ENTERPRISE

PARTNER SALES GUIDE

ENTERPRISE PARTNER SALES GUIDE

FOR INTERNAL USE ONLY

 TODAY’S ADVANCED THREATS are evolving—their tactics grow
more sophisticated with every passing minute. According to a
recent Forrester report, 53% of enterprise security leaders say
that the rapid advancement of cyber threats presents the greatest
challenge to their organizations.1

To keep pace, your customers need comprehensive protection

that scales over their entire infrastructure and anticipates risk
across the attack surface. Only Fortinet offers a complete, end-to-
end architecture for intelligent, automated security from IoT to the
cloud—across all applications, users, and data.

In this sales guide, we’ll introduce the Fortinet Security Fabric

for enterprise customers and briefly review each of the main
collaborating solutions. Each section will cover a solution’s key
drivers, review product highlights, and provide the relevant
positioning and “how-to-sell” suggestions.

This guide is for Internal use only by Fortinet and its channel
partner sales teams.

1. Forrester report - “Center Security On Advanced Technology,” July 2017

2
CONTENTS
INTRODUCTION 4

OUR SOLUTIONS 5

ENTERPRISE FIREWALL 6

ENTERPRISE BRANCH – SECURE SD-WAN 14

ADVANCED THREAT PROTECTION 22

SECURITY OPERATIONS 30

CLOUD SECURITY 37

APPLICATION SECURITY 45

SECURE ACCESS 53

SERVICES 61

SALES TOOLS 62

3
INTRODUCTION
On top of a perpetually shapeshifting threat landscape, your
enterprise customers are also dealing with rapid changes
within their own infrastructures. To successfully compete
today, organizations must become more agile and embrace
greater mobility and connectivity. Networks have rapidly
evolved so that applications, data, and services can flow
faster across an increasingly diverse landscape of users,
domains, and devices.
As a natural extension of these functional advances,
networks that previously had well-defined borders have
become increasingly borderless. While IoT devices and
cloud-based applications offer operational advantages, they
also greatly expand a company’s attack surface—beyond
the reach and efficacy of the previous generation’s siloed
security products. This may account for the fact that 42%
of security leaders have reported that their organizations
experienced a security breach within the last two years.1
4
A unified, end-to-end security strategy (which can adapt to
evolving network demands) allows organizations to address the
full spectrum of challenges they currently face. The Fortinet
Security Fabric provides an intelligent architectural approach
that enables enterprises to weave all of their discrete security
solutions into an integrated whole. Our Security Fabric is built
around three key attributes:
§§Broad: It covers the entire attack surface. Security can be
applied to the network, endpoints, access, applications, and
cloud.
§§Powerful: It uses optimized software, often accelerated
further by purpose-built processors, to reduce the burden
on infrastructure, delivering comprehensive security without
affecting performance.
§§Automated: It enables a fast and coordinated response to
threats. All elements can rapidly exchange threat intelligence
and coordinate actions.
By contrast, siloed security solutions—with separate
management interfaces and no meaningful way to gather or
share threat information with other devices on the network—are
only marginally useful in protecting today’s borderless enterprises
across all attack vectors. They cannot offer the broad reach, high
performance, or synchronized responses that a security fabric
inherently provides.
 OUR SOLUTIONS
The Fortinet Security Fabric presents a compelling
approach that connects multiple solutions to form a
unified security framework. Wherever security solutions are
Advanced Threat deployed across the enterprise infrastructure, they must
NOC/SOC
Intelligence operate at the speed of business so that protection doesn’t
limit productivity.
Many Fortinet solutions are based on the fastest, purpose-
built security processors (SPUs) in the industry to
Client Cloud reduce the burden on infrastructure, allowing organizations
to establish comprehensive security without affecting
performance. They also include software optimization
and cloud platform integration as we did with the SPUs
Network for superior performance —up to 10 times faster than
equivalent solutions from other vendors— in Infrastructure-
Access Application as-a-Service (IaaS) and Platform-as-a-Service (PaaS)
environments.
We are also firmly committed to independent, third-
party testing to demonstrate what organizations should
expect when selecting Fortinet security products. This
includes participation in a broad set of real-world security
Partner API effectiveness tests at places like NSS Labs, Virus Bulletin,
ICSA Labs, and AV-Comparatives.

5
ENTERPRISE FIREWALL
Cyber criminals continue to launch automated
and sophisticated attacks against organizations,
threatening the foundation of digital transformation
and efficient business operations. The risk of data
breaches is driving enterprises to add more security
and visibility at the network perimeter to improve their
overall security posture. However, many enterprises
currently use point security products, which do not
communicate with each other, lack consistent threat
intelligence, and are complex to manage.
The Fortinet Enterprise Firewall solution is powered
by FortiGate Next Generation Firewalls (NGFWs) to
provide high performance, consolidated security,
and granular visibility to protect against known and
unknown advanced cyber attacks. FortiGate firewalls
are purpose-built on security processers and deliver
the industry’s best performance for advanced
security services and ultralow latency.
Based on these capabilities, Fortinet Enterprise
Firewalls enable efficient operations with the best
possible security posture, without compromising
on performance. Comprehensive and continuously
updated threat intelligence reduces the need for point
products and provides better visibility and control.
6 4. Fortinet Threat Landscape Report Q1 2017
MARKET DYNAMICS AND DRIVERS
Rapidly Increasing Adoption of NGFW
Gartner reported that less than 50% of enterprise Internet
connections today are secured using NGFWs.2 But with the
increasing need for better security and visibility, this adoption will
rise to at least 90% of the installed base by year-end 2019.
Both Prevention and Detection of Threats Are Critical
Most enterprises are looking for prevention against known ex-
ploits, malware, and malicious websites as well as to eliminate
point products. At the same time, detecting unknown threats
using sandbox technology is also becoming an increasingly im-
portant part of NGFW offerings. Gartner considers sandboxing
as one of the core features of NGFW products.3
Need for Encrypted Traffic Inspection Is Increasing
Encrypted traffic is projected to account for ~50% of total en-
terprise traffic.4 Most enterprises don’t decrypt encrypted traffic
due to performance and operational challenges. But with the
rise of malware hidden in encrypted traffic, it will be very import-
ant for NGFWs to do SSL inspection without causing any per-
formance challenges. In 2017, Gartner Enterprise Firewall Magic
Quadrant predicted that ~50% of deployments will enable SSL
inspection by 2020.
2. Gartner Enterprise Firewall MQ 2016
3. Gartner Enterprise Firewall MQ 2017
RELEVANT DEPLOYMENTS
FortiGate Enterprise Firewalls offer the flexibility to be
deployed in the data center, at the network edge, or in the core.
Relevant use cases include:
Next Generation Firewall (NGFW)
§§Security gateway to the Internet for enterprises
§§Enforces security policies with granular control and visibility
Internal Segmentation Firewall
of users and devices for thousands of discrete applications
§§Identifies and stops threats with powerful intrusion prevention
beyond port and protocol by examining the actual content of
network traffic
Data Center Firewall and IPS
§§High availability, high throughput, and low latency for data-
center edge and core
§§High session scale accommodates large network and user
traffic for Internet- and cloud-facing data centers
Next Generation Firewall Data Center Firewall
(NGFW) and IPS
§§High-speed interfaces support future-proof connectivity with
a compact size that enables greener data-center designs
§§Highly effective IPS engine targets evasion techniques,
reputation awareness, extensive application control
capabilities, and user/device identification
§§Segmentation solution for end-to-end protection against
threats while meeting compliance requirements
§§High port density and accelerated traffic processing
capacity protects multiple segments without compromising
performance
§§Deploys transparently and rapidly into existing environments
with minimal disruption
§§Virtual domains (VDOMs) enable unique security policies per
segment
Internal Segmentation
Firewall
7
ENTERPRISE FIREWALL
ENTERPRISE FIREWALL PRODUCTS
FortiGate
NEXT GENERATION
FIREWALLS
FortiGate NGFWs are purpose-
built on security processors
to deliver the industry’s best
threat protection performance
and to defend against the most
advanced known and unknown
cyber attacks. FortiGate
consistently holds the No. 1
market share in unit shipments
worldwide, as per IDC’s quarterly
security appliance tracker.
8
FortiGuard
SECURITY SUBSCRIPTION
SERVICES
The FortiGuard team develops
effective countermeasures to
protect more than 310,000
Fortinet customers around the
world. It provides up-to-the-
minute threat intelligence updates
for services such as IPS, AV, Web
Filtering, Botnet, Sandboxing,
and many more. Customers
can purchase individual service
subscriptions or bundles such
as Enterprise, UTM, and Threat
Protection.
FortiOS
NETWORK OPERATING
SYSTEM FOR FORTIGATE (OS)
FortiOS controls all the security
and networking capabilities
through a single, intuitive
operating system. It improves
protection and visibility while
reducing operating expenses
and saving time by consolidating
hundreds of features. FortiOS
enables the Fortinet Security
Fabric vision for enhanced
protection from IoT to cloud.
OTHER PRODUCTS

