DATASHEET

FortiGate®/FortiWiFi™-80 Series
Enterprise-Class Protection for Branch Offices

Proven Security for Remote Offices, Retail, and Customer Premise Equipment
FortiGate/FortiWiFi-80 Series consolidated security appliances deliver Primary Features & Benefits
comprehensive enterprise-class protection for remote locations, branch offices,
Enterprise-grade protection
customer premise equipment (CPE) and retail networks. FortiGate/FortiWiFi-80 for smaller networks
Series platforms feature an integrated set of essential security technologies in
• Enables deployment of
a single device to protect all of your applications and data. Simple per-device Fortinet’s unmatched
pricing, an integrated management console, and remote management capabilities protection and performance
significantly reduce costs associated with deployment and management. in smaller environments

Comprehensive Protection Redundant connectivity

Fortinet’s market-leading security technology and research results in appliances methods
providing unmatched protection against today’s sophisticated multi-vector threats. • Dual 10/100/1000 Ethernet,
FortiGate/FortiWiFi consolidated security platforms integrate firewall, IPSec and analog modem (FG/FWF-
80CM models) and optional
SSL VPN, antivirus, antispam, intrusion prevention, web filtering and vulnerability 3G wireless offer redundant
management into a single device at a single price. They also provide data loss WAN connections to ensure
prevention (DLP), application control, and endpoint NAC. availability of data

The FortiGate/FortiWiFi-80 Series specifically addresses many policy enforcement Centralized Management
requirements included in government and industry regulations, such as the PCI • FortiManager and
Data Security Standard. They also ease migration to new industry standards such FortiAnalyzer centralized
as IPv6, supporting dynamic routing for both IPv4 and IPv6 networks. Fortinet’s management and reporting
appliances simplify the
Global Threat Research Team and ICSA Labs-certified inspection engines ensure
deployment, monitoring, and
the best possible protection in your network. maintenance of the security
infrastructure

80 Series Deployment Options

Redundant Connectivity
The FortiGate/FortiWiFi-80 Series platforms offer dual WAN Gigabit Ethernet
(10/100/1000) links, for load balancing or redundant ISP connections delivering high FortiGate-80C
availability and scalability to small or home office application. Six Fast Ethernet (10/100)
internal security zone or switch ports and one dedicated DMZ port eliminate need
for additional networking devices, reducing investment and management burden.
An ExpressCard slot allows for optional 3G wireless WAN connectivity such as EV-
DO, W-CDMA, HSPA and GPRS, which provides mobile network connectivity for
remote deployments or backup data connectivity in the event of a network failure. The
FortiGate/FortiWiFi-80CM platforms gives you the additional convenience and reliability FortiGate-80CM
of an analog modem.

Internal Storage
The internal storage standard on the FortiGate/FortiWiFi-80 Series enables local
caching of data for policy compliance or WAN optimization. WAN optimization lowers
your networking costs and improves your application and network performance by
reducing the amount of data transmitted over your WAN.

FortiWiFi-80CM

FortiGuard® Security Subscription Services deliver dynamic, automated updates for Fortinet products. The Fortinet Global Security Research
Team creates these updates to ensure up-to-date protection against sophisticated threats. Subscriptions include antivirus, intrusion prevention,
web filtering, antispam, vulnerability and compliance management, application control, and database security services.

FortiCare™ Support Services provide global support for all Fortinet products and services. FortiCare support enables your Fortinet products to
perform optimally. Support plans start with 8x5 Enhanced Support with return and replace hardware support or 24x7 Comprehensive Support
with advanced hardware replacement. Options include Premium Support, Premium RMA, and Professional Services. All hardware products
include a 1-year limited hardware warranty and a 90-day limited software warranty.

