DATA SHEET

FortiDDoS™
FortiDDoS 200B, 400B, 600B, 800B, 900B, 1000B, 1000B-DC, 1200B, 1500E and 2000E

Distributed Denial of Service (DDoS)

attacks remain a top threat to IT security
and have evolved in almost every way to
do what they do best: shut down access to
your vital online services.

Unlike intrusion and malware attacks, DDoS attackers have learned

that they don’t need to attack only end-point servers to shut you Highlights
down. They attack any IP address that routes to your network: §§ 100% hardware-based Layer 3, 4 and 7 DDoS
unused IPs, Inter-router-link public IPs or Firewall/Proxy/WiFi attack identification and mitigation, simultaneously
Gateway public IPs. monitors hundreds of thousands of parameters —
Cloud-based CDN and DNS-based cloud mitigation cannot protect a massively-parallel computing architecture

you from these attacks. What is the impact to your business if your §§ 100% Machine Learning DDoS detection
users cannot reach cloud services because your firewall or demarc §§ Completely invisible to attackers with no IP and no
router public IP is being DDoSed? Your CDN-based web servers MAC addresses in the data path. FortiDDoS is not
may be up but your business is down! a routing or terminating Layer 3 device.

Sophisticated multi-vector and multi-layer DDoS attacks use direct §§ Continuous threat evaluation to minimize false
and reflected packets where the spoofed, randomized source IPs positive detections

are impossible to ACL. These attacks are increasingly common §§ Advanced DNS DDoS mitigation on most models
as Mirai-style code has morphed into many variants and has been §§ MSSP Portal for customer resale
commercialized by providers of “stresser” sites. Anyone can call §§ Central Manager
down large attacks for a few dollars. §§ Hybrid On-premise/Cloud mitigation available with
To combat these attacks, you need a solution that dynamically Open Signaling
protects a large attack surface.

Powered by SPU — A Different and Better Approach to DDoS Attack Mitigation

Only Fortinet FortiDDoS appliances use Machine Learning detection methods in dedicated, custom-silicon Security
Processing Units (SPUs) to deliver the most advanced and fastest DDoS attack mitigation on the market today, without the
performance compromises of multi-CPU or CPU/ASIC hybrid systems. The TP2 and TP3 SPU Traffic Processors inspect
100% of both inbound and outbound Layer 3, 4 and 7 packets, resulting in the fastest and most accurate detection and
mitigation, and the lowest latency in the industry.
FortiDDoS uses 100% machine learning, behavior-based methods to identify threats. Instead of requiring predefined
signatures to identify attack patterns, FortiDDoS uses its massively-parallel computing architecture to build an adaptive
baseline of normal activity from hundreds-of-thousands of parameters and then monitors traffic against that baseline. Should
an attack begin, FortiDDoS sees this as abnormal and immediately takes action to mitigate it.
DATA SHEET | FortiDDoS™