FortiManager
Centralized Management
and Unified Policy

FortiAnalyzer
Single Pane of Glass with
Centralized Logging and
Reporting

9
ENTERPRISE FIREWALL

HOW FORTINET’S ENTERPRISE FIREWALL SOLUTIONS ARE UNIQUE

Industry’s Best Security Effectiveness Simple and Intuitive Management

FortiGuard Labs security services help Fortinet Enterprise
Firewalls protect against known exploits, malware, applications,
and malicious websites using continuous threat intelligence.
They also help detect unknown attacks using dynamic analysis
and provide automated mitigation to stop targeted attacks.
Furthermore, Fortinet consistently participates in third-party
certifications such as NSS Labs, ICSA, and Virus Bulletin and
validates for top-level effectiveness.
FortiGate offers the industry’s best user interface, providing
360-degree visibility into applications, users, threats, and entire
topologies to identify issues quickly and intuitively. It also has a
pre-defined compliance checklist that analyzes the deployment
and highlights best practices to improve overall security posture.

Security Processor-Powered Performance

FortiGate NGFWs deliver the industry’s best threat protection
performance and ultralow latency using purpose-built security
processor (SPU) technology. They also provide industry-
leading performance and protection for SSL-encrypted traffic.
FortiGates consistently receive the best price/performance
ratings in real-world group tests.

10
COMPETITIVE COMPARISON

CAPABILITY Fortinet Palo Alto Networks Check Point Cisco

Scale from edge to core to

internal segments with same
product family and OS
a Partial  

Visibility and automatic

discovery of users, endpoints,
IoT, and network devices
a Partial Partial Partial

Industry’s best security

effectiveness validated by
independent third parties (NSS a Partial a Partial
Labs, ICSA, VB)

Security processor-powered
for industry’s best price/
performance
a   

Single pane of glass and

centralized management a a Partial 

a= Provides
 = Not available

This sales guide is for Internal Use Only. 11

ENTERPRISE FIREWALL

THIRD-PARTY VALIDATION

Fortinet Named a Leader in the 2017 Gartner Magic FortiGate Receives “Recommended” Rating from NSS
Quadrant for Enterprise Firewalls Labs for NGFW

In the 2017 Gartner Magic Quadrant for Enterprise Firewalls, FortiGate received a fourth-consecutive “Recommended” rating
Fortinet made a significant move into the Leaders category, from NSS Labs in their 2017 NGFW Comparative Report and
up from the Challenger quadrant in 2016. Fortinet’s FortiGate Security Value Map. Fortinet put its FortiGate 3200D and 600D
firewalls are central to the Fortinet Security Fabric—engineered enterprise firewalls to the test against competing solutions, with both
to unify and automate multilayered responses to threats in appliances receiving outstanding security effectiveness scores—
addition to delivering superior NGFW capabilities. blocking 99.71% of exploits in continuous live testing and stopping
99.47% of all attacks in the NSS exploit library. The FortiGate
3200D also leads in real-world traffic performance testing, while the
FortiGate 600D delivered the greatest value per protected Mbps of
traffic among all vendors in the Security Value Map.

SECURITY VALUE MAP™

NEXT GENERATION FIREWALL (NGFW)
100%
Forcepoint
Cisco

Sophos 90%
WatchGuard
Check Point

80%
Fortinet 3200D
Averag Fortinet 600D
e

70%

60%

Security Effectiveness
50%

Average
40%
Palo Alto Networks
Juniper Networks

30%

SonicWall
Barracuda Networks

NOTE

Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, July 10 2017
At the completion of testing, NSS notified the vendors whose 20%
products failed to properly handle evasions. The following
vendors developed fixes, which NSS has subsequently
verified address the identified issues:
• Barracuda Networks

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire • Check Point Software Technologies
• Palo Alto Networks
10%
document. The Gartner document is available upon request from Fortinet
• SonicWall
For more information please see the individual product
Test Reports, or contact NSS Labs.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to
select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s $120 $100 $80 $60 $40 $20 $0

research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with TCO per Protected Mbps

respect to this research, including any warranties of merchantability or fitness for a particular purpose.

12
QUALIFYING QUESTIONS

c Are you looking at replacing legacy firewalls for better threat protection?

c Have you had any problems with breaches or cyber security incidents?

c Are you concerned about the security of your data-center assets?

c Is your NGFW protecting your internal networks from malware and botnets that may be inside
your network?

c Are your current solutions having issues with performance, especially when you turn on
content-processing features?

c Do you have too many point products and are looking to reduce complexity?

c Are you looking to do SSL inspection with increasing encrypted traffic?

NSE TRAINING MODULES

§§NSE 2: Enterprise Firewall Solution

§§NSE 3: FortiGate Mid-Range

§§NSE 3: FortiGate High-End

13
ENTERPRISE
BRANCH—
SECURE SD-WAN
Distributed enterprise branches transitioning to
a digital business model are having a significant
impact on network topologies. The adoption of
cloud services and an increasingly mobile work-
force accessing applications in the cloud are
accelerating advancements in wide area network
(WAN) technologies. Traditional WANs have been
considered expensive, complex, and limited in ca-
pabilities. With many organizations now evaluating
more efficient WAN options, it is becoming critical
to deploy new security strategies designed for the
distributed enterprise.
14
Fortinet’s Secure SD-WAN solution provides next-generation
security and networking capabilities to improve WAN efficiency,
without compromising on security. Unlike traditional WAN
architectures, new software-defined WANs are able to
dynamically distribute traffic across multiple locations while
automatically responding to changing application policies. They
allow customers to enable direct Internet access for Software-
as-a-Service (SaaS) applications to improve productivity and
replace expensive MPLS with cost-effective solutions.
Our Secure SD-WAN solution is powered by FortiGate
Enterprise Firewalls to provide high performance and top-rated
security against rising cyber attacks due to direct Internet
access.
MARKET DYNAMICS AND DRIVERS
Increasing Adoption of Cloud Applications
the median number of cloud
As per Fortinet’s Q1 2017 Threat Landscape Report, the median number of cloud
applications

