Sold by: Fortinet Inc.
Deployed on AWS
Free Trial
AWS Free Tier
A next-generation cloud firewall service, FortiGate Cloud-Native Firewall (CNF) protects from threats including malware, data exfiltration and communications with malicious IP addresses.
Overview
FortiGate CNF delivers an easy-to-deploy, advanced cloud-native firewall service that secures cloud network traffic, while eliminating the need for network redesigns and maintenance. Powered by FortiOS and FortiGuard Labs threat intelligence, FortiGate CNF protects from malware, data breaches and botnets by blocking risky traffic connections, and enforces compliance with geo-specific policies, blocking traffic to/from specified countries.
FortiGate CNF offers:
-
Enterprise-Grade Protection: Stop attacks and data exfiltration with market-leading NGFW security capabilities such as intrusion prevention (IPS), Data Leak Prevention (DLP), advanced filtering based on AI-powered threat intelligence from FortiGuard Labs.
-
Quick and Easy Set Up: Simply subscribe from the AWS marketplace and follow the built-in setup wizard to deploy CNF instances in minutes. FortiGate CNF comes with predefined policies and default security profiles for rapid deployment.
-
Simplified Security Management: Apply policies and monitor security with the intuitive FortiGate CNF management console or use FortiManager for hybrid FortiGate deployments. FortiGate CNF also integrates seamlessly into AWS Firewall Manager.
-
Dynamic Security: Ensure consistent security with dynamic policies that use cloud meta data tags to follow your cloud workloads, eliminating the need for static IP updates as operations change.
-
Regulatory Compliance: FortiGate CNF can assist in meeting regulatory compliance requirements, including GDPR, HIPAA, and PCI-DSS.
-
Flexible Pricing: Pay-as-you-go and optimize costs with just one firewall service instance for an entire region. FortiGate CNF is also available as an annual subscription.
Try FortiGate CNF with a 30-day free trial. After the free trial, you can transition to pay-as-you-go pricing as listed below.
Get started:
- FortiGate CNF Demo Video: https://bit.ly/CNFdemo
- Getting Started Tutorial Video: https://bit.ly/3QIYNOh_Tutorial
- Reach out to our customer success team for questions or help getting set up: CNF_CSM@fortinet.com
Visit the FortiGate CNF Community Resource Hub to find onboarding, deployment, and technical information and join in discussions: https://community.fortinet.com/t5/FortiGate-CNF-All-Marketplaces/gh-p/fortigate-cnf-on-aws
Highlights
- Advanced Network Protection: Featuring Geo-IP blocking, advanced filtering, and robust threat protection, FortiGate CNF offers comprehensive visibility and advanced security.
- Streamlined Security Management: With the ability to aggregate security from all VPCs and accounts in an AWS region into a single FortiGate CNF, security is consolidated and a single policy can be applied to all resources selected.
- Lower costs: With no security software infrastructure to build, deploy and operate, only pay for security functionality that is utilized.