Highlights

The Power of SPUs — Flexible, and mitigation activities in real time on a FortiOS Security Fabric
Autonomous Defenses Dashboard, providing a single pane-of-glass view of DDoS threats
FortiDDoS protects you from known and “zero-day” attacks without and mitigations along with other Security Fabric products and
creating local or downloading subscription signatures for mitigation. partners.
Other vendors try to conserve CPU real-time by inspecting a
relatively small number of parameters at a low sample rate, unless Hybrid On-premise/Cloud DDoS Mitigation
and until an explicit signature is created. FortiDDoS’ massively While FortiDDoS can mitigate any DDoS attack to the limit of the
parallel SPU Traffic Processors sample 100% of even the smallest incoming bandwidth, large attacks can saturate incoming links,
packets, for over 230,000 parameters for each Protection Profile. forcing ISP routers to drop good traffic. FortiDDoS’ open and
This allows FortiDDoS to operate completely autonomously, finding documented Attack Signaling API allows our Security Fabric
some attacks on the FIRST packet and all attacks within 2 seconds partners to provide you a choice of best-in-class hybrid CPE/cloud
— broader and faster mitigation than any other vendor or method. DDoS mitigation when attacks threaten to congest upstream
There is no need to adjust settings, read pcaps or add regex-style resources. FortiDDoS inspects incoming GRE clean traffic from
manual signatures or ACLs in the middle of attacks. While attacks cloud DDoS providers to ensure continuity of logging and reporting,
are being mitigated, FortiDDoS continues to monitor all other and complete threat mitigation. FortiDDoS on-premise appliances
parameters to instantly react to added or changed vectors. can also provide your ISP with Flowspec scripts to support
diversion and multi-parameter blackholing of attack traffic.
The Resurrection of Botnets
Easily-compromised IoT devices have allowed Botnet attacks to Always-On Inline vs. Out-of-Path Mitigation
rise again and massive IoT growth assures us they are here to stay. Many hosting providers, MSSPs and ISPs are moving away from
While individual devices have little power, large groups can generate out-of-path detection, diversion and scrubbing as too limited and
record traffic. Attackers want to hide the real Source IPs of botted too slow for important infrastructure. Netflow-based detection and
devices so UDP, SYN, TCP Out-of-State (FIN/ACK/RST, etc.), DNS mitigation monitors a limited number of parameters for a few
and Protocol direct and reflected floods using spoofed Source IPs different attack types. FortiDDoS mitigates more than 150 attack
are back in vogue. Attackers can launch an unprecedented variety events, many with “depth” (all 65,000 TCP and UDP ports are
of simultaneous attack vectors. Small-packet floods stress both monitored and mitigated, for example). 100% packet inspection
firewalls and CPU-based DDoS appliances, preventing full and leading packet performance ensures mitigation from single-
inspection with unexpected results. FortiDDoS’ fully inspected packet anomalies to link-filling small-packet, fragmented UDP floods.
packet rate is class-leading.
Studies are showing that 75% of DDoS attacks last less than 15
minutes. Customers are also seeing multi-vector attacks, attacks
DNS-Based Attacks that sequentially change vectors and pulsed attacks that start and
Botnet-driven DNS attacks are popular because they can target stop frequently. FortiDDoS begins mitigating in less than 2 seconds
any type of infrastructure or they can co-opt your DNS servers to and its massively-parallel detection and mitigation ensures multi-
attack others with reflected DDoS attacks. FortiDDoS is the only vector, sequential and pulsed attacks are seen and stopped.
DDoS mitigation platform that inspects 100% of all DNS traffic
in both directions, to protect against all types of DDoS attacks All FortiDDoS models offer High Availability and select models offer
directed at, or from DNS servers. It validates over 30 different Optical Bypass (to 100GE) to ensure network continuity in the event
parameters on every DNS packet at up to 12 M Queries/second. of system failures. When attacks threaten link bandwidth, Flowspec
It’s built-in cache can offload the local server during floods. scripts can be generated to configure upstream router ACLs.
FortiDDoS’ innovative DQRM feature stops inbound Reflected
FortiDDoS also offers a wide range of static and dynamic ACLs
DNS attacks from the very first packet. FortiDDoS also supports
to offload other infrastructure. For example, FortiDDoS supports
FortiGuard’s Domain Reputation Service for ISPs to protect clients
BCP-38 and FortiGuard Domain Reputation blocks IoT and
from known malicious domains.
end-user communications to botnet controllers and malicious
domains. FortiDDoS ACLs operate at line-rate with no impact on
Security Fabric performance even with millions of blacklisted IPs.
FortiDDoS complements Fortinet’s full suite of Security Fabric
products, each of which uses purpose-built hardware with FortiDDoS offers multitenant real-time graphing and attack
dedicated engineering and support resources to provide best-in- reporting for resale to customers.
class focused protection. FortiDDoS displays system performance

2
 DATA SHEET | FortiDDoS™

Key Features and Benefits

100% Machine Learning Detection FortiDDoS doesn’t rely on signature files that need to be updated with the latest threats so you’re protected
from both known and unknown “zero-day” attacks. No “threat-protection” subscriptions required. Saves OPEX.
100% Hardware-based Protection The SPU TP2 and TP3 Traffic Processors provide 100% packet inspection with bidirectional detection and
mitigation of Layer 3, 4 and 7 DDoS attacks for industry-leading performance. Get the performance you pay for.
Continuous Attack Evaluation Minimizes the risk of “false positive” detection by reevaluating the attack to ensure that “good” traffic isn’t
disrupted. Less management time needed.
Advanced DNS Protection FortiDDoS provides 100% inspection of all DNS traffic at up to 12 million QPS, for protection from a broad
range of DNS-based volumetric, application and anomaly attacks. DNS Reflection floods are stopped on the
FIRST packet.
Machine Learning With minimal configuration, FortiDDoS will automatically build normal traffic and resources behavior profiles
saving you time and IT management resources.
Autonomous Mitigation No operator intervention required for any type or size of attack.
Hybrid On-premise/Cloud Support Open, documented API allows integration with third-party cloud DDoS mitigation providers for flexible
deployment options and protection from large-scale DDoS attacks.
Fortinet Security Fabric Integration Single-pane visibility of attack mitigation and network performance reduces management and improves
response time.
RESTful API FortiDDoS can be integrated into almost any environment through its RESTful API.
Central Manager FortiDDoS-CM is available for users with multiple geographically dispersed FortiDDoS units. One management
screen for all devices with single sign-on.

