DATASHEETFortiGate®/FortiWiFi™-80 SeriesEnterprise-Class Protection for Branch OfficesProven Security for Remote Offices, Retail, and Customer Premise EquipmentFortiGate/FortiWiFi-80 Series consolidated security appliances deliver Primary Features & Benefitscomprehensive enterprise-class protection for remote locations, branch offices, Enterprise-grade protectioncustomer premise equipment (CPE) and retail networks. FortiGate/FortiWiFi-80 for smaller networksSeries platforms feature an integrated set of essential security technologies in • Enables deployment ofa single device to protect all of your applications and data. Simple per-device Fortinet’s unmatchedpricing, an integrated management console, and remote management capabilities protection and performancesignificantly reduce costs associated with deployment and management. in smaller environmentsComprehensive Protection Redundant connectivityFortinet’s market-leading security technology and research results in appliances methodsproviding unmatched protection against today’s sophisticated multi-vector threats. • Dual 10/100/1000 Ethernet,FortiGate/FortiWiFi consolidated security platforms integrate firewall, IPSec and dial modem (FG-80CM model) and optional 3GSSL VPN, antivirus, antispam, intrusion prevention, web filtering and vulnerability wireless offer redundantmanagement into a single device at a single price. They also provide data loss WAN connections to ensureprevention (DLP), application control, and endpoint NAC. availability of dataThe FortiGate/FortiWiFi-80 Series specifically addresses many policy enforcement Centralized Managementrequirements included in government and industry regulations, such as the PCI • FortiManager andData Security Standard. They also ease migration to new industry standards such FortiAnalyzer centralizedas IPv6, supporting dynamic routing or both IPv4 and IPv6 networks. Fortinet’s management and reporting appliances simplify theGlobal Threat Research Team and ICSA Labs-certified inspection engines ensure deployment, monitoring, andthe best possible protection in your network. maintenance of the security infrastructure 80 Series Deployment Options
FortiGate-80C and FortiGate-80CMThe FortiGate-80C/80CM platforms offer dual WAN Gigabit Ethernet (10/100/1000)links, for load balancing or redundant ISP connections deliver high availability and FortiGate-80Cscalability to small or home office application. Six Fast Ethernet (10/100) internalsecurity zone or switch ports and one dedicated DMZ port eliminate need foradditional networking devices, reducing investment and management burden. TheFortiGate-80C/CM platforms provide an ExpressCard slot for optional 3G wirelessWAN connectivity such as EV-DO, W-CDMA, HSPA and GPRS, which provides FortiGate-80CMmobile network connectivity for remote deployments or backup data connectivity inthe event of a network failure. The FortiGate-80CM platform gives you the additionalconvenience and reliability of analog modem.FortiWiFi-80CM and FortiWiFi-81CMThe FortiWiFi-80CM/81CM multi-threat security platforms deliver comprehensiveenterprise-class protection and performance at a low price. With the FortiWiFiplatforms’ integrated set of essential security technologies, you can deploy a single FortiWiFi-80CMdevice that protects your applications and data against today’s sophisticated, multi-vector threats.The internal storage in the FortiWiFi-81CM also enables local caching of data for policycompliance or WAN optimization. WAN optimization lowers your networking costs andimproves your application and network performance by reducing the