Data Sheet

FortiGate®-VM on
Amazon Web Services

Highlights

• Securely connect
Adaptive Multi-Cloud Security with AI-Powered
to your application
workloads without Advanced Threat Protection
performance
bottlenecks The FortiGate-VM on AWS delivers next-generation
• Move at cloud speed firewall capabilities for organizations of all sizes, with the
without compromising
security flexibility to be deployed as next-generation firewall or
• Seamlessly scale
your cloud protection
VPN gateway. It protects against cyber threats with high
without increasing performance, security efficacy, and deep visibility.
operational burden
• Secure your cloud FortiGate-VM delivers protection from a broad array of network security threats. It offers
transformation without the same security and networking services included in the FortiOS operating system and
impacting business is available for public cloud, private cloud, and Telco Cloud (VNFs). With a consistent
outcomes, with operational model across hybrid cloud, multi-cloud, and service provider environments,
flexible consumption it reduces the training burden on security teams.
models

1
 FortiGate®-VM on Amazon Web Services Data Sheet

FortiOS Everywhere
FortiOS, Fortinet’s Advanced Operating System
FortiOS enables the convergence of high performing networking and security across the
Fortinet Security Fabric. Because it can be deployed anywhere, it delivers consistent and
Available in context-aware security posture across network, endpoint, and multi-cloud environments.

FortiOS powers all FortiGate deployments whether a physical or virtual device, as a container,
or as a cloud service. This universal deployment model enables the consolidation of many
technologies and use cases into a simplified, single policy and management framework. Its
organically built best-of-breed capabilities, unified operating system, and ultra-scalability
Appliance
allows organizations to protect all edges, simplify operations, and run their business without
compromising performance or protection.

FortiOS dramatically expands the Fortinet Security Fabric’s ability to deliver advanced AI/
ML-powered services, inline advanced sandbox detection, integrated ZTNA enforcement,
and more, provides protection across hybrid deployment models for hardware, software, and
Virtual Software-as-a-Service with SASE.

FortiOS expands visibility and control, ensures the consistent deployment and enforcement of
security policies, and enables centralized management across large-scale networks with the
following key attributes:

• Interactive drill-down and topology viewers that display real-time status

Hosted
• On-click remediation that provides accurate and quick protection against threats and abuses
• Unique threat score system correlates weighted threats with users to prioritize investigations

Cloud

Container

Intuitive easy to use view into the network and Visibility with FOS Application Signatures
endpoint vulnerabilities

FortiConverter Migration Service

FortiConverter Service provides hassle-free migration to help organizations transition from a
wide range of legacy firewalls to FortiGate Next-Generation Firewalls quickly and easily.
The service eliminates errors and redundancy by employing best practices with advanced
methodologies and automated processes. Organizations can accelerate their network protection
with the latest FortiOS technology.

2
FortiGate®-VM on Amazon Web Services Data Sheet

FortiGuard Services
Network and File Security
Services provide protection against network-based and file-based threats. This consists of
Intrusion Prevention (IPS) which uses AI/M models to perform deep packet/SSL inspection
to detect and stop malicious content, and apply virtual patching when a new vulnerability is
discovered. It also includes Anti-Malware for defense against known and unknown file-based
threats. Anti-malware services span both antivirus and file sandboxing to provide multi-
layered protection and are enhanced in real-time with threat intelligence from FortiGuard Labs.
Application Control enhances security compliance and offers real-time application visibility.

Web / DNS Security

Services provide protection against web-based threats including DNS-based threats, malicious
URLs (including even in emails), and botnet/command and control communications. DNS
filtering provides full visibility into DNS traffic while blocking high-risk domains, and protects
against DNS tunneling, DNS infiltration, C2 server ID and Domain Generation Algorithms (DGA).
URL filtering leverages a database of 300M+ URLs to identify and block links to malicious sites
and payloads. IP Reputation and anti-botnet services prevent botnet communications, and
block DDoS attacks from known sources.

