Data Sheet

FortiNDR™ Cloud

Highlights

• 365-day historical
deep network traffic
visibility and analytics Network Detection and Response
• Curated threat
intelligence, powered Fortinet’s SaaS-based FortiNDR Cloud leverages artificial intelligence
by FortiGuard Labs, (AI) and machine learning (ML), behavioral, and human analysis
for reduced false
positives
to inspect network traffic to detect malicious behavior early while
• Fortinet Security reducing false positives. FortiNDR Cloud provides unified network
Fabric and third-party traffic visibility across multi-cloud and hybrid environments as well as
integrations
distributed workforces and constrained, mission-critical environments.
• Leverage AI, expert
analysis, and cloud FortiNDR Cloud automatically identifies anomalous and malicious
compute for threat behavior, provides risk scores, and shares relevant threat intelligence
detection
to assist security teams in prioritizing response efforts.
• Coverage for over
90% of MITRE ATT&CK As the world’s only Guided-SaaS NDR, FortiNDR Cloud provides
techniques
dedicated Technical Success Manager (TSM) support. TSMs act as
trusted advisors who share findings, tune configurations, and help
organizations optimize NDR deployments.

1
 FortiNDR™ Cloud Data Sheet

Highlights
Key Features Basic Competencies
• Guided SaaS with trusted
Improved Visibility of Threats
advisors
• 365-day data retention for Real-time, automated investigation of network security incidents and extended historical
retrospective analysis and network visibility enable a faster, more comprehensive response to threats. Because the
threat hunting impact of an intrusion increases over time, real-time response is the best way to minimize
• Hunt adversaries with Guided damage.
Queries
Get Expertise on Demand
• Automatic and manual
response for quarantine and FortiNDR Cloud helps security teams overcome the skills gap challenge by providing Technical
control Success Manager (TSM) support. TSMs act as trusted advisors who share findings, tune
• Orchestrated response with configurations, and help organizations optimize NDR deployments.
integrations with Fortinet and
third party tools including Fewer Distractions from False Positives and Detection Tuning
CrowdStrike, FortiEDR,
With threat analysis and detection tuning provided in real-time, organizations are less
Splunk, Cortex, FortiSIEM,
vulnerable while awaiting a vendor’s application patch or anti-malware signature.
FortiSOAR, and Microsoft
Sentinel
365-day Data Retention for Retrospective Analysis and Threat Hunting
• Global crowdsourced threat
intelligence from numerous FortiNDR Cloud retains rich network metadata for 365 days, enabling a comprehensive
third-party feeds and investigation. This data ensures newly discovered tools, tactics, and procedures can be
proprietary sensors retroactively investigated to discover if and when threats may have infiltrated the customer’s
network.

2
 FortiNDR™ Cloud Data Sheet

FortiNDR™ Cloud Deployment

Features FortiNDR Cloud

Deployment SaaS

Security Analyst Guided-SaaS with TSM

(Technical Success Manager)
Data Storage Location Cloud-based (US or EU)

Data Retention 365 Days

Investigation / Threat Hunting Guided Queries and Parallel Hunting

Malware Identification FortiGuard Malware feed; VirusTotal lookup

MITRE ATT&CK Framework Mapping Detections and Playbooks mapped to MITRE ATT&CK
Framework

Response Integration Fortinet Security Fabric Third-party API (Rest) MetaStream

(AWS S3)
Integrations with CrowdStrike, FortiEDR, FortiSIEM, FortiSOAR,
Cortex, Splunk, QRadar, and Microsoft Sentinel
Sensors Hardware: FortiNDR Cloud-2540G (Extra Large sensor)
Hardware:FortiNDR Cloud-900F (Large sensor)
Hardware: FortiNDR Cloud-500F (Small sensor)
Virtual Sensors (AWS / Azure / ESXi / HyperV / GCP / KVM)
FortiGuard Labs Threat Research ✓⃝