FortiGuard Subscription Services

Vulnerability
Antivirus Intrusion Prevention Web Filtering Antispam Application Control
Management
FortiGate-80C Supported Supported Supported Supported Supported Supported
FortiGate-80CM Supported Supported Supported Supported Supported Supported
FortiWiFi-80CM Supported Supported Supported Supported Supported Supported
FortiOS 4.0 Software—Raising The Bar
FortiOS 4.0: Redefining Network Security Fortinet’s ASIC-Based Advantage
FortiOS 4.0 is the software foundation of FortiGate multi- FortiASICs are a family of purpose-built, high performance
threat security platforms. Developed solely for security, processors that use an intelligent proprietary content
performance, and reliability, it is a purpose-built operating scanning engine and multiple algorithms to accelerate
system that leverages the power of FortiASIC processors. security and network services.

FortiOS Security Services

FIREWALL ANTIVIRUS / ANTISPYWARE INTRUSION PREVENTION SYSTEM (IPS)
ICSA Labs Certified (Corporate Firewall) ICSA Labs Certified (Gateway Antivirus) ICSA Labs Certified (NIPS)
NAT, PAT, Transparent (Bridge) Includes Antispyware and Worm Prevention: Protection From Over 3000 Threats
Routing Mode (RIP, OSPF, BGP, Multicast) HTTP/HTTPS SMTP/SMTPS Protocol Anomaly Support
Policy-Based NAT POP3/POP3S IMAP/IMAPS Custom Signature Support
Virtual Domains (NAT/Transparent mode) FTP IM Protocols Automatic Attack Database Update
VLAN Tagging (802.1Q) Flow-Based Antivirus Scanning Mode IPv6 Support
Group-Based Authentication & Scheduling Automatic “Push” Content Updates
SIP/H.323 /SCCP NAT Traversal File Quarantine Support DATA LOSS PREVENTION (DLP)
WINS Support Databases: Standard, Extended, Extreme, Flow Identification and Control Over Sensitive Data in
Explicit Proxy Support (Citrix/TS etc.) IPv6 Support Motion
VoIP Security (SIP Firewall/RTP Pinholing) Built-in Pattern Database
Granular Per-Policy Protection Profiles WEB FILTERING RegEx-based Matching Engine for Customized
Identity/Application-Based Policy 76 Unique Categories Patterns
Vulnerability Management FortiGuard Web Filtering Service Categorizes over 2 Configurable Actions (block/log)
IPv6 Support (NAT/Transparent mode) Billion Web pages Supports IM, HTTP/HTTPS, and More
HTTP/HTTPS Filtering Many Popular File Types Supported
VIRTUAL PRIVATE NETWORK (VPN) Web Filtering Time-Based Quota International Character Sets Supported
ICSA Labs Certified (IPSec) URL/Keyword/Phrase Block
PPTP, IPSec, and SSL Dedicated Tunnels URL Exempt List ANTISPAM
SSL-VPN Concentrator (incl. iPhone client support) Content Profiles Support for SMTP/SMTPS, POP3/POP3S, IMAP/
DES, 3DES, and AES Encryption Support Blocks Java Applet, Cookies, Active X IMAPS
SHA-1/MD5 Authentication MIME Content Header Filtering Real-Time Blacklist/Open Relay Database Server
PPTP, L2TP, VPN Client Pass Through IPv6 Support MIME Header Check
Hub and Spoke VPN Support Keyword/Phrase Filtering
IKE Certificate Authentication (v1 & v2) APPLICATION CONTROL IP Address Blacklist/Exempt List
IPSec NAT Traversal Identify and Control Over 1800 Applications Automatic Real-Time Updates From FortiGuard
Automatic IPSec Configuration Control Popular IM/P2P Apps Regardless of Port/ Network
Dead Peer Detection Protocol:
RSA SecurID Support AOL-IM Yahoo MSN KaZaa ENDPOINT COMPLIANCE AND CONTROL
SSL Single Sign-On Bookmarks ICQ Gnutella BitTorrent MySpace Monitor & Control Hosts Running FortiClient Endpoint
SSL Two-Factor Authentication WinNY Skype eDonkey Facebook Security
LDAP Group Authentication (SSL)
HIGH AVAILABILITY (HA) MANAGEMENT/ADMINISTRATION
NETWORKING/ROUTING Active-Active, Active-Passive Console Interface (RS-232)
Multiple WAN Link Support Stateful Failover (FW and VPN) WebUI (HTTP/HTTPS)
DHCP Client/Server Device Failure Detection and Notification Telnet / Secure Command Shell (SSH)
Policy-Based Routing Link Status Monitor Command Line Interface
Dynamic Routing for IPv4 and IPv6 (RIP, OSPF, BGP, & Link failover Role-Based Administration
Multicast for IPv4) Server Load Balancing Multi-language Support: English, Japanese, Korean,
Multi-Zone Support Spanish, Chinese (Simplified & Traditional), French
Route Between Zones WAN OPTIMIZATION Multiple Administrators and User Levels
Route Between Virtual LANs (VDOMS) Bi-directional / Gateway to Client/Gateway Upgrades and Changes via TFTP and WebUI
Multi-Link Aggregation (802.3ad) Integrated Caching and Protocol Optimization System Software Rollback
IPv6 Support (Firewall, DNS, Transparent Mode, SIP, Accelerates CIFS/FTP/MAPI/HTTP/HTTPS/Generic TCP Configurable Password Policy
Dynamic Routing, Admin Access, Management) Optional FortiManager Central Management
VRRP and Link Failure Control VIRTUAL DOMAINS (VDOMs)
sFlow Client Separate Firewall/Routing Domains LOGGING/MONITORING/VULNERABILITY
Separate Administrative Domains Local Event Logging
USER AUTHENTICATION OPTIONS Separate VLAN Interfaces Log to Remote Syslog/WELF Server
Local Database 10 VDOM License Std. (more can be added) Graphical Real-Time and Historical Monitoring
Windows Active Directory (AD) Integration SNMP Support
External RADIUS/LDAP Integration WIRELESS CONTROLLER Email Notification of Viruses And Attacks
Xauth over RADIUS for IPSEC VPN Unified WiFi and Access Point Management VPN Tunnel Monitor
RSA SecurID Support Automatic Provisioning of APs Optional FortiAnalyzer Logging / Reporting
LDAP Group Support On-wire Detection and Blocking of Rogue APs Optional FortiGuard Analysis and Management
Virtual APs with Different SSIDs Service
DATA CENTER OPTIMIZATION Multiple Authentication Methods
Web Server Caching
TCP Multiplexing TRAFFIC SHAPING
HTTPS Offloading Policy-based Traffic Shaping
WCCP Support Application-based and Per-IP Traffic Shaping
Differentiated Services (DiffServ) Support
Guarantee/Max/Priority Bandwidth
Shaping via Accounting, Traffic Quotas

