Sold by: Fortinet Inc.
Deployed on AWS
Free Trial
Fortinet FortiGate allows mitigation of blind spots to improve policy compliance by implementing critical security controls within your AWS environment. FortiGate includes all of the security and networking services common to FortiGate physical appliances.
4.2
Overview
Video
Video 1
Video
Video 2
Video
Product video
FortiGate-VM on AWS delivers next-generation firewall and VPN/SD-WAN capabilities for organizations of all sizes. It enables broad network protection and automated security management for consistent enforcement and visibility across your AWS VPCs and hybrid cloud infrastructure. FortiGate natively integrates with AWS Gateway Load Balancer, AWS Transit Gateway and other AWS security services to simplify and deliver enterprise-class security for applications and workloads running on AWS.
FortiGate-VM reduces complexity by combining secure connectivity with advanced threat protection capabilities such as powerful intrusion prevention (IPS), malware detection and protection, and continuous threat intelligence from FortiGuard Labs security services. It offers a management console that provides comprehensive network automation and unified visibility across multi-cloud environments.
FortiGate-VM, in concert with other elements of the Fortinet Security Fabric, enables common deployment scenarios such as cloud security services hub, secure remote access, container security, web application security, and critical workload protection.
Visit the FortiGate-VM on AWS Community Resource Hub to find onboarding, deployment, and technical information and join in discussions: https://community.fortinet.com/t5/FortiGate-VM-on-AWS/gh-p/fortigate-vm-on-aws
Please contact awssales@fortinet.com with any questions.
Highlights
- FortiGate offers protection from a broad array of threats, with support for all of the security and networking services offered by the FortiOS operating system.
- Delivers complete content and network protection by combining stateful inspection with a comprehensive suite of powerful security features to meet PCI DSS compliance.
- IPS technology protects against current and emerging network-level threats. In addition to signature-based threat detection, IPS performs anomaly-based detection which alerts users to any traffic that matches attack behavior profiles.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 7.6.6
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c6in.xlarge Recommended | $1.02 |
m5.4xlarge | $3.29 |
t3.xlarge | $1.02 |
c6a.2xlarge | $1.60 |
m5.8xlarge | $4.10 |
c5n.xlarge | $1.02 |
c7a.2xlarge | $1.60 |
t2.small | $0.36 |
c6a.4xlarge | $3.29 |
c7a.4xlarge | $3.29 |
Vendor refund policy
You may terminate the instance at anytime to stop incurring charges.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
Please ensure the connectivity to FortiCare (https://directregistration.fortinet.com:443 ) by checking all related setup on security groups, ACLs, IGW, route tables, public IP address...etc.
After deploying the instance, click on Manage in AWS Console to see the running instance and public DNS address to continue the configuration of the FortiGate-VM. Connect to the secured Web UI via the public DNS address: https:// <public DNS address>. For any CLI configuration/settings, SSH is required to log into the CLI. Default login credentials are with a username of admin and the AWS Instance ID value as the password. The FortiGate-VM AWS Install and Configure guide is located at https://docs.fortinet.com/document/fortigate-public-cloud/7.6.0/aws-administration-guide/
Support
Vendor support
This product is intended for On-Demand subscription. Please contact Customer Support with the following information instead of trying to register in FortiGate management GUI:
- The serial number of your FortiGate instance
- The email ID of your Fortinet account. If you do not have an account yet, please sign using the link below
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Fortinet Inc.
By Check Point Software Technologies
By Palo Alto Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Intrusion Prevention System
IPS technology with signature-based and anomaly-based detection to protect against current and emerging network-level threats and attack behavior profiles
Threat Protection Capabilities
Advanced threat protection including intrusion prevention, malware detection and protection, and continuous threat intelligence from FortiGuard Labs security services
AWS Native Integration
Native integration with AWS Gateway Load Balancer, AWS Transit Gateway, and other AWS security services for VPC and hybrid cloud infrastructure protection
Stateful Inspection and Content Filtering
Stateful inspection combined with comprehensive security features including content and network protection to meet PCI DSS compliance requirements
Unified Management and Visibility
Management console providing comprehensive network automation and unified visibility across multi-cloud environments
Advanced Threat Prevention Capabilities
Firewall, Data Loss Prevention (DLP), Intrusion Prevention System (IPS), application control, IPsec VPN, URL filtering, antivirus, and anti-bot protection against known and unknown threats.
Network Traffic Inspection and Control
Inspects and secures encrypted data flows between on-premises networks and AWS VPCs, including North-South traffic entering and exiting private subnets and East-West traffic between VPCs.
Unified Security Management
Centralized management via Check Point CloudGuard Security Management Server enabling consistent policy, log, and report management across AWS, hybrid, and on-premises environments.
Infrastructure-as-Code Integration
Integrates with Terraform and Ansible for policy automation and cloud-native scaling with dynamic adaptation of security policies based on real-time cloud metadata.
AWS Service Integration
Supports Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, AWS Transit Gateway, AWS Outposts, and Amazon Macie with deployment options including auto-scaling groups and multi-AZ redundancy.
Traffic Identification and Classification
Powerful traffic identification technology for complete visibility and control over network traffic
Malware Prevention
Malware prevention capabilities to protect applications and data from known and unknown attacks
Dynamic Policy Management
Dynamically updated whitelisting and segmentation policies based on AWS tags for reduced attack surface
High-Performance Processing
DPDK support on C5, C5n, M5, and M5n instances running on AWS Nitro System for efficient traffic processing
Cloud-Native Integration
AWS Auto Scaling, ELB integration, Transit VPC with AWS Transit Gateway, and Gateway Load Balancer support for large-scale deployments
Standard contract
No
No
No
Customer reviews
Sachin-Yadav
Unified security gateway has streamlined monitoring and troubleshooting for faster resolutions
Reviewed on Mar 30, 2026
Review provided by PeerSpot
What is our primary use case?