3
 FortiNDR™ Cloud Data Sheet

FortiNDR Cloud Sensor Specifications

FNDR Cloud 500F FNDR Cloud 900F FNDR Cloud 2540G FNDR Cloud
Category small sensor large sensor extra large sensor Virtual Sensors
Deployment
Sniffer / SPAN / 802.1q support ✓⃝ ✓⃝ ✓⃝ ✓⃝
Cloud based sensors + SaaS ✓⃝ ✓⃝ ✓⃝ ✓⃝
portal
Hypervisor Support — — — ESXi6.7 U2+, KVM, HyperV, GCP,
AWS, Azure
Hardware Specifications
Total Interfaces 2x 1G Copper, 2x 1G Copper, 2x 10/25GbE SFP28 and 1 mgmt + min 1 TAP
2x 10G SFP+, 2x 10G SFP+, 4x 1GbE RJ45
2x 10G Copper 2x 10G Copper 2x 10GbE RJ45
(breakout cable supported)
Sniffer Interfaces 5 (2x 10G SFP+, 2x 10G copper, 4 (2x 10G SFP+, 2x 10G Copper) 2x 10/25GbE SFP28 and min 1 x vNIC
1x 1G Copper) 2x 1GbE RJ45 max 3 x vNIC
2x 10GbE RJ45
Transceivers Included 2x 10G multimode 4x 10G multimode none —
Storage Capacity 890 GB 890 GB 3.84TB (4x 960GB 2.5” NVMe SSD) 100 (min) - 300 GB (recommended)
Default RAID level (RAID software) 10 10 10 Hypervisor dependent
Removable Hard Drives Yes Yes Yes —
Redundant Hot Swappable Yes Yes Yes —
Power Supplies
Technical Specifications
vCPU Support (Recommended) — — — 16
Memory Support — — — 16 GB / 32 GB
(Minimum / Recommended)
System Performance
NDR Sniffer Throughput* 6 Gbps 13 Gbps 38 Gbps Hypervisor dependent
(metadata processing) (metadata processing) (metadata processing)
across all ports across all ports across all ports)
Malware Lookups Hash lookup (Virus Total) and Hash lookup (Virus Total) and Hash lookup (Virus Total) and Hash lookup (Virus Total) and
FortiGuard Malware Feed FortiGuard Malware Feed FortiGuard Malware Feed FortiGuard Malware Feed
Dimensions
Height x Width x Length (mm) 42.8 mm. 42.8 mm. 88 x 483 x 740.8 mm with handle —
x 482 mm (w/ handle) x 482 mm (w/ handle) 88 x 438 x 695.8 mm w/o handle
x 757.75 mm (w/ bezel) x 757.75 mm (w/ bezel)
42.8mm 42.8mm
x 434 mm (w/o handle) x 434 mm (w/o handle)
x 743.91 mm (w/o Bezel) x 743.91 mm (w/o Bezel)

Weight 25.9 kg 25.9 kg 18.14 kg —

Environment
AC Power Supply 100-240 VAC, 60-50 Hz 100-240 VAC, 60-50 Hz 100-240 VAC, 60-50 Hz —
Power Consumption 276 W / 390 W 409 W / 619 W 524.8 W / 682.2 W —
(Average/ Maximum)
Heat Dissipation 2891 BTU/h 2891 BTU/h 2327.8 BTU/h —
Operating Temperature 10°C to 35°C (50°F to 95°F) 10°C to 35°C (50°F to 95°F) 0°-40°C (32°F to 104°F) with no —
with no direct sunlight on the with no direct sunlight on the direct sunlight on the equipment
equipment equipment
Storage Temperature -40°C to 65°C (-40°F to 149°F) -40°C to 65°C (-40°F to 149°F) –20°C to 70°C (–4°F to 158°F) —
Humidity Storage: 5% to 90% RH with Storage: 5% to 90% RH with 5% to 90% RH with 33°C (91°F) —
33°C (91°F) maximum dew point. 33°C (91°F) maximum dew point. maximum dew point. Atmosphere
Atmosphere must be non- Atmosphere must be non- must be non-condensing at all
condensing at all times. Operating: condensing at all times. Operating: times. Operating: 10% to 80%
10% to 80% relative humidity with 10% to 80% relative humidity with relative humidity with 29°C (84.2°F)
29°C (84.2°F) maximum dew point. 29°C (84.2°F) maximum dew point. maximum dew point.
Operating Altitude Up to 10 000 ft (3048 m) Up to 10 000 ft (3048 m) Up to 10 000 ft (3048 m) —
Compliance
Certifications FCC, ISED, CE, RCM, VCCI, BSMI FCC, ISED, CE, RCM, VCCI, BSMI FCC, ISED, CE, RCM, VCCI, BSMI
—
(Class A), UL/cUL, CB (Class A), UL/cUL, CB (Class A), UL/cUL, CB

