Fortinet FortiADC-5000F
Application Delivery Controllers
4x 100GbE QSFP28 ports, 8 x 40GbE QSFP ports, 1 x GbE RJ45 management port, 1x 960G SSD, dual AC power supplies
Click here to jump to more pricing!
Overview:
The FortiADC Application Delivery Controllers (ADC) optimize the availability, user experience, performance and scalability of Enterprise Application Delivery. The FortiADC family of physical appliances delivers fast, secure and intelligent acceleration and distribution of demanding applications in the enterprise.
Acceleration and Performance
Multi-core processor technology, combined with hardware-based SSL offloading to accelerate application performance.
Application Availability
24x7 application availability through automatic failover, global server load balancing, and link load balancing to optimize WAN connectivity.
Application Protection
Advanced Web Application Firewall protection from the OWASP top 10 and threat detection with Fortinet Security Fabric.
Highlights:
Hardware-Based SSL Offloading, SSL Inspection, and Visibility
FortiADC offloads server-intensive SSL processing with support for 4096-bit keys, TCP connection management, data compression and HTTP request processing from servers. This speeds up response times, reduces load on the backend servers, allowing them to serve more users.
SSL Forward Proxy utilizes FortiADC’s high-capacity decryption and encryption to allow other devices, such as a FortiGate firewall, to easily inspect traffic for threats. An inline pair of FortiADCs at the front end and back end of a firewall remove all encryption so that the firewall isn’t taxed with the additional load of SSL processing. FortiADC ensures seamless re-encryption with certificates intact with no user disruptions.
FortiADC’s Transparent HTTP/S and TCP/S Mirroring Capabilities decrypt secure traffic for inspection and reporting. Copies of clear traffic can be sent for analysis by FortiGate or other third-party solutions for an indepth view of threats that may be hidden in encrypted traffic while FortiADC continues to perform its application delivery functions.
FortiADC integrates with Gemalto’s SafeNet Enterprise Hardware Security Modules (HSMs) to use the advanced security certificates managed by the HSM for the encryption and decryption of secure application traffic. This lets organizations that use Gemalto’s SafeNet HSMs deploy a high-performance ADC solution using a strong, centrally-managed set of certificates and encryption keys.
Disaster Recovery with Global Server Load Balancing
FortiADC’s included Global Server Load Balancing (GSLB) makes your network reliable and available by scaling applications across multiple data centers for disaster recovery or to improve application response times. Administrators can set up rules that direct traffic based on site availability, data center performance and network latency.
Web Application Firewall
FortiADC offers multiple levels of protection to defend against attacks that target your web applications. FortiADC Web Application Firewall can detect a zero day attack and protect from OWASP top-10 and many other threats with multi-vector protection such as SQLi and XSS Protection, Web Scraping, Brute Force, Web Defacement, Protocol Validation (HTTP RFC) and Web Attack Signature using FortiGuard WAF Security Services for layer 7 attacks (subscription required). Also, FortiADC WAF provides full Web Vulnerability Scanning for your website to detect and alert against known attacks.
Optimize Performance with PageSpeed, Caching, and Compression
FortiADC provides multiple services that speed the delivery of applications to users. The PageSpeed suite of website performance enhancement tools can automatically optimize HTTP, CSS, Javascript and image delivery to application users. Caching on FortiADC dynamically stores popular application content such as images, videos, HTML files and other file types to alleviate server resources and accelerate overall application performance. HTTP Compression employs GZIP and DEFLATE to intelligently compress many content types used by today’s latest web-based applications to reduce bandwidth needs and improve the user application experience.
Deep Integration into the Fortinet Security Fabric
As the threat landscape evolves, many new threats require a multi-pronged approach for protecting applications. Advanced Persistent Threats that target users can take many different forms than traditional single-vector attack types and can evade protections offered only by a single device. FortiADC’s antivirus and integration with FortiSandbox extend basic security protections to scan file attachments for known and unknown threats.
DDoS Application, Web Filtering, IPS, Geo-IP and IP Reputation for Enhanced Security
FortiGuard Web Filtering works with FortiADC’s SSL Forward Proxy feature to simplify the process of managing exceptions for secure traffic inspection. Instead of manually configuring single URLs, Web Filtering gives administrators the ability to choose websites by category type to enable or disable SSL traffic inspection as a group instead of on a site by site basis. FortiADC also supports our FortiGuard which provides multi services such as: IPS, Antivirus and IP Reputation service (subscription required) that protects you from sources associated with DoS/DDoS attacks, phishing schemes, spammers, malicious software and botnets.
Scripting to Extend Built-in Features
FortiADC’s Lua-based scripting language gives you the flexibility to create custom, event-driven rules using predefined commands, variables and operators. Using easy-to-create scripts, you get the flexibility you need to extend your FortiADC with specialized business rules that give you almost unlimited possibilities for server load balancing, health checks, application validation, content routing, and content rewriting to meet the needs of your organization.
