Machine Translated by Google

ORDERING GUIDE

FortiGate Subscriptions and FortiGuard Bundles

FortiGuard AI-powered Security Services offer a comprehensive array of security capabilities to protect
networks, data, SaaS applications, and web usage while also providing security capabilities for enhanced NOC
and SOC operations.

Imagine a pyramid representing your organization’s attack surface. To effectively address your security needs, start by
identifying the threats most relevant to your organization. Then, build your security strategy by selecting services that provide the
appropriate coverage level for each attack surface pyramid layer. Crucially, this understanding of your threat landscape empowers
you to make informed decisions about the security services you need, ultimately guiding you towards the right service bundles for
your organization.

1
Machine Translated by Google

ORDERING GUIDE | FortiGate Subscriptions and FortiGuard Bundles

FORTIGUARD BUNDLE CORE ELEMENTS

Network & File Security: consists of IPS to monitor network security overhead. It focuses on comprehensive defense

traffic, analyzes for malicious content, and uses AI/ML by blocking unknown threats while streamlining incident

for real-time threat detection with virtual patching, while response efforts. Note: Zero-day threat detection is included

antimalware offers real-time defense against all threats, in ATP and UTP bundles through cloud-based sandbox

enhances protection through threat intelligence, and provides services.

multilayered security. Application Control enhances security

Data & SaaS Security: consists of network DLP, which ensures
compliance and offers real-time application visibility.
visibility and protection of data in transit across

Web & DNS Security: offers URL filtering, which stops web-based networks.

threats, blocks malicious sites and content, and checks email links for

potential threats. IP address reputation and antibotnet prevents botnet

communication, blocks DDoS attacks from known sources, and offers "set

and forget" functionality. DNS security defends against DNS attacks,

encrypts DNS traffic for user privacy, and ensures DNS reliability with

FortiGuard DNS filtering. Additionally, it includes DNSSEC, DNS tunneling

blocking, and protection against DNS flood attacks; and defends against

DoS/DDoS

attacks.

Zero-day protection: available on all NGFWs. Inline malware

prevention, included in the Enterprise Protection bundle

or separately a la carte provides inline malware protection

against unknown files and zero-day threats in real-time,

offering sub-second verdicts. The built-in MITRE ATT&CK®

matrix accelerates investigations, reducing breaches and

You can choose our strategically curated high-value

bundles tailored to meet your unique business
requirements or customize your security strategy by
ordering individual services à la carte.

All bundles include FortiCare Premium

Technical Support services featuring 24x7x365
availability, one-hour response for critical issues,
and next business-day response for non-critical
matters.

22
Machine Translated by Google

ORDERING GUIDE | FortiGate Subscriptions and FortiGuard Bundles

PRODUCT OFFERINGS

For FortiGate hardware, virtual machines, and software-as-a-service (SaaS):

FORTIGUARD SECURITY SERVICES SD-WAN AND SASE SERVICES

INDIVIDUAL / BUNDLES INDIVIDUAL / BUNDLES
Network Security A La Carte Enterprise UTP ATP A La Carte Enterprise UTP ATP

IPS ÿÿ ÿÿ ÿÿ ÿÿ SD-WAN Underlay Bandwidth and

ÿÿ
Quality Monitoring
IPS ÿÿ ÿÿ ÿÿ ÿÿ
SD-WAN Overlay-as-a-Service ÿÿ
Malicious/Botnet URLs ÿÿ ÿÿ ÿÿ ÿÿ SD-WAN Connector for
FortiSASE Secure Private ÿÿ
File Content Security
Access
Advanced Malware Protection
ÿÿ ÿÿ ÿÿ ÿÿ SASE connector for FortiSASE Desktop
(AMP)
Secure Edge Management (with Models
Antivirus 10Mbps Bandwidth) only
ÿÿ ÿÿ ÿÿ ÿÿ

Botnet Domains ÿÿ ÿÿ ÿÿ ÿÿ

Mobile Malware ÿÿ ÿÿ ÿÿ ÿÿ
NOC AND SOC SERVICES
Virus Outbreak Protection ÿÿ ÿÿ ÿÿ ÿÿ
Content Disarm & INDIVIDUAL / BUNDLES
Reconstruct* ÿÿ ÿÿ ÿÿ ÿÿ
A La Carte Enterprise UTP ATP
AI-based Heuristic AV ÿÿ ÿÿ ÿÿ ÿÿ FortiConverter Service ÿÿ ÿÿ
FortiGate Cloud Sandbox ÿÿ ÿÿ ÿÿ ÿÿ
Managed FortiGate Service ÿÿ
Zero-Day Threat Protection
FortiGate Cloud ÿÿ
AI-based Inline Malware
Prevention* ÿÿ ÿÿ FortiManager Cloud ÿÿ