Note: The list above is comprehensive and may contain FortiOS features which are not available on all FortiGate appliances.
Consult FortiGate system documentation to determine feature availability.
Firewall Intrusion Prevention
Fortinet firewall technology delivers industry-leading performance IPS technology provides protection against current and emerging
for network and application firewalling including Web 2.0 application network level threats. In addition to signature-based detection, we
policies based on the application identity, up to and beyond 10 Gbps perform anomaly-based detection whereby our system alerts users
throughput. Our technology identifies traffic patterns and links them to traffic that fits a profile matching attack behavior. This behavior is
to the use of specific applications, such as instant messaging and then analyzed by our threat research team to identify threats as they
peer-to-peer applications, permitting application access control. By emerge and generate new signatures that will be incorporated into our
coupling application intelligence with firewall technology, the FortiGate FortiGuard services.
platform is able to deliver real-time security with integrated application
content level inspection, thereby simplifying security deployments.
Firewall Intrusion Prevention System
Feature Highlights NAT, PAT and Transparent (Bridge) Features Supported Automatic Attack Database Update
Policy-Based NAT Protocol Anomaly Support
SIP/H.323/SCCP NAT Traversal IPS and DoS Prevention Sensor
VLAN Tagging (802.1Q) Custom Signature Support
IPv6 Support IPv6 Support
Performance Performance
Firewall (1518 Byte) 1.9 Gbps IPS Throughput 350 Mbps
Firewall (512 Byte) 700 Mbps
Firewall (64 Byte) 120 Mbps

