Overview
FortiGate®-VM on AliCloud provides next-generation firewall capabilities, suitable for organizations of all sizes. It can be flexibly deployed as a next-generation firewall, internal segmentation firewall, and/or VPN gateway. It defends against network threats with high performance, security, and deep visibility.
Security Capabilities
- Leverage FortiGuard threat research and response lab for dynamic defense against known and unknown vulnerabilities and exploits.
- Identify over 5,000 applications, including cloud applications, for deep inspection of network traffic.
- Proactively defend against unknown attacks through dynamic analysis and automated processes to block attacks.
Third-Party Certifications & Recognition
- Fortinet solutions' security effectiveness and performance are validated by authoritative third-party testing and certification.
- Certified by organizations such as NSS Labs, ICSA, Virus Bulletin, and AV Comparatives.
Network Functions
- Provides comprehensive routing, switching, and VPN capabilities.
Management Features
- Virtual and physical devices can be managed through a unified management interface.
- Comprehensive license selection available to meet any infrastructure requirement.
- Supports multi-tenant VDOM mode (BYOL licenses only).
Security Fabric Synergy
Fortinet Security Fabric enables synergy and collaboration across multiple products and open technology partners, extending security capabilities across the entire attack surface. It integrates AI-driven breach detection and prevention capabilities, enabling automated operations, policy orchestration, and threat response. Security performance can dynamically scale and adapt to increasing workloads and data. It ensures seamless tracking and protection across the entire network, including IoT, devices, and cloud environments, covering data, users, and applications. All these leading security features are tightly integrated into a single management console, significantly reducing system complexity.
FortiGate NGFW serves as the foundation of the Security Fabric, enabling close integration and collaboration with other Fortinet security products and Fabric-ready technology partners. This establishes network visibility and control, further enhancing security.
Integrated Fortinet Products:
- FortiManager
- FortiAnalyzer
- FortiSandbox
- FortiAuthenticator
- FortiSIEM
- FortiWeb
- FortiMail
Deployment Options
Next-Generation Firewall (NGFW)
- Integrates and applies comprehensive threat defense capabilities to FortiGate instances within AliCloud.
- Offers enterprise-grade topology building capabilities, providing granular visibility into devices, users, and threat information, significantly reducing deployment complexity.
- Features an award-winning Intrusion Prevention System (IPS) for deep inspection of network traffic application-layer content, identifying and blocking threats and intrusions.
- Extends security defense posture through Security Fabric synergy and collaboration.
Internal Segmentation Firewall (ISFW)
- A segmentation solution that provides end-to-end threat defense while meeting compliance requirements.
VPN Gateway
- Secures connections using SSL and IPsec VPN.
Deployment Diagram Description
The deployment diagram illustrates FortiGate-VM on AliCloud functioning as an NGFW, ISFW, and VPN Gateway. It depicts an "On-premises Data Center" with "Servers" connecting via a "VPN Gateway" to "AliCloud". Within AliCloud, an "NGFW" and an "ISFW" are shown, which then connect to "Web Servers" and "App Servers". A "User" is also shown connecting to the "On-premises Data Center".
FortiOS Operating System
FortiOS is the operating system for FortiGate NGFW, utilized across all FortiGate series devices, including virtual platforms. This OS delivers all of FortiGate's network and security functions and services, along with exceptional visibility, thereby reducing complexity, lowering operational costs, saving time, and improving security deployment efficiency.
Key FortiOS Features:
- A highly integrated platform managing all security and network services across all FortiGate platforms via a single OS and unified console.
- Industry-leading protection: Security effectiveness and performance are validated by NSS Labs, VB100, AV Comparatives, and ICSA. It also supports the latest security technologies, such as deception-based security.
- Full TLS 1.3 support, with real-time URL ratings and thousands of application controls, blocking the latest exploit attempts and filtering network traffic.
- AI-driven threat prevention and advanced threat protection capable of automatically preventing, detecting, and mitigating advanced attacks within minutes.
- Extended SD-WAN capabilities and intent-based network micro-segmentation for detection, containment, and isolation of threats, enhancing user experience.
Services
FortiGuard™ Security Services
FortiGuard Labs provides real-time, actionable threat intelligence, delivering comprehensive security updates across the entire Fortinet solution portfolio. Their team of over 200 threat researchers, security engineers, and forensic experts collaborates with leading threat organizations and other cybersecurity vendors to share threat intelligence.
FortiCare™ Support Services
The FortiCare customer support team provides global technical support for all Fortinet products. FortiCare TAC support staff are located across the Americas, Europe, the Middle East, and Asia, catering to the service needs of businesses of all sizes.
For more information, visit: fortinet.com/fortiguard and fortinet.com/forticare.
Licensing
FortiGate-VM is suitable for various cloud deployment scenarios, including private and public clouds. For AliCloud, FortiGate-VM supports both Pay-As-You-Go (PAYG) and Bring-Your-Own-License (BYOL) licensing models.
PAYG is a flexible option for initial deployments and subsequent expansion needs, with Fortinet offering various instance types to suit different scenarios.
BYOL is ideal for migrating existing private cloud deployments to public cloud environments. When using existing licenses, only the AliCloud instance cost is an additional charge.
Specifications (BYOL License System Requirements)
FortiGate-VM on AliCloud supports FortiOS 5.6.3 and later versions.
| Model | Core (Minimum / Maximum) | Virtual Domains (Default / Maximum) |
|---|---|---|
| VM-01/01V/01S | 1 / 1 | 1 / 10 |
| VM-02/02V/02S | 1 / 2 | 1 / 25 |
| VM-04/04V/04S | 1 / 4 | 1 / 50 |
| VM-08/08V/08S | 1 / 8 | 1 / 500 |
| VM-16/16V/16S | 1 / 16 | 1 / 500 |
| VM-32/32V/32S | 1 / 32 | 1 / 500 |
| VM-UL/ULV/ULS | 1 / Unlimited | 1 / 500 |
Note: VDOMs are not supported by default for FG-VMxxV and FG-VMxxS series. See ORDER INFORMATION for VDOM addition SKUs if multiple VDOMs are required on your FortiGate-VM.