*Using FortiTester default Enterprise Profile

4
 FortiNDR™ Cloud Data Sheet

Ordering Information
FORTINDR CLOUD
Product SKU Description
FortiNDRCloud-SAAS Services FC1-10-NDRCL-667-02-12 Annual Subscription license for FortiNDR Cloud Guided-SaaS Platform with Detections, Investigations, Playbooks, and
Reports at 1 Gbps of metered ussage. Includes FortiCare premium. Does not include physical sensors.
True Up Usage NDRC-TRUEUP-1MTH Throughput True-up SKU for traffic overages in FortiNDR Cloud for 1 Gbps of metered usage.

FortiNDRCloud-500F FNRC-500F FortiNDRCloud 500F (small) physical sensor to deliver data to FortiNDR Cloud SaaS Platform. Hardware only. 1U with
2x Copper / 2x Fiber SFP+. Must purchase support. Ship with 2x 10G multimode transceivers.
Small Sensor (500F) Licence and FC-10-NDR5F-247-02-DD Annual license for support for FNRC-500F (small) sensor and forwarding traffic to the FortiNDR Cloud SaaS Platform,
Suppport includes FortiCare premium.
FortiNDRCloud-900F FNRC-900F FortiNDRCloud 900F (large) physical sensor to deliver data to FortiNDR Cloud SaaS Platform. Hardware only. 1U with
2x Copper / 2x Fiber SFP+. Must purchase support. Ship with 4x 10G multimode transceivers.
Large Sensor (900F) Licence FC-10-NDR9F-247-02-DD Annual license for support for FNRC-900F (large) sensor and forwarding traffic to the FortiNDR Cloud SaaS Platform,
and Suppport includes FortiCare premium.
FortiNDR Cloud-2540G FNRC-2540G FortiNDR Cloud 2540G (extra large) physical sensor to deliver data to FortiNDR Cloud SaaS Platform. Hardware Only.
2U with 1x GbE copper, 2x 10GbE SFP+, 2x 25GbE SFP28. Must purchase support. Transceivers *not* included.
Extra Large Sensor (2540G) FC-10-ND25G-247-02-DD FortiNDRCloud-2540G Annual license for support for FNRC-2540G (extra-large) sensor and forwarding traffic to the
Licence and Suppport FortiNDR Cloud SaaS Platform, includes FortiCare premium.
FortiNDR Cloud log Ingestion FC1-10-NDRCL-1009-02-DD Annual Subscription license for FortiNDR Cloud to consume third party logs for detections (for example, Zscaler). SKU
is based on 1000 EPS (events per second). Must purchase FortiNDR Cloud Guide SaaS with this subscription.

Visit https://www.fortinet.com/resources/ordering-guides for related ordering guides.

5
Fortinet Corporate Social Responsibility Policy
Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights and
ethical business practices, making possible a digital world you can always trust. You represent and warrant to Fortinet that you
will not use Fortinet’s products and services to engage in, or support in any way, violations or abuses of human rights, including
those involving illegal censorship, surveillance, detention, or excessive use of force. Users of Fortinet products are required
to comply with the Fortinet EULA and report any suspected violations of the EULA via the procedures outlined in the Fortinet
Whistleblower Policy.

www.fortinet.com

Copyright © 2025 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s SVP Legal and above, with a
purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute
clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer,
or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

March 12, 2025

FNDR-CL-DAT-R04-20250312