SaaS and Data Security

Services address numerous security use cases across application usage as well as overall
data security. This consists of Data Leak Prevention (DLP) which ensures data visibility,
management and protection (including blocking exfiltration) across networks, clouds, and
users, while simplifying compliance and privacy implementations. Separately, our Inline Cloud
Access Security Broker (CASB) service protects data in motion, at rest, and in the cloud.
The service enforces major compliance standards and manages account, user and cloud
application usage. Services also include capabilities designed to continually assess your
infrastructure, validate that configurations are working effectively and secure, and generate
awareness of risks and vulnerabilities that could impact business operations. This includes
coverage across IoT devices for both IoT detection and IoT vulnerability correlation.

Zero-Day Threat Prevention

Zero-day threat prevention entails Fortinet’s AI-based inline malware prevention, our most
advanced sandbox service, to analyze and block unknown files in real-time, offering sub-
second protection against zero-day and sophisticated threats across all NGFWs. The service
also has a built-in MITRE ATT&CK® matrix to accelerate investigations. The service focuses
on comprehensive defense by blocking unknown threats while streamlining incident response
efforts and reducing security overhead.

OT Security
The service provides OT detection, OT vulnerability correlation, virtual patching, OT signatures,
and industry-specific protocol decoders for overall robust defense of OT environments and
devices.

3
FortiGate®-VM on Amazon Web Services Data Sheet

Secure Any Edge at Any Scale

Advanced Virtual Security Processing Units (vSPUs)
Virtual firewalls are commonly used to protect virtualized environments in software-defined
data centers and multi-cloud environments on the basis that they are the least expensive
and the most portable, enabling users to easily move a virtual firewall from cloud to cloud.
One disadvantage of most virtual firewalls is that they deliver significantly lower network
throughput as compared with physical firewalls, creating bottlenecks throughout the network
and reducing business agility and performance.

FortiGate virtual firewalls (FortiGate-VM), featuring advanced virtual security processing units
(vSPUs), overcome the throughput barrier to provide top performance in private and public
clouds. With FortiGate-VM, organizations can securely migrate any application and support a
variety of use cases, including highly available large-scale virtual private networks (VPNs) in
the cloud.”

FortiGate-VM removes the cost-performance barriers to adopting virtual NGFWs, with several
industry-leading features:

• The FortiGate-VM vSPU is a unique technology that enhances performance by offloading

part of packet processing to user space, while using a kernel bypass solution within the
operating system. With vSPU enabled, FortiGate-VM can achieve more than triple the
throughput for a UDP firewall rule.
• Fortinet is the first NGFW vendor to support AWS C5n instances, which enables
organizations to use a virtual firewall to secure compute-heavy applications in the cloud.

Centralized Network and Security

Management at Scale
FortiManager, the centralized management
solution from Fortinet, enables integrated
management of the Fortinet security fabric,
including devices like FortiGate, FortiSwitch,
and FortiAP. It simplifies and automates the
oversight of network and security functions
across diverse environments, serving as
Intuitive view and clear insights into network the fundamental component for deploying
security posture with FortiManager Hybrid Mesh Firewalls.

4
FortiGate®-VM on Amazon Web Services Data Sheet

Deployment
Next Generation Firewall (NGFW)
• Reduce complexity by combining threat protection security capabilities into single high-
performance network security appliances

• Identify and stop threats with powerful intrusion prevention beyond port and protocol that
examines the actual applications in your network traffic

• Deliver the industry’s highest SSL inspection performance using industry-mandated ciphers
while maximizing ROI

• Proactively block newly discovered sophisticated attacks in real-time with advanced threat
protection

VPN Gateway
• Direct Connect utilizing FortiGate firewalls for SSL and IPsec VPNs into and out of the AWS
VPCs

• VGW to FortiGate VPN between VPCs

• Hybrid cloud site to site IPsec VPN

• Remote access VPN

Gain Comprehensive Visibility and Apply Consistent Control

AWS Integration
• Fortinet embeds the latest AWS Auto Scaling functionality and FortiGate CloudFormation
template configuration into our cloud Security Fabric, providing automation based on
resource demand from your cloud workloads
• Accelerate time-to-protection for new threats detected by AWS GuardDuty by deploying
native AWS scripting to automatically push malicious IP or DNS addresses into dynamic
FortiGate policies
• Provide service resiliency with AWS native load balance
5
 FortiGate®-VM on Amazon Web Services Data Sheet

