Data Sheet

FortiGate®-VM on
Google Cloud

Highlights

• Securely connect
to your application Adaptive Multi-Cloud Security with AI-Powered
workloads without
Advanced Threat Protection
performance
bottlenecks
The FortiGate-VM on Google Cloud delivers next-
• Move at cloud speed
without compromising generation firewall capabilities for organizations
security
of all sizes, with the flexibility to be deployed as
• Seamlessly scale
your cloud protection next-generation firewall or VPN gateway. It protects
without increasing
operational burden against cyber threats with high performance, security
• Secure your cloud
efficacy, and deep visibility.
transformation without
impacting business
FortiGate-VM delivers protection from a broad array of network security threats. It
outcomes, with
offers the same security and networking services included in the FortiOS operating
flexible consumption
system and is available for public cloud, private cloud, and Telco Cloud (VNFs).
models
With a consistent operational model across hybrid cloud, multi-cloud, and service
provider environments, it reduces the training burden on security teams.

1
 FortiGate®-VM on Google Cloud Data Sheet

FortiOS Everywhere
FortiOS, Fortinet’s Advanced Operating System
FortiOS enables the convergence of high performing networking and security across the
Fortinet Security Fabric. Because it can be deployed anywhere, it delivers consistent and
Available in context-aware security posture across network, endpoint, and multi-cloud environments.

FortiOS powers all FortiGate deployments whether a physical or virtual device, as a container,
or as a cloud service. This universal deployment model enables the consolidation of many
technologies and use cases into a simplified, single policy and management framework. Its
organically built best-of-breed capabilities, unified operating system, and ultra-scalability
Appliance
allows organizations to protect all edges, simplify operations, and run their business without
compromising performance or protection.

FortiOS dramatically expands the Fortinet Security Fabric’s ability to deliver advanced AI/
ML-powered services, inline advanced sandbox detection, integrated ZTNA enforcement,
and more, provides protection across hybrid deployment models for hardware, software, and
Virtual Software-as-a-Service with SASE.

FortiOS expands visibility and control, ensures the consistent deployment and enforcement of
security policies, and enables centralized management across large-scale networks with the
following key attributes:

• Interactive drill-down and topology viewers that display real-time status

Hosted
• On-click remediation that provides accurate and quick protection against threats and abuses
• Unique threat score system correlates weighted threats with users to prioritize investigations

Cloud

Container

Intuitive easy to use view into the network and Visibility with FOS Application Signatures
endpoint vulnerabilities

FortiConverter Migration Service

FortiConverter Service provides hassle-free migration to help organizations transition from a
wide range of legacy firewalls to FortiGate Next-Generation Firewalls quickly and easily.
The service eliminates errors and redundancy by employing best practices with advanced
methodologies and automated processes. Organizations can accelerate their network protection
with the latest FortiOS technology.

2
FortiGate®-VM on Google Cloud Data Sheet

FortiGuard Services
FortiGuard AI-Powered Security
FortiGuard’s rich suite of security services counter threats in real time using AI-powered,
coordinated protection designed by FortiGuard Labs security threat researchers, engineers,
and forensic specialists.

Web Security
Advanced cloud-delivered URL, DNS (Domain Name System), and Video Filtering providing
complete protection for phishing and other web born attacks while meeting compliance.

Additionally, its dynamic inline CASB (Cloud Access Security Broker) service is focused on
securing business SaaS data, while inline ZTNA traffic inspection and ZTNA posture check
provide per-sessions access control to applications. It also integrates with the FortiClient
Fabric Agent to extend protection to remote and mobile users.

Content Security
Advanced content security technologies enable the detection and prevention of known
and unknown threats and file-based attack tactics in real-time. With capabilities like CPRL
(Compact Pattern Recognition Language), AV, inline Sandbox, and lateral movement protection
make it a complete solution to address ransomware, malware, and credential-based attacks.

Device Security
Advanced security technologies are optimized to monitor and protect IT, IIoT, and OT
(Operational Technology) devices against vulnerability and device-based attack tactics. Its
validated near-real-time IPS intelligence detects, and blocks known and zero-day threats,
provides deep visibility and control into ICS/OT/SCADA protocols, and provides automated
discovery, segmentation, and pattern identification-based policies.

Advanced NOC and SOC Management

Advanced NOC and SOC management tools attached to your NGFW provide simplified and
faster time-to-activation.

SOC-as-a-Service
Includes tier-one hunting and automation, log location, 24x7 SOC analyst experts, managed
firewall and endpoint functions, and alert triage.

