Fortinet FortiGate 3600C
World's Most Advanced Next Generation Firewall

Overview:

The Next Generation Firewall FortiGate-3600C delivers consolidated, fully integrated unified threat management for large enterprises and managed service providers. Accelerated security throughput, high port density and ease of management capabilities makes it ideal for your most demanding network environments. With numerous accelerated multi-threat security interfaces, you can create multiple security zones for various departments, users, access methods, and even devices to enforce network security at accelerated speeds. An integrated set of essential security technologies protects all of your applications and data.

The FortiGate-3600C next generation firewall, with exceptional performance, deployment flexibility and security features, is designed to protect the most demanding network environments. Purpose-built by Fortinet, the FortiGate-3600C delivers superior performance through a combination of custom hardware, including FortiASIC™ processors, high port density, and consolidated security features from the FortiOS™ operating system.

Whether protecting your data center and network perimeter or deployed as part of a managed security service, the 30 high speed ports and 60 Gbps of firewall throughput make the FortiGate-3600C next generation firewall ideal for securing high bandwidth networks.

FortiGate-3600C Features & Benefits:

• 60 Gbps firewall performance and sub-4 microsecond latency ensures optimal performance for latency sensitive environments
• Advanced application control lets you define and enforce policies for thousands of applications running across networks regardless of port or the protocol used for communication
• Virtual private network (VPN) technology enforces complete content inspection and multi-threat protection. Traffic optimization prioritizes critical communications traversing VPN tunnels
• Over 4000 IPS signatures enables you to stop attacks that evade more conventional firewalls. Behavior-based heuristics recognize zero day threats for which no signature has been created.
• Data leakage prevention uses a sophisticated pattern-matching engine to help identify and prevent the transfer of sensitive information outside of network perimeters, even when applications encrypt their communications
• Available FortiManager and FortiAnalyzer appliances simplify security management and reduce operating expenses in multiple deployments
• FortiGuard Subscription Services deliver automated, real-time, up-to-date protection against security threats and exploits.

Security Beyond Next Generation Firewall

The FortiGate-3600C next generation firewall allows you to deploy the right blend of essential hardware-accelerated security technologies now and in the future to meet your evolving network requirements. These technologies include firewall, VPN, intrusion prevention and application control, all managed from a 'single pane of glass' management console.

Unlike other next generation firewalls, the FortiGate-3600C also includes additional security technologies such as antimalware, web content filtering and WAN optimization, allowing you to consolidate stand-alone devices. In addition, the FortiGate-3600C can be deployed as an enterprise class wireless controller and endpoint security manager.

Content Processor

The FortiASIC CP8 content processor works outside of the direct flow of traffic, providing high-speed cryptography and content inspection services including:

• Signature-based content inspection acceleration
• Encryption and decryption offloading

Network Processor

The FortiASIC NP4 network processor works inline with firewall and VPN functions delivering:

• Wire-speed firewall performance for any size packets
• VPN acceleration
• Anomaly-based intrusion prevention, checksum offload and packet defragmentation
• Traffic shaping and priority queuing

10G Connectivity for Core Infrastructure

High speed connectivity is essential for network security segmentation at the core of data networks. The FortiGate-3600C provides one of the highest 10G port densities in the market, simplifying network designs without relying on additional devices to bridge desired connectivity.

Powered by FortiASICs

• Custom FortiASIC™ processors deliver the power you need to detect malicious content at multi-Gigabit speeds
• Other security technologies cannot protect against today's wide range of content- and connection-based threats because they rely on generalpurpose CPUs, causing a dangerous performance gap
• FortiASIC processors provide the performance needed to block emerging threats, meet rigorous thirdparty certifications, and ensure that your network security solution does not become a network bottleneck

Features:

Unique Visibility and Control

FortiOS allows greater traffic visibility and more consistent, granular control over users, devices, applications and sensitive data. Dashboard widgets allow you to quickly view and understand real-time network activities and threat situations.

Ease of Use

FortiOS lowers operational costs and reduces IT staff workload. Single pane of glass management and centralized analysis ensure consistent policy creation and enforcement while minimizing deployment and configuration challenges.

Comprehensive Systems Integration

Integration with external systems are possible with wide range of interfacing protocols support and certified solution partners. You can rely on facilities such as SNMP, sFlow and syslog for monitoring purposes. Integration with provisioning systems and custom portals is possible with Web Service APIs via FortiManager. Scripting using various scripting languages is supported by manipulating CLI commands.

Proven with Industry Validation

FortiGate holds more industry certifications than competitive products, assuring feature quality and providing you best-of-breed protection.

Robust Virtual Systems

FortiOS Virtual Domains (VDOMs) is proven method of dividing a FortiGate unit/cluster into two or more virtual units that function as independent units. It has the industry's most comprehensive virtualization capabilities to meet today's complex MSSP deployments.

