og-fortitrust
Ordering Guides
Multi-Factor Authentication | FortiTrust Identity
ORDERING GUIDE
FortiTrust User-based Security
Product Offerings
Fortinet offers a comprehensive portfolio of cloud-managed user-based security products designed to scale and support the Work From Anywhere transformation. This ordering guide is a quick reference to the most common FortiTrust options for Enterprise customers:
· Identity: Cloud-managed Identity and Access Management including SSO, FSSO, Certificate Management, Passwordless (FIDO) and Multifactor (MFA) and Adaptive Authentication with connectivity to on-prem and cloud user directories.
· Zero Trust Network Access (ZTNA): cloud-managed remote access including ZTNA, IPsec and/or SSL VPN plus posture check, vulnerability management, and IT hygiene.
· SASE: cloud-managed SASE agents for securing all endpoint communication and connecting to corporate resources/private applications.
The following table is designed to illustrate the most common features of each service type:
FORTITRUST PORTFOLIO
Components
IDENTITY
FortiAuthenticator-Cloud (Enterprise IAM) plus FortiToken Cloud (MFA)
ZTNA
Remote access agent including ZTNA, IPsec and SSL VPN, plus vulnerability and device posture
Managed by Order Based on
FortiTrust Identity Number of users
FortiClient Cloud Numbers of users
Number of Endpoint Devices
N/A
Up to 3 per user
FortiCare Premium Support Functional Areas
Included
Included
Authentication/authorization, SSO/FSSO, MFA, passwordless, self-service, certificate management
ZTNA, SSL and IPsec VPN with MFA, SSOMA, vulnerability agent and remediation, FortiSandbox
(on-premise or platform-as-a-service)
SASE SASE agent including ZTNA
FortiSASE Cloud Number of users Up to 3 per user
Included
Seamless and secure application access, SSL inspection, SSL and IPsec VPN, plus ZTNA
STRICTLY CONFIDENTIAL
1
ORDERING GUIDE | FortiTrust User-based Security
IDENTITY
MFA Mobile Token with Mobile Push Email/SMS OTP, Hardware Tokens SMS Credits FIDO2 Authentication/Registration Server Third-party Application Integration Adaptive Authentication Integrated with Dynamic Policies and Fabric Connectors Enforce based on Authorized Networks Enforce based on User Location Enforce based on Time of Day/Day of Week Enforce Device Trust Policies based on Device Posture* Cloud-hosted Identity Controller Secure Application Access Fortinet Single Sign On (FSSO) Identity and Role-based Security Policies Central User Identity Management Certificate Management-VPN SAML Service Provider/Identity Provider Web SSO Open ID Connect SSO Additional Information FortiCare Premium Support Order Information 100-499 Users 500-1,999 Users 2,000-9,999 Users 10,000+ Users * Requires FortiClient EMS
ORDER LIFECYCLE
New Order Example: 350 Identity users
Direct purchase · FC2-10-ACCLD-511-02-DD (x350) Add More Users Example: add 200 Identity users
Direct purchase · FC2-10-ACCLD-511-02-DD (x200)
IDENTITY
FC2-10-ACCLD-511-02-DD FC3-10-ACCLD-511-02-DD FC4-10-ACCLD-511-02-DD FC5-10-ACCLD-511-02-DD
Renew All Users Example: renew all 550 Identity users Use the co-term tool for all renewals. This aligns all contracts to the same expiration date and renews with the higher quantity/lower priced SKU. · FC3-10-ACCLD-511-02-DD (x550)
STRICTLY CONFIDENTIAL
22
ZTNA AND SASE
Remote Access and Zero Trust ZTNA Central Management Using FortiClient Cloud Central Logging and Reporting SSL VPN IPsec VPN IT Hygiene and Endpoint Security Vulnerability Agent and Remediation FortiGuard Web Filtering FortiSandbox (On-premise or PaaS) USB Device Control Cloud-based Security (Inline Inspection) SSL Antimalware IPS Web Filtering DNS Filtering Botnet/C&C Data Leak Prevention Additional Information Number of Devices FortiCare Premium Support Order Information 100-499 Users 500-1,999 Users 2,000-9,999 Users 10,000+ Users