FortiDDoS Features
Packet Inspection Technology Layer 3 Attack Mitigation DNS Attack Mitigation
§§ 100% Packet Inspection §§ Protocol Floods (all 256 monitored) §§ First-packet DNS Response Flood
§§ Full IPv4/IPv6 Support to single IP §§ Fragment Floods (TCP/UDP/Other mitigation
addresses Protocols) §§ DNS Header/payload anomalies
§§ Machine learning for Predictive, §§ Source Floods (6M monitored) §§ DNS Query / MX / ALL / ZT / fragment /
Heuristic, Adaptive Analysis §§ FortiGuard IP Reputation Subscription per-Source Floods
§§ Deep Packet Inspection §§ Full L3-L7 IP-inside-GRE Inspection §§ DNS Query Source validation
§§ TCP State knowledge to instantly §§ DNS Unexpected Query
mitigate out-of-state attacks
Layer 4 Attack Mitigation §§ DNS Response cache under flood
§§ TCP Ports (all 65k)
§§ DNS Query Monitoring to instantly §§ DNS Query TTL checks
§§ UDP Ports (all 65k)
mitigate DNS Reflected attacks §§ Domain Reputation Subscription
§§ TCP / UDP Service / Gaming Ports
§§ Complete invisibility with no MAC nor IP
addresses in the data path
§§ ICMP Type/Codes (all 65k) Access Control Lists
§§ SYN, SYN/Destination with line-speed FortiDDoS is the ONLY product in the
§§ Massively parallel processing for multiple
validation, SYN/Source industry that supports large ACLs in
simultaneous attack vectors
§§ First-packet TCP State flood mitigation hardware with no performance degradation.
Behavioral Threshold §§ Slow Connections While most DDoS attacks use spoofed
Management §§ TCP Source validation Source IPs, your existing Indicators of
§§ Machine-learning thresholds for millions §§ L4 Aggressive Connection Aging Compromise IP and Domain lists can be
of L3-L7 parameters uploaded to FortiDDoS to offload other
§§ Automatic adaptive thresholds
HTTP Attack Mitigation
infrastructure.
§§ Top 32k HTTP URLs
estimation for critical L3, L4 and L7 §§ IP Reputation – Fortinet FortiGuard
§§ Top 500 Referers, Cookies, Hosts,
parameters subscription
User Agents
§§ IP/subnet Blacklist/Whitelist
100% Anomaly Inspection §§ HTTP METHOD Floods (all 8 METHODS
§§ Bulk IPv4 Blacklist Customer Upload
§§ L3/L4/L7 HTTP Headers +Total Methods/Source)
(>1million addresses)
§§ DNS Header and Payload §§ SSL Renegotiation
§§ Geolocation
§§ TCP State and Transition Anomalies §§ L7 Aggressive Aging

3
DATA SHEET | FortiDDoS™

FortiDDoS Features

Access Control Lists (continued) Comprehensive Built-In Centralized Event Reporting

