FortiGate 90G Series
FG-90G and FG-91G
Highlights
- Gartner Magic Quadrant Leader for both Network Firewalls and SD-WAN.
- Security-Driven Networking with FortiOS delivers converged networking and security.
- Unparalleled Performance with Fortinet's patented SoC processors.
- Enterprise Security with consolidated AI / ML-powered FortiGuard Services.
- Simplified Operations with centralized management for networking and security, automation, deep analytics, and self-healing.
Converged Next-Generation Firewall (NGFW) and SD-WAN
The FortiGate Next-Generation Firewall 90G series is ideal for building security-driven networks at distributed enterprise sites and transforming WAN architecture at any scale.
With a rich set of AI/ML-based FortiGuard security services and Fortinet's integrated Security Fabric platform, the FortiGate 90G series delivers coordinated, automated, end-to-end threat protection across all use cases.
FortiGate features the industry's first integrated SD-WAN and zero-trust network access (ZTNA) enforcement within an NGFW solution, powered by a single OS. FortiGate 90G automatically controls, verifies, and facilitates user access to applications, delivering consistency with a seamless and optimized user experience.
| IPS | NGFW | Threat Protection | Interfaces |
|---|---|---|---|
| 4.5 Gbps | 2.5 Gbps | 2.2 Gbps | Multiple GE RJ45, 10 GE RJ45, and SFP+ Share Media Slots | Variants with internal storage |
FortiOS Everywhere
FortiOS, Fortinet's Advanced Operating System
FortiOS enables the convergence of high-performing networking and security across the Fortinet Security Fabric. It can be deployed anywhere, delivering consistent and context-aware security posture across network, endpoint, and multi-cloud environments.
FortiOS powers all FortiGate deployments, whether as a physical or virtual device, a container, or a cloud service. This universal deployment model consolidates many technologies and use cases into organically built, best-of-breed capabilities, a unified operating system, and ultra-scalability. The solution allows organizations to protect all edges, simplify operations, and run their business without compromising performance or protection.
FortiOS expands the Fortinet Security Fabric's ability to deliver advanced AI/ML-powered services, inline advanced sandbox detection, integrated ZTNA enforcement, and more. It provides protection across hybrid deployment models for hardware, software, and Software-as-a-Service (SASE).
FortiOS enhances visibility and control, ensuring consistent deployment and enforcement of a simplified, single policy and management framework. Its security policies enable centralized management across large-scale networks with key attributes:
- Interactive drill-down and topology viewers that display real-time status.
- On-click remediation for accurate and quick protection against threats and abuses.
- Unique threat score system that correlates weighted threats with users to prioritize investigations.
GUI Views:
- "Intuitive easy to use view into the network and endpoint vulnerabilities"
- "Visibility with FOS Application Signatures"
FortiConverter Service
FortiConverter Service provides hassle-free migration to help organizations transition from a wide range of legacy firewalls to FortiGate Next-Generation Firewalls quickly and easily. The service eliminates errors and redundancy by employing best practices with advanced methodologies and automated processes, accelerating network protection with the latest FortiOS technology.
FortiGuard Services
FortiGuard Services offer comprehensive protection against various threats:
Network and File Security
Provides protection against network-based and file-based threats, including Intrusion Prevention (IPS) using AI/ML models for deep packet/SSL inspection and virtual patching. It also includes Anti-Malware for known and unknown file-based threats, with multi-layered protection enhanced by real-time threat intelligence from FortiGuard Labs. Application Control enhances security compliance and offers real-time application visibility.
Web / DNS Security
Protects against web-based threats, including DNS-based threats, malicious URLs (even in emails), and botnet/command and control communications. DNS filtering provides visibility into DNS traffic, blocking high-risk domains, and protecting against DNS tunneling, infiltration, C2 server ID, and DGAs. URL filtering uses a database of over 300 million URLs to block malicious sites and payloads. IP Reputation and anti-botnet services prevent botnet communications and block DDoS attacks.