Fabric Rating Security Best Practices

Includes supply chain virtual patching, up-to-date risk and vulnerability data to deliver quicker
business decisions, and remediation for data breach situations.

3
FortiGate®-VM on Google Cloud Data Sheet

Secure Any Edge at Any Scale

Advanced Virtual Security Processing Units (vSPUs)
Virtual firewalls are commonly used to protect virtualized environments in software-defined
data centers and multi-cloud environments on the basis that they are the least expensive
and the most portable, enabling users to easily move a virtual firewall from cloud to cloud.
One disadvantage of most virtual firewalls is that they deliver significantly lower network
throughput as compared with physical firewalls, creating bottlenecks throughout the network
and reducing business agility and performance.

FortiGate virtual firewalls (FortiGate-VM), featuring advanced virtual security processing units
(vSPUs), overcome the throughput barrier to provide top performance in private and public
clouds. With FortiGate-VM, organizations can securely migrate any application and support a
variety of use cases, including highly available large-scale virtual private networks (VPNs) in
the cloud.”

FortiGate-VM removes the cost-performance barriers to adopting virtual NGFWs, with several
industry-leading features:

• The FortiGate-VM vSPU is a unique technology that enhances performance by offloading

part of packet processing to user space, while using a kernel bypass solution within the
operating system. With vSPU enabled, FortiGate-VM can achieve more than triple the
throughput for a UDP firewall rule.
• Support for Intel QuickAssist Technology (Intel QAT), working on the latest QuickAssist
Adapters, accelerates traffic processing through site-to-site IPSec VPNs. With QAT enabled,
FortiGate-VM can achieve two to three times throughput improvements depending on the
packet frame size.
• Fortinet is the first NGFW vendor to support AWS C5n instances, which enables
organizations to use a virtual firewall to secure compute-heavy applications in the cloud.

FortiCare Services
Fortinet is dedicated to helping our customers succeed, and every year FortiCare Services
help thousands of organizations get the most from our Fortinet Security Fabric solution. Our
lifecycle portfolio offers Design, Deploy, Operate, Optimize, and Evolve services. Operate
services offer device-level FortiCare Elite service with enhanced SLAs to meet our customer’s
operational and availability needs. In addition, our customized account-level services provide
rapid incident resolution and offer proactive care to maximize the security and performance
of Fortinet deployments.

4
FortiGate®-VM on Google Cloud Data Sheet

Deployment
Next Generation Firewall (NGFW)
• Reduce complexity by combining threat protection security capabilities into single high-
performance network security appliances

• Identify and stop threats with powerful intrusion prevention beyond port and protocol that
examines the actual applications in your network traffic

• Deliver the industry’s highest SSL inspection performance using industry-mandated ciphers
while maximizing ROI

• Proactively block newly discovered sophisticated attacks in real-time with advanced threat
protection

VPN Gateway
• Direct Connect utilizing FortiGate firewalls for SSL and IPsec VPNs into and out of the AWS
VPCs

• VGW to FortiGate VPN between VPCs

• Hybrid cloud site to site IPsec VPN

• Remote access VPN

Gain Comprehensive Visibility and Apply Consistent Control

Specifications
The FortiGate-VM supports multiple instance families that leverage Intel and AMD-based x64
processors as well as the T2A instance family that leverages the Ampere® Altra® Arm-based
processor. For a full list of supported instance families, see the Fortigate GCP Administration
Guide. The following shows the performance of x64 N2-Standard instance family with the
BYOL License type.

5
 FortiGate®-VM on Google Cloud Data Sheet

Specifications

DEVICE PERFORMANCE DATA

VM-01 /01V VM-UL/
VM-02/ 02V/ 02S VM-04/ 04V /04S VM-08/ 08V/ 08S VM-16/ 16V/ 16S VM-32/ 32V/ 32S
/01S ULV/ ULS
SYSTEM REQUIREMENT
vCPU (Minimum / 1/1 1/2 1/4 1/8 1 / 16 1 / 32 1/
Maximum) Unlimited
TECHNICAL SPECIFICATIONS
Network Interface 1 / 24 1 / 24 1 / 24 1 / 24 1 / 24 1 / 24 1 / 24
Support (Minimum /
Maximum)1
Virtual Domains 10 / 10 10 / 25 10 / 50 10 / 50 10 / 500 10 / 500 10 / 500
(Default /
Maximum)2
Firewall Policies 10 000 10 000 10 000 200 000 200 000 200 000 200 000
SYSTEM PERFORMANCE
Instance Shape to
N2-Standard-2 N2-Standard-4 N2-Standard-8 N2-Standard-16 N2-Standard-32
be Measured
Google Cloud
Expected 10 Gbps 10 Gbps 16 Gbps 32 Gbps 32 Gbps
Bandwidth 3
(Gigabit per stand stand stand stand stand
second) 3 IPSEC IPSEC IPSEC IPSEC IPSEC
alone alone alone alone alone