Specifications

The C6in instance family leverages the Intel IceLake Processors. FortiGate-VM is available for purchase in all regions, including AWS GovCloud
and AWS China. The following is the system requirement for BYOL licenses:

VM-01/ VM-02/ VM-04/ VM-08/ VM-16/ VM-32/ VM-UL/

01V/01S 02V/02S 04V/04S 08V/08S 16V/16S 32V/32S ULV/ULS
System Requirement
vCPU (Minimum / Maximum) 1/1 1/2 1/4 1/8 1 / 16 1 / 32 1/
Unlimited
Technical Specifications
Network Interface Support 1 / 24 1 / 24 1 / 24 1 / 24 1 / 24 1 / 24 1 / 24
(Minimum / Maximum) 1
Virtual Domains 10 / 10 10 / 25 10 / 50 10 / 500 10 / 500 10 / 500 10 / 500
(Default / Maximum) 2
Firewall Policies 10 000 10 000 10 000 200 000 200 000 200 000 200 000
System Performance ENA Driver - Yes ENA Driver - Yes ENA Driver - Yes ENA Driver - Yes ENA Driver - Yes
Instance Shape to be Measured C6in.LARGE C6in.XLARGE C6in.2XLARGE C6in.4XLARGE C6in.8XLARGE
AWS Bandwidth 3 Up to 25 Gbps Up to 30 Gbps Up to 40 Gbps Up to 50 Gbps 50 Gbps
Native IPSEC Native IPSEC Native IPSEC Native IPSEC Native IPSEC
Firewall Throughput (UDP Packets) in 17 000 2100 30 000 3100 40 000 6100 43 900 9250 45 700 14 000
Mbps - 1518 bytes*
Firewall Throughput (UDP Packets) in 5760 1080 9450 1550 15 000 2900 15 650 4500 15 650 6000
Mbps - 512 bytes*
Firewall Throughput (UDP Packets) in 700 180 1180 270 2000 510 2020 700 2020 780
Mbps - 64 bytes*
New Sessions / Second (TCP) 157 000 - 223 000 - 250 000 - 290 000 - 320 000 -
HTTP Throughput w/ Application 7920 - 14 700 - 28 500 - 29 000 - 29 200 -
profile (64K size) 4 in Mbps
HTTP Throughput w/ IPS profile 10 500 - 17 300 - 28 400 - 28 600 - 28 700 -
(44K size) in Mbps
HTTP Throughput w/ IPS profile 10 800 - 17 800 - 28 600 - 28 500 - 28 600 -
(1M size) 5 in Mbps
NGFW Throughput 6 in Mbps 800 - 1510 - 2960 - 5500 - 10 200 -
Threat Protection Throughput 7 720 - 1480 - 2920 - 5400 - 10 000 -
in Mbps
SSL Inspection Throughput in Mbps 8 1860 - 3480 - 6900 - 14 000 - 26 200 -

Notes.

All performance values are “up to” and vary depending on system configuration.
Actual performance may vary depending on the network and system configuration.
Please note that these metrics are updated periodically as the product performance keeps improving through internal testing.
The discrepancy in the performance numbers may be noted in different versions of the document so please make sure to refer to the latest datasheets.
Performance metrics were observed using FortiGate-VM BYOL instances using FOS v7.4.0.
* IPSEC Performance metrics were observed using FortiGate-VM BYOL instances using FOS v7.4.2.

1. Applicable to 6.4.0+. The actual working number of consumable network interfaces varies 5. IPS performance is measured using Enterprise Traffic Mix and 1 Mbyte HTTP.
depending on AWS instance types/sizes and may be less. 6. NGFW performance is measured with IPS and Application Control enabled, based on
2. FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default. Enterprise Traffic Mix.
You can add it by applying separate VDOM addition perpetual licenses. See ORDER 7. Threat Protection performance is measured with IPS and Application Control and Malware
INFORMATION for VDOM SKUs. protection enabled, based on Enterprise Traffic Mix.
3. The latest information about AWS bandwidth is found on https://aws.amazon.com/ec2/ 8. SSL Inspection Throughput is measured using TLS ECDHE RSA WITH AES 256 GCM
instance-types/. SHA384 (2K).
4. Application Control performance is measured with 64 Kbyte HTTP traffic.