SaaS and Data Security
Addresses numerous security use cases for application usage and data security, including Data Leak Prevention (DLP) for data visibility, management, and protection across networks, clouds, and users, simplifying compliance and privacy. The Inline Cloud Access Security Broker (CASB) service protects data in motion, at rest, and in the cloud, enforcing compliance standards and managing user/application usage. Services also assess infrastructure, validate configurations, and generate awareness of risks and vulnerabilities, including IoT device detection and vulnerability correlation.
Zero-Day Threat Prevention
Features Fortinet's AI-based inline malware prevention and advanced sandbox service to analyze and block unknown files in real-time, offering sub-second protection against zero-day and sophisticated threats. It includes a built-in MITRE ATT&CK® matrix to accelerate investigations, focusing on comprehensive defense and streamlining incident response.
OT Security
Provides OT detection, OT vulnerability correlation, virtual patching, OT signatures, and industry-specific protocol decoders for robust defense of OT environments and devices.
Secure Any Edge at Any Scale
Powered by Security Processing Unit (SPU)
Traditional firewalls struggle with today's content- and connection-based threats due to reliance on off-the-shelf hardware and general-purpose CPUs, creating a performance gap. Fortinet's custom SPU processors deliver up to 520Gbps to detect emerging threats and block malicious content without becoming a performance bottleneck.
ASIC Advantage:
- Combines a RISC-based CPU with Fortinet's proprietary Security Processing Unit (SPU) content and network processors for unmatched performance.
- Delivers industry's fastest application identification and steering for efficient business operations.
- Accelerates IPsec VPN performance for best user experience on direct internet access.
- Enables best-of-breed NGFW Security and Deep SSL Inspection with high performance.
- Extends security to the access layer for SD-Branch transformation with accelerated and integrated switch and access point connectivity.
Centralized Network and Security Management at Scale:
FortiManager, the centralized management solution from Fortinet, enables integrated management of the Fortinet security fabric, including devices like FortiGate, FortiSwitch, and FortiAP. It simplifies and automates oversight of network and security functions across diverse environments, serving as the fundamental component for deploying Hybrid Mesh Firewalls.
GUI View: "Intuitive view and clear insights into network security posture with FortiManager"
Use Cases
Next Generation Firewall (NGFW)
- FortiGuard Labs' suite of AI-powered Security Services, natively integrated with the NGFW, secures web, content, and devices, protecting networks from ransomware and sophisticated cyberattacks.
- Real-time SSL inspection (including TLS 1.3) provides full visibility into users, devices, and applications across the attack surface.
- Fortinet's patented SPU (Security Processing Unit) technology provides industry-leading high-performance protection.
Secure SD-WAN
- FortiGate WAN Edge, powered by one OS and a unified security and management framework, transforms and secures WANs.
- Delivers superior quality of experience and effective security posture for work-from-anywhere models, SD-Branch, and cloud-first WAN use cases.
- Achieves operational efficiencies at any scale through automation, deep analytics, and self-healing.
Universal ZTNA
- Controls access to applications regardless of user location or application hosting for universal application of access policies.
- Provides extensive authentications, checks, and enforces policy prior to granting application access.
- Supports agent-based access with FortiClient or agentless access via proxy portal for guest or BYOD scenarios.
Network Diagram: A diagram illustrates the FortiGate 90G series in an Enterprise Branch network. It shows connections to the Internet, Data Center, Multi-Cloud (AWS, Azure), and SaaS (Salesforce, Office 365) via Secure SD-WAN. Management is handled by FortiManager, with analytics from FortiAnalyzer. The diagram also depicts ZTNA users, FortiSwitch for secure access, and FortiAP for secure access points.
Hardware
FortiGate 90G/91G
Front Panel Description: The front panel features a console port, USB management port, power status indicator, reset button, and network interface ports, including SFP+ and WAN ports.
Hardware Features:
- SP5 Security Processing Unit
- Desktop form factor
- 120GB internal storage
Interfaces:
- 1x RJ45 Console and 1x USB Management Port
- 2x 10/5/2.5/ GE RJ45 or 10GE/GE SFP+/SFP Shared Media Ports
- 8x GE RJ45 Ports
Compact and Reliable Form Factor: Designed for small environments, it can be placed on a desktop or wall-mounted. It is small, lightweight, and highly reliable with a superior MTBF (Mean Time Between Failure), minimizing the chance of network disruption.