Details
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Hours a CNF instance is deployed and is running. | $2.20 |
GB of Traffic Processing | $0.022 |
Advanced Security Processing Units (see documentation) | $0.022 |
Hours for deployed Cost Optimized FortiGate-CNF Instances including support | $1.10 |
Vendor refund policy
No refunds
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Fortinet FortiCare support offerings provide global support and deliver best-in-class support services. With FortiCare support, customers can be assured that their Fortinet security products are performing optimally and protecting their corporate assets.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Check Point Software Technologies
By Palo Alto Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Network Traffic Protection
Advanced cloud-native firewall service powered by FortiOS and FortiGuard Labs threat intelligence for securing cloud network traffic
Threat Intelligence
AI-powered intrusion prevention (IPS), data leak prevention (DLP), and advanced filtering capabilities to block malicious traffic and potential security breaches
Dynamic Policy Management
Security policies that dynamically use cloud metadata tags to follow cloud workloads without requiring static IP updates
Geo-Specific Security Control
Enforcement of compliance policies through geo-IP blocking and traffic restrictions to/from specified countries
Multi-Account Security Aggregation
Capability to consolidate security across multiple VPCs and accounts within an AWS region using a single firewall instance
Network Traffic Inspection
Inspects traffic entering and exiting private subnets in VPC ("North-South") and between VPCs ("East-West")
Advanced Threat Prevention
Provides multi-layered security capabilities including firewall, IPS, threat emulation, and threat extraction with advanced catch rates
Cloud Infrastructure Integration
Supports infrastructure-as-code tools like Terraform and Ansible, dynamically adapts security policies based on cloud metadata
Security Protocol Coverage
Comprehensive security features including Data Loss Prevention, application control, IPsec VPN, URL filtering, antivirus, and anti-Bot protection
Cloud Service Compatibility
Integrates with AWS services including Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, and AWS Transit Gateway
Network Traffic Processing
Supports DPDK on C5, C5n, M5, and M5n instances running on AWS Nitro System for efficient traffic processing
Threat Prevention
Provides dynamic traffic identification, malware prevention, and threat intelligence technologies to stop known and unknown attacks
Security Policy Management
Enables whitelisting and segmentation policies dynamically updated based on AWS tags to reduce attack surface
Cloud Integration
Supports native AWS services integration including AWS Auto Scaling, ELB, Transit VPC, AWS Transit Gateway, and Gateway Load Balancer
Security Monitoring
Integrates with Amazon GuardDuty and AWS Security Hub for automatic blocking of potentially malicious activities
Standard contract
No
No
No
Customer reviews
3.8
7 ratings
7 AWS reviews
|
24 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Andrew_Jackson
Centralized management has streamlined access for staff and support has consistently addressed issues quickly
Reviewed on Nov 03, 2025
Review provided by PeerSpot
What is our primary use case?
The major use case for this product is if customers have on-prem hardware to protect, along with the other use cases with SD-WAN and VPN connectivity.
What is most valuable?
Centralized management definitely helps us manage security operations. A single pane of glass management is a bonus for us. We can give our staff access to the portal, and they can access all our customers. So it is definitely one of the reasons that we use the product.
For stability, we have not had too many issues. Occasionally an update might fail, so out of 10, I would give it probably an eight.
What needs improvement?
I see areas for improvement, particularly around the SSL VPN . It is a tool that we have used quite heavily, but it has a lot of vulnerabilities and they are starting to be dropping support for it. So we kind of see that they have left a vacuum by removing that feature.
The VPN feature is indeed the main concern so far. Security around it is a concern, and then the fact that they have just dropped it and have not really provided a solution that fits for us. Their solution was either IPsec or ZTNA , which is not as flexible as the SSL VPN was for our customers.
For how long have I used the solution?
We have been using FortiGate Cloud-Native Firewall (FortiGate CNF) for probably about five or six years.
What do I think about the stability of the solution?
Occasionally an update might fail, so out of 10, I would give it probably an eight.
What do I think about the scalability of the solution?
I would probably give scalability of FortiGate Cloud-Native Firewall (FortiGate CNF) around a nine. There is definitely room for improvement, but for our needs, it does probably 90% of the work that we need it to do.
How are customer service and support?
For technical support from the vendor, I would give it probably an eight as they are fairly responsive and usually fairly knowledgeable. We have had to open a few tickets.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have worked with other firewalls and SD-WAN products apart from Fortinet. Our other products are mainly Ubiquiti, so EdgeRouters and UniFi, which we use for smaller businesses that do not require heavy security. In the past, I have used Juniper at a previous job that was replaced with a FortiGate. We have also used some Cisco Meraki, but we do not appreciate the fact that they essentially hold you for ransom by turning off your internet if you do not pay your bill on time, which makes it hard to pay the bill and run the business. So we tend to steer away from Meraki. That is probably the majority of the devices. There are a couple of MikroTiks and others as well.