Web & DNS Security FortiAnalyzer Cloud ÿÿ

FortiGuard SOCaaS ÿÿ
URL, DNS & Video Filtering ÿÿ ÿÿ ÿÿ

URL Filtering ÿÿ ÿÿ ÿÿ
FORTICARE SUPPORT SERVICES AND
DNS Filtering ÿÿ ÿÿ ÿÿ

Video Filtering*
INCLUDED SERVICES
ÿÿ ÿÿ ÿÿ

Malicious Certificate ÿÿ ÿÿ ÿÿ INDIVIDUAL / BUNDLES

Anti-spam ÿÿ ÿÿ A La Carte Enterprise UTP ATP

Data & SaaS Posture Desktop

FortiCare Essentials Models
Data Loss Prevention (DLP) ÿÿ ÿÿ only

FortiCare Premium ÿÿ ÿÿ ÿÿ ÿÿ
Attack Surface Security ÿÿ ÿÿ
FortiCare Elite ÿÿ
IoT Device Detection ÿÿ ÿÿ
Base Updates Services (Included with all FortiCare Support contracts)
IoT Vulnerability Correlation ÿÿ ÿÿ Application Control ÿÿ ÿÿ ÿÿ ÿÿ

Security Rating ÿÿ ÿÿ Inline CASB* ÿÿ ÿÿ ÿÿ ÿÿ

Device/OS Detection ÿÿ ÿÿ ÿÿ ÿÿ
Outbreak Check ÿÿ ÿÿ
GeoIPs ÿÿ ÿÿ ÿÿ ÿÿ
Operation Technology Security
Trusted CA Certificates ÿÿ ÿÿ ÿÿ ÿÿ
OT Security ÿÿ
Internet Services & Botnet IPs ÿÿ ÿÿ ÿÿ ÿÿ
OT Device Detection ÿÿ
DDNS (v4/v6) ÿÿ ÿÿ ÿÿ ÿÿ
OT vulnerability correlation &
ÿÿ Local Protection ÿÿ ÿÿ ÿÿ ÿÿ
Virtual Patching
PSIRT Check ÿÿ ÿÿ ÿÿ ÿÿ
OT Application Control and IPS ÿÿ
Anti-Phishing ÿÿ ÿÿ ÿÿ ÿÿ
Timezone ÿÿ ÿÿ ÿÿ ÿÿ

* Not available for FortiGate e/FortiWiFi 40F, 60E, 60F, 80E, 90E series, and FGR-60F series with from 7.4.4 onwards. Not available on FortiGate/FortiWiFi 30G and 50G series in any OS build.

3
Machine Translated by Google

ORDERING GUIDE | FortiGate Subscriptions and FortiGuard Bundles

PRODUCT DETAILS

These tables contain the service descriptions and use cases:

SERVICE DESCRIPTION USED IN 7.6

FortiGuard Security Services

IPS

IPS FortiOS IPS features use signature-based detection and protocol analysis to identify and block malicious traffic,
IPS Profile, IPS Signature and Filters
enhancing network security and threat response.

Local URL database for drive-by exploits detection, updates IPS signatures with known malicious URLs, enabling detection and blocking of
Malicious/Botnet URLs web-based threats, including botnet C&C communications and mal-ware downloads. IPS Profile, Block malicious URLS

Advanced Malware Protection (AMP)

Antivirus Antivirus signatures and engine updates provide regular updates on known virus and malware patterns, enabling
Antivirus profile, Antivirus scan
detection and blocking of threats in real-time.