For the sizing guide, please refer to the sizing document available on www.fortinet.com

6
 FortiGate®-VM on Amazon Web Services Data Sheet

Specifications

The C7gn instance family uses the Graviton3 ARM based Processors. FortiGate-VM is available for purchase in all regions, including AWS
GovCloud and AWS China. The following is the system requirement for BYOL licenses:

VM-01/ VM-02/ VM-04/ VM-08/ VM-16/ VM-32/ VM-UL/

01V/01S 02V/02S 04V/04S 08V/08S 16V/16S 32V/32S ULV/ULS
System Requirement
vCPU (Minimum / Maximum) 1/1 1/2 1/4 1/8 1 / 16 1 / 32 1/
Unlimited
Technical Specifications
Network Interface Support 1 / 24 1 / 24 1 / 24 1 / 24 1 / 24 1 / 24 1 / 24
(Minimum / Maximum) 1
Virtual Domains (Default / Maximum) 2 10 / 10 10 / 25 10 / 50 10 / 500 10 / 500 10 / 500 10 / 500
Firewall Policies 10 000 10 000 10 000 200 000 200 000 200 000 200 000
System Performance ENA Driver - Yes ENA Driver - Yes ENA Driver - Yes ENA Driver - Yes ENA Driver - Yes
Instance Shape to be Measured C7gn.LARGE C7gn.XLARGE C7gn.2XLARGE C7gn.4XLARGE C7gn.8XLARGE
AWS Bandwidth 3 Up to 30 Gbps Up to 40 Gbps Up to 50 Gbps 50 Gbps 100 Gbps
Native IPSEC Native IPSEC Native IPSEC Native IPSEC Native IPSEC
Firewall Throughput (UDP Packets) in 22 500 1850 32 500 3900 34 000 4550 51 000 10 500 51 800 13 000
Mbps - 1518 bytes
Firewall Throughput (UDP Packets) in 7800 1200 14 500 2440 17 200 2850 18 000 5000 18 600 6600
Mbps - 512 bytes
Firewall Throughput (UDP Packets) in 1070 250 2200 480 2250 560 2500 600 2500 1000
Mbps - 64 bytes
New Sessions / Second (TCP) 194 000 - 285 000 - 300 000 - 380 000 - 425 000 -
HTTP Throughput w/ Application 11 400 - 20 000 - 25 300 - 29 300 - 29 600 -
profile (64K size)4 in Mbps
HTTP Throughput w/ IPS profile 14 500 - 22 000 - 25 100 - 28 950 - 29 200 -
(44K size) in Mbps
HTTP Throughput w/ IPS profile 14 500 - 22 000 - 25 100 - 29 000 - 29 200 -
(1M size) 5 in Mbps
NGFW Throughput in Mbps 6 850 - 1600 - 3100 - 5800 - 10 600 -
Threat Protection Throughput in 850 - 1600 - 3090 - 5700 - 10 300 -
Mbps 7
SSL Inspection Throughput in Mbps 8 2650 - 4900 - 9350 - 17 900 - 25 350 -

Notes.

All performance values are “up to” and vary depending on system configuration.
Actual performance may vary depending on the network and system configuration.
Please note that these metrics are updated periodically as the product performance keeps improving through internal testing.
The discrepancy in the performance numbers may be noted in different versions of the document so please make sure to refer to the latest datasheets.
Performance metrics were observed using FortiGate-VM BYOL instances using FOS v7.4.0.

