ORDERING GUIDE

FortiPAM
Available in

Hardware Virtual Public

Form Factors Machine Cloud

Privileged Account attack remains a high profile and widespread attack vector. One element which highlights the critical nature
of these attacks is the analysis which reveals the average recovery time from such an attack is measured in the hundreds of
days!

Privileged Access is defined as access to an account with privileges beyond those of regular accounts, typically in keeping with
roles such as IT Managers and System Administrators. Examples of privileged access include: Firewall & Network Administrators,
Windows Domain/Enterprise admin users, and so on.

FortiPAM protects privileged accounts against credential theft and privilege abuse by managing account credentials, controlling
privileged user access, and monitoring privileged activity.

This ordering guide is designed to help you choose the right solution for your customers.

Key features of FortiPAM:

• Secret Management
• Secret access request/approval
• Secret check-out/check-in protection
• Scheduled automated password changing
• Broad (and growing) selection of native protocol launchers
• ZTNA device tag to control access to PAM server and PAM secrets
• Fully supports Service Account discovery and maintenance
• AES256 Encryption of Secrets
• Session Management
• Anti-Virus & DLP scanning for web based file transfer (Web SFTP, Web SAMBA) and SCP based file transfer
• Advanced RDP authentication protocol including CredSSP, TLS
• SSH Command filtering & Logging
• Detailed session information, Session recording, Session reporting
• Over-the-Shoulder Monitoring
• In-Session recording notifications
• Detailed Session Auditing, reporting & FortiAnalyzer Integration
• Continuous ZTNA policy enforcement
• Windows Application Control
• Block Copy actions on session launch
1
ORDERING GUIDE | FortiPAM

• User Management
• MultiFactor Authentication for local PAM users or remote SAML, Radius, LDAP user
• Fine-grained Role based access control
• User, Group based permission control
• Full Sponsor-Admin support
• LDAP Importing
• Remote User Autoprovision with Policy based access profile enforcement
• Distributed
• FortiPAM now supports a fully distributed architecture.
• Allows users to tunnel sessions to remote destinations
• Connectivity to remote destination can be achieved on several platforms:
• FortiPAM -> FortiPAM
• FortiPAM -> FortiProxy
• FortiPAM -> FortiGate
• High Availability
FortiPAM integrates with Fortinet’s ZTNA technology to establish secure tunnels between the endpoint and the FortiPAM server.
This approach facilitates a robust security posture, leaning into the full scope of ZTNA tags.

Note: ZTNA Integration requires installation of Fortinet FortiClient agent (Which include the FortiPAM agent capabilities.)

In cases where FortiClient install is impossible, FortiPAM offers a feature-rich browser extension. Alongside the FortiClient Agent
on the Product Downloads page, users may additionally locate their preferred browser extension.

The table below summarizes the available FortiPAM features based on whether the user endpoint installs the web extension
only, the standalone PAM agent, the full FortiClient agent, or with no agent or extension (i.e., pure web mode)
FORTICLIENT STANDALONE NO AGENT OR EXTENSION
FEATURES EXTENSION ONLY FORTICLIENT STANDARD
FORTIPAM INSTALLER (WEB MODE)

Windows OS    

Linux OS  

MacOS  

ZTNA 

Web SSH, Web-RDP, Web-VNC, Web-

   
SFTP, Web-SMBA1

Proxy mode web browsing (credential

  
Denied from end user)2

Session recording   

Instant video uploading   

Live Session Monitoring   

Native program Putty key/password, mst-

 
sc, vncviewer, winscp proxy mode3

Native program Putty password, mstsc

 
direct mode4

1 Only supports proxy mode; credential protected in PAM

2 Credential denied from end user
3 Credential protected in PAM
4 Credential delivered to FortiClient with permission protection
2
 ORDERING GUIDE | FortiPAM

LICENSE ORDERING INFORMATION

Licensing is spread across three main product areas:
§ Hardware Units & Services
§ User-license Upgrade for Hardware Models
§ VM based appliances, each offering a set value of users.
See below for full SKU details:
FORTIPAM HARDWARE SKU DESCRIPTION

FPA-1000G Privileged Access Management appliance, including user licensing for up to 50 users

