Description
FortiDDoS — AI/ML-Powered DDoS Attack Detection and Mitigation Platform
FortiDDoS is a fully autonomous DDoS mitigation platform using massively parallel machine learning to deliver 100% packet inspection across Layer 3, 4, and 7 — detecting and stopping known and zero-day attacks from the first packet with no operator intervention required.
Key Performance
- 200F: 8 Gbps / 9 Mpps inspected mitigation, sub-1 second response
- 1500F/1500F-LR: 22 Gbps / 27 Mpps inspected mitigation, sub-1 second response
- 2000F: 41 Gbps / 50 Mpps inspected mitigation, sub-1 second response
- 1500E: 45 Gbps inspected / 280 Gbps max mitigation
- 2000E/2000E-DC: 90 Gbps inspected / 280 Gbps max mitigation
- 3000G: 85 Gbps inspected / 104 Mpps, sub-1 second response
- Maximum latency: <70Ç?¶æs across all models
- DNS inspection: up to 12 million queries per second
- NTP inspection: up to 6 million queries per second
Hardware Appliances
- FortiDDoS 200F — 1RU, 8x port-pairs (4x GE RJ45 bypass, 2x GE LC optical bypass, 2x GE SFP), 480GB SSD, dual PSU
- FortiDDoS 1500F — 2RU, 4x port-pairs (2x 10GE SFP+ and 2x 10GE LC optical bypass), 480GB SSD, dual PSU
- FortiDDoS 1500F-LR — As above with long-range 1310nm/1550nm optical bypass
- FortiDDoS 2000F — 2RU, 4x port-pairs (2x 10GE SFP+ and 2x 40GE QSFP+), 960GB SSD, dual PSU
- FortiDDoS 1500E — 2RU, 10x port-pairs (8x 10GE SFP+ and 2x 40/100GE QSFP+/QSFP28), 960GB SSD, dual AC PSU
- FortiDDoS 2000E — 2RU, same as 1500E with doubled throughput, dual AC PSU
- FortiDDoS 2000E-DC — As 2000E with dual DC power supply
- FortiDDoS 3000G — 2RU, 4x port-pairs (2x 100GE QSFP28 and 2x 10GE SFP+), 1.92TB SSD, dual AC PSU
Virtual Appliances
- VM04 — 4 vCPU, 3 Gbps throughput, 4 service protection profiles, 16GB RAM
- VM08 — 8 vCPU, 5 Gbps throughput, 8 service protection profiles, 16GB RAM
- VM16 — 16 vCPU, 10 Gbps throughput, 16 service protection profiles, 32GB RAM
- Hypervisor support: VMware ESXi 6.x/7.x, KVM (libvirt 6.0.0+)
- Note: Not suitable for AWS, Azure, or Google Cloud — must be attached to physical links
Detection & Mitigation Technology
- 100% ML-based detection — no signatures, no subscriptions required
- Monitors 200,000+ parameters per protection profile
- Simultaneous multi-vector attack mitigation with no blind spots
- Continuous attack evaluation to minimise false positives
- Monitors all 256 L3 protocols, all 65,536 TCP/UDP ports, and 10,000+ UDP reflection ports
- TCP state tracking for instant out-of-state attack mitigation
Advanced Protocol Protection
- DNS: 100% bidirectional inspection, reflection flood mitigation from first packet, DNS DQRM, legitimate query and allowlist features
- NTP: 100% bidirectional inspection, reflection flood mitigation from first packet
- DTLS, QUIC, and IKE: anomaly, reflection, and over-threshold rate mitigation (F-Series and 3000G)
- HTTP: URL, referer, cookie, host, user agent, method floods, SSL renegotiation
Deployment & Resilience
- Always-on inline deployment — no diversion or scrubbing delay
- High Availability on all models
- Optical bypass up to 100GE on all models for network continuity during system failure
- Hybrid on-premise/cloud support via open documented Attack Signaling API
- Flowspec script generation for ISP diversion support
- Fortinet Security Fabric integration with real-time dashboard visibility
Management & Reporting
- Full GUI, CLI, and open RESTful API
- RADIUS, LDAP, and TACACS+ authentication including 2FA
- Millions of built-in graphs with 5-minute to 1-year views
- Filterable/exportable attack logs, top attacker summaries, custom on-demand and scheduled reports
- SNMP v2/v3, email alerts, syslog support for FortiAnalyzer, FortiSIEM, and third-party servers
View data sheet:FortiDDoS Series Data Sheet
form