Link Load Balancing
Built-in Link Load Balancing (LLB) gives you the option to connect your FortiADC to two or more WAN links to reduce the risk of outages or to add additional bandwidth to relieve traffic congestion. FortiADC supports inbound and outbound Link Load Balancing to manage traffic leaving or entering the device. Using policy routing, FortiADC can support complex NAT and routing requirements to address almost any network LLB architecture. With Tunnel Routing you get high-speed, reliable site-to-site connectivity without the need to lease expensive WAN links. It aggregates multiple links to create a virtual tunnel to a remote data center that ensures availability especially for applications that are time sensitive and require large single-session bandwidth such as video conferencing.
Analytics and Visibility
FortiADC offers real-time and historical information about your appliance, which includes the logical topology of real-server pools, user/application data-analytics, security threats, attack maps and some other system events and alerts.
VM and Public Cloud Options
FortiADC provides maximum flexibility in supporting your virtual and hybrid environments. The virtual versions of FortiADC support all the same features as our hardware-based devices and can be deployed in VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, and KVM platforms. FortiADC is also available for Amazon Web Services, Microsoft Azure, Google Cloud and Oracle Cloud.
Features:
Application Availability
Easy to use and configure Layer 4/7 policy and group management
- Virtual service definition with inherited persistence, load balancing method and pool members
- Static, default and backup policies and groups
- Layer 4/7 application routing policy
- Layer 4/7 server persistence
- Application load balancing based on round robin, weighted round robin, least connections, shortest response
- Granular real server control including warm up rate limiting and maintenance mode with session ramp down
- Custom Scripting for SLB and Content Rewriting
- Application Templates for Microsoft Applications including SharePoint, Exchange and Windows Remote Desktop
- Application and script health checks
- Clone Traffic Pools
Layer 4 Application Load Balancing
- TCP, UDP stateless protocols supported
- Round robin, weighted round robin, least connections, shortest response
- L4 dynamic load balancing based on server parameters (CPU, Memory and disk)
- Persistent IP, has IP/port, hash header, persistent cookie, hash cookie, destination IP hash, URI hash, full URI hash, host hash, host domain hash
Layer 7 Application Load Balancing
- DNS, HTTP, HTTPS, HTTP 2.0 GW, FTP, SIP, RDP, RADIUS, MySQL, RTMP, RTSP supported
- L7 content switching – HTTP Host, HTTP Request URL, HTTP Referrer – Source IP Address
- URL Redirect, HTTP request/response rewrite (includes HTTP body)
- Layer 7 DNS load balancing, security, and caching
- 403 Forbidden Rewrite
- Content rewriting
Link Load Balancing
- Inbound and outbound LLB
- Support for Policy Route and SNAT
- Multiple health check target support
- Configurable intervals, retries and timeouts
- Tunnel Routing
Global Server Load Balancing (GSLB)
- Global data center DNS-based failover of web applications
- Delivers local and global load balancing between multi-site SSL VPN deployments
- DNSSEC
- DNS Access Control Lists
- GSLB setup wizard
Deployment Modes
- One arm-mode (Proxy with X-forwarded for support)
- Router mode
- Transparent mode (switch)
- High Availability (AA/AP Failover)
Web Application Firewall
Application Protection
- OWASP Top 10
- Web Attack Signature
- Bot Detection
- Web Vulnerability Scanner
- HTTP RFC compliance
Security Services
- SQLi/XSS Injection Detection
- Web Scraping
- CSRF Protection
- Brute Force Protection
- Web Defacement Protection
- Data Leak Prevention
- File Restriction