Botnet Domains Domain blocking, utilizing threat intelligence to identify and prevent connections to malicious botnet com-mand and DNS Filter, Redirect botnet C&C requests to Block
control (C&C). Portal

Mobile Malware Detects and blocks malware threats to mobile devices, utilizing signature-based detection and behavioral analysis to Antivirus profile, Include mobile malware
safeguard these devices and prevent data breaches protection

Virus Outbreak Protection Enhanced antivirus protection by querying malware hash signatures from FortiGuard’s Global Threat Intel-ligence Antivirus profile, Virus Outbreak Preven-tion
servers, enabling real-time zero-day threat detection before signatures arrive

Content Disarm & Reconstruct Detects and removes malicious code from files, reconstructing clean files to prevent threats, while main-taining original Antivirus profile, Content Disarm and
file functionality and format, supporting various file types and protocols. Reconstruction

AI-based Heuristic AV Up-to-date heuristic AV Engine utilizes machine learning algorithms to detect unknown malware, analyzing file behavior
CLI, “set machine-learning-detection”
and characteristics to identify and block threats in real-time, enhancing antivirus protection

FortiGate Cloud Sandbox Submit files for advanced threat detection, analyzing files and URLs in a cloud-based environment, using behavioral Antivirus profile, Send Files to FortiSand-box
analysis and machine learning to identify unknown threats for Inspection

Antivirus profile, Send Files to Forti-

Provides Inline protection against unknown/0-day threats - holding a file for up to 50 seconds for the verdict to be
AI-powered Cloud sandbox Sandbox for Inspection, Scan strategy to Inline
returned and based on it, files can either be blocked or released.

URL, DNS & Video Filtering

Categorizes billions of web pages, enabling users to block or allow access, with over 45 million website ratings,
URL Filtering Web filter, FortiGuard filter
enhancing web filter features and providing real-time protection.

Blocks malicious domains and applies category-based filtering, using a vast database of known malicious and unwanted DNS Filter, FortiGuard Category Based
DNS Filtering Filter
domains, to prevent DNS-based threats and enforce internet use policies

Categorizes and blocks access to videos based on FortiGuard categories, enabling control over video content,
Video Filtering Video Filter, Video Filter Profile
including YouTube and other video platforms, to enforce internet use policies

Malicious Certificate A dynamic package that maintains a fingerprint-based certificate blacklist, enabling the blocking of botnet communication SSL/SSH Inspection Profile, Blocked
that uses SSL, helping to prevent malware and IPS bypass attempts Certificates

Consults FortiGuard servers to help identify spammer IP address or emails, known phishing URLs, known spam URLs, Email filter profile, FortiGuard Spam
Anti-Spam
known spam email checksums, and others Filtering

Comprehensive database of predefined patterns to detect sensitive data such as credit card numbers, helping to DLP profile, dictionaries
Data Loss Prevention (DLP)
prevent data breaches and unauthorized disclosure.

Attack Surface Security

Up-to-date devices signature package which is used to identify and provide metadata of IoT devices. This service also Device Detection on an interface
IoT Device Detection query FortiGuard servers for devices that are not detected by the local Device Database or by the IoT Detection signatures

Enable mitigation of vulnerability exploits against IoT devices by supporting application of specific virtual patches on the NAC Policy, device patterns’ category =
IoT Vulnerability Correlation
FortiGate Vulnerability, also Virtual patching profile

The security rating uses real-time monitoring to analyze your Security Fabric deployment, identify potential vulnerabilities, Security Rating
Security Rating highlight best practices that can be used to improve the security. This subscription provides addition checks beyond the
free base set provided

Add-on Security Rating checks that sourced from FortiGuard Outbreak alerts, which identify outbreaks of security Security Rating
Outbreak Check incidents and exploits. This helps provide information and remediation methods within the Security Rating module.

OT Security
OT Device Detection Up-to-date devices signature package which is used to identify and provide metadata of OT devices. Device Detection on an interface

OT vulnerability correlation & Virtual Enable mitigation of vulnerability exploits against OT devices by supporting application of specific virtual patches on the NAC Policy, device patterns’ category =
Patching FortiGate Vulnerability, also Virtual patching profile

OT Application Control and IPS Additional signatures for industrial applications and protocols. Application Control and IPS profiles

44
Machine Translated by Google

ORDERING GUIDE | FortiGate Subscriptions and FortiGuard Bundles

PRODUCT DETAILS

SERVICE DESCRIPTION USED IN 7.6

SD-WAN and SASE Services

SD-WAN Underlay Bandwidth and Speed test tool provides a convenient and accurate way to measure bandwidth speeds, helping users optimize SD-WAN CLI, “execute speed-test”
Quality Monitoring configuration and ensure reliable network performance.