62
applications used per organization was 62—roughly one-third of all applications
detected. Many of these organizations are struggling with latency issues and significant
used per
drops in data visibility. Distributed enterprises want to avoid back-hauling traffic from
organization was
(Fortinet Threat
data centers and start using direct Internet access for cloud applications. Landscape Report 2017)

Reducing Complexity and WAN Costs

Distributed enterprise branches have many point products for routing and security
capabilities. These products have separate management consoles, making it difficult
to manage and providing incomplete visibility of the network. As per Gartner, 90% 90% of enterprise
of enterprises are looking to consolidate these capabilities to reduce complexity and are looking to
improve their security and visibility posture.5 In addition, enterprises are looking to reduce complexity
replace expensive MPLS with connections such as Internet and LTE in order to reduce and WAN costs
WAN costs and increase availability. (Gartner 2016)

Increasing Need of Effective Threat Protection and SSL Inspection

Cyber criminals are increasingly targeting new distributed networking paradigms. For
example, direct Internet access to SaaS applications, especially when devices are
off-network, has made deploying new security strategies designed for the distributed
enterprise very critical. Therefore, top-rated threat protection capabilities are needed
to prevent known and unknown threats. At the same time, encrypted traffic across the
~55%
of total traffic is encrypted
distributed network (~55% of total traffic is encrypted), along with malware targeted at across the distributed network
SSL traffic, is rising.6 This means that real-time SSL inspection that doesn’t slow down (Fortinet Threat Landscape Report 2017)
business-critical traffic will be in high demand.

5. Gartner Market Guide SD-WAN 2016

6. Fortinet Threat Landscape Report Q1 2017
15
ENTERPRISE BRANCH—SECURE SD-WAN
ENTERPRISE BRANCH—SECURE SD-WAN PRODUCTS
FortiGate
30 TO 200 SERIES NEXT
GENERATION FIREWALLS
FortiGate Firewalls leverage
purpose-built security processors
to deliver the industry’s best
threat protection performance and
defend against most known and
unknown advanced cyber attacks.
These are available in desktop form
factors and have several variations
with integrated PoE, 3G/4G, DSL,
and wireless capabilities.
16
FortiOS
NETWORK OPERATING
SYSTEM FOR FORTIGATE
FortiOS controls all security
and networking capabilities
with one intuitive operating
system. It improves protection
and visibility while reducing
operating expenses and saving
time by consolidating hundreds
of functions. Features such
as IPsec VPN, WAN Path SD-
WAN controller, SaaS dynamic
database, and SSL inspection
enable a great fit for secure SD-
WAN deployment.
FortiGuard
SECURITY SUBSCRIPTION
SERVICES
The FortiGuard team develops
effective countermeasures to
protect more than 310,000
Fortinet customers around
the world. It provides up-to-
the-minute threat intelligence
updates for services such as
IPS, AV, Web Filtering, Botnet,
Sandboxing, and many more.
Customers can purchase
individual service subscriptions
or bundles such as Enterprise,
UTM, and Threat Protection.
OTHER PRODUCTS

FortiHypervisor
Hybrid virtual appliance to run
Fortinet and partner virtual network
functions

FortiManager
Centralized management and
unified policy

FortiDeploy
Zero-touch deployment for
FortiGate

17
ENTERPRISE BRANCH—SECURE SD-WAN
HOW FORTINET’S ENTERPRISE BRANCH—
SECURE SD-WAN SOLUTIONS ARE UNIQUE
Industry-Best Security Effectiveness
Protect against known exploits, malware, applications, and
malicious websites using continuous threat intelligence
provided by FortiGuard Labs security services. This is critical for
distributed enterprise branches that allow direct Internet access
for SaaS applications.
18
Dynamic Cloud (SaaS) Application Database and WAN
Path SD-WAN Controller
FOS 5.6 introduced a new cloud application database that
supports hundreds of applications and dynamically updates
IP addresses and ports for the most efficient routing. This,
combined with a WAN path SD-WAN controller, enables the
best SLA for business-critical applications.
High-Performance IPsec VPN and SSL Inspection
Performance
FortiGate delivers the industry’s highest throughput (~10x higher
than other vendors) based on purpose-built security processors.
It also provides industry-leading performance and visibility
for encrypted traffic. Fortinet is one of the only vendors that
publishes both IPsec VPN and SSL inspection performance for
every FortiGate Enterprise Firewall.
COMPETITIVE COMPARISON

Cisco
CAPABILITY Fortinet Check Point Palo Alto Networks
Meraki / ISR

Industry’s best security

effectiveness validated by
independent third parties (NSS a  a 
Labs, ICSA, VB)

Integrated WAN Path SD-WAN

Controller a a  
High-Performance IPsec VPN
and SSL Inspection a   
Integrated 3G/4G, PoE, DSL
and Wi-Fi a   
Centralized Management
(10,000+ Offices) and Zero-
Touch Deployment
a  Partial 

a= Provides
 = Not available

This sales guide is for Internal Use Only. 19

ENTERPRISE BRANCH—SECURE SD-WAN

THIRD-PARTY VALIDATION

Fortinet Named a Leader in the 2017 Gartner Magic Leading Market Share in Distributed Enterprise
Quadrant for Enterprise Firewalls
As per IDC’s security tracker, FortiGate Enterprise Firewalls
(30 to 200 series) have the No. 1 unit and revenue market
In the 2017 Gartner Magic Quadrant for Enterprise Firewalls,
share worldwide.
Fortinet made a significant move into the Leaders category,
up from the Challenger quadrant in 2016. One of the core
requirements they call out is the scale of the product to support
extended environments such as branch, campus, data center,
and cloud.

Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, July 10 2017
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire
document. The Gartner document is available upon request from Fortinet
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to
select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with
respect to this research, including any warranties of merchantability or fitness for a particular purpose.

20
QUALIFYING QUESTIONS
c Are you rapidly adopting cloud applications but suffering from latency issues?

c Are you struggling with a growing WAN budget and complexity?

c Do you have too many point products and are looking to reduce complexity?

c Have you had any problems with breaches or cyber security incidents?

c Are you having performance issues with the current solutions you have in place,
especially when turning on content-processing features?

c Are you looking to do SSL inspection with increasing encrypted traffic?

NSE TRAINING MODULES

§§NSE 2: Enterprise Firewall Solution

§§NSE 3: FortiGate Entry Level

21
ADVANCED THREAT
PROTECTION
While ransomware grew exponentially in 2016
and on into 2017 with high-profile exploits like
WannaCry, we continue to see these attacks
evolve. Petya (or NotPetya depending on
your perspective) combines ransomware-like
system disruption with blastware destruction.
At the same time, a steady stream of new
spearphishing and other more traditional attacks
continue to emerge.
22
With this in mind, it’s not surprising that a recent survey of
chief information security officers (CISOs) found that the
rapidly evolving nature of cyber threats represented the most
challenging factor in securing their organizations. This was
closely followed by the challenge of securing cloud workloads,
IoT devices, and a complex IT environment in general. The
combination of defending a dynamic and dispersed attack
surface and increasingly sophisticated cyber criminals means
that business leaders must constantly look for new and better
approaches for protecting their networks, data, and people.
Fortinet Advanced Threat Protection (ATP) covers network,
application, and endpoint layers with top-rated global and local
threat intelligence—automatically exchanged between both
Fortinet and non-Fortinet components—for a seamless defense
against traditional and advanced threats.
MARKET DYNAMICS AND DRIVERS
The Average Organization Is Already Compromised
Last year, Fortinet conducted nearly 3,000 cyber threat
assessments in which we closely monitored each organization’s
traffic with our latest threat intelligence for a period of two
weeks. In doing so, we found that the average organization was
compromised by more than four active pieces of malware or bots.
Email Delivered 66% of Installed Malware
According to the 2017 Verizon Data Breach Investigations Report,
two-thirds of all malware that was successfully installed on
systems was initially delivered via email. Furthermore, email and
the web together deliver 99% of the malware seeking entry to
organizations.