How was the initial setup?
FortiGate Cloud-Native Firewall (FortiGate CNF) is easy to install and deploy, though there is probably a small learning curve for most people. It is not as dramatic as some of the others; for example, Meraki has a fairly dramatic learning curve. Whereas Juniper is fairly easy to learn. Fortinet is relatively easy to learn and intuitive once you know where to find everything.
What other advice do I have?
We only use Fortinet products.
When we say we work with FortiGate Cloud, we mean FortiGate Cloud-Native Firewall (FortiGate CNF) and essentially the cloud version of FortiManager.
I am fairly happy with the product. There have been a few security incidents with them, but feature-wise, we are fairly happy. Primarily around the SD-WAN configurability and somewhat the VPN, although SSL VPN being one of the security vulnerabilities that they had. So those are probably our main reasons that we go for the FortiGates over other products.
I have not had a chance to work with the AI-powered threat intelligence. It is something we are probably going to be looking into shortly, but nothing that we have looked at at the moment.
The insights I have gained into network activities are not something our customers are too interested in. I have used the analytics in the past for Fortinet with other jobs. But our customer base is not interested in that side of things. It is useful if we are needing to look into an incident. But they are not wanting constant reports.
In the product, the automated security provisioning feature is probably not something that we are using currently.
From FortiGate Cloud-Native Firewall (FortiGate CNF), I see a positive impact as they are fairly quick to react to any issues. We have had to open a few support cases for issues that we are having and they are fairly quick to react and assist.
Comparing licenses, I think that a license for Fortinet is relatively fair for what you get. As I mentioned, with Meraki, Fortinet does not shut down your services if you do not pay. You just lose some functionality, but it still operates. Most of our customers are happy with the prices, and we have not had too many questions about it.
We are an MSP who provide IT services for around 500 customers, and we have about 100 FortiGates across our customers. We have an account manager with Fortinet, and we are a direct reseller through them.
We did not buy FortiGate directly from Fortinet, but we are direct resellers through Ingram in New Zealand. We go through Ingram, but the Fortinet account manager applies a discount for us.
Summarizing everything that I said, I would give the solution an average rating of eight.
VIJAICYRIAC
Provides robust cloud security with effective threat detection and prevention
Reviewed on Apr 25, 2025
Review from a verified AWS customer
What is our primary use case?
I have been working with FortiGate Cloud-Native Firewall (FortiGate CNF) , primarily focusing on application-level firewalling and network-level security, especially in a cloud environment.
How has it helped my organization?
FortiGate Cloud-Native Firewall (FortiGate CNF) primarily provides application-level gateways and network-level security at a cloud level. It offers secure cloud platforms that meet industry standards for compliance.
What is most valuable?
FortiGate Cloud-Native Firewall (FortiGate CNF) primarily provides application-level gateways and network-level security at a cloud level. It offers secure cloud platforms that meet industry standards for compliance. Additionally, threat detection and prevention features are the most effective aspects of FortiGate CNF.
What needs improvement?
The customization of FortiGate Cloud-Native Firewall (FortiGate CNF) could be improved, particularly in terms of configurations to better adjust to specific needs.
For how long have I used the solution?
I have been using FortiGate Cloud-Native Firewall (FortiGate CNF) for about two years.
What was my experience with deployment of the solution?
Initially, there were network issues, but once in place, the deployment took about three to four hours, making it not very complex. A team of experts, including three to four engineers, was involved in the deployment.
What do I think about the stability of the solution?
I rate the stability of FortiGate Cloud-Native Firewall (FortiGate CNF) at eight out of ten.
What do I think about the scalability of the solution?
I rate the scalability of FortiGate Cloud-Native Firewall (FortiGate CNF) around seven to eight. The scalability allows for increasing the capacity through configuration adjustments.
How are customer service and support?
Fortinet's support is good and helpful. I rate it around eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I mainly work with FortiGate and Palo Alto, due to their features, security protection, deployment, and scalability.