§§ Enhanced BCP38 Source Address Reporting §§ SNMP v2/v3 MIB and Traps
Validation/Local Address Anti-Spoofing §§ Filterable/Exportable Attack Log §§ Email Alerts and Reports
(>2000 subnets) §§ Summary Graphs and Logs for: §§ Open RESTful API
§§ Protocol, UDP, TCP and other Protocol §§ Top Attacks / Top Attackers §§ Syslog support for FortiAnalyzer,
Fragments, DNS Fragment, L4 Port, §§ Top ACL Drops FortiSIEM and third-party servers
ICMP Type/Code §§ Top Attacked Subnets and IP Addresses §§ FortiDDoS Central Manager centralized
§§ HTTP Methods, URLs, Hosts, Referrers, §§ Top Attacked Protocols attack log and executive summary
User Agents §§ Top Attacked TCP and UDP Ports
§§ DNS Domain Reputation – Fortinet §§ Top Attacked ICMP Types/Codes
Audit Trails
§§ Login Audit Trail
FortiGuard subscription (>250k §§ Top Attacked URLs, HTTP Hosts,
§§ Configuration Audit Trail
Malicious Domains) Referers, Cookies, User-Agents
§§ DNS Bulk Domain Blacklist Customer §§ Top Attacked DNS Servers Management
Upload (>500k Domains) §§ Top Attacked DNS Anomalies §§ Full TLS 1.3 Management GUI
§§ DNS Resource Record ACLs (256 RRs) §§ Physical Port, SPP, SPP Policy (subnet) §§ Full CLI
§§ Packet Length, v4/v6, Protocol, and SPP Policy Group statistics: §§ Open RESTful API
TCP/UDP Port, ICMP Type-Code, Mbps/pps and Drops graphing §§ RADIUS, LDAP, and TACACS+
TCP/UDP/Other fragment ACL §§ Custom, on-demand, on-schedule Authentication including 2FA and Proxy
§§ Flowspec ACL script generation and/or on-Attack-Threshold reports in §§ Multi-Tenant MSSP Portal
multiple formats §§ Central Manager for multiple FortiDDoS
§§ Millions of built-in reporting graphs for §§ Open Cloud Mitigation Signaling
real-time and forensic analysis

Aggregate Drops L3-L7 DNS Attacks

FortiOS Security Fabric Dashboard

4
 DATA SHEET | FortiDDoS™

Specifications

FORTIDDOS 200B FORTIDDOS 400B FORTIDDOS 600B FORTIDDOS 800B

(NO DNS)
Hardware Specifications
LAN Interfaces Copper GE with built-in bypass 4 8 8 8
WAN Interfaces Copper GE with built-in bypass 4 8 8 8
LAN Interfaces SFP GE 4 8 8 8
WAN interfaces SFP GE 4 8 8 8
LAN Interfaces SFP+ 10 GE / SFP GE —
WAN Interfaces SFP+ 10 GE / SFP GE —
LAN Interfaces LC (850 nm, 10 GE) with built-in bypass —
WAN Interfaces LC (850 nm, 10 GE) with built-in bypass —
LAN Interfaces QSFP+ 40 GE or QSFP28 100 GE —
WAN Interfaces QSFP+ 40 GE or QSFP28 100 GE —
Passive Optical Bypass —
Storage 1x 480 GB SSD
Form Factor 1U Appliance
Power Supply Single (Optional 2nd External PS, Hot-Swappable)

System Performance
Inspected Throughput (Enterprise Mix — Gbps) 3 6 12 12
Inspected Packet Throughput (Mpps) 4 8 15 15
SYN Flood Mitigation (SYN In + Coookie Out) Mpps 3.5 7 14 14
Simultaneous TCP Connections (M) 1 1 2 2
Simultaneous Sources (M) 1 1 2 2
Session Setup/Teardown (kcps) 100 100 200 200
Latency (µs) Maximum/Typical <50/<10
DDoS Attack Mitigation Response Time (s) <2
Advanced DNS Mitigation Yes Yes No Yes
DNS Queries per second (M) 1 2 NA 4
Open Hybrid Cloud Mitigation Support Yes

Environment
Input Voltage AC 100–240V AC, 50–60 Hz
Input Voltage DC —
Power Consumption (Average) 156 W 156 W 174 W 174 W
Power Consumption (Maximum) 260 W 260 W 285 W 285 W
Maximum Current AC 110V/5.29A, 120V/2.2A
Maximum Current DC —
Heat Dissipation (BTU/hr) / (kjoules/hr) 887 / 936 887 / 936 972 /1026 972 /1026
Operating Temperature 32–104°F (0–40°C)
Storage Temperature -13–158°F (-25–70°C)
Humidity 5–95% non-condensing

Compliance
Safety Certifications FCC Class A Part 15, UL/CB/cUL, C-Tick, VCCI, CE