amount of datatransmitted over your WAN. Fortinet’s Global Threat Research Team and ICSA Labs-certified inspection engines ensure that you have the best possible protection in yournetwork. FortiWiFi-81CMFortiGuard® Security Subscription Services deliver dynamic, automated updates for Fortinet products. The Fortinet Global Security ResearchTeam creates these updates to ensure up-to-date protection against sophisticated threats. Subscriptions include antivirus, intrusion prevention,web filtering, antispam, vulnerability and compliance management, application control, and database security services.FortiCare™ Support Services provide global support for all Fortinet products and services. FortiCare support enables your Fortinet products toperform optimally. Support plans start with 8x5 Enhanced Support with return and replace hardware support or 24x7 Comprehensive Supportwith advanced hardware replacement. Options include Premium Support, Premium RMA, and Professional Services. All hardware productsinclude a 1-year limited hardware warranty and a 90-day limited software warranty. FortiGuard Subscription Services Vulnerability Antivirus Intrusion Prevention Web Filtering Antispam Application Control Management FortiGate-80C Supported Supported Supported Supported Supported Supported FortiGate-80CM Supported Supported Supported Supported Supported Supported FortiWiFi-80CM Supported Supported Supported Supported Supported Supported FortiWiFi-81CM Supported Supported Supported Supported Supported Supported
FortiOS 4.0 Software—Raising The BarFortiOS 4.0: Redefining Network Security Fortinet’s ASIC-Based AdvantageFortiOS 4.0 is the software foundation of FortiGate multi- FortiASICs are a family of purpose-built, high performancethreat security platforms. Developed solely for security, processors that use an intelligent proprietary contentperformance, and reliability, it is a purpose-built operating scanning engine and multiple algorithms to acceleratesystem that leverages the power of FortiASIC processors. security and network services. FortiOS Security ServicesFIREWALL ANTIVIRUS / ANTISPYWARE INTRUSION PREVENTION SYSTEM (IPS) ICSA Labs Certified (Enterprise Firewall) ICSA Labs Certified (Gateway Antivirus) ICSA Labs Certified (NIPS) NAT, PAT, Transparent (Bridge) Includes Antispyware and Worm Prevention: Protection From Over 3000 Threats Routing Mode (RIP, OSPF, BGP, Multicast) HTTP/HTTPS SMTP/SMTPS Protocol Anomaly Support Policy-Based NAT POP3/POP3S IMAP/IMAPS Custom Signature Support Virtual Domains (NAT/Transparent mode) FTP IM Protocols Automatic Attack Database Update VLAN Tagging (802.1Q) Flow-Based Antivirus Scanning Mode IPv6 Support Group-Based Authentication & Scheduling Automatic “Push” Content Updates SIP/H.323 /SCCP NAT Traversal File Quarantine Support DATA LOSS PREVENTION (DLP) WINS Support Databases: Standard, Extended, Extreme, Flow Identification and Control Over Sensitive Data in Explicit Proxy Support (Citrix/TS etc.) IPv6 Support Motion VoIP Security (SIP Firewall/RTP Pinholing) Built-in Pattern Database Granular Per-Policy Protection Profiles WEB FILTERING RegEx-based Matching Engine for Customized Identity/Application-Based Policy 76 Unique Categories Patterns Vulnerability Management FortiGuard Web Filtering Service Categorizes over 2 Configurable Actions (block/log) IPv6 Support (NAT/Transparent mode) Billion Web pages Supports IM, HTTP/HTTPS, and More HTTP/HTTPS Filtering Many Popular File Types SupportedVIRTUAL PRIVATE NETWORK (VPN) Web Filtering Time-Based Quota International Character Sets Supported ICSA Labs Certified (IPSec) URL/Keyword/Phrase Block PPTP, IPSec, and SSL Dedicated Tunnels URL Exempt List ANTISPAM SSL-VPN Concentrator (incl. iPhone client support) Content Profiles Support for SMTP/SMTPS, POP3/POP3S, IMAP/ DES, 3DES, and AES Encryption Support Blocks Java Applet, Cookies, Active X IMAPS SHA-1/MD5 Authentication MIME Content Header Filtering Real-Time Blacklist/Open Relay Database Server PPTP, L2TP, VPN Client Pass Through IPv6 Support MIME Header Check Hub and Spoke VPN Support Keyword/Phrase Filtering IKE Certificate Authentication (v1 & v2) APPLICATION CONTROL IP Address Blacklist/Exempt List IPSec NAT Traversal Identify and Control Over 1400 Applications Automatic Real-Time Updates From FortiGuard Automatic IPSec Configuration Control Popular IM/P2P Apps Regardless of Port/ Network Dead Peer Detection Protocol: RSA SecurID Support AOL-IM Yahoo MSN KaZaa ENDPOINT COMPLIANCE AND CONTROL SSL Single Sign-On Bookmarks ICQ Gnutella BitTorrent MySpace Monitor & Control Hosts Running FortiClient Endpoint SSL Two-Factor Authentication WinNY Skype eDonkey Facebook Security LDAP Group Authentication (SSL) HIGH AVAILABILITY (HA) MANAGEMENT/ADMINISTRATIONNETWORKING/ROUTING Active-Active, Active-Passive Console Interface (RS-232) Multiple WAN Link Support Stateful Failover (FW and VPN) WebUI (HTTP/HTTPS) DHCP Client/Server Device Failure Detection and Notification Telnet / Secure Command Shell (SSH) Policy-Based Routing Link Status Monitor Command Line Interface Dynamic Routing for IPv4 and IPv6 (RIP, OSPF, BGP, & Link failover Role-Based Administration Multicast for IPv4) Server Load Balancing Multi-language Support: English, Japanese, Korean, Multi-Zone Support Spanish, Chinese (Simplified & Traditional), French Route Between Zones WAN OPTIMIZATION Multiple Administrators and User Levels Route Between Virtual LANs (VDOMS) Bi-directional / Gateway to Client/Gateway Upgrades and Changes via TFTP and WebUI Multi-Link Aggregation (802.3ad) Integrated Caching and Protocol Optimization System Software Rollback IPv6 Support (Firewall, DNS, Transparent Mode, SIP, Accelerates CIFS/FTP/MAPI/HTTP/HTTPS/Generic TCP Configurable Password Policy Dynamic Routing, Admin Access, Management) Optional FortiManager Central Management VRRP and Link Failure Control VIRTUAL DOMAINS (VDOMs) sFlow Client Separate Firewall/Routing Domains LOGGING/MONITORING/VULNERABILITY Separate Administrative Domains Local Event LoggingUSER AUTHENTICATION OPTIONS Separate VLAN Interfaces Log to Remote Syslog/WELF Server Local Database 10 VDOM License Std. (more can be added) Graphical Real-Time and Historical Monitoring Windows Active Directory (AD) Integration SNMP Support External RADIUS/LDAP Integration WIRELESS CONTROLLER Email Notification of Viruses And Attacks Xauth over RADIUS for IPSEC VPN Unified WiFi and Access Point Management VPN Tunnel Monitor RSA SecurID Support Automatic Provisioning of APs Optional FortiAnalyzer Logging / Reporting LDAP Group Support On-wire Detection and Blocking of Rogue APs Optional FortiGuard Analysis and Management Virtual APs with Different SSIDs ServiceDATA CENTER OPTIMIZATION Multiple Authentication Methods Web Server Caching TCP Multiplexing TRAFFIC SHAPING HTTPS Offloading Policy-based Traffic Shaping WCCP Support Application-based and Per-IP Traffic Shaping Differentiated Services (DiffServ) Support Guarantee/Max/Priority Bandwidth Shaping via Accounting, Traffic QuotasNote: The list above is comprehensive and may contain FortiOS features which are not available on all FortiGate appliances.Consult FortiGate system documentation to determine feature availability.