ORDER LIFECYCLE
New Order Example: 350 ZTNA users Direct purchase · FC2-10-EMS05-509-01-DD (x350) Add More Users Example: add 200 ZTNA users Direct purchase · FC2-10-EMS05-509-01-DD (x200)
ORDERING GUIDE | FortiTrust User-based Security
ZTNA
Up to 3 per-user
FC2-10-EMS05-509-02-DD FC3-10-EMS05-509-01-DD FC4-10-EMS05-509-01-DD FC5-10-EMS05-509-01-DD
SASE
Up to 3 per-user
FC2-10-EMS05-547-02-DD FC3-10-EMS05-547-02-DD FC4-10-EMS05-547-02-DD FC5-10-EMS05-547-02-DD
Renew All Users Example: renew all 550 ZTNA users
Use the co-term tool for all renewals. This aligns all contracts to the same expiration date and renews with the higher quantity/lower priced SKU.
· FC3-10-EMS05-509-01-DD (x550)
Upgrade all Users from ZTNA to SASE Example: upgrade all 550 ZTNA users to SASE
Use the co-term tool upgrade all existing users to SASE to the end of the term, and then follow regular renewal.
· FC3-10-EMS05-547-02-DD (x550)
3
STRICTLY CONFIDENTIAL
ORDERING GUIDE | FortiTrust User-based Security
FREQUENTLY ASKED QUESTIONS
I currently have points-based FortiToken Cloud licenses. Can I switch to FortiTrust Identity? You can activate it and consume all the points before switching to FortiTrust Identity or contact Fortinet Support to see if they can replace your unused creditbased license with a FortiTrust Identity license.
I currently have time-based FortiToken Cloud licenses. Can I switch to FortiTrust Identity? Yes, you can simultaneously have FortiToken Cloud and FortiTrust Identity licenses.
What will happen to my existing users configured in FortiToken Cloud if I decide to switch to FortiTrust Identity? This does not impact your existing users and they will continue to use MFA service without any interruptions. You will need to make sure to purchase and activate your FortiTrust license within 30 days of your existing license expiration.
Do I need to purchase FortiToken licenses along with FortiTrust Identity to configure MFA? The FortiTrust Identity license includes tokens for the FortiToken mobile application. User-friendly push technology simplifies the end user authentication experience by just requiring a swipe or click. If you prefer hardware tokens, you must purchase them separately.
I currently have a FortiAuthenticator license. Can I switch to FortiTrust Identity and what will be the impact on my current configuration? Yes, you can purchase FortiTrust Identity license and migrate your existing FortiAuthenticator configuration to new FortiAuthenticator Cloud using available Dev tools.
Can I use FortiTrust ZTNA with the current FortiClient Cloud ZTNA/VPN device-based license? No, device-based and user-based licenses cannot be mixed together on same FortiClient Cloud account.
I currently have a device-based ZTNA license on FortiClient Cloud. Can I switch to FortiTrust ZTNA? Yes, you can convert your current device-based license to a user-based license using the co-term tool.
What if some of my users have more than three devices? You can order for the exact number of users that you have. If a user onboards more than three devices, they will use up an additional user license.
What is the maximum number of users that can be licensed for FortiTrust ZTNA and SASE on a single account? FortiClient Cloud can manage up to 50,000 endpoints on a single account.
Can I upgrade from FortiTrust ZTNA to FortiTrust SASE? Yes, you can perform upgrades using the co-term tool.
www.fortinet.com
Copyright © 2022 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet's General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet's internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FTR-OG-R4-20220616
STRICTLY CONFIDENTIAL
Adobe PDF Library 16.0.3