Dimensions
Height x Width x Length (inches) 1.77 x 17 x 16.32
Height x Width x Length (mm) 45 x 432 x 414.5
Weight 17.2 lbs (7.8 kg)

FortiDDoS 200B FortiDDoS 400B

FortiDDoS 600B FortiDDoS 800B

5
DATA SHEET | FortiDDoS™

Specifications

FORTIDDOS 900B FORTIDDOS 1000B /

(NO DNS) FORTIDDOS 1000B-DC FORTIDDOS 1200B FORTIDDOS 1500E FORTIDDOS 2000E
Hardware Specifications
LAN Interfaces Copper GE with built-in bypass —
WAN Interfaces Copper GE with built-in bypass —
LAN Interfaces SFP GE —
WAN interfaces SFP GE —
LAN Interfaces SFP+ 10 GE / SFP GE 8 8 8 8 8
WAN Interfaces SFP+ 10 GE / SFP GE 8 8 8 8 8
LAN Interfaces LC (850 nm, 10 GE) with built-in bypass — — 2 — —
WAN Interfaces LC (850 nm, 10 GE) with built-in bypass — — 2 — —
LAN Interfaces QSFP+ 40 GE or QSFP28 100 GE — — — 2 2
WAN Interfaces QSFP+ 40 GE or QSFP28 100 GE — — — 2 2
Passive Optical Bypass — — — 8 Ports (2 links) 8 Ports (2 links)
1/10/40/100 GE 1310nm 1/10/40/100 GE 1310nm
Storage 1x 480 GB SSD 1x 480 GB SSD 1x 480 GB SSD 1x 960 GB SSD 1x 960 GB SSD
Form Factor 2U Appliance
Power Supply Dual AC Hot-Swappable Dual AC or DC Dual AC Hot-Swappable Dual AC Hot-Swappable Dual AC Hot-Swappable
Hot-Swappable
System Performance
Inspected Throughput (Enterprise Mix — Gbps) 18 18 36 35 70
Inspected Packet Throughput (Mpps) 23 23 45 38 77
SYN Flood Mitigation (SYN In + Coookie Out) Mpps 21 21 42 27 55
Simultaneous TCP Connections (M) 3 3 6 12 25
Simultaneous Sources (M) 3 3 6 12 25
Session Setup/Teardown (kcps) 300 300 600 >1.5M >3M
Latency (µs) Maximum/Typical <50/<10
DDoS Attack Mitigation Response Time (s) <2
Advanced DNS Mitigation No Yes Yes Yes Yes
DNS Queries per second (M) NA 6 12 6 12
Open Hybrid Cloud Mitigation Support Yes

Environment
Input Voltage AC 100–240V AC, 50–60 Hz
Input Voltage DC — 40.5–57V DC — — —
Power Consumption (Average) 253 W 253 W 311 W 1320 W 1320 W
Power Consumption (Maximum) 422 W 422 W 575 W 2200 W 2200 W
Maximum Current AC 110V/10.0A, 220V/5.0A 110V/10.0A, 220V/5.0A 110V/10.0A, 220V/5.0A 110V/12A, 220V/9A 110V/12A, 220V/9A
Maximum Current DC — 24A — — —
Heat Dissipation (BTU/hr) / (kjoules/hr) 1440 / 1420 1440 / 1420 1962 / 2070 8327 / 8785 8327 / 8785
Operating Temperature 32–104°F (0–40°C)
Storage Temperature -13–158°F (-25–70°C)
Humidity 5–95% non-condensing

Compliance
Safety Certifications FCC Class A Part 15, UL/CB/cUL, C-Tick, VCCI, CE

Dimensions
Height x Width x Length (inches) 3.5 x 17.24 x 22.05
Height x Width x Length (mm) 88 x 438 x 560
Weight 36.0 lbs (16.2 kg) 36.0 lbs (16.2 kg) 36.0 lbs (16.2 kg) 44.0 lbs (20.0 kg) 44.0 lbs (20.0 kg)