- Cookie Security
- XML/JSON/SOAP Validation
- HTTP Header Security
Application Acceleration
SSL Offloading and Acceleration
- Offloads HTTPS and TCPS processing while securing sensitive data
- Full certificate management features
- SSL Forward Proxy for secure traffic inspection
- HTTP/S Mirroring for traffic analysis and reporting
- Support TLS 1.3
HTTP and TCP Optimization
- 100x acceleration by off-loading TCP processing
- Connection pooling and multiplexing for HTTP and HTTPS
- HTTP Page Speed-UP for Web Server Optimization and Acceleration
- TCP buffering
- HTTP Compression and Decompression
- HTTP Caching (static and dynamic objects)
- Bandwidth allocation with Quality of Service (QoS)
- HTTP and Layer 4 Rate Limiting
Authentication Offloading
- Local
- LDAP
- RADIUS
- Kerberos
- SAML 2.0 (SP & Idp)
- Two-Factor Authentication — FortiToken and Google Authentication
Networking
- NAT for maximum flexibility and scalability
- VLAN and port trunking support
- Cisco ACI, Nutanix, OpenStack and Ansible
- NVGRE and VXLAN Support
- BGP and OSPF with Route Health Inspection (RHI)
- IPv6 Support
- IPv6 routing
- IPv6 firewall rules
Application Security
- FortiGuard Antivirus and FortiSandbox integration
- GEO IP security and logs (subscription required)
- Stateful firewall
- Web Filtering (subscription required)
- IP Reputation (subscription required)
- IPv4 and 6 firewall rules
- Granular policy-based connection limiting
- Syn Cookie Protection
- Connection Limits
- Intrusion Prevention System (subscription required)
- Application DDoS Protection
- DNS Security
Management
- Single point of cluster management
- CLI Interface for configuration and monitoring
- Secure SSH remote network management
- Secure Web UI access
- Central management for multiple FortiADC devices
- RESTful API
- SNMP with private MIBs with threshold-based traps
- Real-time Data Analytics
- Syslog support
- Role-based administration
- In-build diagnostic utilities
- Real-time monitoring graphs
- Built-in reporting
- FortiView Integration
- Data Analytics
- Getting Started wizard for first-time login
- Virtual Domains (VDOMs)
Specifications:
FortiADC 60F | FortiADC 100F | FortiADC 200F | FortiADC 300D | FortiADC 400D | FortiADC 1000F | FortiADC 2000F | FortiADC 4000F | FortiADC 5000F | |
---|---|---|---|---|---|---|---|---|---|
Hardware Specifications | |||||||||
L4 Throughput | 500 Mbps | 1.5 Gbps | 3 Gbps | 6.0 Gbps | 12.0 Gbps | 20.0 Gbps | 40.0 Gbps | 60.0 Gbps | 200.0 Gbps |
L7 Throughput | 450 Mbps | 1.3 Gbps | 2.5 Gbps | 4.0 Gbps | 8.0 Gbps | 17.5 Gbps | 24 Gbps | 35 Gbps | 150 Gbps |
SSL TPS (2048 keys) | 55 | 500 | 900 | 1,500 | 7,000 | 20,000 | 37,000 | 54,000 | 80,000 |
Compression Throughput | 400 Mbps | 1.0 Gbps | 2.1 Gbps | 2.6 Gbps | 6.1 Gbps | 13.5 Gbps | 18.0 Gbps | 25.0 Gbps | 25.0 Gbps |
SSL Acceleration Technology | Software | Software | Software | Software | ASIC | ASIC | ASIC | ASIC | ASIC |
Memory | 4 GB | 4 GB | 4 GB | 8 GB | 8 GB | 16 GB | 32 GB | 64 GB | 192 GB |
Virtual Domains | 2 | 10 | 10 | 10 | 20 | 45 | 60 | 90 | 90 |
Network Interfaces | 5x GE R45 | 6x GE RJ45 | 4x GE RJ45 | 4x GE RJ45, 4x GE SFP | 2x 10 GE SFP+ slots, 4x GE SFP ports, 4x GE ports | 4x 10 GE SFP+, 8x GE SFP, 8x GE RJ45 | 8x 10 GE SFP+, 8x GE SFP, 8x GE RJ45 | 8x GE SFP, 4x 10 GE SFP+, 2x 40 GE QSFP+ | 4x 100 GE QSFP28, 8x 40 GE QSFP |
10/100/1000 Management Interface | — | — | — | — | — | 1 | 1 | 1 | 1 |
Storage | 64 GB SSD | 64 GB SSD | 1 TB Hard Disk | 128 GB SSD | 128 GB SSD | 128 GB SSD | 240 GB SSD | 480 GB SSD | 960 GB SSD |
Management | HTTPS, SSH CLI, Direct Console DB9 CLI, SNMP | HTTPS, SSH, CLI, Direct Console DB9 CLI, SNMP | HTTPS, SSH, CLI, Direct Console DB9 CLI, SNMP | HTTPS, SSH, CLI, Direct Console DB9 CLI, SNMP | HTTPS, SSH CLI, Direct Console DB9 CLI, SNMP | HTTPS, SSH CLI, Direct Console DB9 CLI, SNMP | HTTPS, SSH CLI, Direct Console DB9 CLI, SNMP | HTTPS, SSH CLI, Direct Console DB9 CLI, SNMP | HTTPS, SSH CLI, Direct Console DB9 CLI, SNMP |