More Than 1 in 3 Active Bots Were Part of a
Ransomware Campaign
Much of the compromised activity was related to ransomware.
Not only did ransomware routinely fill the top-five malware list
each quarter in 2016, in Q4 it was associated with 36% of all
active botnets detected.
Malware Leading to Breaches Is Seen for Less Than 60
Seconds
The 2016 Verizon Data Beach Investigations Report indicated
that the malware that actually leads to breaches is seen for 58
seconds or less.

Ransomware is Estimated to Have Cost Organizations

$1 Billion Malware
According to industry sources, the amount of ransoms paid
to cyber criminals in 2016 is estimated at $1 billion. This does
that actually leads to
not reflect additional financial costs from downtime prior to breaches is seen for
ransoms paid and system restoration, nor more severe collateral
impacts that can occur in industries like healthcare or critical
infrastructure.
58 seconds or less
(Verizon Data Beach 2016)

23
ADVANCED THREAT PROTECTION
ATP PRODUCTS
FortiSandbox
ADVANCED THREAT
DETECTION
FortiSandbox analyzes
new files and URLs
encountered by
an organization,
automatically assigns
a threat rating, and
dynamically generates
local threat intelligence
specific for that individual
organization to speed
response and mitigation
of previously unknown
attacks.
24
FortiGate
ENTERPRISE
FIREWALL
FortiGate firewalls utilize
purpose-built security
processors to deploy
from the smallest office
up to the largest private
or public cloud. They
segment the network
and inspect traffic for
threats based on the
global threat intelligence
of FortiGuard Labs,
as well as the local
threat intelligence of
FortiSandbox.
FortiMail FortiWeb
SECURE EMAIL WEB APPLICATION
GATEWAY (SEG) FIREWALL (WAF)
FortiMail deploys as a FortiWeb protects
primary or secondary hosted web applications
solution to inspect from attacks that
email with the top- target known and
rated intelligence of unknown exploits.
FortiGuard Labs and Using multilayered and
FortiSandbox, as well correlated detection
as integrated data loss methods, FortiWeb
prevention technologies defends applications
to help stop threats and from both known
breaches. vulnerabilities and zero-
day threats.
 OTHER PRODUCTS

FortiSIEM
Security Information and
Event Management

Fabric-Ready Partners
FortiClient Integrated via API with
ENDPOINT FortiSandbox
PROTECTION
PLATFORM (EPP)
FortiClient leverages the
independently top-rated
global intelligence of
FortiGuard Labs and
local intelligence of
FortiSandbox to protect
organizations from
known and previously
unknown threats while
on or off the corporate
network.

25
ADVANCED THREAT PROTECTION
HOW FORTINET’S ATP SOLUTIONS ARE UNIQUE
The Only Solution to Fully Cover Network, Application,
and Endpoint Attack Vectors
Only Fortinet provides components to fully cover the primary
attack vectors of network, applications (email and web), and
endpoint. We do so by automatically sharing both global and
local intelligence among components that are powerful enough
to deploy anywhere throughout the organization. Fortinet is the
only vendor that offers NSS Labs Recommended components
for next-generation and data-center firewall, web application
firewall, advanced endpoint protection, and breach detection/
sandboxing.
26
Available in All Form Factors
While some vendors offer components as only physical
appliances and others offer components as only a cloud
service, Fortinet offers every advanced threat protection
component in both form factors for the most flexible
solution in the market. Of note, both the Fortinet FortiGate
with FortiSandbox Cloud and FortiSandbox Appliance with
FortiClient are NSS Recommended for Breach Detection.
Open Architecture to Include Non-Fortinet
Components
We are firmly committed to enabling organizations to deploy
the Fortinet Security Fabric and Advanced Threat Protection
inclusive of both Fortinet and non-Fortinet components. Defined
APIs enable organizations to integrate existing network and
endpoint components with FortiSandbox to send objects
for analysis, receive ratings, and consume dynamic threat
intelligence. Our formal Fabric-Ready program can certify an
organization’s specific interactions that use these APIs.
ATP COMPETITIVE COMPARISON

Palo Alto
Fortinet FireEye Cisco Check Point Trend Micro
Networks
Independently
Top-rated
Sandbox
a   a a a
Integrated Solution

Ent FW a  a a a a
SEG a a  a  a
WAF a     
EPP a  a  a a
Form Factors

Physical a a a a a a
Virtual a     a
SaaS a a a a a 
Open APIs a     
a= Provides
 = Not available

This sales guide is for Internal Use Only. 27

ADVANCED THREAT PROTECTION

THIRD-PARTY VALIDATION

NSS Labs 2016 BDS Recommendation ICSA Advanced Threat Defense Certification—2016/2017

Both the FortiSandbox Appliance (with FortiClient) and
FortiSandbox Cloud with FortiGate demonstrated 99%
effectiveness. Of note, the cloud offering demonstrated the
fastest time to detect at less than five minutes and the appliance
showed the highest throughput, supporting 10 Gbps of traffic.
Throughout 2016 and into 2017, Fortinet Advanced Threat
Protection (including FortiGate, FortiMail, FortiClient, and
FortiSandbox) continuously earned ICSA Advanced Threat
Defense Standard (Network) and Email certification.

28
QUALIFYING QUESTIONS

c How many potential security incidents are you investigating each quarter?

c How many of these incidents started with an email? How many were downloaded from the web? How many were
downloaded while an employee was on the corporate network vs. off it?

c Have you had (or heard of peers experiencing) any incidents of ransomware? If so, what measures do you have in place to
reduce your organization's risk?

c Have you experienced (or heard of peers who have experienced) a compromised website or web application?

c What data, intellectual property, or communications are subject to privacy, security, or other regulatory frameworks? What
information is most critical to the success of your business (and closely held)?