FortiDDoS 900B FortiDDoS 1000B FortiDDoS 1200B

FortiDDoS 1500E FortiDDoS 2000E

6
 DATA SHEET | FortiDDoS™

Order Information

Product SKU Description

FortiDDoS 200B FDD-200B DDoS Protection Appliance — 4 pairs x Shared Media DDoS Defense Ports (including 4 pairs x GE RJ45 with bypass protection, 4 pairs x GE SFP slots), 2x GE RJ45
Management Ports, AC Power Supply with Redundant Power Option. Includes 480 GB SSD storage. 3 Gbps inspected throughput. Supports Advanced DNS Mitigation.
FortiDDoS 400B FDD-400B DDoS Protection Appliance — 8 pairs x Shared Media DDoS Defense Ports (including 8 pairs x GE RJ45 with bypass protection, 8 pairs x GE SFP slots), 2x GE RJ45
Management Ports, AC Power Supply with Redundant Power Option. Includes 480 GB SSD storage. 6 Gbps inspected throughput. Supports Advanced DNS Mitigation.
FortiDDoS 600B FDD-600B DDoS Protection Appliance — 8 pairs x Shared Media DDoS Defense Ports (including 8 pairs x GE RJ45 with bypass protection, 8 pairs x GE SFP slots), 2x GE RJ45
Management Ports, AC Power Supply with Redundant Power Option. Includes 480 GB SSD storage. 12 Gbps inspected throughput. Does NOT support Advanced DNS Mitigation.
FortiDDoS 800B FDD-800B DDoS Protection Appliance — 8 pairs x Shared Media DDoS Defense Ports (including 8 pairs x GE RJ45 with bypass protection, 8 pairs x GE SFP slots), 2x GE RJ45
Management Ports, AC Power Supply with Redundant Power Option. Includes 480 GB SSD storage. 12 Gbps inspected throughput. Supports Advanced DNS Mitigation.
FortiDDoS 900B FDD-900B DDoS Protection Appliance — 8 pairs x 10 GE SFP+ or GE SFP DDoS Defense Ports, 2x GE RJ45 Management Ports, Dual AC Power Supplies. Includes 480 GB SSD storage
and 2x 10 GE SR SFP+. 18 Gbps inspected throughput. Does NOT support Advanced DNS Mitigation.
FortiDDoS 1000B FDD-1000B DDoS Protection Appliance — 8 pairs x 10 GE SFP+ or GE SFP DDoS Defense Ports, 2x GE RJ45 Management Ports, Dual AC Power Supplies. Includes 480 GB SSD storage
and 2x 10 GE SR SFP+. 18 Gbps inspected throughput. Supports Advanced DNS Mitigation.
FortiDDoS 1000B-DC FDD-1000B-DC DDoS Protection Appliance — 8 pairs x 10 GE SFP+ or GE SFP DDoS Defense Ports, 2x GE RJ45 Management Ports, Dual DC Power Supplies. Includes 480 GB SSD storage
and 2x 10 GE SR SFP+. 18 Gbps inspected throughput. Supports Advanced DNS Mitigation.
FortiDDoS 1200B FDD-1200B DDoS Protection Appliance — 8 pairs x 10 GE SFP+ or GE SFP DDoS Defense Ports, plus 2 pairs x 10 GE LC Ports with optical bypass, 2x GE RJ45 Management Ports, Dual
AC Power Supply. Includes 480 GB SSD storage and 2x 10 GE SR SFP+. 36 Gbps inspected throughput. Supports Advanced DNS Mitigation.
FortiDDoS 1500E FDD-1500E DDoS Protection Appliance — 8 pairs x 10 GE SFP+ or GE SFP and 2 pairs x 40 GE QSFP+ ports plus 2-link optical bypass module (1310nm), 2x GE RJ45 Management Ports,
Dual AC Power Supply. Includes 960 GB SSD storage. >35 Gbps inspected throughput. Supports Advanced DNS Mitigation.
FortiDDoS 2000E FDD-2000E DDoS Protection Appliance — 8 pairs x 10 GE SFP+ or GE SFP and 2 pairs x 40 GE QSFP+ or 100 GE QSFP28 ports plus 2-link optical bypass module (1310nm),
2x GE RJ45 Management Ports, Dual AC Power Supply. Includes 960 GB SSD storage. > 70 Gbps inspected throughput. Supports Advanced DNS Mitigation.
FORTIDDOS COMPATIBLE TRANSCEIVERS
FDD-900B–
FDD-200B– FDD-1200B FDD-1500E–
SKU Description Wavelength FDD-800B /FDD-2000B FDD-2000E
FG-TRAN-LX 1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots. SM 1310nm Y Y Y
FR-TRAN-LX 1 GE SFP LX transceiver module, -40–85°C, over SMF, for all systems with SFP and SFP/SFP+ slots. SM 1310nm Y Y Y
