FortiGate 300E Firewall Overview
The FortiGate 300E series provides an application-centric, scalable and secure SD-WAN solution withrnnext generation firewall (NGFW) capabilities for mid-sized to large enterprises deployed at the campus orrnenterprise branch level. Protects against cyber threats with system-on-a-chip acceleration and industry leading secure SD-WAN in a simple, affordable, and easy to deploy solution. Fortinet’s Security-DrivenrnNetworking approach provides tight integration of the network to the new generation of security.
- Identifies thousands of applications inside network traffic for deep inspection and granular policy enforcement
- Protects against malware, exploits, and malicious websites in both encrypted and non-encrypted traffic
- Prevents and detects against known attacks using continuous threat intelligence from AI-powered FortiGuard Labs security services
- Proactively blocks unknown sophisticated attacks in realtime with the Fortinet Security Fabric integrated AI-powered FortiSandbox
- Engineered for Innovation using Fortinet’s purpose-built security processors (SPU) to deliver the industry’s best threat protection performance and ultra-low latency
- Provides industry-leading performance and protection for SSL encrypted traffic including the first firewall vendor to provide TLS 1.3 deep inspection
- Independently tested and validated best security effectiveness and performance
- Received unparalleled third-party certifications from NSS Labs, ICSA, Virus Bulletin, and AV Comparatives
- Dynamic Path Selection over any WAN transport to provide better application experience based on self-healing SD-WAN capabilities
- Advanced routing, Scalable VPN, multi-cast and IPV4/IPV6 forwarding powered by purpose-built network processors
- SD-WAN Orchestration provides intuitive and simplified workflow for centralized management and provisioning of business policies in a few easy clicks
- Expedited deployment with Zero touch provisioning well-suited for large and distributed infrastructure
- Automated VPN tunnels for flexible hub-to-spoke and full-mesh deployment at scale to provide bandwidth aggregation and encrypted WAN paths
- Predefined compliance checklists analyze the deployment and highlight best practices to improve the overall security posture
- Enables Fortinet and Fabric-ready partners’ products to provide broader visibility, integrated end-to-end detection, threat intelligence sharing, and automated remediation
- Automatically builds Network Topology visualizations which discover IoT devices and provide complete visibility into Fortinet and Fabric-ready partner products
FortiGate 300E Firewall Deployment
Next Generation Firewall (NGFW)
- Reduce the complexity and maximize your ROI by integrating threat protection security capabilities into a single highperformance network security appliance, powered by Fortinet’s Security Processing Unit (SPU)
- Full visibility into users, devices, applications across the entire attack surface and consistent security policy enforcement irrespective of asset location
- Protect against network exploitable vulnerabilities with industryvalidated IPS that offers low latency and optimized network performance
- Automatically block threats on decrypted traffic using the Industry’s highest SSL inspection performance, including the latest TLS 1.3 standard with mandated ciphers
- Proactively block newly discovered sophisticated attacks in real-time with AI-powered FortiGuard Labs and advanced threat protection services included in the Fortinet Security Fabric
Secure Web Gateway (SWG)
- Secure web access from both internal and external risks, even for encrypted traffic at high performance
- Enhanced user experience with dynamic web and video caching
- Block and control web access based on user or user groups across URL’s and domains
- Prevent data loss and discover user activity to known and unknown cloud applications
- Block DNS requests against malicious domains
- Multi-layered advanced protection against zero-day malware threats delivered over the web
- Consistent business application performance with accurate detection, dynamic WAN path steering on any best-performing WAN transport
- Accelerated Multi-cloud access for faster SaaS adoption with cloud-on-ramp
- Self-healing networks with WAN edge high availability, subsecond traffic switchover-based and real-time bandwidth compute-based traffic steering
- Automated Overlay tunnels provides encryption and abstracts physical hybrid WAN making it simple to manage.
- Simplified and intuitive workflow with SD-WAN Orchestrator for management and zero touch deployment
- Enhanced analytics both real-time and historical provides visibility into network performance and identify anomalies
- Strong security posture with next generation firewall and realtime threat protection
Powered by SPU
- Custom SPU processors deliver the power you need to detect malicious content at multi-Gigabit speeds
- Other security technologies cannot protect against today’s wide range of content- and connection-basedthreats because they rely on general-purpose CPUs, causing a dangerous performance gap
- SPU processors provide the performance needed to block emerging threats, meet rigorous third-party certifications, and ensure that your network security solution does not become a network bottleneck
- Fortinet’s new, breakthrough SPU NP6 network processor works inline with FortiOS functions delivering:
- Superior firewall performance for IPv4/IPv6, SCTP, and multicast traffic with ultra-low latency down to 2 microseconds
- VPN, CAPWAP, and IP tunnel acceleration
- Anomaly-based intrusion prevention, checksum offload, and packet defragmentation
- Traffic shaping and priority queuing
Fortinet’s new, breakthrough SPU CP9 content processor works outside of the direct flow of traffic and accelerates the inspection of computationally intensive security features:
- Enhanced IPS performance with unique capability of full signature matching at ASIC
- SSL Inspection capabilities based on the latest industry mandated cipher suites
- Encryption and decryption offloading
Fortinet Security Fabric
The Security Fabric is the cybersecurity platform that enables digital innovations. It delivers broad visibility of the entire attack surface to better manage risk. Its unified and integrated solution reduces the complexity of supporting multiple-point products, while automated workflows increase operational speeds and reduce response times across the Fortinet deployment ecosystem. The Fortinet Security Fabric overs the following key areas under a single management center:
- Security-Driven Networking that secures, accelerates, and unifies the network and user experience
- Zero Trust Network Access that identifies and secures users and devices in real-time, on and off of the network
- Dynamic Cloud Security that protects and controls cloud infrastructures and applications
- AI-Driven Security Operations that automatically prevents, detects, isolates, and responds to cyber threats
FortiGates are the foundation of the Fortinet Security Fabric—the core is FortiOS. All security and networking capabilities across the entire FortiGate platform are controlled with one intuitive operating system. FortiOS reduces complexity, costs, and response times by truly consolidating next-generation security products and services into one platform.