Firewall Intrusion PreventionFortinet firewall technology delivers industry-leading performance IPS technology provides protection against current and emergingfor network and application firewalling including Web 2.0 application network level threats. In addition to signature-based detection, wepolicies based on the application identity, up to and beyond 10 Gbps perform anomaly-based detection whereby our system alerts usersthroughput. Our technology identifies traffic patterns and links them to traffic that fits a profile matching attack behavior. This behavior isto the use of specific applications, such as instant messaging and then analyzed by our threat research team to identify threats as theypeer-to-peer applications, permitting application access control. By emerge and generate new signatures that will be incorporated into ourcoupling application intelligence with firewall technology, the FortiGate FortiGuard services.platform is able to deliver real-time security with integrated applicationcontent level inspection, thereby simplifying security deployments. Firewall Intrusion Prevention System Feature Highlights NAT, PAT and Transparent (Bridge) Features Supported Automatic Attack Database Update Policy-Based NAT Protocol Anomaly Support SIP/H.323/SCCP NAT Traversal IPS and DoS Prevention Sensor VLAN Tagging (802.1Q) Custom Signature Support IPv6 Support IPv6 Support Performance Performance Model FortiGate 80C/80CM, FortiWiFi-80CM/81CM Model FortiGate 80C/80CM, FortiWiFi-80CM/81CM Firewall (1518 Byte) 700 Mbps IPS Throughput 100 Mbps Firewall (512 Byte) 350 Mbps Antivrus / Antispyware VPNAntivirus content inspection technology provides protection against Fortinet VPN technology provides secure communications betweenvirus, spyware, worms, phishing and other forms of malware being multiple networks and hosts, through both secure socket layer, ortransmitted over the network infrastructure. By intercepting application SSL, and IPsec VPN technologies, leveraging our custom FortiASIC tocontent in transit, and reassembling the data into user expected provide hardware acceleration for high-performance communicationscontent, the FortiGate Antivirus features ensures that malicious threats and data privacy. Benefits include the ability to enforce completehidden within legitimate application content is identified and removed content inspection and multi-threat security as part of VPNfrom the data stream destined for internal (or external) recipients. The communications, including antivirus, Intrusion Prevention System, oraddition of Fortinet’s FortiGuard subscription services ensured each IPS, and Web filtering. Additional features include traffic optimizationFortiGate has access to updated malware signatures, resulting in providing prioritization for traffic across VPNs.high level of accuracy and detection capabilities including emergingand newly discovered viruses. ICSA Labs has certified our antivirusfunctionality. Antivirus VPN Features Supported Proxy Antivirus Feature Highlights IPSec and SSL VPN Flow-based Antivirus DES, 3DES, AES and SHA-1/MD5 Authentication File Quarantine PPTP, L2TP, VPN Client Pass Through IPv6 Support SSL Single Sign-On Bookmarks Performance Two-Factor Authentication Model FortiGate-80C/80CM, FortiWiFi-80CM/81CM Performance Antivirus 50 Mbps Model FortiGate-80C/80CM, FortiWiFi-80CM/81CM IPSec VPN 80 Mbps Recommend # of SSL 60 Users
WAN Optimization SSL InspectionWith WAN Optimization, you can accelerate applications over your SSL-Encrypted Traffic Inspection protects clients and web andwide area links while ensuring multi-threat security enforcement. application servers from malicious SSL-encrypted traffic, to whichFortiOS 4.0 software not only eliminates unnecessary and malicious most security devices are often blind. SSL Inspection interceptstraffic as one of its core capabilities, it also optimizes legitimate traffic encrypted traffic and inspects it for threats, prior to routing it to its finalby reducing the amount of communication and data transmitted destination. SSL Inspection applies to both client-oriented SSL trafficbetween applications and servers across the WAN. This results in (such as users connecting to an SSL-encrypted hosted CRM site) andimproved performance of applications and network services, as inbound traffic destined an organization’s own web and applicationwell as helping to avoid additional higher-bandwidth provisioning servers. You now have the ability to enforce appropriate use policiesrequirements. on inappropriate encrypted web content, and protect servers from WAN Optimization SSL Inspection Model Supported