Identity Centric Enforcement

FortiOS supports both local and remote authentication services such as LDAP, Radius and TACACS+ to identify users and apply appropriate access policies and security profiles accordingly. It can simplify identity based implementations and provide a seamless user authorization experience with single sign-on capabilities. FortiOS has strong PKI and certificate-based authentication services while also integrating an internal two factor authentication server for additional security.

Extensive Network Support

FortiOS meets numerous network design requirements. A wealth of routing, multicasting and network resiliency protocols are supported for interoperating with other networking devices.

Superior IPS capabilities

Over 4000 IPS signatures enables you to stop attacks that evade more conventional firewalls. Behavior-based heuristics recognize zero day threats for which no signature has been created.

Application Control

Advanced application control lets you define and enforce policies for thousands of applications running across networks regardless of port or the protocol used for communication.

Powerful Policy Management

Two types of policy management views - global and section view - are available to suit your preferences. Policy objects can be easily edited from the policy table. Available management features include policy object search, tagging, sorting and filtering.

With FortiManager integration, you have the ability to set up sophisticated policy implementation and provisioning workflows to meet compliance or operational requirements. FortiAnalyzer enables complete and accurate configuration audit trails to reside externally for secured storage.

Flexible Role-based Administration

Access profiles can be defined to provide granular access to VDOMs and system functionalities. This is valuable in facilitating compliant enterprise-class security operation workflows.

Beyond Next Generation Firewall Capabilities

FortiOS supports various value-adding components to the network that is unique in the market. This includes in-box token server, wireless controller and vulnerability scanner. These features simplify network design and deployment while also providing more secure implementations without incurring additional cost.

Broad IPv6 Support

Maintaining security for both IPv4 and IPv6 traffic will be crucial to the success of mixed networks. Malware and network threats are independent of IPv4 or IPv6. FortiOS is able to use IPv6 security policies to provide access control and FortiGuard Unified Threat Protection (UTP) for IPv6 traffic. FortiOS has been successfully evaluated as compliant with core protocol and interoperability tests defined by IPv6 Ready Logo Phase 2.

World-Class Technical Support and Documentation

Fortinet FortiCare support offerings provide comprehensive global support for all Fortinet products and services. You can rest assured your Fortinet security products are performing optimally and protecting your users, applications, and data around the clock.

FortiOS Software:

Integrated Multi-Threat Protection

The FortiGate product family provides cost-effective, comprehensive protection against network, content, and application-level threats. It defends your environment from complex, sophisticated attacks without degrading network availability and affecting application performance.

FortiGate platforms combine the purpose-built FortiOS™ security operating system with custom FortiASIC processors and other hardware to provide a comprehensive and highperformance array of security and networking functions.

The FortiGate product family delivers the highest level of network, content, and application security for enterprises of all sizes, while reducing total cost of ownership. With Fortinet, you deploy the network security you need to protect your intellectual property, preserve the privacy of critical customer information, and maintain regulatory compliance.

FortiOS 5.0 Software

FortiOS 5.0, the world's most powerful security operating system, is the foundation for all Fortinet FortiGate integrated security platforms. It provides more security, intelligence and control to help enterprises be better protected against today's advanced threats and enable more secure BYOD environments.

	More Security Fighting Advanced Threats More Security to fight advanced threats. A client reputation feature gives enterprises a cumulative security ranking of each device based on a range of behaviors and provides specific, actionable information that enables organizations to identity compromised systems and potential zero-day attacks in real time. The new advanced anti-malware detection system adds an on-device behavior-based heuristic engine and cloud-based AV services that includes an operating system sandbox and botnet IP reputation database. Together with superior industry-validated AV signatures, FortiOS 5.0 delivers unbeatable multi-layered protection against today's sophisticated malware. Client Reputation with Cumulative Rankings OS Sandbox Advanced Botnet Protection
	More Control Securing Mobile Devices More Control to secure mobile devices and BYOD environments by identifying devices and applying specific access policies as well as ecurity profiles, according to the device type or device group, location and usage. Device Identification & Visibility New Identity Based Policies Endpoint Control
	More Intelligence Build Smart Policies More Intelligence with automatic adjustment of role-based policies for users and guests based on location, data and application profile. Enhanced reporting and analysis also provides administrators with more intelligence on the behavior of their network, users, devices, applications and threats. Provide Guest Access with Confidence Enhanced Visibility & Reporting and Overal User Experience Extended Single Sign On Capabilities