How was the initial setup?
The initial setup was a customized deployment and not very complex.
What about the implementation team?
A team of three to four experts and engineers was involved in the deployment. I managed the overall team overseeing the process.
What was our ROI?
We observed better security and prevention of detection after using FortiGate Cloud-Native Firewall (FortiGate CNF).
What's my experience with pricing, setup cost, and licensing?
The pricing is a bit expensive, primarily due to licensing fees. Extra expenses include upgradations beyond licensing.
Which other solutions did I evaluate?
I mainly work with FortiGate and Palo Alto.
What other advice do I have?
Overall, I rate FortiGate Cloud-Native Firewall (FortiGate CNF) an eight out of ten. Maintenance is managed by my team, which handles multiple devices.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
ІгорКузьменко
Affordable pricing and ease of deployment highlight strengths despite limitations in IPS technology
Reviewed on Apr 04, 2025
Review provided by PeerSpot
What is our primary use case?
I primarily use FortiGate Cloud-Native Firewall (FortiGate CNF) as a firewall with general bundles of licenses, including Intrusion Prevention System (IPS) and antivirus. We employ it in medium and enterprise-level businesses, not small businesses.
What is most valuable?
FortiGate Cloud-Native Firewall (FortiGate CNF) is highly valued for its pricing, which is considered very affordable. The rates and reviews it receives, such as from Gartner, underscore its reliability. Its price policies are flexible, and it is widely favored in the market with significant coverage in security. It holds around 60% of the security market in Ukraine.
What needs improvement?
The Intrusion Prevention System (IPS) in Fortinet products, including FortiGate Cloud-Native Firewall (FortiGate CNF), is not very strong; we often prefer Cisco IPS instead. AI features are not well developed in Fortinet solutions compared to Check Point.
What do I think about the scalability of the solution?
Unfortunately, FortiGate Cloud-Native Firewall (FortiGate CNF) is not very scalable. For businesses that grow or develop further, only about ten percent can handle the increase.
How are customer service and support?
Customer service for Fortinet is rated at four out of five. This translates to approximately eighty percent satisfaction.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I've previously used solutions from Trend Micro, Check Point, and Palo Alto. For email protection tools and general security, I often use Trend Micro and Check Point.
How was the initial setup?
Overall, the initial setup for FortiGate Cloud-Native Firewall (FortiGate CNF) is straightforward and hassle-free. It takes two to four weeks to complete.
What's my experience with pricing, setup cost, and licensing?
FortiGate Cloud-Native Firewall (FortiGate CNF) offers a very flexible price policy, with medium pricing, making it an attractive option for many businesses.
Which other solutions did I evaluate?
I have evaluated solutions like those from Trend Micro, Check Point, Palo Alto, and Cisco IPS.
What other advice do I have?
Overall, I rate FortiGate Cloud-Native Firewall (FortiGate CNF) around seven out of ten due to its flexible pricing, significant market presence, and ease of deployment.
RiaanDu Preez
Integration is seamless with both physical and virtual firewalls
Reviewed on Mar 28, 2025
Review from a verified AWS customer
What is our primary use case?
I use FortiGate Cloud-Native Firewall (FortiGate CNF) to enable better segregation and integration with on-premise firewalls and infrastructure. It allows me to have a unified approach, so I can work on both on-prem physical firewalls and cloud firewalls.
What is most valuable?
The most valuable feature of FortiGate Cloud-Native Firewall (FortiGate CNF) is its open-source configuration. The simplicity of its setup stands out, as it has the same look and feel as physical firewalls, making it easy for me to work with and integrate. Additionally, it enables better segregation and integration with on-premise firewalls and infrastructure so that I can seamlessly handle both on-prem physical firewalls and cloud firewalls.
What needs improvement?
I have not had any complaints regarding integration. At this moment, I cannot say what needs improvement, as it will take a few months to observe its capabilities and limitations. There might be future challenges in different development environments, but they haven't appeared yet.