1. Applicable to 7.0.0+. The actual working number of consumable network interfaces varies 5. IPS performance is measured using Enterprise Traffic Mix and 1 Mbyte HTTP.
depending on AWS instance types/sizes and may be less. 6. NGFW performance is measured with IPS and Application Control enabled, based on
2. FG-VMxxV and FG-VMxxS series do not come with a multi-VDOM feature by default. Enterprise Traffic Mix.
You can add it by applying separate VDOM addition perpetual licenses. See ORDER 7. Threat Protection performance is measured with IPS and Application Control and Malware
INFORMATION for VDOM SKUs. protection enabled, based on Enterprise Traffic Mix.
3. The latest information about AWS bandwidth is found on https://aws.amazon.com/ec2/ 8. SSL Inspection Throughput is measured using TLS ECDHE RSA WITH AES 256 GCM
instance-types/. SHA384 (2K).
4. Application Control performance is measured with 64 Kbyte HTTP traffic.

For the sizing guide, please refer to the sizing document available on www.fortinet.com

7
 FortiGate®-VM on Amazon Web Services Data Sheet

Licensing
With a multitude of deployment methods supported across various private and public cloud deployments, FortiGate-VM for AWS supports both
on-demand (PAYG) and bring-your-own-license (BYOL) licensing models.

On-demand licensing is a highly flexible option for both initial deployments and growing them as needed. With a wide selection of supported
instance types, there is a solution for every use case. This license offers FortiOS with a UTP bundle.

BYOL is ideal for migration use cases, where an existing private cloud deployment is migrated to a public cloud deployment. When using an
existing license, the only additional cost would be the price for the AWS instances.

Ordering Information
The following are SKUs that can be acquired for BYOL scheme. For PAYG/On-Demand subscription, various instance/VM types
are available on Marketplace. BYOL is perpetual licensing, as opposed to PAYG/On-Demand, which is an hourly subscription
available with marketplace-listed products.

Product SKU Description

FortiGate-VM01 FG-VM01, FG-VM01V FortiGate-VM ‘virtual appliance’. 1x vCPU core. No VDOM by default for FG-VM01V model.

FortiGate-VM02 FG-VM02, FG-VM02V FortiGate-VM ‘virtual appliance’. 2x vCPU cores. No VDOM by default for FG-VM02V model.

FortiGate-VM04 FG-VM04, FG-VM04V FortiGate-VM ‘virtual appliance’. 4x vCPU cores. No VDOM by default for FG-VM04V model.

FortiGate-VM08 FG-VM08, FG-VM08V FortiGate-VM ‘virtual appliance’. 8x vCPU cores. No VDOM by default for FG-VM08V model.

FortiGate-VM16 FG-VM16, FG-VM16V FortiGate-VM ‘virtual appliance’. 16x vCPU cores. No VDOM by default for FG-VM016V model.

FortiGate-VM32 FG-VM32, FG-VM32V FortiGate-VM ‘virtual appliance’. 32x vCPU cores. No VDOM by default for FG-VM032V model.

FortiGate-VMUL FG-VMUL, FG-VMULV FortiGate-VM ‘virtual appliance’. Unlimited vCPU cores. No VDOM by default for FG-VMULV model.

Optional Accessories/Spares SKU Description

Virtual Domain License Add 5 FG-VDOM-5-UG Upgrade license for adding 5 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 15 FG-VDOM-15-UG Upgrade license for adding 15 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 25 FG-VDOM-25-UG Upgrade license for adding 25 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 50 FG-VDOM-50-UG Upgrade license for adding 50 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

Virtual Domain License Add 240 FG-VDOM-240-UG Upgrade license for adding 240 VDOMs to FortiOS 5.4 and later, limited by platform maximum VDOM capacity.

FG-VMxx”V” 6.0.0 supports VDOM by adding separate VDOM licenses. The number of configurable VDOMs can be stacked up to the maximum number of supported VDOMs per vCPU model.
Please refer to Virtual Domains (Maximum) under SPECIFICATIONS.

The following SKUs adopt the annual subscription licensing scheme:

Product SKU Description

FortiGate-VM01-S FC1-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (1 vCPU core)

FortiGate-VM02-S FC2-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (2 vCPU cores)

FortiGate-VM04-S FC3-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (4 vCPU cores)

FortiGate-VM08-S FC4-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (8 vCPU cores)

FortiGate-VM16-S FC5-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (16 vCPU cores)

FortiGate-VM32-S FC6-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (32 vCPU cores)

FortiGate-VMUL-S FC7-10-FGVVS-<Support Bundle>-02-DD Subscriptions license for FortiGate-VM (Unlimited vCPU cores)

FortiOS 6.2.3+ and 6.4.0+ support the FortiGate-VM S-series. The FortiGate-VM S-series does not have RAM restrictions on all vCPU levels.
FortiManager 6.2.3+ and 6.4.0+ support managing FortiGate-VM S-series devices.