NSE TRAINING MODULES

§§NSE 2: Advanced Threat Protection Solution

§§NSE 3: FortiMail

§§NSE 3: FortiWeb Web Application Firewall

§§NSE 3: FortiClient

§§NSE 3: FortiSandbox

29
SECURITY
OPERATIONS
Organizations typically have both a network
operations center (NOC) and a security operations
center (SOC), but they are typically not correlated
or integrated. This leaves early indicators of
threats unseen.
30
Fortinet’s Security Operations solution covers both IT and
security risk management across the entire enterprise, including
preexisting and future infrastructure. While Fortinet security
products are already unified into our Security Fabric with a
single OS and shared intelligence, our Security Operations
solution includes information from network elements beyond
the Fortinet family and breaks down the barrier between NOC
and SOC to provide a comprehensive and adaptive view of the
entire network for quickly identifying and responding to threats.
It also helps manage compliance, application availability, and
reducing the complexity of security operations.
MARKET DYNAMICS AND DRIVERS
Isolated Point Solutions Can Leave Breaches
Undetected
Industry-leading organizations worldwide and from all business
verticals suffered network breaches in 2016, with a 40%
increase year over year. This is due in part to the wide array
of point solutions deployed (averaging ~30 different vendor
solutions) in NOCs and SOCs that essentially generate an
overload of uncorrelated and unprioritized information, leaving
many indicators of threats unseen until it is too late. Detection
of breaches is still taking hundreds of days, with additional days
spent isolating and remediating their causes.
40% of Breaches
increase year
over year
(Identity Theft Resource Center 2016)
Shortage of Skilled Cyber Security Staff
Additionally, organizations face a growing need for experienced
cyber security personnel but with a dwindling global supply of
those resources. Recent reports count over one million unfilled
openings worldwide. Many organizations are either looking to
outsource NOC and SOC needs or looking for better solutions
that can keep pace with an ever-evolving threat landscape.
Over one million
unfilled Cyber Security
openings worldwide
(ISACA 2016)
31
SECURITY OPERATIONS
SECURITY OPERATIONS PRODUCTS
FortiSIEM
FortiSIEM provides patented,
actionable analytics, cross-
correlating both NOC and
SOC data to tightly manage
network security, performance,
and compliance—along with
adaptive awareness through
self-discovery of the elements
attached to the network, all
delivered through a single pane
of glass.
32
FortiAnalyzer
FortiAnalyzer collects, analyzes,
and correlates log data from
Fortinet firewalls for increased
visibility and robust security alert
information. When combined
with the FortiGuard Indicators
of Compromise (IOC) Service, it
also provides a prioritized list of
compromised hosts to allow for
rapid action.
FortiManager
FortiManager provides single-
pane-of-glass management
across the extended enterprise
for insight into network-wide
traffic and threats, and managing
policies. It includes features to
contain advanced threats as well
as industry-leading scalability to
manage up to 10,000 Fortinet
devices.
OTHER PRODUCTS

FNDN
Fortinet Worldwide Developer
Community

33
SECURITY OPERATIONS
HOW FORTINET’S SECURITY OPERATIONS SOLUTION IS UNIQUE
Comprehensive and Holistic Approach to Managing
Risk
Fortinet’s Security Operations solution brings together the best
of security hardware and software for a seamless approach to
security operations. It combines the capabilities of FortiManager,
FortiAnalyzer, and FortiSIEM, along with FortiGuard Threat
Intelligence and IOC Services to deliver:
§§Adaptive awareness of the threat landscape
§§Rapid local and global threat detection for accelerated
responses
§§Reduced complexity in managing the onslaught of alerts and
alarms
§§Reporting and analytics that enable IT, line-of-business
managers, C-level, and board members to better understand
the organization’s risk profiles
34
Unified Visibility from IoT to the Cloud
Fortinet’s Security Operations solution reduces the complexity
inherent in organizations with many security point solutions
that need to be monitored by SOC personnel, using a single
interface to the Fortinet Security Fabric through FortiAnalyzer.
FortiSIEM provides the additional context with a unified view of
the non-Fortinet devices, for a holistic view of the organization’s
threat landscape from IoT to the cloud.
FortiSIEM Available in All Form Factors
While many SIEM vendors only offer their products on physical
appliances, and in some cases may require many appliances
to support the same functions as FortiSIEM, Fortinet offers
FortiSIEM in three formats to allow customers to choose which
best fits their needs. FortiSIEM is available as a virtual appliance,
allowing customers to place the solution in a virtual machine
of their choice. FortiSIEM also offers three new appliance
models—one for FortiSIEM Collector efforts and two models to
support the FortiSIEM Supervisor efforts. Customers can also
choose to deploy FortiSIEM on the AWS cloud via the AWS
Marketplace, supporting a “bring-your-own-license” model.
COMPETITIVE COMPARISON

Fortinet Palo Alto Check Point Cisco splunk Log Rhythm IBM

SIEM Solution a    a a a
Enterprise FW a Partrial a a   
Cross Security
Platform a      
Real-time Correlation
of NOC/SOC
Analytics
a      
Device and
Configuration Self-
Discovery
a      
Dynamic Watch Lists
& Threat Intelligence a a a a   
Audit trail of User
Activity a      
Role Based Access
Controls a      

a= Provides
 = Not available

This sales guide is for Internal Use Only. 35

SECURITY OPERATIONS

QUALIFYING QUESTIONS

c Have you experienced a breach in the past year? If so, what was the impact and how was it felt?

c How many security vendor solutions are you currently using to manage against breaches?

c How does your NOC and SOC share data today?

c How much time does your security staff invest in manually correlating alerts and log related data?

c Are you able to provide your Executives and Board with a clear picture of malicious activity and risk to critical data,
applications and assets currently on and connecting to your networks?

c Do you have the ability to identify and prioritize high severity issues across physical and virtual networks, on-premise and
cloud deployments, as well conventional through to IoT devices?

c Do your network and security operations centers share a common view such that they are able to detect and respond to
issues efficiently and effectively?

c Are you able to proactively discover and manage devices and applications as they connect to your network?

36
CLOUD SECURITY
Organizations are rapidly embracing cloud
computing, including migrating server workloads
to public clouds such as Amazon Web Services or
Microsoft Azure, or adopting SaaS applications.
At the same time, most enterprises continue to invest in
virtualization and software-defined infrastructure to transform
data centers into private clouds. The long-term direction is
toward a persistent hybrid cloud (and in many cases multicloud)
environment, spanning across disparate private and public
clouds.
Maintaining user privacy and data confidentiality when data
resides in IaaS or SaaS clouds is a top IT concern. Therefore,
Cloud Security solutions play a critical role in protecting private,
public, and hybrid clouds to ensure that enterprise workloads
can maintain a consistent security posture regardless of whether
they are running on physical, virtual, or cloud infrastructure.
37
CLOUD SECURITY

MARKET DYNAMICS AND DRIVERS

Rapid Market Growth in the Cloud Space
The market for cloud security is expected to grow rapidly
with the adoption of cloud computing infrastructures. Forbes
estimates that $141B will be spent annually on public cloud
services by 2019, while IDC Research projects that more than
half of enterprise workloads will be running in public clouds
within a few years. Gartner Research estimates that security
and management solutions for IaaS and SaaS will expand to
$11B in this timeframe.7
Increased Traffic Flow Within Networks
As on-premises environments evolve into private clouds,
network traffic will increasingly shift from traditional north-south
flows to east-west. Studies have shown that 75% of data-
center traffic in modern virtualized environments is already
east-west rather than north-south. Properly inspecting all east-
west traffic to ensure proper segmentation of workloads would
easily quadruple today’s $3B market for north-south data-center
security. Gartner predicts that 10% of enterprise firewall revenue
will be delivered as virtual firewalls by 2019.

10%
will be spent
141B annually on
public cloud
services by 2019 of enterprise firewall revenue will be
(Forbes 2017)
delivered as virtual firewall by 2019
(Gartner 2017)

7. Gartner Enterprise Firewall MQ 2017

38
CLOUD SECURITY PRODUCTS
FortiGate
VM
FortiGate VM is a key foundation
for cloud security. As the virtual
appliance edition of our award-
winning FortiGate physical
appliances, the FortiGate VM
has the same FortiOS security
and management firmware,
as well as FortiGuard threat
updates.
FortiGate
VMX
Orchestration with software-
defined networking (SDN) further
ensures automatic provisioning
and scaling of network inspection.
FortiGate VMX is a purpose-
built version of the FortiGate
virtual appliance, providing deep
data plane and control plane
integration with VMware NSX to
deliver advanced security and
microsegmentation for vSphere
environments.
FortiGate
Connectors
FortiGate Connectors for Cisco
ACI and OpenStack Neutron
provide out-of-the-box integration
with other leading SDN platforms
to automate firewall and network
security insertion into dynamic
network flows.
39
CLOUD SECURITY

OTHER PRODUCTS

FortiCASB
service provides critical visibility
of users and data in cloud-
based applications.