Antivirus / Antispyware VPN

Antivirus content inspection technology provides protection against Fortinet VPN technology provides secure communications between
virus, spyware, worms, phishing and other forms of malware being multiple networks and hosts, through both secure socket layer, or
transmitted over the network infrastructure. By intercepting application SSL, and IPsec VPN technologies, leveraging our custom FortiASIC to
content in transit, and reassembling the data into user expected provide hardware acceleration for high-performance communications
content, the FortiGate Antivirus features ensures that malicious threats and data privacy. Benefits include the ability to enforce complete
hidden within legitimate application content is identified and removed content inspection and multi-threat security as part of VPN
from the data stream destined for internal (or external) recipients. The communications, including antivirus, IPS and Web filtering. Additional
addition of Fortinet’s FortiGuard subscription services ensured each features include traffic optimization providing prioritization for traffic
FortiGate has access to updated malware signatures, resulting in across VPNs.
high level of accuracy and detection capabilities including emerging
and newly discovered viruses. ICSA Labs has certified our antivirus
functionality.
Antivirus VPN
Features Supported Proxy Antivirus Feature Highlights IPSec and SSL VPN
Flow-based Antivirus DES, 3DES, AES and SHA-1/MD5 Authentication
File Quarantine PPTP, L2TP, VPN Client Pass Through
IPv6 Support SSL Single Sign-On Bookmarks
Performance Two-Factor Authentication
Antivirus (Proxy-based) 50 Mbps Performance
Antivirus (Flow-based) 190 Mbps IPSec VPN 140 Mbps
SSL VPN 70 Mbps
Recommend # of SSL
60
Users
WAN Optimization SSL Inspection
With WAN Optimization, you can accelerate applications over your SSL-Encrypted Traffic Inspection protects clients and web and
wide area links while ensuring multi-threat security enforcement. application servers from malicious SSL-encrypted traffic, to which
FortiOS 4.0 software not only eliminates unnecessary and malicious most security devices are often blind. SSL Inspection intercepts
traffic as one of its core capabilities, it also optimizes legitimate traffic encrypted traffic and inspects it for threats, prior to routing it to its final
by reducing the amount of communication and data transmitted destination. SSL Inspection applies to both client-oriented SSL traffic
between applications and servers across the WAN. This results in (such as users connecting to an SSL-encrypted hosted CRM site) and
improved performance of applications and network services, as inbound traffic destined an organization’s own web and application
well as helping to avoid additional higher-bandwidth provisioning servers. You now have the ability to enforce appropriate use policies
requirements. on inappropriate encrypted web content, and protect servers from
WAN Optimization SSL Inspection
Features Highlight Gateway-to-Gateway Optimization Features Highlight Protocol: HTTPS, SMTPS, POP3S, IMAPS
Bi-directional Gateway-to-client Optimization Inspection support: Antivirus, Web Filtering,
Web Caching Antispam, Data Loss Prevention
Secure Tunnel SSL Offload
Transparent Mode

End-Point NAC Data Loss Prevention

Endpoint NAC enforces the use of the FortiClient Endpoint Security It is imperative for you to control the vast amount of confidential,
application (either Standard or Premium editions) on your network. regulated, and proprietary data traversing your network, and keep
It verifies the installation of the most recent version of the FortiClient it within defined network boundaries. Working across multiple
application, up-to-date antivirus signatures, and enabled firewall applications (including those encrypting their communications),
before allowing the traffic from that endpoint to pass through the DLP uses a sophisticated pattern-matching engine to identify and
FortiGate platform. You also have the option to quarantine endpoints then prevent the communication of sensitive information outside the
running applications that violate policies and require remediation. network perimeter. In addition to protecting your organization’s critical
information, DLP also provides audit trails for data and files to aid in
policy compliance. You can use the wide range of configurable actions
to log, block, and archive data, as well as ban or quarantine users.