Simplifies SD-WAN overlay network provisioning with a GUI wizard, enabling secure and efficient connec-tivity between branches and Access via https://overlay-as-a-service.
SD-WAN Overlay-as-a-Service data centers through dynamic path optimization and shortcut tunnels. forticloud.com

SD-WAN Connector for FortiSASE

This license allows FortiSASE to connect to a FortiGate SD-WAN network as a new spoke.
Refer to KB article 293562
Secure Private Access

SASE connector for FortiSASE Secure Refer to FortiOS Admin Guide article 231401
Entitles a FortiGate to connect to FortiSASE as a “Secure Edge”. Internet traffic is optionally inspected in FortiSASE rather than on-
Edge Management (with 10Mbps premise.
Bandwidth)

NOC and SOC Services

FortiConverter Service FortiConverter Service for one time configuration conversion

Available 24x7, with Fortinet NOC experts performing device setup, network, and policy change manage-ment.
Managed FortiGate Service

FortiGate Cloud Management, Analysis, and 1 Year Log Retention.

FortiGuard SOCaaS 24x7 cloud-based managed log monitoring, incident triage and SOC escalation service.

Base Updates Services (Included with all FortiCare Support contracts)

Use for Identifying applications with precise signatures, enabling granular policy enforcement, improved security, and optimized
Application Control Application Control Profile
network performance, covering a wide range of applications and protocols.

Inline CASB Real-time updated definitions support Inline CASB security profile used in firewall policies to enables vis-ibility, control, and security Inline CASB Profile
for cloud-based applications.

Allows FortiOS to monitor networks and gather information about devices operating on those networks. Interfaces. Device Detection and Assets & Identities
Device/OS Detection
These information is then made available on GUI, providing deep visibility to users. dashboard

A database that maps IP addresses to geographical locations, enabling FortiGate to enforce geo-based policies, block traffic from specific
GeoIPs countries, and meet compliance requirements, with regular updates for accuracy. Policy & Objects, Addresses

Trusted CA Certificates This database comprises of popular and default trusted CA Certificates so it can be excluded from the action to take when a server SSL/SSH Inspection profile, Untrusted SSL certificates
certificate is not issued by a trusted CA.

Firewall, policy, Destination, Internet Ser-vice and IPS,

Internet Services & Botnet IPs The Internet Service Database is a comprehensive public IP address database that combines IP address range, IP owner, service port
Botnet C&C, scan outgoing connections to botnet sites
number, and IP security credibility. It also hosts list of Botnet IPs.

A hosted service entitlement that enables FortiGate to maintain accurate domain-name-to-IP-address

DDNS (v4/v6) mappings, supporting dynamic IP addresses and ensuring reliable connectivity for remote access and VPNs. Network, DNS, Dynamic DNS

Local Protection A virtual patching solution that enables Fortinet to push a subset of IPS signatures to protect FortiGate management interfaces (GUI/ CLI, “config firewall local-in-policy “, “set virtual-
SSH) from vulnerabilities, without requiring an upgrade. patching enable”

PSIRT Check Enhances Security Rating with this add-on package, identifying PSIRT vulnerabilities of connected Fabric devices, then encourage
Security Rating and various alerts on GUI
administrators to updating any affected devices.

Pre-defined username and password field patterns for credential phishing prevention scanning under web filtering feature. CLI, “config webfilter profile”, “config antiphish”
Anti-Phishing

Timezone Dynamically updated IANA timezone database N/A

5
Machine Translated by Google

ORDERING GUIDE | FortiGate Subscriptions and FortiGuard Bundles

OTHER OFFERINGS

IMPORTANT ADD-ONS
INDIVIDUAL / BUNDLES
FortiDeploy Add-on (1 unit per P.O. to route all FortiGates for Zero Touch provisioning)
FortiCloud Premium Add-on

FortiAnalyzer Cloud Storage Top-up Add-on

ORDER INFORMATION

The following provides an example for the FortiGate 60F:

