximum Number of Registered Endpoints 8000 20 000

Firewall Throughput (UDP Packets, 1518 Byte) 20 Gbps 36.1 Gbps 67 Gbps 27.7 Gbps 64.1 Gbps 86.7 Gbps
New Sessions / Second (TCP) 270K 270K 270K 450K 450K 450K
IPsec VPN Throughput (AES256+SHA1, UDP Packets, 4.5 Gbps 4.5 Gbps N/A 9.4 Gbps 9.4 Gbps N/A
1360 Byte)
Gateway-to-Gateway IPsec VPN Tunnels 2K 2K 2K 40K 40K 40K
Client-to-Gateway IPsec VPN Tunnels 40K 40K 40K 50K 50K 50K
SSL VPN Throughput 3.5 Gbps 3.8 Gbps N/A 6.2 Gbps 7.9 Gbps N/A
Concurrent SSL VPN Users (Recommended Maximum) 35K 35K 35K 75K 75K 75K
IPS Throughput (Enterprise Mix) 3 5.1 Gbps 5.5 Gbps 6.2 Gbps 7.4 Gbps 8.8 Gbps 12.3 Gbps
IPS Throughput (HTTP 1M) 3 Gbps 9.3 Gbps 12.6 Gbps 8.8 Gbps 14.5 Gbps 26.7 Gbps
Application Control Throughput (HTTP 64K) 4 6 Gbps 6.1 Gbps 7.7 Gbps 10.8 Gbps 10.8 Gbps 12.1 Gbps
NGFW Throughput (Enterprise Mix) 5 4.7 Gbps 4.2 Gbps 4.8 Gbps 7.8 Gbps 7.3 Gbps 9.7 Gbps
Threat Protection Throughput (Enterprise Mix) 6 4 Gbps 4.3 Gbps 4.6 Gbps 6.3 Gbps 6.3 Gbps 8 Gbps
5
SPECIFICATIONS
vCPU Support (Minimum / Maximum) 1 / 16 1 / 32


Maximum Number of Registered Endpoints 20 000 20 000
Firewall Throughput (UDP Packets, 1518 Byte) 26.3 Gbps 92.9 Gbps 113.3 Gbps 30 Gbps 75 Gbps 108.3 Gbps
New Sessions / Second (TCP) 660K 660K 660K 850K 850K 850K
IPsec VPN Throughput (AES256+SHA1, UDP Packets, 12.9 Gbps 12.9 Gbps N/A 14.9 Gbps 14.9 Gbps 14.9 Gbps
1360 Byte)
Gateway-to-Gateway IPsec VPN Tunnels 40K 40K 40K 40K 40K 40K
Client-to-Gateway IPsec VPN Tunnels 50K 50K 50K 50K 50K 50K
SSL VPN Throughput 7.9 Gbps 10.4 Gbps N/A 8.4 Gbps 10 Gbps N/A
Concurrent SSL VPN Users (Recommended Maximum) 150K 150K 150K 320K 320K 320K
IPS Throughput (Enterprise Mix) 3 7.8 Gbps 14.6 Gbps 14.7 Gbps 7.6 Gbps 15.1 Gbps 15.1 Gbps
IPS Throughput (HTTP 1M) 16.3 Gbps 29.6 Gbps 33.9 Gbps 18.5 Gbps 37.5 Gbps 40.2 Gbps
Application Control Throughput (HTTP 64K) 4 16 Gbps 19 Gbps 19.5 Gbps 22.8 Gbps 26.6 Gbps 28.6 Gbps
NGFW Throughput (Enterprise Mix) 5 12 Gbps 13.5 Gbps 13.8 Gbps 13.9 Gbps 14.2 Gbps 14.7 Gbps
Threat Protection Throughput (Enterprise Mix) 6 11.9 Gbps 12.9 Gbps 13.3 Gbps 13.7 Gbps 14 Gbps 14.8 Gbps
FORTIGATE-VMUL/ULV/ULS
vCPU Support (Minimum / Maximum) 1 / unlimited

Memory Support (Minimum) 2 GB
Network Interface Support (Minimum / Maximum) 1 1 / 10
Storage Support (Minimum / Maximum) 32 GB / 2 TB
Wireless Access Points Controlled (Tunnel / Global) 1024 / 4096
Virtual Domains (Default / Maximum) 2 10 / 500