Endpoint Network Access Control (NAC) Data Loss Prevention (DLP)

Features Highlight Monitor & Control Hosts Running FortiClient Features Highlight Identification And Control Over Data in Motion
Vulnerability Scanning of Network Nodes Built-in Pattern Database
Quarantine Portal RegEx Based Matching Engine
Application Detection and Control Common File Format Inspection
Built-in Application Database International Character Sets Supported

Web Filtering Logging & Monitoring

Web filtering technology is a pro-active defense feature that identifies FortiGate units provide extensive logging capabilities for traffic,
known locations of malware and blocks access to these malicious system and network protection functions. They also allow you to
sources. In addition, the technology enables administrators to compile reports from the detailed log information gathered. Reports
enforce policies based on website content categories ensuring provide historical and current analysis of network activity to help
users are not accessing content that is inappropriate for their work identify security issues that will reduce and prevent network misuse
environment. The technology restricts access to denied categories and abuse.
based on the policy by comparing each Web address request to a
Fortinet hosted database.
WEB Filtering Logging and Monitoring
Features Highlight HTTP/HTTPS Filtering Features Highlight Internal Log storage and Report Generation
URL / Keyword / Phrase Block Graphical Real-Time and Historical Monitoring
Blocks Java Applet, Cookies or Active X Graphical Report Scheduling Support
MIME Content Header Filtering Optional FortiAnalyzer Logging (including per
IPv6 Support VDOM)
Optional FortiGuard Analysis and Management
Service
Virtual Domain High Availability
Virtual Domain (VDOM) enables a single FortiGate system to function High Availability (HA) configuration enhances reliability and increases
as multiple independent virtual FortiGate systems. Each VDOM performance by clustering multiple FortiGate appliances into a
contains its own virtual interfaces, security profiles, routing table, single entity. FortiGate High Availability supports Active-Active and
administration and many other features. FortiGate VDOMs reduce Active-Passive options to provide the maximum flexibility for utilizing
the complexity of your physical network by virtualizing different each member within the HA cluster. The HA feature is included as
security resources over a common platform, greatly reducing the part of the FortiOS operation system so end-users can benefit from
power and footprint required by multiple point solutions. the reliability enhancement without the extra cost.

Virtual Domains High Availability (HA)

Features Highlight Separate Firewall / Routing Domains Features Highlight Active-Active and Active-Passive
Separate Administrative Domains Stateful Failover (FW and VPN)
Separate VLAN Interfaces Link State Monitor and Failover
VDOMs (Max / Default) 10 / 10 Device Failure Detection and Notification
Server Load Balancing

Application Control Wireless Controller

Application control enables you to define and enforce policies for Wireless controller integrated into every FortiGate platform
thousands of applications running on your endpoints, regardless centralizes the management and monitoring of all FortiAP units.
of the port or the protocol used for communication. Application All wireless traffic is directed to the FortiGate multi-threat security
classification and control is essential to manage the explosion of platform and undergoes identity-aware firewall policies and UTM
new web-based applications bombarding networks today, as most engine inspection. Only authorized wireless traffic is forwarded.
application traffic looks like normal web traffic to traditional firewalls. From a single console you can control network access, update
Fortinet’s application control technology identifies application traffic policies quickly and easily, and monitor compliance.
and then applies security policies easily defined by the administrator.
The end result is more flexible and granular policy control, with deeper
visibility into your network traffic.