Power Supply | Single | Single | Single | Single | Single (optional Dual) | Dual | Dual | Dual | Dual |
Environment | |||||||||
Form Factor | 1U Appliance | 1U Appliance | 1U Appliance | 1U Appliance | 1U Appliance | 1U Appliance | 1U Appliance | 2U Appliance | 2U Appliance |
Input Voltage | 100–240V, 50–60Hz | 100–240V AC, 50–60 Hz | 90–264V AC, 47–63 Hz | 100–240V AC, 50–60 Hz | 100–240V AC, 50–60 Hz | 100–240V AC, 63–47 Hz | 100–240V AC, 63–47 Hz | 100–240V AC, 63–47 Hz | 220–240V AC |
Power Consumption (Average / Maximum) | 14.3 W / 11.9 W | 40 W / 60 W | 60 W / 72 W | 96 W / 115 W | 109 W / 130.8 W | 320 W / 267 W | 340 W / 282 W | 360 W / 300 W | 2200 W |
Maximum Current | 115Vac/0.9A, 230Vac/0.6A | 100V/1.5A, 240V/0.6A | 115V/6A, 230V/3A | 100V/5A, 240V/3A | 100V/5A, 240V/3A | 120V/7.1A, 240V/3.4A | 120V/7.1A, 240V/3.4A | 120V/8A, 240V/4A | 120V / 11.8A, 240V / 9.6A |
Heat Dissipation | 49 BTU/h | 132–163 BTU/h | 205 BTU/h | 392.4 BTU/h | 446.3 BTU/h | 1092 BTU/h | 1160 BTU/h | 1228 BTU/h | 7506 BTU/h |
Operating Temperature | 32–104°F (0–40°C) | 32–104°F (0–40°C) | 32–104°F (0–40°C) | 32–104°F (0–40°C) | 32–104°F (0–40°C) | 32–104°F (0–40°C) | 32–104°F (0–40°C) | 32–104°F (0–40°C) | 50–95°F (10–35°C) |
Storage Temperature | -31–158°F (-35–70°C) | -4–167°F (-20–75°C) | -13–158°F (-25–70°C) | -13–158°F (-25–70°C) | -13–158°F (-25–70°C) | -13–158°F (-25–70°C) | -13–158°F (-25–70°C) | -13–158°F (-25–70°C) | -40–140°F (-40–60°C) |
Humidity | 20–90% non-condensing | 10–85% relative humidity, non-operating, non-condensing | 5–95% non-condensing | 5–95% non-condensing | 5–95% non-condensing | 5–95% non-condensing | 5–95% non-condensing | 5–95% non-condensing | 8–90% non-condensing |
Compliance | |||||||||
Regulatory Compliance | FCC Part 15 Class A, C-Tick, VCCI Class A, CE, UL/c | CE, FCC, RCM, VCCI, BSMI | |||||||
Safety | CSA, C/US, CE, UL | UL, CB, IEC | |||||||
Dimensions | |||||||||
Height x Width x Length (inches) | 1.5 x 8.5 x 6.3 | 1.75 x 17.3 x 10.55 | 1.75 x 17.05 x 13.86 | 1.73 x 17.24 x 16.38 | 1.73 x 17.24 x 16.38 | 1.7 x 17.24 x 20.87 | 1.7 x 17.24 x 20.87 | 3.46 x 17.24 x 20.87 | 3.4 x 17.2 x 30.2 |
Height x Width x Length (mm) | 38 x 216 x 160 | 44 x 440 x 268 | 45 x 433 x 352 | 44 x 438 x 416 | 44 x 438 x 416 | 44 x 438 x 530 | 44 x 438 x 530 | 88 x 438 x 530 | 80.6 x 436.9 x 777.2 |
Weight | 2.2 lbs (1 kg) | 9.9 lbs (4.5 kg) | 17.2 lbs (7.87 kg) | 20 lbs (9.07 kg) | 22 lbs (9.97 kg) | 22.6 lbs (10.3 kg) | 22.6 lbs (10.3 kg) | 27 lbs (12.25kg) | 68.3 lbs (31 kg) |
Documentation:
Download the FortiADC Series Datasheet (.PDF)
Pricing Notes:
- All prices displayed are Ex-VAT. 20% VAT is added during the checkout process.
- FortiADC 24x7 Standard Bundle Contract
Advanced Hardware Replacement (NBD), Firmware and General Upgrades, 24x7 Support, FortiADC WAF Security Service, & IP Reputation Service - FortiADC 24x7 Advanced Bundle Contract
Advanced Hardware Replacement (NBD), Firmware and General Upgrades, 24x7 Support, AV, WAF, IP Reputation, and FortiSandbox Cloud Service - 24x7 FortiCare Contract
24x7 Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades - FortiDDoS 24x7 FortiCare Contract
24x7 Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades. This service level includes a FortiDDoS responsiveness SLA of 30 minutes for Priority 1 incidents. - Prices are for one year of Premium RMA support. Usual discounts can be applied.
- Annual contracts only. No multi-year SKUs are available for these services.
- Contact Fortinet Renewals team for upgrade quotations for existing FortiCare contracts.
- Pricing and product availability subject to change without notice.
4x 100GbE QSFP28 ports, 8 x 40GbE QSFP ports, 1 x GbE RJ45 management port, 1x 960G SSD, dual AC power supplies