ORDERING GUIDE

Zero Trust Network Access (ZTNA)

Product Offerings

This ordering guide is a quick reference to the Fortinet ZTNA portfolio to help customers of
varying size and complexity to select the right products for each deployment. ZTNA is an
integrated component of the Fortinet Security Fabric, giving administrators the assurance
that only trusted and validated users/devices can access sensitive data stored in corporate
and SaaS applications from anywhere. Fortinet’s ZTNA solution includes comprehensive Cloud
access security broker (CASB) technology to inspect, secure and control your SaaS application
data when in-motion (inline CASB powered by access proxy) or at-rest (API based CASB).

Fortinet’s ZTNA technology integrated with in-line CASB allows real-time inspection of SaaS
application traffic providing:

1. Visibility and granular control over your SaaS applications.

2. Data leak protection so confidential data is not leaked or shared.

3. Advanced threat protection where all data is inspected to detect and block malware.

A ZTNA deployment consists of 2 parts:

• ZTNA Agent may connect from anywhere, to access applications hosted in the company
data center, cloud data center or SaaS. These endpoints are continuously monitored
by FortiClient to ensure up-to-date posture information, and to secure each connection
automatically without user involvement.

• Access Proxy sits between the endpoints and applications, and continuously validates the
posture and identity of each connection, and providing secure microsegmented access for
each session. The access proxy is a feature of FortiGate and natively integrated with SD-
WAN, SASE, NGFW and all other FortiGate components.

The following table provides a brief summary of the capabilities of each part:

PRODUCT OFFERINGS
ZTNA AGENT ACCESS PROXY
Transparent ZTNA proxy for end-user 
Endpoint health, telemetry, identity and certificates 
Continuous monitoring 
Inline CASB 
Cloud CASB (API based) 

Application Access (Micro) Segmentation 

Single Sign On and SAML 
Server Load Balancing (HW accelerated) 
Per-session posture and identity enforcement 
SaaS Application Enforcement 

Central Reporting and Analytics Single Pane

Central Management Single Pane

YCONFIDETAL STRICLSTRICTLY CONFIDENTIAL 1

ORDERING GUIDE | Zero Trust Network Access

ACCESS PROXY

FortiGate
Note, there are many variations for the FortiGate platform, including:

• Interface speed

• Capacity / Performance

• Wireless, Switch and 3G/4G/5G ports

• Local Storage

Refer to the latest datasheets for the latest information. The following table showcases the latest generation platforms with
default options over a range of capacity:
CAPABILITY FG-60F FG-80F FG-100F FG-200F FG-400E
SSL Inspection 630 Mbps 715 Mbps 1 Gbps 4 Gbps 4.8 Gbps
Threat Protection 700 Mbps 900 Mbps 1 Gbpds 3 Gbps 5 Gbps
Access Proxy / App Segmentation     
Single Sign On with SAML     
Server Load Balancing     
Web Forwarding HTTPS HTTPS HTTPS HTTPS HTTPS
TCP Forwarding HTTPS, SSH, FTP, Telnet HTTPS, SSH, FTP, Telnet HTTPS, SSH, FTP, Telnet HTTPS, SSH, FTP, Telnet HTTPS, SSH, FTP, Telnet
SaaS Application Enforcement (Inline
    
CASB)

CAPABILITY FG-600E FG-1100E FG-1800F FG-2600F FG-3500F

SSL Inspection 8 Gbps 10 Gbps 17 Gbps 20 Gbps 55 Gbps
Threat Protection 7 Gbps 7.1 Gbps 9.1 Gbps 17 Gbps 63 Gbps
Access Proxy / App Segmentation     
Single Sign On with SAML     
Server Load Balancing     
Web Forwarding HTTPS HTTPS HTTPS HTTPS HTTPS
TCP Forwarding HTTPS, SSH, FTP, Telnet HTTPS, SSH, FTP, Telnet HTTPS, SSH, FTP, Telnet HTTPS, SSH, FTP, Telnet HTTPS, SSH, FTP, Telnet
SaaS Application Enforcement (Inline
    
CASB)

Ordering Information
PLATFORM BASE SKU ENTERPRISE BUNDLE
FortiGate-60F FG-60F FC-10-0060F-811-02-DD
FortiGate-80F FG-80F FC-10-0080F-811-02-DD
FortiGate-100F FG-100F FC-10-F100F-811-02-DD
FortiGate-200F FG-200F FC-10-F200F-811-02-DD
FortiGate-400E FG-400E FC-10-0400E-811-02-DD
FortiGate-600E FG-600E FC-10-F6H0E-811-02-DD
FortiGate-1100E FG-1100E FC-10-F18HF-811-02-DD
FortiGate-1800F FG-1800F FC-10-F18HF-811-02-DD
FortiGate-2600F FG-2600F FC-10-F26HF-811-02-DD
FortiGate-3500F FG-3500F FC-10-F3K5F-811-02-DD

STRICTLY CONFIDENTIAL 2 2
 ORDERING GUIDE | Zero Trust Network Access

ZTNA AGENT

FortiClient
You can provision the FortiClient agent on a per-user or per-endpoint basis, and manage it from a cloud-based (SaaS) console or
on-premise depending on corporate requirements. Additional managed services options are available to assist with initial setup,
user onboarding, upgrades, and other operations.

The following table summarizes the most popular options:

CAPABILITY ZTNA AGENT MANAGED ZTNA AGENT

Transparent ZTNA Proxy for End User  
Endpoint Health, Telemetry, Identity, and Certificates  
Continuous Monitoring  
Central Posture Check Tagging Rules  
Central Managment and Onboarding  
TCP Forwarding  
EPP Security Optional Upgrade Optional Upgrade
SASE Optional Upgrade (cloud only) Optional Upgrade (cloud only)
Integration with FortiGuard Forensics Service* Optional Upgrade (cloud only) Optional Upgrade
Expert-assisted deployment and monitoring setup for EMS Cloud

Platform, Windows, MacOS and Linux endpoints
Inline CASB  
Cloud CASB (API based)  

* Check pricelist for availability.

ORDER INFORMATION
ORDERING OPTIONS ZTNA AGENT MANAGED ZTNA AGENT
100 - 499 Users FC2-10-EMS05-509-02-DD FC2-10-EMS05-556-02-DD

500 - 1,999 Users FC3-10-EMS05-509-02-DD FC3-10-EMS05-556-02-DD

Per-User
2,000 - 9,999 Users FC4-10-EMS05-509-02-DD FC4-10-EMS05-556-02-DD

10,000+ Users FC5-10-EMS05-509-02-DD FC5-10-EMS05-556-02-DD

25-pack FC1-10-EMS05-551-01-DD FC1-10-EMS05-562-01-DD

500-pack FC2-10-EMS05-551-01-DD FC2-10-EMS05-562-01-DD

Per-Endpoint
2,000-pack FC3-10-EMS05-551-01-DD FC3-10-EMS05-562-01-DD

10,000-pack FC4-10-EMS05-551-01-DD FC4-10-EMS05-562-01-DD

www.fortinet.com

Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

ZTNA-OG-R3-20220722
STRICTLY CONFIDENTIAL