Application Control Wireless Controller

Features Highlight Identify and Control Over 1800 Applications Features Highlight Managed and Monitor FortiAP product
Traffic Shaping (Per Application) Rogue AP Detection, Control and Reporting
Control Popular IM/P2P Apps Regardless of Port Virtual AP with different SSID
/ Protocol
Popular Applications include:
AOL-IM Yahoo MSN KaZaa
ICQ Gnutella BitTorrent MySpace
WinNY Skype eDonkey Facebook
and more
 Technical Specifications FortiGate-80C FortiGate-80CM FortiWiFi-80CM
Hardware Specifications
10/100/1000 WAN Interfaces (Copper, RJ-45) 2 2 2
10/100 Internal Switch Interfaces (Copper, RJ-45) 6 6 6
10/100 DMZ Interfaces (Copper, RJ-45) 1 1 1
Management Console Interface (Copper, RJ-45) 1 1 1
USB Interfaces 2 2 2
ExpressCard Slot 1 1 1
WLAN Support - - 802.11 a/n or b/g/n
Modem Port - Yes Yes
Internal Storage 8 GB
System Performance
Firewall Throughput (1518 / 512 / 64 byte UDP packets) 1900 / 700 / 120 Mbps
Firewall Latency (64 byte UDP packets) 45 μs
Firewall Throughput (Packets Per Second) 180 Kpps
Concurrent Sessions (TCP) 1 Million
New Sessions/Sec (TCP) 12,000
Firewall Policies (System / VDOM) 5,000 / 500
IPSec VPN Throughput (512 byte packets) 140 Mbps
Gateway-to-Gateway IPSec VPN Tunnels (System / VDOM) 200 / 200
Client-to-Gateway IPSec VPN Tunnels 1000
SSL-VPN Throughput 70 Mbps
Concurrent SSL-VPN Users (Recommended Max) 60
IPS Throughput 350 Mbps
Antivirus Throughput (Proxy Based / Flow Based) 50 / 190 Mbps
Virtual Domains (Default / Max) 10 / 10
Max Number of FortiAPs 16
Max Number of FortiTokens 500
High Availability Configurations Active/Active, Active/Passive, Clustering
Unlimited User Licenses Yes
Dimensions
Height x Width x Length 1.75 x 10.87 x 6.13 in (4.45 x 27.61 x 15.57 cm)
Weight 3.3 lb (1.5 kg)
Wall Mountable Yes
Environment
Power Required 100-240 VAC, 50-60 Hz
Power Consumption (AVG / Max) 25 / 30 W 26 / 31.2 W 28 / 33.6 W
Heat Dissipation 102.3 BTU 106.5 BTU 115 BTU
Operating Temperature 32 – 104 deg F (0 – 40 deg C)
Storage Temperature -13 – 158 deg F (-25 – 70 deg C)
Humidity 20 to 95% non-condensing
Compliance & Certification
Compliance FCC Part 15 Class B, C-Tick, VCCI, CE, UL/cUL, CB
Certification ICSA Labs: Firewall, IPSec, IPS, Antivirus, SSL VPN
All performance values are “up to” and vary depending on system configuration. Antivirus performance is measured using 44 Kbyte HTTP files. IPS performance is measured using 1 Mbyte HTTP files.

Ordering Info Industry Certifications

Unit SKU
FortiGate-80C FG-80C
FotiGate-80CM FG-80CM
FortiWiFi-80CM FWF-80CM
Optional Accessories SKU
DC Adapter for the FG-80C, FG-80CM, FWF-80CM SP-FG80-PDC
Wall Mount Kit (with express card lock) SP-FG-50B-60B-MOUNT

GLOBAL HEADQUARTERS EMEA SALES OFFICE – FRANCE APAC SALES OFFICE – SINGAPORE
Fortinet Incorporated Fortinet Incorporated Fortinet Incorporated
1090 Kifer Road, Sunnyvale, CA 94086 USA 120 rue Albert Caquot 300 Beach Road #20-01
Tel +1.408.235.7700 06560, Sophia Antipolis, France The Concourse, 199555 Singapore
Fax +1.408.235.7737 Tel +33.4.8987.0510 Tel: +65-6513-3734
www.fortinet.com/sales Fax +33.4.8987.0501 Fax: +65-6295-0015

Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks
of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing
herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants
that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet
reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-GT80C FG-FWF-80C-DAT-R8-201207