Fortinet Virtual Appliances

ensure a broad range of
network security for private and
public clouds.

40
HOW FORTINET’S CLOUD SECURITY SOLUTIONS ARE UNIQUE

Only Fortinet’s Cloud Security solutions can extend visibility and
control across an organization’s entire private, public, and hybrid
cloud environment with Fortinet Security Fabric integration.
Consistent Security Posture Across Private and
Public Clouds
Fortinet enables secure and compliant policies, as well as fabric
visibility, to be applied consistently across physical, virtual,
and cloud infrastructure. Secure site-to-site VPN connectivity
between on-premises and public clouds ensures secure
application and data migration across the hybrid cloud, while
also minimizing leakage of confidential data.
Automated Scaling of Protection for Elastic Cloud
Workloads
With many organizations adopting cloud computing to scale
web or other applications elastically, Fortinet ensures user
and data privacy at cloud scale without slowing down the
business. Firewall inspection can be orchestrated into dynamic
applications and software-defined network flows, while
inspection capacity can be automatically scaled up with cloud
applications. Automated provisioning can apply appropriate
security policies to new and existing workloads.

End-to-End Network Segmentation Within and

Across Clouds
Fortinet provides powerful inspection capacity to inspect
east-west traffic within private and public clouds, mitigating
the concentration of risk from threats in highly consolidated
virtual and cloud-based environments. Internal segmentation
and microsegmentation can be deployed easily into flat, open
networks without disruption, providing end-to-end
segmentation with fine-grained policies based on users,
applications, and data.

41
CLOUD SECURITY

COMPETITIVE COMPARISON

Fortinet Cisco Check Point Juniper Palo Alto Trend Micro

Support for leading public
clouds including AWS and
Azure
a  a  a a
Support for all major
hypervisor platforms a a   a 
Support for key SDN platforms
including NSX, ACI, and
OpenStack
a  a  a 
Scalable virtual appliance
performance and efficiency a  a a  
Wide range of virtualized
security offerings a  a   
Gartner Enterprise Firewall MQ
Leader a  a  a 

a= Provides
 = Not available

42
42 This sales guide is for Internal Use Only.
THIRD-PARTY VALIDATION

NSS Labs and Gartner Magic Quadrant Partner Certifications

FortiGate virtual appliances are part of the same product family Integration and orchestration of FortiGate with leading private
whose hardware has received numerous third-party validations or public cloud platforms has been certified or recognized
or recognition, including NSS Labs “Recommended” and Gartner by key partners, including validations for VMware Ready for
Magic Quadrant for Enterprise Firewall as a Leader. Networking and Security, VMware Ready for NFV, Cisco ACI,
AWS Marketplace, Azure Marketplace, and Azure Security
Center.

Gartner Magic Quadrant for Enterprise Network Firewalls, Adam Hills, Jeremy D’Hoinne, Rajpreet Kaur, July 10 2017
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire
document. The Gartner document is available upon request from Fortinet
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to
select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with
respect to this research, including any warranties of merchantability or fitness for a particular purpose.

43
CLOUD SECURITY

QUALIFYING QUESTIONS

c Has your organization been leveraging virtualization, SDN, or other technologies as part of data-center consolidation or
transformation projects?

c How are you ensuring visibility into increased east-west or inter-VM traffic?

c How would your risk be concentrated were a security breach to occur in heavily consolidated virtual environments?

c Is your organization adopting public clouds like AWS, Azure, or Google?

c How are you ensuring that your apps and data migrated to the cloud have the exact same security posture as if running in
your internal data center?

c Are you migrating applications and data between on-premises data centers/clouds and the public cloud?

c Do you have confidentiality or compliance requirements to ensure data doesn’t leak from on-premises to public clouds,
and how are you monitoring and protecting against data leakage?

c How do you ensure that only authorized users or employees are accessing data in SaaS environments like Office 365 or
Salesforce.com?

c How are you ensuring data privacy and compliance with respect to data stored in SaaS applications like Office 365 or
Salesforce.com?

NSE TRAINING MODULES

§§NSE 2: Public Cloud Security

44
APPLICATION
SECURITY
Web-based applications that are exposed to the
Internet are an easy target for hackers. The largest
point of entry for data breaches in the past few
years has been application vulnerabilities that
hackers exploit. In addition, DDoS attacks have
evolved from blunt-force instruments designed
to overwhelm network resources to sophisticated
surgical strikes that target application layer
services in a data center.
Web-based attacks are a significant issue—as are scale and
reliability for secure web applications. Customers hosting a secure
application for thousands or even millions of users need to ensure
that the application infrastructure can meet the demand and
respond quickly.
Fortinet’s Application Security solutions include web application
firewalls, DDoS attack mitigation appliances, and application
delivery controllers to protect applications from vulnerabilities
and Layer 7 DDoS attacks, while providing the tools needed to
seamlessly scale secure applications to millions of users. For more
specialized needs, we also offer web caching and advanced WAN
link load balancers to further ensure applications, data, and WAN
connections are secure and available.
45
APPLICATION SECURITY

MARKET DYNAMICS AND DRIVERS

Application Exploits Are a Top Cause for Breaches

Verizon reports that application vulnerabilities are the top contributing
factor for data breaches. They found that 40% of all breaches were
caused by exploits and vulnerabilities in web-based applications in
40%
of all breaches were caused by exploits and
vulnerabilities in web-based applications
their 2017 Data Breach Investigations Report.
(Verizon 2017)

Encrypted Traffic Growth Outpaces Infrastructure

30%
Although not widely reported, encrypted web application traffic is
growing at a very fast pace. Sandvine’s 2016 Encrypted Traffic Report
showed that 30% of all Internet traffic was encrypted. In the following
year, that volume was projected to grow to 50%. Most organizations of Internet traffic
are racing to encrypt their sensitive data, even though it is straining was encrypted
their existing application delivery infrastructure. (Sandvine 2016)

DDoS Is Only Getting Worse

In 2016, Verisign reported a 75% increase in DDoS attacks from the
year before in their Q2 DDoS Trends Report. Sophisticated Layer 7
DDoS threats continue to grow. In some cases, it only takes a few
75% of
kilobytes of traffic to do as much damage as a brute-force attack of DDoS attacks
100 Gbps or higher. Currently, 80% of DDoS attacks are less than 50 from the year before Q2
Gbps—and most successful ones are less than 1 Gbps. (Verisign 2016)

46
APPLICATION SECURITY PRODUCTS
FortiWeb
WEB APPLICATION
FIREWALLS
FortiWeb protects hosted web
applications from attacks that
target known and unknown
exploits. Using multilayered and
correlated detection methods,
FortiWeb defends applications
from known vulnerabilities and
from zero-day threats.
FortiDDoS
ATTACK MITIGATION
APPLIANCES
Using 100% behavior-based
DDoS attack detection, FortiDDoS
delivers complete attack protection
against Layer 3, 4, and 7 DDoS
threats. It offers low latency and
fast DDoS protection compared
to signature- and CPU-based
solutions.
FortiADC
APPLICATION DELIVERY
CONTROLLERS
FortiADC solutions optimize
the availability, user experience,
performance, and scalability of
Enterprise Application Delivery.
The FortiADC family of physical
appliances delivers fast, secure,
and intelligent acceleration
and distribution of demanding
applications in the enterprise.
47
APPLICATION SECURITY

OTHER PRODUCTS

FortiCache
Web Content Caching

FortiWAN
WAN Optimization

48
HOW FORTINET’S APPLICATION SECURITY SOLUTIONS ARE UNIQUE

Complete Application Security Solution A Complete, One-Vendor Solution

Only Fortinet provides a complete solution that covers the core
elements of application security. This includes web application
firewalls, application delivery controllers, DDoS attack
mitigation, WAN optimization, and web content caching. Most
other vendors only offer point products, requiring a complex
multivendor solution that’s difficult to install and manage.
FortiADC, FortiWeb, and FortiDDoS products are optimized to
work together with other Fortinet products for management and
reporting. All products share a similar interface to reduce the
learning curve for support teams. Having only one vendor to
manage simplifies renewals and accountability.