8
 FortiGate®-VM on Amazon Web Services Data Sheet

Subscriptions
Bundles

Enterprise Unified Threat Advanced Threat

Service Category Service Offering A-la-carte ​ Protection Protection Protection
FortiGuard Security IPS — IPS, Malicious/Botnet URLs • • • •
Services
Anti-Malware Protection (AMP)—AV, Botnet Domains, Mobile Malware, • • • •
Virus Outbreak Protection, Content Disarm and Reconstruct, AI‑based
Heurestic AV, FortiGate Cloud Sandbox
URL, DNS and Video Filtering — URL, DNS and Video Filtering, • • •
Malicious Certificate
Anti-Spam • •

AI-based Inline Malware Prevention • •

Data Loss Prevention (DLP) 1 • •

Attack Surface Security — IoT Device Detection, IoT Vulnerability • •

Correlation and Virtual Patching, Security Rating, Outbreak Check
OT Security—OT Device Detection, OT vulnerability correlation and •
Virtual Patching, OT Application Control and IPS 1
Application Control included with FortiCare Subscription

Inline CASB included with FortiCare Subscription

SD-WAN and SASE SD-WAN Underlay Bandwidth and Quality Monitoring •

Services
SD-WAN Overlay-as-a-Service •

SD-WAN Connector for FortiSASE Secure Private Access •

SASE connector for FortiSASE Secure Edge Management •

(with 10Mbps Bandwidth) 2
NOC and SOC FortiConverter Service for one time configuration conversion • •
Services
Managed FortiGate Service—available 24x7, with Fortinet NOC experts •
performing device setup, network, and policy change management
FortiGate Cloud—Management, Analysis, and One Year Log Retention •
FortiManager Cloud •
FortiAnalyzer Cloud •
FortiGuard SOCaaS—24x7 cloud-based managed log monitoring, •
incident triage, and SOC escalation service
Hardware and FortiCare Essentials 2 •
Software Support
FortiCare Premium • • • •
FortiCare Elite •
Base Services Device/OS Detection, GeoIPs, Trusted CA Certificates, Internet included with FortiCare Subscription
Services and Botnet IPs, DDNS (v4/v6), Local Protection, PSIRT Check,
Anti-Phishing

1. Full features available when running FortiOS 7.4.1.

2. Desktop Models only.

FortiGuard Bundles
FortiGuard Labs delivers a number of security intelligence services to augment the FortiGate firewall platform.
You can easily optimize the protection capabilities of your FortiGate with one of these FortiGuard Bundles.

FortiCare Services
Fortinet prioritizes customer success through FortiCare Services, optimizing the Fortinet Security Fabric solution.
Our comprehensive lifecycle services include Design, Deploy, Operate, Optimize, and Evolve. The FortiCare
Elite, one of the service variants, offers heightened SLAs and swift issue resolution with a dedicated support
team. This advanced support option includes an Extended End-of-Engineering-Support of 18 months, providing
flexibility. Access the intuitive FortiCare Elite Portal for a unified view of device and security health, streamlining
operational efficiency and maximizing Fortinet deployment performance.

9
Fortinet Corporate Social Responsibility Policy
Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights and
ethical business practices, making possible a digital world you can always trust. You represent and warrant to Fortinet that you
will not use Fortinet’s products and services to engage in, or support in any way, violations or abuses of human rights, including
those involving illegal censorship, surveillance, detention, or excessive use of force. Users of Fortinet products are required
to comply with the Fortinet EULA and report any suspected violations of the EULA via the procedures outlined in the Fortinet
Whistleblower Policy.

www.fortinet.com

Copyright © 2024 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s Chief Legal Officer, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

May 29, 2024

FG-VM-AWS-DAT-R32-20240529