Description
FortiGate 900G Series is a high-performance, 1RU next-generation firewall built for enterprise edge, campus, and data-center segmentation. It combines AI/ML-powered FortiGuard security, deep SSL inspection, and secure SD-WAN in FortiOSbacked by Fortinets purpose-built SPU hardware (NP7 + CP9) to deliver very high throughput without becoming a bottleneck.
At a glance (Enterprise Traffic Mix)
IPS: 42 Gbps
NGFW: 31 Gbps
Threat Protection: 30 Gbps
Interfaces: 4x 25GE SFP28 (ULL), 4x 10GE/GE SFP+/SFP, 8x GE SFP, 16x GE RJ45 + dedicated MGMT + 2.5GE/GE HA, USB, console
What its for
-
Large environments that need serious throughput + deep inspection (including TLS 1.3 SSL inspection)
-
Hybrid WAN edge (secure SD-WAN) and universal ZTNA for controlled access to apps
-
Segmentation at scale (VXLAN + Layer 4 rules) to reduce lateral movement across networks
Core use cases
Next-Generation Firewall (NGFW)
-
AI-powered FortiGuard services integrated into the firewall to protect web, content, and devices against ransomware, malware, zero-days, and advanced attacks
-
Real-time SSL inspection (TLS 1.3) for visibility into users, devices, and applications
-
SPU acceleration for consistent high-performance security enforcement
Secure SD-WAN
-
Single FortiOS framework for WAN edge security + networking + centralized management
-
Designed for hybrid work, SD-Branch, and cloud-first WAN architectures
-
Automation, analytics, and self-healing to reduce operational overhead
Universal ZTNA
-
Enforces access policies consistently regardless of where the user/app is
-
Strong authentication and posture checks before access is granted
-
Supports FortiClient agent-based access or agentless proxy portal (guest/BYOD)
Segmentation
-
Dynamic segmentation across branch, data center, and multi-cloud
-
VXLAN segmentation bridging physical/virtual domains with low latency
-
Reduces lateral movement with coordinated protection and virtual patching
Security services (FortiGuard AI-Powered Security Services)
-
Network/file security: IPS (18,000+ signatures), malware protection, sandboxing, application control, and virtual patching
-
Web/DNS security: DNS filtering, URL filtering (300M+ URL database), IP reputation, anti-botnet
-
SaaS/data security: DLP, inline CASB, risk and configuration assessment, IoT detection/correlation
-
Zero-day prevention: inline AI malware prevention + MITRE ATT&CK integration
-
OT security: virtual patches, OT app visibility, protocol rules/decoders for OT defense
Why it performs so well (SPU hardware)
-
NP7 (Network Processor): accelerates sessions, ultra-low latency flows, VPN/VXLAN termination, hardware logging, and large/elephant flows
-
CP9 (Content Processor): accelerates SSL/TLS 1.3 decryption and heavy security processing (IPS pre-scan, signature correlation offload, AV acceleration)
Hardware & reliability
-
1RU rack-mount, forced airflow (side/front to back), ~58 dBA
-
Dual hot-swappable power supplies (AC or DC variants) for redundancy
-
TPM for hardware key protection and platform hardening
-
Optional onboard storage on 901G models (2x 480GB SSD)
Performance & capacity highlights
-
IPv4 firewall throughput (1518/512/64B UDP): 164 / 163 / 153 Gbps
-
Firewall PPS: 229.5 Mpps
-
Concurrent sessions: 16 million
-
New sessions/sec: 720,000
-
IPsec VPN throughput: 55 Gbps
-
SSL-VPN throughput: 10 Gbps (recommended max 10,000 users)
-
SSL inspection throughput: 16.7 Gbps
-
VDOMs: 10 default / 50 max
-
Max FortiAPs: 2048 total / 1024 tunnel
-
Max FortiSwitches: 196 (requires FortiOS 7.6.1+; older releases support up to 96)
Models (quick pick)
-
FG-900G / FG-900G-DC: dual PSU (AC or DC), no onboard SSD
-
FG-901G / FG-901G-DC: same platform + 2x 480GB onboard SSD (AC or DC)
View data sheet: FortiGate 900G Series Data Sheet