Specifications
| Hardware Specifications | FORTIGATE 90G | FORTIGATE 91G | ||
|---|---|---|---|---|
| 10/5/2.5/GE RJ45 or 10GE/GE SFP+/ SFP Shared Media pairs | 2 | 2 | ||
| GE RJ45 Internal Ports | 8 | 8 | ||
| Wireless Interface | - | - | ||
| USB Ports | 1 | 1 | ||
| Console (RJ45) | 1 | 1 | ||
| Internal Storage | - | 1 x 120 GB SSD | ||
| Trusted Platform Module (TPM) | Yes | Yes | ||
| Bluetooth Low Energy (BLE) | Yes | Yes | ||
| System Performance* -- Enterprise Traffic Mix | ||||
| IPS Throughput 2 | 4.5 Gbps | 4.5 Gbps | ||
| NGFW Throughput 2, 4 | 2.5 Gbps | 2.5 Gbps | ||
| Threat Protection Throughput 2, 5 | 2.2 Gbps | 2.2 Gbps | ||
| System Performance and Capacity | ||||
| Firewall Throughput (1518 / 512 / 64 byte UDP packets) | 28 / 28 / 27.9 Gbps | 28 / 28 / 27.9 Gbps | ||
| Firewall Latency (64 byte UDP packets) | 3.23 µs | 3.23 µs | ||
| Firewall Throughput (Packets Per Second) | 41.85 Mpps | 41.85 Mpps | ||
| Concurrent Sessions (TCP) | 1.5 M | 1.5 M | ||
| New Sessions/Second (TCP) | 124,000 | 124,000 | ||
| Firewall Policies | 5000 | 5000 | ||
| IPsec VPN Throughput (512 byte) 1 | 25 Gbps | 25 Gbps | ||
| Gateway-to-Gateway IPsec VPN Tunnels | 200 | 200 | ||
| Client-to-Gateway IPsec VPN Tunnels | 2500 | 2500 | ||
| SSL-VPN Throughput 6 | 1.4 Gbps | 1.4 Gbps | ||
| Concurrent SSL-VPN Users (Recommended Maximum, Tunnel Mode) | 200 | 200 | ||
| SSL Inspection Throughput (IPS, avg. HTTPS) 3 | 2.6 Gbps | 2.6 Gbps | ||
| SSL Inspection CPS (IPS, avg. HTTPS) 3 | 1400 | 1400 | ||
| SSL Inspection Concurrent Session (IPS, avg. HTTPS) 3 | 300,000 | 300,000 | ||
| Application Control Throughput (HTTP 64K) 2 | 6.7 Gbps | 6.7 Gbps | ||
| CAPWAP Throughput (HTTP 64K) | 23.6 Gbps | 23.6 Gbps | ||
| Virtual Domains (Default / Maximum) | 10 / 10 | 10 / 10 | ||
| Maximum Number of FortiSwitches Supported | 24 | 24 | ||
| Maximum Number of FortiAPs (Total / Tunnel Mode) | 96 / 48 | 96 / 48 | ||
| Maximum Number of FortiTokens | 500 | 500 | ||
| High Availability Configurations | Active-Active, Active-Passive, Clustering | Active-Active, Active-Passive, Clustering | ||
| Dimensions | FORTIGATE 90G | FORTIGATE 91G | |
|---|---|---|---|
| Height x Width x Length (inches) | 1.65 x 8.5 x 7.0 | 1.65 x 8.5 x 7.0 | |
| Height x Width x Length (mm) | 42 x 216 x 178 | 42 x 216 x 178 | |
| Weight | 2.47 lbs (1.12 kg) | 2.47 lbs (1.12 kg) | |
| Form Factor | Desktop | Desktop | |
| Operating Environment and Certifications | |||
| Input Rating | 12V DC, 3A (dual redundancy optional) | 12V DC, 3A (dual redundancy optional) | |
| Power Required (Redundancy Optional) | Powered by up to 2 External DC Power Adapters (1 adapter included), 100–240V AC, 50/60 Hz | Powered by up to 2 External DC Power Adapters (1 adapter included), 100–240V AC, 50/60 Hz | |
| Power Supply Efficiency Rating | 80Plus Compliant | 80Plus Compliant | |
| Maximum Current | 115Vac/0.4A, 230Vac/0.2A | 115Vac/0.4A, 230Vac/0.2A | |
| Power Consumption (Average / Maximum) | 19.9 W / 20.53 W | 22.4 W / 23.5 W | |