FR-TRAN-ZX 1 G SFP transceivers, -40–85°C operation, 90 km range for all systems with SFP slots. SM 1550nm Y Y Partial (Note 1)
FG-TRAN-SX 1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots. MM 850nm Y Y Partial (Note 1)
FR-TRAN-SX 1 GE SFP SX transceiver module, -40–85°C, over MMF, for all systems with SFP and SFP/SFP+ slots. MM 850nm Y Y Partial (Note 1)
FG-TRAN-GC 1 GE SFP RJ45 transceiver module for all systems with SFP and SFP/SFP+ slots. Copper Y N N
FG-TRAN-SFP+LR 10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots. SM 1310nm N Y Y
SP-CABLE-FS-SFP+1 10 GE SFP+ passive direct attach cable, 1 m for systems with SFP+ and SFP/SFP+ slots. End-to-End N Y Partial (Note 1)
SP-CABLE-FS-SFP+3 10 GE SFP+ passive direct attach cable, 3 m for systems with SFP+ and SFP/SFP+ slots. End-to-End N Y Partial (Note 1)
SP-CABLE-FS-SFP+5 10 GE SFP+ passive direct attach cable, 5 m for systems with SFP+ and SFP/SFP+ slots. End-to-End N Y Partial (Note 1)
SP-CABLE-FS-SFP+7 10 GE SFP+ passive direct attach cable, 7 m for systems with SFP+ and SFP/SFP+ slots. End-to-End N Y Partial (Note 1)
SP-CABLE-ADASFP+ 10 GE SFP+ active direct attach cable, 10 m/32.8 ft for all systems with SFP+ and SFP/SFP+ slots. End-to-End N Y Partial (Note 1)
FG-TRAN-SFP+SR 10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots. MM 850nm N Y Partial (Note 1)
FS-TRAN-SFP+SR 10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots. MM 850nm N Y Partial (Note 1)
FS-TRAN-SFP+ER 10Gbase-ER SFP+ transceivers for FortiSwitch and FortiGate, 1550nm. Single Mode. 40 km range for systems with SFP+ slots. SM 1550nm N Y Partial (Note 1)
FG-TRAN-QSFP+LR 40 GE QSFP+ transceivers, long range for all systems with QSFP+ slots. SM 1310nm N N Y
FG-TRAN-QSFP+SR 40 GE QSFP+ transceivers, short range for all systems with QSFP+ slots. MM 850nm N N Partial (Note 1)
FG-TRAN-QSFP+SR-BIDI 40 GE QSFP+ transceiver, short range BiDi for systems with QSFP+ slots. MM 850nm N N Partial (Note 1)
SP-CABLE-FS-QSFP+1 40 GE QSFP+ passive direct attach cable, 1 m for systems with QSFP+ slots. End-to-End N N Partial (Note 1)
SP-CABLE-FS-QSFP+3 40 GE QSFP+ passive direct attach cable, 3 m for systems with QSFP+ slots. End-to-End N N Partial (Note 1)
SP-CABLE-FS-QSFP+5 40 GE QSFP+ passive direct attach cable, 5 m for systems with QSFP+ slots. End-to-End N N Partial (Note 1)
FG-TRAN-QSFP28-LR4 100 GE QSFP28 transceivers, long range for all systems with QSFP28 slots. SM 1310nm N N Y
FG-TRAN-QSFP28-SR4 100 GE QSFP28 transceivers, 4 channel parallel fiber, short range for all systems with QSFP28 slots. MM 850nm N N Partial (Note 1)
Note 1: Can be used in E-Series pluggable optical ports. NOT compatible with E-Series optical bypass module.

OPTIONAL ACCESSORY
Product SKU Description
External redundant AC power supply FRPS-100 External redundant AC power supply for up to 4 units: FG-300C, FG-310B, FS-348B and FS-448B.
Up to 2 units: FG-200B, FG-200D, FG-240D and FG-300D, FG-500D, FDD-200B, FDD-400B and FDD-800B.
Not supported for: FG-200D-POE/240D-POE.

www.fortinet.com

Copyright © 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results
may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to
the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event,
only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests.
Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version
of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without
notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-FDD3 FDDoS-DAT-R26-201906