FortiWiFi-81CM Features Highlight Protocol: HTTPS, SMTPS, POP3S, IMAPS Features Highlight Gateway-to-Gateway Optimization Inspection support: Antivirus, Web Filtering, Bi-directional Gateway-to-client Optimization Antispam, Data Loss Prevention Web Caching SSL Offload Secure Tunnel Transparent ModeEnd-Point NAC Data Loss PreventionEndpoint NAC enforces the use of the FortiClient Endpoint Security It is imperative for you to control the vast amount of confidential,application (either Standard or Premium editions) on your network. regulated, and proprietary data traversing your network, and keepIt verifies the installation of the most recent version of the FortiClient it within defined network boundaries. Working across multipleapplication, up-to-date antivirus signatures, and enabled firewall applications (including those encrypting their communications),before allowing the traffic from that endpoint to pass through the DLP uses a sophisticated pattern-matching engine to identify andFortiGate platform. You also have the option to quarantine endpoints then prevent the communication of sensitive information outside therunning applications that violate policies and require remediation. network perimeter. In addition to protecting your organization’s critical information, DLP also provides audit trails for data and files to aid in policy compliance. You can use the wide range of configurable actions to log, block, and archive data, as well as ban or quarantine users. Endpoint Network Access Control (NAC) Data Loss Prevention (DLP) Features Highlight Monitor & Control Hosts Running FortiClient Features Highlight Identification And Control Over Data in Motion Vulnerability Scanning of Network Nodes Built-in Pattern Database Quarantine Portal RegEx Based Matching Engine Application Detection and Control Common File Format Inspection Built-in Application Database International Character Sets SupportedWeb Filtering Logging & MonitoringWeb filtering technology is a pro-active defense feature that identifies FortiGate units provide extensive logging capabilities for traffic,known locations of malware and blocks access to these malicious system and network protection functions. They also allow you tosources. In addition the technology enables administrators to enforce compile reports from the detailed log information gathered. Reportspolicies based on website content categories ensuring users are not provide historical and current analysis of network activity to helpaccessing content that is inappropriate for their work environment. identify security issues that will reduce and prevent network misuseThe technology restricts access to denied categories based on the and abuse.policy by comparing each Web address request to a Fortinet hosteddatabase. WEB Filtering Logging and Monitoring Features Highlight HTTP/HTTPS Filtering Features Highlight Internal Log storage and Report Generation URL / Keyword / Phrase Block Graphical Real-Time and Historical Monitoring Blocks Java Applet, Cookies or Active X Graphical Report Scheduling Support MIME Content Header Filtering Optional FortiAnalyzer Logging (including per IPv6 Support VDOM) Optional FortiGuard Analysis and Management Service
Virtual Domain High AvailabilityVirtual Domain (VDOM) enable a single FortiGate system to function High Availability (HA) configuration enhances reliability and increasesas multiple independent virtual FortiGate systems. Each VDOM performance by clustering multiple FortiGate appliances into acontains its own virtual interfaces, security profiles, routing table, single entity. FortiGate High Availability supports Active-Active andadministration and many other features. FortiGate VDOMs reduces Active-Passive options to provide the maximum flexibility for utilizingthe complexity in physical network by virtualizing different security each member within the HA cluster. HA feature is included as partresources over a common platform, greatly reduces the power and of the FortiOS operation system so end-users can benefit from thefootprint required by multiple point solutions. reliability enhancement without the extra cost. Virtual Domains High Availability (HA) Features Highlight Separate Firewall / Routing Domains Features Highlight Active-Active and Active-Passive Separate Administrative Domains Stateful Failover (FW and VPN) Separate VLAN Interfaces Link State Monitor and Failover VDOMs (Max / Default) 10 / 10 Device Failure Detection and Notification Server Load BalancingApplication Control Wireless ControllerApplication control enables you to define and enforce policies for Wireless controller integrated into