For how long have I used the solution?
I have used FortiGate Cloud-Native Firewall (FortiGate CNF) for about three to four months now.
What do I think about the stability of the solution?
The stability of FortiGate Cloud-Native Firewall (FortiGate CNF) is highly appreciated by the people I work with, as they love its reliability. I consider it a stable solution when it's not causing issues.
What do I think about the scalability of the solution?
With my current experience, I would rate the scalability of FortiGate Cloud-Native Firewall (FortiGate CNF) at about a seven out of ten.
How are customer service and support?
From my interactions, technical support from Fortinet is rated high, a nine out of ten, though there is always room for improvement. I know some of the engineering personnel, which helps in understanding their approach and response.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup can be straightforward if one understands the environment and how FortiGate works. For someone new to security, it might be difficult as they see security as a hindrance instead of an enabler for improved work.
What's my experience with pricing, setup cost, and licensing?
In South Africa, the price point is challenging due to the Rand-dollar exchange rate. A $80 or $200 device translates to approximately 8,000 to 10,000 Rand, which includes licensing costs. The exchange rate makes it difficult, although this is not a problem with Fortinet itself.
What other advice do I have?
There is always room for improvement, even though progress is evident. I rate the overall solution at eight.
Rahool Sharma
Policy creation and management ensure comprehensive security for cloud infrastructure
Reviewed on Mar 14, 2025
Review provided by PeerSpot
What is our primary use case?
We enhance our cloud security strategy through FortiGate Cloud-Native Firewall (FortiGate CNF) by implementing zero trust policies for our cloud infrastructure APIs. This includes the secure communication between our on-site data center and cloud premises.
What is most valuable?
FortiGate Cloud-Native Firewall (FortiGate CNF) greatly enhances our cloud security strategy with features such as policy creation and management. We implemented IPS and IDS, which contribute significantly to our security. The visibility and exposure to logs provide valuable insights for our InfraSec team, aiding in monitoring and managing communication and policies.
What needs improvement?
I would be glad if there were free solutions to help manage migrations. Migration can be quite challenging when moving from a different firewall to FortiGate Cloud-Native Firewall. Solutions like FortiConverter are good but are paid, and getting approval to purchase can take some time. It would be great to have something more readily available for engineers.
For how long have I used the solution?
We have been using FortiGate Cloud-Native Firewall (FortiGate CNF) for around one year.
What do I think about the stability of the solution?
I would rate the stability of FortiGate Cloud-Native Firewall (FortiGate CNF) as nine out of ten, indicating it is very stable.
What do I think about the scalability of the solution?
As of now, we haven't scaled our cloud network much, and the deployment is working fine. There are plans to launch new projects, and once that's done, we will definitely scale our FortiGate Cloud-Native Firewall as needed. I would rate the scalability as an eight out of ten.
How are customer service and support?
There are some bugs that need to be fixed, and they can take some time to resolve. I would rate the customer service and support an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have worked on Palo Alto and Cisco firewalls before. The organization decided to cut CapEx costs and was looking for vendors offering the same features at a lower cost. We ultimately chose FortiGate Cloud-Native Firewall.
How was the initial setup?
The initial setup involved a smooth deployment with some challenges during the migration process, as we had to manually transfer our rules and policies without FortiConverter.
What about the implementation team?
Our deployment team consisted of three network engineers and two infrastructure managers.
What was our ROI?
The primary benefit we experienced is the reduction in CapEx costs. FortiGate Cloud-Native Firewall provides the same features that higher-end models offer, but at a much lower cost.
What's my experience with pricing, setup cost, and licensing?
The pricing of FortiGate Cloud-Native Firewall is very good and is not considered expensive compared to other products.
What other advice do I have?
I would rate FortiGate Cloud-Native Firewall (FortiGate CNF) an eight out of ten. While the pricing, features, and stability are good, the presence of bugs and the time it takes to fix them prevent a higher rating.