Fortinet Security Fabric Integration

Our Application Security portfolio is deeply integrated into
the Fortinet Security Fabric. We ensure that applications
are protected from the latest threats with FortiGuard Threat
Intelligence Services—including antivirus, anti-malware, IP
reputation, and application attack signatures. Application
Security is integrated into other solutions such as FortiGate
firewalls, FortiMail, and FortiSandbox for advanced threat
protection. It is also integrated with many third-party providers,
including HP, IBM, and Verisign.

49
APPLICATION SECURITY

COMPETITIVE COMPARISON

Fortinet F5 A10 Imperva Arbor Barracuda

Independently
top-rated security a a  a a 
Complete WAF, ADC,  
and DDoS solution a a a WAF Only DDoS Only
a
Part of a broader
integrated solution a     
Available in all form
factors a a a a  a
Gartner Gartner Gartner Gartner Gartner Gartner
Challenger Leader Not rated Leader Not rated Challenger
Analyst rating (WAF)*
NSS NSS NSS NSS NSS NSS
Recommended Recommended Not rated Not rated Not rated Not rated

a= Provides
 = Not available

50
50 This sales guide is for Internal Use Only.
THIRD-PARTY VALIDATION
NSS Labs Recommended
FortiWeb received a “Recommended” rating from NSS Labs in
their 2017 Web Application Firewall Comparative Report and
Security Value Map. The FortiWeb 3000E was pitted against
five competitors and placed very well overall against the
competition—passing all tests, tying for first place in Security
Effectiveness, and receiving an “Above Average” rating for
overall value for 2017.
2017 Gartner Magic Quadrant—“Challenger”
Fortinet continues as a Challenger in the 2017 Gartner
Magic Quadrant for Web Application Firewalls for the second
consecutive year. We believe that integration with the Fortinet
Security Fabric along with continued technology advances
make FortiWeb an easy choice for security leaders when
looking at a web application firewall to protect their web-
facing applications.
Gartner Magic Quadrant for Web Application Firewalls, 7 August 2017
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context
of the entire document. The Gartner document is available upon request from Fortinet
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise
technology users to select only those vendors with the highest ratings or other designation. Gartner research publications
consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner
disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or
fitness for a particular purpose.
51
APPLICATION SECURITY

QUALIFYING QUESTIONS

c How do you protect your mission-critical, web-based applications from attacks today?

c Do you regularly conduct code security reviews and if so, how often?

c Do you need to meet PCI DSS compliance standards? What were the results of your last PCI DSS audit?

c Are you concerned about data breaches of sensitive customer or proprietary information through your web-based
applications?

c Are your secure web applications outgrowing your current server load balancer?

c Do you need applications to span multiple data centers for disaster recovery of applications?

c Are DDoS attacks one of your top data-center threats?

c Do you find that your current service-based DDoS mitigation solution is expensive with unpredictable costs?

NSE TRAINING MODULES

§§NSE 2: Application Security

§§NSE 3: Web Application Firewalls (FortiWeb)

§§NSE 3: Application Delivery Controllers (FortiADC)

§§NSE 3: DDoS Attack Mitigation (FortiDDoS)

52
SECURE ACCESS
For many, the primary focus for securing the
network focuses on external threats coming from
the Internet. However, with a mobile workforce,
Our FortiSwitch product line offers a wide variety of switching
BYOD policies, and widespread use of thumb
capabilities—from top-of-rack (ToR) aggregation applications,
drives, threats from internal attack vectors are
to distributed enterprises, down to small businesses. Utilizing
increasing. Therefore, securing internal access is proprietary FortiLink technology, these switching products extend
becoming increasingly important. Fortinet offers the Fortinet Security Fabric down to the Ethernet ports, delivering a
a full range of both wired and wireless solutions highly integrated yet easy-to-manage wired solution.
with exactly this focus.

Fortinet’s wireless product line includes a variety of access points

(APs) and three methods of managing them to optimize the solution
to a customer’s needs:
§§An integrated solution in which switching, WLAN control, and
security services are integrated in a single FortiGate
§§A more traditional WLAN controller that supports high-
density and high-mobility environments with unmatched
security services
§§A cloud-managed wireless solution providing the simplest
deployment option, yet still maintaining the highest level of
security

53
SECURE ACCESS

MARKET DYNAMICS AND DRIVERS

Growth of PoE from IoT

More and more devices connecting to wired ports are drawing not only
Internet connectivity but also power. Initially, wireless APs used Power Growth of PoE
over Ethernet (PoE), but more devices and sensors supporting the
Internet of Things (IoT) are relying on their wired connection for power from IoT
as well. PoE switch ports are being deployed in increasing numbers for
video cameras, building management, and lighting.

Shift from 802.11n to 802.11ac to 802.11ac Wave 2

Wireless connectivity remains a core requirement of most companies. Wireless connectivity
The increasing speeds and improving reliability from newer standards remains a core
have resulted in incremental improvements to Wi-Fi APs. Companies requirement of most
are now balancing the cost of the higher throughput APs with more companies
affordable options as they plan their wireless networks.

Surge in Cloud-Based Management Adoption

Cloud management of networks has increased as IT managers have
embraced the benefits of anywhere, anytime management and grown
comfortable with the perceived risks. Proven, secure solutions have
delivered productivity and responsiveness gains, while also shifting Surge in Cloud-Based
capex costs to more palatable opex spend. management adoption

54
SECURE ACCESS PRODUCTS
FortiAP
INTEGRATED WIRELESS
SOLUTION
THE FortiAP series extends
the security policies of the
FortiGate out to the wireless
network. Managed by the
WLAN controller built into the
FortiGate, the FortiAP access
points provide visibility and
control via a familiar GUI. Ideal
for main offices, branch offices
and remote offices, with outdoor
options available.
FortiAP-S
SECURE REMOTE
WIRELESS SOLUTION
The FortiAP-S series performs
real-time security processing at
the AP itself. Combining Wi-Fi
access and network security into
the compact footprint of a single
AP provides an exceptionally
elegant and affordable WLAN
solution for SMBs and the
distributed enterprise. Remote
management available from
FortiGate or FortiCloud.
FortiSwitch
WIRED
SOLUTION
FortiSwitch Secure Access
Switches are feature-rich yet cost-
effective and address the needs
of large enterprise campuses
or smaller branch offices. The
FortiLink protocol enables Zero-
touch provisioning, effectively
extending the FortiGate with
additional wired ports. With high-
density 24- and 48-port models
supporting 802.11at PoE, they can
power anything from APs to VoIP
handsets to surveillance cameras.
55
SECURE ACCESS

OTHER PRODUCTS

FortiAuthenticator

FortiToken

FortiClient

FortiExtender

FortiPresence

56
HOW FORTINET’S SECURE ACCESS SOLUTIONS ARE UNIQUE

Balancing Access, Performance, and Protection Supporting Comprehensive Security Across the
Without Compromise Infrastructure
Today’s enterprises demand fast, transparent access to critical Above all, Fortinet’s Secure Access solution perfectly
applications and data—from anywhere and from a range of complements enterprise architectures, extending Fortinet’s
devices over which administrators no longer have full control. Security Fabric from the core to the edge and uniting the various
solution components to deliver combined benefits greater than
Fortinet’s Secure Access solution provides a tightly integrated
the sum of their parts.
infrastructure—access, networking, and security—capable of
meeting these demands without compromising performance or
security.
As security threats increase in number, risk, and sophistication,
Fortinet customers can rest assured that data protection
obligations to their customers, business partners, and
shareholders can be honored, and that maximum business
continuity will be maintained.