every FortiGate platformthousands of applications running on your endpoints, regardless centralizes the management and monitoring of all FortiAP units.of the port or the protocol used for communication. Application All wireless traffic is directed to the FortiGate multi-threat securityclassification and control is essential to manage the explosion of platform and undergoes identity-aware firewall policies and UTMnew web-based applications bombarding networks today, as most engine inspection and only authorized wireless traffic is forwarded.application traffic looks like normal web traffic to traditional firewalls. From a single console you can control network access, updateFortinet’s application control technology identifies application traffic policies quickly and easily, and monitor compliance.and then applies security policies easily defined by the administrator.The end result is more flexible and granular policy control, with deepervisibility into your network traffic. Application Control Wireless Controller Features Highlight Identify and Control Over 1000 Applications Features Highlight Managed and Monitor FortiAP product Traffic Shaping (Per Application) Rogue AP Detection, Control and Reporting Control Popular IM/P2P Apps Regardless of Port Virtual AP with different SSID / Protocol Popular Applications include: AOL-IM Yahoo MSN KaZaa ICQ Gnutella BitTorrent MySpace WinNY Skype eDonkey Facebook and more
Technical Specifications FortiGate-80C FortiGate-80CM FortiWiFi-80CM FortiWiFi-81CM Hardware Specifications 10/100/1000 WAN Interfaces (Copper, RJ-45) 2 2 2 2 10/100 Internal Switch Interfaces (Copper, RJ-45) 6 6 6 6 10/100 DMZ Interfaces (Copper, RJ-45) 1 1 1 1 Console (Copper, RJ-45) 1 1 1 1 USB Interfaces 2 2 2 2 ExpressCard Slot 1 1 1 1 WLAN Support - - 802.11 a/n or b/g/n 802.11 a/n or b/g/n Analog Modem - Yes Yes Yes Internal Storage - - - 32 GB System Performance Firewall Throughput (1518 byte UDP packets) 700 Mbps Firewall Throughput (512 byte UDP packets) 350 Mbps IPSec VPN Throughput 80 Mbps IPS Throughput 100 Mbps Antivirus Throughput (Proxy-based) 50 Mbps Antivirus Throughput (Flow-based) 90 Mbps Gateway-to-Gateway IPSec VPN Tunnels 200 Client-to-Gateway IPSec VPN Tunnels 300 Concurrent Sessions 100,000 New Sessions/Sec 5,000 Concurrent SSL-VPN Users (Recommended Max) 60 SSL-VPN Throughput 50 Mbps Firewall Policies (Max) 2,000 Virtual Domains (Max / Default) 10 / 10 Unlimited User Licenses Yes Mean Time Between Failures More than 8 years More than 5 years More than 5 years More than 5 years Dimensions Height x Width x Length (in) 1.75 x 10.87 x 6.13 in Height x Width x Length (cm) 4.45 x 27.61 x 15.57 cm Weight 3.5 lb (1.59 kg) Wall Mountable Yes Environment Power Required 100-240 VAC, 50-60 Hz, 0.8 Amp max Power Consumption (AVG) 32 W 32 W 44 W 45 W BTU 108 BTU 108 BTU 150 BTU 151 BTU Operating Temperature 32 – 104 deg F (0 – 40 deg C) Storage Temperature -13 – 158 deg F (-25 – 70 deg C) Humidity 5 to 95% non-condensing Compliance & Certification Compliance FCC Class A Part 15, / CE Mark Certification ICSA Labs: Firewall, Antivirus, IPSec VPN, SSL VPN, Intrusion Prevention Antivirus performance is measured using HTTP traffic with 32 Kbyte file attachments. IPS performance is measured using UDP traffic with 512 byte packet size. Actual performance may vary depending on network traffic and environment. Ordering Info Industry Certifications Product SKU FortiGate-80C Security Appliance Bundle * FG-80C-BDL FotiGate-80CM Security Appliance Bundle FG-80CM-BDL FortiWiFi-80CM Security Appliance Bundle FWF-80CM-BDL FortiWiFi-81CM Security Appliance Bundle FWF-81CM-BDL Optional Accessories SKU DC Adapter for the FG-80C, FG-80CM, FWF-80CM, FWF-81CM SP-FG80-PDC Wall Mount Kit (with express card lock) SP-FG-50B-60B-MOUNT* Bundles Includes 1 Yr of FortiGuard / FortiCare ServiceGLOBAL HEADQUARTERS EMEA SALES OFFICE – FRANCE APAC SALES OFFICE – SINGAPOREFortinet Incorporated Fortinet Incorporated Fortinet Incorporated1090 Kifer Road, Sunnyvale, CA 94086 USA 120 rue Albert Caquot 300 Beach Road #20-01Tel +1.408.235.7700 06560, Sophia Antipolis, France The Concourse, 199555 SingaporeFax +1.408.235.7737 Tel +33.4.8987.0510 Tel: +65-6513-3734www.fortinet.com/sales Fax +33.4.8987.0501 Fax: +65-6295-0015Copyright(c) 2011 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks oftheir respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothingherein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrantsthat the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinetreserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600. FG-FWF-80C-81C-DAT-R3.1-201107