| Heat Dissipation | 70.0 BTU/hr | 80.1 BTU/hr | |
| Operating Temperature | 32°F to 104°F (0°C to 40°C) | 32°F to 104°F (0°C to 40°C) | |
| Storage Temperature | -31°F to 158°F (-35°C to 70°C) | -31°F to 158°F (-35°C to 70°C) | |
| Humidity | 10% to 90% non-condensing | 10% to 90% non-condensing | |
| Noise Level | 21.73 dBA | 21.73 dBA | |
| Operating Altitude | Up to 10,000 ft (3048 m) | Up to 10,000 ft (3048 m) | |
| Compliance | FCC, ICES, CE, RCM, VCCI, BSMI, UL/cUL, CB | FCC, ICES, CE, RCM, VCCI, BSMI, UL/cUL, CB | |
| Certifications | USGv6/IPv6 | USGv6/IPv6 | |
Note: All performance values are "up to" and vary depending on system configuration. Refer to footnotes in the original document for specific test conditions.
Subscriptions
| Service Category | Service Offering | A-la-carte | Enterprise Protection | Unified Threat Protection | Advanced Threat Protection |
|---|---|---|---|---|---|
| FortiGuard Security Services | IPS Service | • | • | ||
| Anti-Malware Protection (AMP) - Antivirus, Mobile Malware, Botnet, CDR, Virus Outbreak Protection and FortiSandbox Cloud Service | • | • | |||
| URL, DNS & Video Filtering Service | • | • | |||
| Anti-Spam | • | • | |||
| AI-based Inline Malware Prevention Service | • | • | |||
| Data Loss Prevention Service 1 | • | • | |||
| OT Security Service (OT Detection, OT Vulnerability correlation, Virtual Patching, OT Signature / Protocol Decoders) 1 | • | • | |||
| Application Control | Included with FortiCare Subscription | Included with FortiCare Subscription | |||
| CASB SaaS Control | • | • | |||
| SD-WAN and SASE Services | SD-WAN Underlay Bandwidth and Quality Monitoring Service | • | • | ||
| SD-WAN Overlay-as-a-Service for SaaS-based overlay network provisioning | • | • | |||
| SD-WAN Connector for FortiSASE Secure Private Access | • | • | |||
| FortiSASE subscription including cloud management and 10Mbps bandwidth license 2 | • | ||||
| NOC and SOC Services | FortiGuard Attack Surface Security Service (IoT Detection, IoT Vulnerability Correlation, and Security Rating Updates) 1 | • | • | ||
| FortiConverter Service | • | • | |||
| Managed FortiGate Service | • | • | |||
| FortiGate Cloud (SMB Logging + Cloud Management) | • | • | |||
| FortiManager Cloud | • | • | |||
| FortiAnalyzer Cloud | • | • | |||
| FortiAnalyzer Cloud with SOCaaS | • | • | |||
| FortiGuard SOCaaS | • | • | |||
| Hardware and Software Support | FortiCare Essentials 2 | • | |||
| FortiCare Premium | • | ||||
| FortiCare Elite | • | ||||
| Internet Service (SaaS) DB Updates | • | • | |||
| GeoIP DB Updates | • | • | |||
| Device/OS Detection Signatures | • | • | |||
| Trusted Certificate DB Updates | • | • | |||
| DDNS (v4/v6) Service | • | • |
1. Full features available when running FortiOS 7.4.1. 2. Desktop Models only.
FortiGuard Bundles: FortiGuard Labs delivers security intelligence services to augment the FortiGate firewall platform, allowing optimization of protection capabilities with FortiGuard Bundles.