BUNDLES
SKU

Hardware and Service Bundles

FG-60F plus Enterprise Bundle FG-60F-BDL-809-DD

FG-60F plus UTP Bundle FG-60F-BDL-950-DD

Service Bundles

Enterprise Bundle FC-10-0060F-809-02-DD

UTP Bundle FC-10-0060F-950-02-DD

ATP Bundle FC-10-0060F-928-02-DD

A LA CARTE

SKU

Hardware and Support

FG-60F FG-60F

24x7 FortiCare Support FC-10-0060F-247-02-DD

A La Carte - FortiGuard Security Services

IPS FC-10-0060F-108-02-DD

AMP FC-10-0060F-100-02-DD

Web Security FC-10-0060F-112-02-DD

AI-based Inline Malware Prevention FC-10-0060F-577-02-DD

OT Security FC-10-0060F-159-02-DD

A La Carte - NOC/SOC Services

FortiGate Cloud FC-10-0060F-131-02-DD

FortiAnalyzer Cloud FC-10-0060F-585-02-DD

Managed FortiGate (NOC) FC-10-0060F-660-02-DD

SOC-as-a-service (including FortiAnalyzer Cloud) FC-10-0060F-464-02-DD

Attack Surface Security FC-10-0060F-231-02-DD

FortiConverter Migration Service FC-10-0060F-189-02-DD

Bandwidth Monitor Service FC-10-0060F-288-02-DD

Frequently Ordered Together

FortiDeploy (order 1 unit per Purchase Order to route all devices to FortiDeploy ZTP portal) FDP-SINGLE-USE

FortiCloud Premium FC-15-CLDPS-219-02-DD

FortiAnalyzer Cloud Log Storage Add-on (FC1/FC2/FC3 = 5/50/500 GB/day add-on to cloud account) FCx-10-AZCLD-463-01-DD

66
Machine Translated by Google

ORDERING GUIDE | FortiGate Subscriptions and FortiGuard Bundles

FREQUENTLY ASKED QUESTIONS

How does the ordering process work?

Consider in three parts:

New Order. Order one of the following:

• Hardware with a bundle that includes FortiCare and FortiGuard services.

• Hardware only (a la carte) and add FortiCare and FortiGuard services to it.
Renew Services

You can order service renewals as bundles or a La Carte and applied to the device under the FortiCare account. Services will be extended based on the contract
purchased.
NOTE: Renewal services purchased with a FortiCare quote ID generated by Disti are automatically registered to the serial number.

Add Services to an Existing Unit

Normally, customers want to align the end date, so that all components (existing and new) renew/expire together. This can be performed with a co-term. You can request a
co-term quotation to your Fortinet-authorized partner.

FORTINET TRAINING AND CERTIFICATION

Security Operations (SOP)- 2 Days Training Ordering Information

Explore the practical use of Fortinet security operations solutions to detect, investigate, and
SKU DESCRIPTION
respond to Advanced Persistent Threats (APTs). With the hands-on labs, helps understand
how to execute advanced threats, how threat actors behave, and how security operations FT-PRIVATE /
FT-PRIVATE-MIN Contact regional training team for quote.
handle such threats.
FT-CST-WAS-LAB
Web Application Security (WAS) - 1 Day Training On-demand self-paced labs
FT-CST-MWA-LAB
Explore web application threats and countermeasures focused on Fortinet solutions. This course
will guide you from the very motivations of attacks on web applications through to understanding
and executing attack techniques, recognizing such attacks, and, finally, configuring Fortinet Certification
solutions to mitigate them.
No certification
Malware Analysis (MWA) - 2 Days Training

Explore practical use of 3rd party (open source), Fortinet solutions for malware analysis, the
fundamental concepts of malware analysis, perform basic analysis using open-source tools, and
leverage Fortinet solutions for advanced and automated malware analysis.

Threat Hunting (FTH) - 3 Days Training

Explore the practical use of Fortinet solutions as threat intelligence and threat hunting
platforms, explore fundamental concepts about cyber threat intelligence and how to leverage
Fortinet solutions to perform threat intelligence management (collection, enrichment, and
so on) and threat hunting.

Course Description

For more information about prerequisites, agenda topics and learning objectives, please refer to the course description at:

COURSE LINK

Security Operations https://training.fortinet.com/local/staticpage/view.php?page=library_security-operations

Web Application Security https://training.fortinet.com/local/staticpage/view.php?page=library_web-application-security

Malware Analysis https://training.fortinet.com/local/staticpage/view.php?page=library_malware-analysis

Threat Hunting https://training.fortinet.com/local/staticpage/view.php?page=library_threat-hunting

Visit www.fortinet.com for more details

Copyright © 2024 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company
names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other condi-tions may affect
performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s SVP Legal and above, with a purchaser that expressly warrants that
the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in
the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current
version of the publication shall be applicable.

FGD-OG-R15-20241004