FortiOS Security Services
Firewall ICSA Labs Certified (Enterprise Firewall) NAT, PAT, Transparent (Bridge) Routing Mode (RIP, OSPF, BGP, Multicast) Policy-Based NAT Virtual Domains (NAT/Transparent mode) VLAN Tagging (802.1Q) Group-Based Authentication & Scheduling SIP/H.323 /SCCP NAT Traversal WINS Support Explicit Proxy Support (Citrix/TS etc.) VoIP Security (SIP Firewall/RTP Pinholing) Granular Per-Policy Protection Profiles Identity/Application-Based Policy Vulnerability Management IPv6 Support (NAT/Transparent mode) Virtual Private Network (VPN) ICSA Labs Certvified (IPSec) PPTP, IPSec, and SSL Dedicated Tunnels DES, 3DES, and AES Encryption Support SHA-1/MD5 Authentication PPTP, L2TP, VPN Client Pass Through Hub and Spoke VPN Support IKE Certificate Authentication (v1 & v2) IPSec NAT Traversal Automatic IPSec Configuration Dead Peer Detection RSA SecurID Support SSL Single Sign-On Bookmarks SSL Two-Factor Authentication LDAP Group Authentication (SSL) Networking/Routing Multiple WAN Link Support DHCP Client/Server Policy-Based Routing Dynamic Routing for IPv4 and IPv6 (RIP, OSPF, BGP, & Multicast for IPv4) Multi-Zone Support Route Between Zones Route Between Virtual LANs (VDOMS) Multi-Link Aggregation (802.3ad) IPv6 Support (Firewall, DNS, Transparent Mode, SIP, Dynamic Routing, Administrative Access, Management) VRRP and Link Failure Control sFlow Client User Authentication Options Local Database Windows Active Directory (AD) Integration External RADIUS/LDAP Integration Xauth over RADIUS for IPSEC VPN RSA SecurID Support LDAP Group Support Data Center Optimization Web Server Caching TCP Multiplexing HTTPS Offloading WCCP Support	Antivirus / Antispyware ICSA Labs Certified (Gateway Antivirus) Includes Antispyware and Worm Prevention: HTTP/HTTPS, SMTP/SMTPS, POP3/POP3S, IMAP/IMAPS, FTP, IM Protocols Flow-Based Antivirus Scanning Mode Automatic “Push” Content Updates File Quarantine Support Databases: Standard, Extended, Extreme, Flow IPv6 Support Web Filtering 76 Unique Categories FortiGuard Web Filtering Service Categorizes over 2 Billion Web pages HTTP/HTTPS Filtering URL/Keyword/Phrase Block URL Exempt List Content Profiles Blocks Java Applet, Cookies, Active X MIME Content Header Filtering IPv6 Support Application Control Identifiy and Control Over 1400 Applications Control Popular IM/P2P Apps Regardless of Port/Protocol: AOL-IM, Yahoo, MSN, KaZaa, ICQ, Gnutella, BitTorrent, MySpace, WinNY, Skype, eDonkey, Facebook High Availability (HA) Active-Active, Active-Passive Stateful Failover (FW and VPN) Device Failure Detection and Notification Link Status Monitor Link failover Server Load Balancing WAN Optimization Bi-Directional / Gateway to Client/Gateway Integrated Caching and Protocol Optimization Accelerates CIFS/FTP/MAPI/ HTTP/HTTPS/Generic TCP Virtual Domains (VDOMs) Separate Firewall/Routing Domains Separate Administrative Domains Separate VLAN Interfaces 10 VDOM License Standard, Upgradable to More Wireless Controller Unified WiFi and Access Point Management Automatic Provisioning of APs On-wire Detection and Blocking of Rogue APs Virtual APs with Different SSIDs Multiple Authentication Methods Traffic Shaping Policy-based Traffic Shaping Application-based and Per-IP Traffic Shaping Differentiated Services (DiffServ) Support Guarantee/Max/Priority Bandwidth Shaping via Accounting, Traffic Quotas	Intrustion Prevention System (IPS) ICSA Labs Certified (NIPS) Protection From Over 3000 Threats Protocol Anomaly Support Custom Signature Support Automatic Attack Database Update IPv6 Support Data Loss Prevention (DLP) Identification and Control Over Sensitive Data in Motion Built-in Pattern Database RegEx-based Matching Engine for Customized Patterns Configurable Actions (block/log) Supports IM, HTTP/HTTPS, and More Many Popular File Types Supported International Character Sets Supported Antispam Support for SMTP/SMTPS, POP3/POP3S, IMAP/IMAPS Real-Time Blacklist/Open Relay Database Server MIME Header Check Keyword/Phrase Filtering IP Address Blacklist/Exempt List Automatic Real-Time Updates From FortiGuard Network Endpoint Compliance and Control Monitor & Control Hosts Running FortiClient Endpoint Security Management/Administration Console Interface (RS-232) WebUI (HTTP/HTTPS) Telnet / Secure Command Shell (SSH) Command Line Interface Role-Based Administration Multi-language Support: English, Japanese, Korean, Spanish, Chinese (Simplified & Traditional), French Multiple Administrators and User Levels Upgrades and Changes via TFTP and WebUI System Software Rollback Configurable Password Policy Optional FortiManager Central Management Logging/Monitoring Local Event Logging Log to Remote Syslog/WELF server Graphical Real-Time and Historical Monitoring SNMP Email Notification of Viruses And Attacks VPN Tunnel Monitor Optional FortiAnalyzer Logging / Reporting Optional FortiGuard Analysis and Management Service

