Modell Firewall Throughput Threat Protection Throughput UTP Protection Throughput SSL Inspection Throughput IPSec VPN Throughput SSL VPN Throughput Storage FortiAPs Tunnel FortiAPs Bridge WiFi
F Serie   
5.000 Mbps 800 Mbps 600 Mbps 320 Mbps 4.400 Mbps 490 Mbps - 5 10 802.11 a/b/g/n/ac Wave 2
10.000 Mbps 700 Mbps 1.000 Mbps 630 Mbps 6.500 Mbps 900 Mbps 128 GB SSD 32 64 802.11 a/b/g/n/ac Wave 2
FG-80F/81F 10.000 Mbps 900 Mbps 1.000 Mbps 715 Mbps 6.500 Mbps 950 Mbps 128 GB SSD 16 32  -
FG-100F/101F 20.000 Mbps 1.600 Mbps 1.000 Mbps 1.000 Mbps 11.500 Mbps 1.000 Mbps 480 GB 64 128


If you are interested in a product comparison upwards of the 100 models, please click here.

Firewall Use-Cases

Edge Firewall

An edge firewall is the classic use case. Here, the firewall is located at the transition point between the company network and the internet. This is where the most security is required, as this is the point of attack for cyber criminals. With an edge firewall, the values of the Next-Generation Firewall Throughput (NGFW) are particularly relevant. The NGFW throughput is calculated from a combination of activated firewall and IPS protection, as well as application control. If SSL-encrypted network traffic is also to be analysed, the SSL inspection throughput* is also important. Relevant values: NGFW throughput, SSL inspection throughput.

Segmentation Firewall

A segmentation firewall is placed in the internal network of larger companies to physically separate network areas. The most important value is therefore the firewall throughput. IPS and SSL inspection throughput* are also interesting.

Relevant values: Firewall throughput, IPS throughput, SSL inspection throughput*.
VPN Gateway Firewall

A VPN gateway firewall serves as a gateway for VPN connections between other locations (site-to-site) or other endpoints (client-to-site) outside the physical company premises. The latter are important for connecting home office endpoints. Sites or endpoints are connected via the IPSec or SSL VPN protocol. Relevant values: IPSec VPN throughput, SSL VPN throughput.


A FortiGate can not only be used as a firewall, but also as a WiFi controller for Fortinet WiFi access points. No extra licensing is required for this. The access points can be operated in both bridge and tunnel mode. In bridge mode, the WiFi end devices are in the same subnet as the wired network. In tunnel mode, the wireless terminals have their own subnet and are logically separated from the network. Relevant values: Number of manageable access points in bridge or tunnel mode.

Secure Web Gateway

If you run a server locally that needs to be accessible via the Internet, it should not only be located in a DMZ, but also be specially protected against attacks. While a FortiGate cannot offer the full range of functions of a dedicated web application firewall such as a FortiWeb, you can still protect servers against conventional attacks such as SQL injections. The important thing here is that all network traffic, including encrypted traffic, can be analysed. Important values: IPS throughput, SSL inspection throughput*.

*An SSL deep packet inspection is basically a deliberate man-in-the-middle attack in which the encryption is broken. Network traffic is decrypted on the FortiGate, analysed and then sent back to the destination encrypted. Make sure that all legal requirements are met that allow the use of such invasive methods in the corporate network. Consult a lawyer if necessary.