Firewall Throughput 4000 1360 5350 2000 7000 2300 15 000 3500 20 000 7600
(UDP Packets) in
Mbps - 1280 bytes
Firewall Throughput 2500 720 3000 1000 5000 1200 7000 1900 8500 3350
(UDP Packets) in
Mbps - 512 bytes
Firewall Throughput 350 160 500 190 900 210 1500 450 1600 650
(UDP Packets) in
Mbps - 64 bytes
New Sessions / 85 000 - 120 000 - 180 000 - 280 000 - 335 000 -
Second (TCP)
HTTP Throughput 5750 - 7900 - 9600 - 14 700 - 17 000 -
w/ Application
profile (64K size)4
in Mbps
HTTP Throughput 5700 - 7850 - 9500 - 14 700 - 17 000 -
w/ IPS profile (44K
size) 5 in Mbps
HTTP Throughput 5800 - 7900 - 9600 - 14 700 - 17 000 -
w/ IPS profile (1M
size) 5 in Mbps
NGFW Throughput 680 - 1140 - 2240 - 4250 - 8000 -
(Mbps) 6
Threat Protection 680 - 1140 - 2240 - 4250 - 8000 -
Throughput
(Mbps) 7

SSL Inspection 1370 - 2000 - 3800 - 7000 - 10 500 -

throughput
(Mbps) 8

Notes. All performance values are “up to” and vary depending on system configuration. Actual performance may vary depending on the network and system configuration. Please note that
these metrics are updated periodically as the product performance keeps improving through internal testing. The discrepancy in the performance numbers may be noted in different versions
of the document so please make sure to refer to the latest datasheets. Performance metrics were observed using FortiGate-VM BYOL instances using FOS v7.2.0.

1. Applicable to 6.4.0+. The actual working number of consumable network interfaces varies 4. IPS performance is measured using Enterprise Traffic Mix and 1 Mbyte HTTP.
depending on AWS instance types/sizes and may be less. 5. NGFW performance is measured with IPS and Application Control enabled, based on
2. FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default. Enterprise Traffic Mix.
You can add it by applying separate VDOM addition perpetual licenses. See ORDER 6. Threat Protection performance is measured with IPS and Application Control and Malware
INFORMATION for VDOM SKUs. protection enabled, based on Enterprise Traffic Mix.
3. The latest information about AWS bandwidth is found on https://aws.amazon.com/ec2/ 7. Using TLS ECDHE RSA WITH AES 256 GCM SHA384 (2K).
instance-types/.

6
 FortiGate®-VM on Google Cloud Data Sheet

Licensing
With a multitude of deployment methods supported across various private and public cloud deployments, FortiGate-VM for
Google Cloud supports the bring-your-own-license (BYOL) licensing model.

Ordering Information
The following are SKUs that can be acquired for the BYOL scheme. For the PAYG/On-Demand subscription, various instance/
VM types are available on the marketplace. BYOL is perpetual licensing, as opposed to PAYG/On-Demand, which is an hourly
subscription available with marketplace-listed products.

Product SKU Description

FortiGate-VM01 FG-VM01, FG-VM01V FortiGate-VM ‘virtual appliance’. 1x vCPU core. No VDOM by default for FG-VM01V model.

FortiGate-VM02 FG-VM02, FG-VM02V FortiGate-VM ‘virtual appliance’. 2x vCPU cores. No VDOM by default for FG-VM02V model.

FortiGate-VM04 FG-VM04, FG-VM04V FortiGate-VM ‘virtual appliance’. 4x vCPU cores. No VDOM by default for FG-VM04V model.

FortiGate-VM08 FG-VM08, FG-VM08V FortiGate-VM ‘virtual appliance’. 8x vCPU cores. No VDOM by default for FG-VM08V model.

FortiGate-VM16 FG-VM16, FG-VM16V FortiGate-VM ‘virtual appliance’. 16x vCPU cores. No VDOM by default for FG-VM016V model.

FortiGate-VM32 FG-VM32, FG-VM32V FortiGate-VM ‘virtual appliance’. 32x vCPU cores. No VDOM by default for FG-VM032V model.

FortiGate-VMUL FG-VMUL, FG-VMULV FortiGate-VM ‘virtual appliance’. Unlimited vCPU cores. No VDOM by default for FG-VMULV model.