For sizing guidance, please refer to the relevant sizing documentation on www.fortinet.com.
Order Information (BYOL License SKUs)
The following are order SKUs for the BYOL license model. For PAYG/on-demand payment, different instance/VM types are available on the Marketplace. BYOL represents a perpetual license (corresponding to PAYG/on-demand payment), which is priced hourly for products listed on the Marketplace.
| Product | SKU | Description |
|---|---|---|
| FortiGate-VM01 | FG-VM01, FG-VM01V | FortiGate-VM 'virtual appliance'. 1x vCPU core. No VDOM by default for FG-VM01V model. |
| FortiGate-VM02 | FG-VM02, FG-VM02V | FortiGate-VM 'virtual appliance'. 2x vCPU cores. No VDOM by default for FG-VM02V model. |
| FortiGate-VM04 | FG-VM04, FG-VM04V | FortiGate-VM 'virtual appliance'. 4x vCPU cores. No VDOM by default for FG-VM04V model. |
| FortiGate-VM08 | FG-VM08, FG-VM08V | FortiGate-VM 'virtual appliance'. 8x vCPU cores. No VDOM by default for FG-VM08V model. |
| FortiGate-VM16 | FG-VM16, FG-VM16V | FortiGate-VM 'virtual appliance'. 16x vCPU cores. No VDOM by default for FG-VM016V model. |
| FortiGate-VM32 | FG-VM32, FG-VM32V | FortiGate-VM 'virtual appliance'. 32x vCPU cores. No VDOM by default for FG-VM032V model. |
| FortiGate-VMUL | FG-VMUL, FG-VMULV | FortiGate-VM 'virtual appliance'. Unlimited vCPU cores. No VDOM by default for FG-VMULV model. |
Optional Add-ons
| Description | SKU |
|---|---|
| Virtual Domain License Add 5 | FG-VDOM-5-UG |
| Virtual Domain License Add 15 | FG-VDOM-15-UG |
| Virtual Domain License Add 25 | FG-VDOM-25-UG |
| Virtual Domain License Add 50 | FG-VDOM-50-UG |
| Virtual Domain License Add 240 | FG-VDOM-240-UG |
Note: FortiGate-VM S series supports FortiOS 6.2.3 and later versions, with no RAM limitations across all vCPU levels. CPU count and support package types can be upgraded during the contract term; downgrades are not supported. Contact a Fortinet sales representative for more information.
Order Information (Annual Subscription License SKUs)
The following SKUs use an annual subscription licensing model:
| Product | SKU | Description |
|---|---|---|
| FortiGate-VM01-S | FC1-10-FGVWS-<Support Bundle>-02-DD | Subscription license for FortiGate-VM (1 vCPU core) |
| FortiGate-VM02-S | FC2-10-FGVWS-<Support Bundle>-02-DD | Subscription license for FortiGate-VM (2 vCPU cores) |
| FortiGate-VM04-S | FC3-10-FGVWS-<Support Bundle>-02-DD | Subscription license for FortiGate-VM (4 vCPU cores) |
| FortiGate-VM08-S | FC4-10-FGVWS-<Support Bundle>-02-DD | Subscription license for FortiGate-VM (8 vCPU cores) |
| FortiGate-VM16-S | FC5-10-FGVWS-<Support Bundle>-02-DD | Subscription license for FortiGate-VM (16 vCPU cores) |
| FortiGate-VM32-S | FC6-10-FGVWS-<Support Bundle>-02-DD | Subscription license for FortiGate-VM (32 vCPU cores) |
| FortiGate-VMUL-S | FC7-10-FGVWS-<Support Bundle>-02-DD | Subscription license for FortiGate-VM (Unlimited vCPU cores) |
Support Packages:
| Support Package | FortiCare 24x7 | UTM Bundle 24x7 | Enterprise Bundle 24x7 | 360 Protection Bundle 24x7 |
|---|---|---|---|---|
| FortiGuard Application Control Service | ✔ | ✔ | ✔ | ✔ |
| FortiGuard IPS Service | ✔ | ✔ | ✔ | ✔ |
| FortiGuard Advanced Malware Protection (AMP) - Antivirus, Mobile Malware, Botnet, CDR, Virus Outbreak Protection and FortiSandbox Cloud Services | ✔ | ✔ | ✔ | ✔ |
| FortiGuard Web Filtering Service | ✔ | ✔ | ✔ | ✔ |
| FortiGuard Anti-Spam Service | ✔ | ✔ | ✔ | ✔ |
| FortiGuard Security Rating Service | ✔ | ✔ | ✔ | ✔ |
| FortiGuard Industrial Services | ✔ | ✔ | ✔ | |
| FortiCASB SaaS-only Service | ✔ | ✔ | ✔ | |
| FortiConverter Service | ✔ | ✔ | ||
| SD-WAN Cloud-Assisted Monitoring 2 | ✔ | ✔ | ||
| SD-WAN Overlay Controller VPN Service 2 | ✔ | ✔ | ||
| FortiAnalyzer Cloud 2 | ✔ | |||
| FortiManager Cloud 2 | ✔ |
1 24x7 service and advanced ticket handling.
2 Cloud services.
Note: FortiGate-VM S series supports FortiOS 6.2.3 and later versions, with no RAM limitations. CPU count and support package types can be upgraded. Contact a Fortinet sales representative for more details.