57 57
SECURE ACCESS

COMPETITIVE COMPARISON

Capability Fortinet Cisco HP/Aruba Aerohive Ruckus/Arris

Enterprise WLAN a a a a a
UTM in Access Point a    
Enterprise Switching a a a a a
UTM a a   
Gartner MQ WLAN/LAN a a a a a
a= Provides
 = Not available

58
58 This sales guide is for Internal Use Only.
THIRD-PARTY VALIDATION

2016 Gartner Magic Quadrant—“Visionary”

In the 2016 Gartner Magic Quadrant for Wired and Wireless

LAN Access Infrastructure, Fortinet’s Secure Access product
line achieved a Visionary rating in the enterprise LAN/WLAN
marketplace.

“Magic Quadrant for the Wired and Wireless LAN Access Infrastructure,” Tim Zimmerman, Christian Canales, Bill Menezes,
Danilo Ciscato, August 2016
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the
entire document. The Gartner document is available upon request from Fortinet.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology
users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied,
with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

59
SECURE ACCESS

QUALIFYING QUESTIONS

c Are you looking for security in addition to access layer components?

c Is simplified management a key requirement?

c Do you already own a FortiGate?

c Do you have many small sites (distributed retail)?

c Do you need security at the edge for a small branch?

c Do you have a large public venue with stringent RF capabilities?

c Do you have minimal staff and need a solution that’s easy to deploy and manage?

NSE TRAINING MODULES

§§NSE 2: Secure Access Solution

§§NSE 2: Wireless Infrastructure Products

§§NSE 2: Wireless Integrated Products

§§NSE 2: FortiCloud

60
SERVICES
FortiGuard
FortiGuard researchers continuously scour the
cyber landscape to discover emerging threats
and develop effective countermeasures to protect
organizations around the world. They are the
reason that FortiGuard is credited with over 250
zero-day discoveries—a record unmatched by
any other security vendor.
Our unique combination of in-house research
across 10 different security disciplines,
intelligence exchanged with leading industry
sources, and machine learning are why Fortinet
security solutions routinely demonstrate such high
scores during real-world security effectiveness
tests at places like NSS Labs, Virus Bulletin, ICSA
Labs, and AV-Comparatives.
FortiCare
Security can be complex; creating the best security environment
requires expertise. Fortinet is immersed in security every day of the
year and our professionals know our products in detail. We can
augment the defensive capabilities of any IT organization with a range
of offerings, tailoring our services to the size of the organization and
the desired level of assistance and monitoring. We can help you ensure
that your customer’s security posture is appropriate to today’s evolving
threat environment.
FortiCare services are available on all Fortinet products and include four
types of offerings:
§§Product Support Services include device assistance with
technical issues as well as firmware updates, and (if necessary)
product replacement. Device monitoring and reporting is also
available. Assistance can be provided by phone, email, or chat.
§§Advanced Support Services provide support on an account basis
and include configuration advice and performance review, as well
as training and certification programs. There are both Enterprise
and Service Provider options.
§§Professional Services offer certified experts for onsite training,
design, configuration, implementation, and validation for security
and infrastructure products. These engagements are custom
created and require a statement of work (SOW) to properly scope
the activity.
§§Premium RMA Services include enhanced warranty returns for
faster replacement turnaround, as well as secure disposal options
for high-security customers.
61
SALES TOOLS
SALES TOOLS
We offer a number of tests and other tools to help your
potential customers evaluate their current security
posture, as well as demos for an assortment of
Fortinet products.
Cyber Threat Assessment Program
Our Cyber Threat Assessment Program (CTAP) is a framework
designed to offer your prospective customers quick, easy, and
valuable insight into their preexisting security posture. It helps
you build credibility, establish yourself as a trusted advisor, and
create a strong business case to choose Fortinet solutions to
mitigate threats.
With a conversion rate of 85%, CTAP is a proven way to
turn a greenfield opportunity into a long-term customer while
demonstrating the value of FortiGate, FortiOS, FortiGuard, and
FortiSandbox in your prospect’s own network environment.
Website: https://ctap.fortinet.com
Product Demo Center
Let your prospects see for themselves how our solutions can
help solve their security challenges. Our Product Demo Center
includes a wide range of Fortinet products, helping customers
explore key features and capabilities as well as experience our
intuitive user interfaces.
Website: http://www.fortidemo.com
62
Test Your Metal (Malware Scan Effectiveness)
Attackers get past security measures by hiding malware deep within
compressed files. Unfortunately, most network security solutions are
regularly fooled by this technique because they can’t analyze a file
compressed with any format other than ZIP. There are a number of
legitimate compression formats commonly used and easily opened by
typical end-users on most operating systems other than ZIP (e.g., TAR,
GZ, 7Z, CAB).
Test Your Metal offers a simple test to see if your network security will
catch malware hiding in compressed files.
Website: http://metal.fortiguard.com
Network Testing
Help your customers get the most out of their network devices and
diagnose potential issues with comprehensive performance testing.
FortiTester offers a suite of powerful, yet easy-to-use tests that simulate
a variety of typical traffic conditions. It allows you to set performance
standards and run audits to make sure your network continues to meet
them. It also stores past tests for easy comparison.
Website: http://docs.fortinet.com/fortitester/
Training
Network Security Expert (NSE) training is an eight-level certification
program designed for technical professionals interested in independent
validation of their network security skills and experience. NSE training is
available via the Fortinet Partner Portal.
Website: https://www.fortinet.com/support-and-training.html
PARTNER SUPPORT

Fortinet provides a wealth of resources for our

partners, including services such as sales and Corporate Website
product training, opportunity identification, and http://www.fortinet.com
advanced technical support as part of the pre-
sales process.
Fortinet Partner Portal
Enterprise customers tend to have specialized
https://partners.fortinet.com/
needs with many complexities. Our global teams
of account managers and sales engineers are at Training Information
the ready to assist you with any of the solutions http://www.fortinet.com/training/index.html
presented in this guide.
Product Information
We also have many online resources to assist you http://www.fortinet.com/products/index.html
during the sales process.

Fortinet Icon Library

Available in the Resources section at
http://www.fortinet.com/

FUSE Community
https://fusecommunity.fortinet.com

63
This Partner Sales Guide is designed to educate and enable Fortinet channel partners on our leading network security solutions.
This is not appropriate as a customer-facing document.

Copyright © 2017 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other
Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners.

v2.0 110550 0 0 EN September 15, 2017 10:32 AM