FortiCare Services: Fortinet prioritizes customer success through FortiCare Services, optimizing the Fortinet Security Fabric solution. Lifecycle services include Design, Deploy, Operate, Optimize, and Evolve. FortiCare Elite offers heightened SLAs and swift issue resolution with a dedicated support team, including an Extended End-of-Engineering-Support of 18 months. Access the FortiCare Elite Portal for a unified view of device and security health.
Ordering Information
| Product | SKU | Description |
|---|---|---|
| FortiGate 90G | FG-90G | 8 x GE RJ45 ports, 2 x 10GE RJ45/SFP+ shared media WAN ports. |
| FortiGate 91G | FG-91G | 8 x GE RJ45 ports, 2 x 10GE RJ45/SFP+ shared media WAN ports with 120GB SSD. |
| Optional Accessories | ||
| AC Power Adaptor | SP-FG60E-PDC-5 | Pack of 5 AC power adaptors for FG/FWF 60E/61E, FG/FWF 60F/61F, FG-80E/81E, FG-80F/81F, and FG-90G/91G. |
| Wall Mount Kit | SP-FG60F-MOUNT-20 | Pack of 20 wall mount kits for FG/FWF-60F, FG-90G/91G and FG/FWF-80F series. |
| 1 GE SFP RJ45 Transceiver Module | FN-TRAN-GC | 1 GE SFP RJ45 transceiver module for all systems with SFP and SFP/SFP+ slots. |
| 1 GE SFP SX Transceiver Module | FN-TRAN-SX | 1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots. |
| 1 GE SFP LX Transceiver Module | FN-TRAN-LX | 1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots. |
| 10 GE SFP+ RJ45 Transceiver Module | FN-TRAN-SFP+GC | 10 GE SFP+ RJ45 transceiver module for systems with SFP+ slots. |
| 10 GE SFP+ Transceiver Module, Short Range | FN-TRAN-SFP+SR | 10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots. |
| 10 GE SFP+ Transceiver Module, Long Range | FN-TRAN-SFP+LR | 10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots. |
| 10 GE SFP+ Transceiver Module, Extended Range | FN-TRAN-SFP+ER | 10 GE SFP+ transceiver module, extended range for all systems with SFP+ and SFP/SFP+ slots. |
| 10GE SFP+ Transceiver Module, 30km Long Range | FN-TRAN-SFP+BD27 | 10GE SFP+ transceiver module, 30km long range single BiDi for systems with SFP+ and SFP/SFP+ slots (connects to FN-TRAN-SFP+BD33, ordered separately). |
| 10GE SFP+ Transceiver Module, (connects to FN-TRAN-SFP+BD27, ordered separately) | FN-TRAN-SFP+BD33 | 10GE SFP+ transceiver module, 30km long range single BiDi for systems with SFP+ and SFP/SFP+ slots (connects to FN-TRAN-SFP+BD27, ordered separately). |
| 10 GE SFP+ passive direct attach cable, 1m | FN-CABLE-SFP+1 | 10 GE SFP+ passive direct attach cable, 1m for systems with SFP+ and SFP/SFP+ slots. |
| 10 GE SFP+ passive direct attach cable, 3m | FN-CABLE-SFP+3 | 10 GE SFP+ passive direct attach cable, 3m for systems with SFP+ and SFP/SFP+ slots. |
| 10 GE SFP+ passive direct attach cable, 5m | FN-CABLE-SFP+5 | 10 GE SFP+ passive direct attach cable, 5m for systems with SFP+ and SFP/SFP+ slots. |
Fortinet CSR Policy
Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights and ethical business practices, making possible a digital world you can always trust. Users of Fortinet products are required to comply with the Fortinet EULA and report any suspected violations of the EULA via the procedures outlined in the Fortinet Whistleblower Policy.
Copyright © 2024 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Document Revision: FG-90G-DAT-R05-20240105, Dated: January 5, 2024