Optional Accessories/Spares SKU Description

Virtual Domain License Add 5 FG-VDOM-5-UG Upgrade license for adding 5 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 15 FG-VDOM-15-UG Upgrade license for adding 15 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 25 FG-VDOM-25-UG Upgrade license for adding 25 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 50 FG-VDOM-50-UG Upgrade license for adding 50 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 240 FG-VDOM-240-UG Upgrade license for adding 240 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

The number of configurable VDOMs can be stacked up to the maximum number of supported VDOMs per vCPU model. Please refer to Virtual Domains (Maximum) under SPECIFICATIONS.

The following SKUs adopt the annual subscription licensing scheme.

Product SKU Description

FortiGate-VM01-S FC1-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (1 vCPU core)

FortiGate-VM02-S FC2-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (2 vCPU cores)

FortiGate-VM04-S FC3-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (4 vCPU cores)

FortiGate-VM08-S FC4-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (8 vCPU cores)

FortiGate-VM16-S FC5-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (16 vCPU cores)

FortiGate-VM32-S FC6-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (32 vCPU cores)

FortiGate-VMUL-S FC7-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (Unlimited vCPU cores)

FortiOS 6.2.3+ and 6.4.0+ support the FortiGate-VM S-series. The FortiGate-VM S-series does not have RAM restrictions on all vCPU levels.
FortiManager 6.2.3+ and 6.4.0+ support managing FortiGate-VM S-series devices.

For the sizing guide, refer to the sizing document available on www.fortinet.com

Download
You can download the Google Cloud new deployment file on www.support.fortinet.com.

Go to Download > VM Images from the top menu and choose FortiGate from the Product dropdown list and Google from the
Platform dropdown list. Create a FortiGate-VM instance from Custom Images on the Compute Engine portal.

7
 FortiGate®-VM on Google Cloud Data Sheet

Subscriptions
Bundles

Unified Threat Advanced Threat

Service Category Service Offering  A-la-carte ​ Enterprise Protection Protection Protection
Security Services FortiGuard IPS Service • • • •
FortiGuard Anti-Malware Protection (AMP) — • • • •
Antivirus, Mobile Malware, Botnet, CDR, Virus
Outbreak Protection and FortiSandbox Cloud
Service
FortiGuard Web Security — URL and web content, • • •
Video and Secure DNS Filtering
FortiGuard Anti-Spam • •
FortiGuard IoT Detection Service • •
FortiGuard Industrial Security Service • •
FortiCloud AI-based Inline Sandbox Service 1 •
NOC Services FortiGate Cloud (SMB Logging + Cloud •
Management)
FortiGuard Security Fabric Rating & Compliance • •
Monitoring Service
FortiConverter Service • •
FortiGuard SD-WAN Underlay Bandwidth and •
Quality Monitoring Service
SOC Services FortiAnalyzer Cloud •
FortiAnalyzer Cloud with SOCaaS •
Hardware and Software Support FortiCare Premium • • • •
FortiCare Elite •
Base Services FortiGuard Application Control
FortiCloud ZTNA Inline CASB Service 1
Internet Service (SaaS) DB Updates
included with FortiCare Subscription
GeoIP DB Updates
Device/OS Detection Signatures
Trusted Certificate DB Updates
DDNS (v4/v6) Service

1. Available when running FortiOS 7.2

FortiGuard Bundles
FortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform.
You can easily optimize the protection capabilities of your FortiGate with one of these FortiGuard Bundles.

FortiCare Elite
FortiCare Elite services offers enhanced service-level agreements (SLAs) and accelerated issue resolution. This
advanced support offering provides access to a dedicated support team. Single-touch ticket handling by the
expert technical team streamlines resolution. This option also provides Extended End-of-Engineering-Support
(EoE’s) of 18 months for added flexibility and access to the new FortiCare Elite Portal. This intuitive portal
provides a single unified view of device and security health.

Fortinet CSR Policy

Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human
rights and ethical business practices, making possible a digital world you can always trust. You represent and
warrant to Fortinet that you will not use Fortinet’s products and services to engage in, or support in any way,
violations or abuses of human rights, including those involving illegal censorship, surveillance, detention, or
excessive use of force. Users of Fortinet products are required to comply with the Fortinet EULA and report any
suspected violations of the EULA via the procedures outlined in the Fortinet Whistleblower Policy.

8
 www.fortinet.com

Copyright © 2023 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

April 5, 2023

FG-VM-GCP-DAT-R23-20230405