Firewall Policies 200 000
Maximum Number of Registered Endpoints 20 000
Unlimited User License Yes
For the sizing guide, please refer to the sizing document available on www.fortinet.com
6
ORDERING INFORMATION
Product SKU Description
FortiGate-VM01 FG-VM01, FG-VM01V FortiGate-VM ‘virtual appliance’. 1x vCPU core. No VDOM by default for FG-VM01V model.
FortiGate-VM02 FG-VM02, FG-VM02V FortiGate-VM ‘virtual appliance’. 2x vCPU cores. No VDOM by default for FG-VM02V model.
FortiGate-VMUL FG-VMUL, FG-VMULV FortiGate-VM ‘virtual appliance’. Unlimited vCPU cores. No VDOM by default for FG-VMULV model.
Optional Accessories/Spares SKU Description
Virtual Domain License Add 5 FG-VDOM-5-UG Upgrade license for adding 5 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.
The number of configurable VDOMs can be stacked up to the maximum number of supported VDOMs per vCPU model. Please refer to Virtual Domains (Maximum) under SPECIFICATIONS.
The following SKUs adopt the annual subscription licensing scheme.
Product SKU Description
FortiGate-VM01-S FC1-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (1 vCPU core)
FortiGate-VM02-S FC2-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (2 vCPU cores)
FortiGate-VMUL-S FC7-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (Unlimited vCPU cores)
Support Bundle
258 FortiCare services (only) included
815 Enterprise Bundle included
820 360 Protection Bundle included
990 UTP Bundle included
FortiOS 6.2.3+ and 6.4.0+ support the FortiGate-VM S-series. The FortiGate-VM S-series does not have RAM restrictions on all vCPU levels.
FortiManager 6.2.3+ and 6.4.0+ support managing FortiGate-VM S-series devices.
7
BUNDLES
360 Enterprise Unified Threat Advanced Threat
Bundles
Protection Protection Protection Protection
FortiGuard FortiCare ASE 1 24x7 24x7 24x7
Bundle FortiGuard App Control Service • • • •

FortiGuard IPS Service • • • •
FortiGuard Labs delivers FortiGuard Advanced Malware Protection (AMP) — Antivirus, • • • •
a number of security Mobile Malware, Botnet, CDR, Virus Outbreak Protection and
intelligence services to FortiSandbox Cloud Service
augment the FortiGate FortiGuard Web and Video2 Filtering Service • • •
firewall platform. You
can easily optimize the FortiGuard Antispam Service • • •
protection capabilities of FortiGuard Security Rating Service • •
your FortiGate with one of FortiGuard IoT Detection Service • •
these FortiGuard Bundles.
FortiGuard Industrial Service • •
FortiConverter Service • •
SD-WAN Orchestrator Entitlement •
SD-WAN Cloud Assisted Monitoring •
SD-WAN Overlay Controller VPN Service •
Fortinet SOCaaS •
FortiAnalyzer Cloud •
FortiManager Cloud •
1. 24x7 plus Advanced Services Ticket Handling 2. Available when running FortiOS 7.0
www.fortinet.com
Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.
FG-VM-ESXI-DAT-R20-20211215

FortiGate VM ESXi

Uploaded by

Document Informationclick to expand document information

Document Informationclick to expand document information

Copyright:

Available Formats

FortiGate VM ESXi

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FortiGate VM ESXi

Uploaded by

Copyright:

Available Formats

DATA SHEET

FortiGate®-VM Next Generation Firewall

FortiManager FortiAnalyzer FortiSandbox FortiAuthenticator FortiSIEM FortiWeb FortiMail

Fortinet’s comprehensive security virtual appliance lineup supports VMware ESXi

Gain comprehensive visibility and apply consistent control

FORTINET SECURITY FABRIC

§ Broad: Coordinated detection and enforcement across the

and performance across different technologies, location,

The Fabric empowers organizations of any size to secure and FortiGuard

simplify their hybrid infrastructure on the journey to digital

vCPU Support (Minimum / Maximum) 1/1 1/2

Virtual Domains (Default / Maximum) 2 10 / 10 10 / 25

System Performance Paravirtualized SR-IOV/vSPU-off SR-IOV/vSPU-on Paravirtualized SR-IOV/vSPU-off SR-IOV/vSPU-on

vCPU Support (Minimum / Maximum) 1/4 1/8

Virtual Domains (Default / Maximum) 2 10 / 50 10 / 500

Firewall Policies 10 000 200 000

System Performance Paravirtualized SR-IOV/vSPU-off SR-IOV/vSPU-on Paravirtualized SR-IOV/vSPU-off SR-IOV/vSPU-on

vCPU Support (Minimum / Maximum) 1 / 16 1 / 32

Virtual Domains (Default / Maximum) 2 10 / 500 10 / 500

System Performance Paravirtualized SR-IOV/vSPU-off SR-IOV/vSPU-on Paravirtualized SR-IOV/vSPU-off SR-IOV/vSPU-on

vCPU Support (Minimum / Maximum) 1 / unlimited

Virtual Domains (Default / Maximum) 2 10 / 500

Optional Accessories/Spares SKU Description

The following SKUs adopt the annual subscription licensing scheme.

Product SKU Description

FortiGate-VM01-S FC1-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (1 vCPU core)

FortiGate-VM02-S FC2-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (2 vCPU cores)

FortiGate-VM04-S FC3-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (4 vCPU cores)

FortiGate-VM08-S FC4-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (8 vCPU cores)

258 FortiCare services (only) included

815 Enterprise Bundle included

820 360 Protection Bundle included

990 UTP Bundle included

FortiGuard FortiCare ASE 1 24x7 24x7 24x7

Bundle FortiGuard App Control Service • • • •

You might also like