- A truly consolidated platform with a single OS and pane-of-glass for across the entire digital attack surface.
- Industry-leading protection: NSS Labs Recommended, VB100, AV Comparatives, and ICSA validated security and performance.
- Leverage the latest technologies such as deception-based security.
- Control thousands of applications, block the latest exploits, and filter web traffic based on millions of real-time URL ratings in addition to true TLS 1.3 support.
- Automatically prevent, detect, and mitigate advanced attacks within minutes with an integrated AI-driven security and advanced threat protection.
- Improve and unify the user experience with innovative SD-WAN capabilities with the ability to detect, contain, and isolate threats with automated segmentation.
- Utilize SPU hardware acceleration to boost network security performance.
FortiGate 300E Firewall Services
FortiGuard™ Security Services
FortiGuard Labs offer real-time intelligence on the threat landscape, delivering comprehensive security updates across the full range of Fortinet’s solutions. Comprised of security threat researchers, engineers, and forensic specialists, the team collaborates with the world’s leading threat monitoring organizations and other network and security vendors, as well as law enforcement agencies. For more information, please refer to forti.net/fortiguard and forti.net/forticare
FortiCare™ Support Services
Our FortiCare customer support team provides global technical support for all Fortinet products. With support staff in the Americas, Europe, Middle East, and Asia, FortiCare offers services to meet the needs of enterprises of all sizes
FortiGate 300E Firewall Specifications
Interfaces and Modules
- GE RJ45 Interfaces : 16
- GE SFP Slots : 16
- GE RJ45 Management Ports : 2
- USB Ports : 2
- RJ45 Console Port : 1
- Local Storage : –
- Included Transceivers : 2x SFP (SX 1 GE)
System Performance — Enterprise Traffic Mix
- IPS Throughput : 5 Gbps
- NGFW Throughput : 3.5 Gbps
- Threat Protection Throughput : 3 Gbps
System Performance and Capacity
- IPv4 Firewall Throughput (1518 / 512 / 64 byte, UDP) : 32 / 32 / 20 Gbps
- IPv6 Firewall Throughput (1518 / 512 / 64 byte, UDP) : 32 / 32 / 20 Gbps
- Firewall Latency (64 byte, UDP) : 3 ?s
- Firewall Throughput (Packet per Second) : 30 Mpps
- Concurrent Sessions (TCP) : 4 Million
- New Sessions/Second (TCP) : 300,000
- Firewall Policies : 10,000
- IPsec VPN Throughput (512 byte) : 20 Gbps
- Gateway-to-Gateway IPsec VPN Tunnels : 2,000
- Client-to-Gateway IPsec VPN Tunnels : 50,000
- SSL-VPN Throughput : 2.5 Gbps
- Concurrent SSL-VPN Users (Recommended Maximum, Tunnel Mode) : 5,000
- SSL Inspection Throughput (IPS, avg. HTTPS) : 3.9 Gbps
- SSL Inspection CPS (IPS, avg. HTTPS) : 2,500
- SSL Inspection Concurrent Session (IPS, avg. HTTPS) : 340,000
- Application Control Throughput (HTTP 64K) : 7 Gbps
- CAPWAP Throughput (1444 byte, UDP) : 5 Gbps
- Virtual Domains (Default / Maximum) : 10 / 10
- Maximum Number of FortiSwitches Supported : 72
- Maximum Number of FortiAPs (Total / Tunnel) : 512 / 256
- Maximum Number of FortiTokens : 5,000
- High Availability Configurations : Active-Active, Active-Passive, Clustering
Dimensions and Power
- Height x Width x Length (inches) : 1.75 x 17.0 x 15.0
- Height x Width x Length (mm) : 44.45 x 432 x 380
- Weight : 16.1 lbs (7.3 kg)
- Form Factor (supports EIA / non-EIA standards) : Rack Mount, 1 RU
- Power Consumption (Average / Maximum) : 90 W / 173 W
- Power Input : 100V–240V AC, 50–60Hz
- Current (Maximum) : 6A
- Heat Dissipation : 570 BTU/h
- Redundant Power Supplies (Hot Swappable) : optional
Operating Environment and Certifications
- Operating Temperature : 32–104°F (0–40°C)
- Storage Temperature : -31–158°F (-35–70°C)
- Humidity : 10–90% non-condensing
- Noise Level : 48 dBA
- Operating Altitude : Up to 7,400 ft (2,250 m)
- Compliance : FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CB
- Certifications : ICSA Labs: Firewall, IPsec, IPS, Antivirus, SSL-VPN; USGv6/IPv6
Note: All performance values are “up to” and vary depending on system configuration.
- IPsec VPN performance test uses AES256-SHA256.
- IPS (Enterprise Mix), Application Control, NGFW, and Threat Protection are measured with Logging enabled.
- SSL Inspection performance values use an average of HTTPS sessions of different cipher suites.
- NGFW performance is measured with Firewall, IPS, and Application Control enabled.
- Threat Protection performance is measured with Firewall, IPS, Application Control, and Malware Protection enabled.