FortiPAM-1000G FC-10-PA1KG-681-02-DD Antivirus and Data Leak Prevention protection

FC-10-PA1KG-247-02-DD FortiCare Premium Support

UNIT SKU DESCRIPTION

FPA-3000G Privileged Access Management appliance, including user licensing for up to 100 users

FortiPAM-3000G FC-10-PA3KG-681-02-DD Antivirus and Data Leak Prevention protection

FC-10-PA3KG-247-02-DD FortiCare Premium Support

FORTIPAM - FPM-HW-UG SKU DESCRIPTION

FPM-HW-25UG Adds 25 users to FPAM HW models' user limit.Stackable license.Support included.

FPM-HW-50UG Adds 50 users to FPAM HW models' user limit.Stackable license.Support included.

FPM-HW-UG
FPM-HW-100UG Adds 100 users to FPAM HW models' user limit.Stackable license.Support included.

FPM-HW-200UG Adds 200 users to FPAM HW models' user limit.Stackable license.Support included.

FORTIPAM-VM SKU DESCRIPTION

Subscription for one FortiPAM Virtual Machine seat for between 5 to 9 users. Includes FortiClient VRS agent for
FC1-10-PAVUL-591-02-DD
FPAM. Includes Advanced Malware Protection. Includes FortiCare Premium support. HA requires additional license

Subscription for one FortiPAM Virtual Machine seat for between 10 to 24 users. Includes FortiClient VRS agent for
FC2-10-PAVUL-591-02-DD
FPAM. Includes Advanced Malware Protection. Includes FortiCare Premium support. HA requires additional license

Subscription for one FortiPAM Virtual Machine seat for between 25 to 49 users. Includes FortiClient VRS agent for
FC3-10-PAVUL-591-02-DD
FPAM. Includes Advanced Malware Protection. Includes FortiCare Premium support. HA requires additional license
FortiPAM-VM
Subscription for one FortiPAM Virtual Machine seat for between 50 to 99 users. Includes FortiClient VRS agent for
FC4-10-PAVUL-591-02-DD
FPAM. Includes Advanced Malware Protection. Includes FortiCare Premium support. HA requires additional license

Subscription for one FortiPAM Virtual Machine seat for between 100 to 249 users. Includes FortiClient VRS agent for
FC5-10-PAVUL-591-02-DD
FPAM.Includes Advanced Malware Protection. Includes FortiCare Premium support. HA requires additional license

Subscription for one FortiPAM Virtual Machine seat for 250 or more users. Includes FortiClient VRS agent for FPAM.
FC6-10-PAVUL-591-02-DD
Includes Advanced Malware Protection. Includes FortiCare Premium support. HA requires additional license

EXAMPLES
If you need to license 6 FortiPAM-VM users, you would order: 6 x FC1-10-PAVUL-591-02-DD.

If you need to license 23 FortiPAM-VM users, you would order: 23 x FC2-10-PAVUL-591-02-DD

Importantly, FortiPAM fully supports an HA and DR Configurations. In instances where customers may wish to install an HA
configuration, an example Bill of Materials would be as follows:

If you need 200 FortiPAM-VM users with HA, you would order: 2 x (200 x FC5-10-PAVUL-591-02-DD)

If you need to license 80 users on a FortiPAM-1000G you would order: 1xFPA-1000G + 1xFPM-HW-50UG

Note: The overall maximum number of user licenses which can be stacked depends on the platform:
§ FortiPAM-VM: Maximum 3000 enabled users
§ FortiPAM-1000G: Maximum 1000 enabled users
§ FortiPAM-3000G: 3000 enabled users

3
ORDERING GUIDE | FortiPAM

WHERE TO FIND AGENTS AND EXTENSIONS

EXTENSIONS:
Chrome: FortiPAM Password Filler

Edge: FortiPAM Password Filler

You can also find them on: https://www.fortinet.com/support/product-downloads

FORTIPAM AGENT:
Please refer to the FortiClient Product Download Page for downloading either the full FortiClient ZTNA installer and the
standalone (free) FortiPAM agent.

Visit www.fortinet.com for more details

Copyright © 2024 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or
company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other condi-
tions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s SVP Legal and above, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

FPA-OG-R7-20241004