Deployments:

Next-Generation Perimeter Security

Firewalls alone aren't enough to block today's blended threats and attacks. Data centers require multi-layered security technologies that examine entire packet flows, from content inspection through re-assembly, to stop threats at the perimeter. The FortiGate-3600C offers critical perimeter security protection without compromising performance and scalability.

Data Center Core Security

Today's high-speed data centers require not only perimeter security but also network protection between various network segments at the core. The FortiGate-3600C meets the requirement as a security gateway with superior next generation firewall performance and features. High density 10G interfaces allow connectivity between the segments without the need of bridging devices.

MSSP Solution

The FortiGate-3600C delivers comprehensive security for Managed Security Service Providers (MSSPs). The full suite of Fortinet integrated management applications — including granular reporting features — offer unprecedented visibility into the security posture of customers while identifying their highest risks.

Specifications:

Front


Back

Technical Specifications	FortiGate-3600C
Interfaces & Modules
Hardware Accelerated 10-GbE/GbE SFP+ Slots	12
Hardware Accelerated GbE SFP Slots	16
GbE Copper Ports	2
Local Storage	128 GB
USB Interface for FortiExplorer	1
RJ-45 Console Port	1 (DB9 Interface)
System Performance & Capacity
Firewall Throughput (1518 / 512 / 64 byte, UDP)	60 / 60 / 60 Gbps
Firewall Latency (64 byte UDP packets)	4 uS
Firewall Throughput (Packets Per Second)	90 Mpps
Concurrent Sessions (TCP)	28 Million
New Sessions/Sec (TCP)	235,000
Firewall Policies	100,000
IPSec VPN Throughput (512 byte packets)	17 Gbps
Gateway-to-Gateway IPSec VPN Tunnels	10,000
Client-to-Gateway IPSec VPN Tunnels	64,000
SSL-VPN Throughput	5.3 Gbps
Concurrent SSL-VPN Users (Recommended Max)	30,000
IPS Throughput	14 Gbps
Antivirus Throughput (Proxy Based / Flow Based)	5.8 / 18 Gbps
Virtual Domains (Default / Max)	10 / 500
Max Number of FortiAPs	1,024
Max Number of FortiTokens	5,000
High Availability Configurations	Active-Active, Active-Passive, Clustering
Dimensions and Power
Height x Width x Length	5.24 x 9.65 x 21.65 (133 x 245 x 550 mm)
Weight	48.70 lb (22.08 kg)
Form Factor	3 RU, Ears + Rails
AC Power Supply	100 - 240 VAC, 50-60 Hz, 110V/6A, 220V/3A
Power Consumption (Avg / Max)	512 / 615 W
Heat Dissipation	2,098 BTU/h
Redundant Power Supplies	Yes, Hot Swappable
Environmental
Operating Temperature	32 – 104 deg F (0 – 40 deg C)
Storage Temperature	-31 – 158 deg F (-35 – 70 deg C)
Humidity	20 to 90% non-condensing
Compliance & Certification
Compliance	FCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CB
Certification	ICSA Labs: Firewall, IPSec, IPS, Antivirus, SSL VPN

Note: All performance values are "up to" and vary depending on system configuration. Antivirus performance is measured using 44 Kbyte HTTP files. IPS performance is measured using 1 Mbyte HTTP files.

Services & Support:

FortiGuard Security Subscription Services

FortiGuard Security Subscription Services deliver dynamic, automated updates for Fortinet products. The Fortinet Global Security Research Team creates these updates to ensure up-to-date protection against sophisticated threats. Subscriptions include antivirus, intrusion prevention, web filtering, antispam, vulnerability and compliance management, application control, and database security services.

FortiCare Support Services

FortiCare™ Support Services provide global support for all Fortinet products and services. FortiCare support enables your Fortinet products to perform optimally. Support plans start with 8x5 Enhanced Support with return and replace hardware support or 24x7 Comprehensive Support with advanced hardware replacement. Options include Premium Support, Premium RMA, and Professional Services. All hardware products include a 1-year limited hardware warranty and a 90-day limited software warranty.

Documentation:

Download the Fortinet FortiGate 3600C Datasheet (PDF).