Fortinet FortiGate serves as my gateway device where I manage all my security. I use Fortinet FortiGate as a gateway for the NATing part for LAN to WAN communication. Along with that, I manage security profiles from the gateway only, and all my switches and Wi-Fi also work with Fortinet FortiGate.
I work on RE VPN and SSL RE VPN on Fortinet FortiGate.
What is most valuable?
In my opinion, the best features Fortinet FortiGate offers are monitoring and troubleshooting. Along with that, its security services are also a key point for me. For example, I need to manage features including IPS, antivirus, web filtering, and application control via Fortinet FortiGate only.
I appreciate the security feature of Fortinet FortiGate. For example, I can take real-time logs and session monitoring along with VPN, event logs, data usage monitoring, and related features.
I have noticed faster troubleshooting and reduced downtime of around fifty percent. My operational efficiency has improved. For a real example, a client experienced frequent internet drops, and this was resolved more efficiently.
What needs improvement?
One suggested improvement I would recommend is more simplified troubleshooting. Although logs are powerful, troubleshooting can sometimes be complex for new users. A more guided or AI-based troubleshooting feature would help reduce resolution time. Fortinet FortiGate should incorporate AI-based solutions to improve the troubleshooting experience.
For how long have I used the solution?
I have been using Fortinet FortiGate for two years.
What do I think about the stability of the solution?
Fortinet FortiGate is stable. It demonstrates excellent stability in various terms including network utilization.
What do I think about the scalability of the solution?
Fortinet FortiGate offers strong scalability and can support environments ranging from small businesses to large businesses. There is a wide range of models from entry level to high end levels. Flexible deployment options include physical appliances, virtual, and cloud deployments, which is beneficial.
How are customer service and support?
Customer support needs improvement. I have had to take the direct internal sources, such as sales contacts, and after that I rarely see support response.
I would rate the customer support at a six out of ten.
Which solution did I use previously and why did I switch?
I have used Sophos before, and several of my criteria were missing with that solution. Fortinet FortiGate achieved the features I was looking for, which is why I shifted to Fortinet FortiGate firewall.
How was the initial setup?
My experience is very positive regarding pricing, setup cost, and licensing for Fortinet FortiGate. The pricing is also competitive compared to other vendors in the market. Along with that, setup is very easy. I implemented it in my network myself. For the licensing part, it is somewhat confusing, but overall it is good.
What was our ROI?
Fortinet FortiGate has saved me both money and time. It is easy to manage and the troubleshooting part is also very easy, making it more time-saving than money-saving.
What's my experience with pricing, setup cost, and licensing?
In terms of cost savings, it has reduced the need for multiple tools. Fortinet FortiGate combines firewall, VPN, IPS, web filtering, and SD-WAN into a single device, which has given me lower operational overhead.
Which other solutions did I evaluate?
Before choosing Fortinet FortiGate, I tried various options. I obtained the POC from Palo Alto as well as Check Point. After that, I switched to Fortinet FortiGate because it was the best option for my network.
What other advice do I have?
My advice for others looking into using Fortinet FortiGate is that focusing on proper planning, sizing, and understanding of features before deployment will be a good approach.
Integrating SD-WAN with Fortinet FortiGate has allowed me to create an SLA according to which my ISPs define the traffic and the best path utilized.
I would rate this product a ten out of ten overall.
Nitin
Centralized security management has improved policy control and simplified daily operations
Reviewed on Mar 30, 2026
Review from a verified AWS customer
What is our primary use case?
I use Fortinet FortiGate in security and policy for security profiles, blocking and allowing for certification on a day-to-day basis.
I block Gmail and personal mail along with other applications. We block webmail and allow corporate mail, Microsoft 365, and block unwanted categories such as pornography and weapons while implementing URL filtering.
Global systems use standard Fortinet terminology. We use FortiManager and FortiAnalyzer, where FortiAnalyzer is used for logging and FortiManager is used for centralized management across multiple gateway devices.
By implementing Fortinet FortiGate in our organization, we can control applications and block unauthorized apps.
Control security platform features such as policy enforcement and SD-WAN streaming particularly improve our work by reducing manual configuration across multiple devices, allowing faster change implementation, and reducing troubleshooting time.
This control typically leads to measurable outcomes across operations, security, and performance.
We use Fortinet FortiGate on-premises and in the public cloud.
What is most valuable?
In my experience, the best feature Fortinet FortiGate provides is its impressive logging system, which is very easy to read to understand what the issue is.
The SD-WAN feature is very valuable for us. By integrating SD-WAN, we can manage our ISP links and SD-WAN rules.
Using SD-WAN on Fortinet FortiGate provides lower latency and stability improvements, critical application routing via lower latency links, reduction in jitter and packet loss, with both links actively used instead of one idle backup, leading to better bandwidth utilization.
The biggest strength is the consolidated platform that combines firewall, SD-WAN, VPN, and security stack in one device.
What needs improvement?
We can improve the UI readability when working with large configurations. I chose a rating of nine because of the troubleshooting power and launch issues. We need CLI debug capabilities in addition to the UI.
For how long have I used the solution?
I have been working in my current field for the last three years.
What do I think about the stability of the solution?
Fortinet FortiGate is a stable and scalable firewall.
What do I think about the scalability of the solution?
Fortinet FortiGate is manageable on one platform, but scalability depends on how we scale. Model ranges for small branches and high-end applications are delivered easily by moving to a higher model.
How are customer service and support?
Support is also good.
Which solution did I use previously and why did I switch?
I previously used Sophos firewall before moving to Fortinet FortiGate.
What about the implementation team?
We evaluated other options such as Palo Alto before choosing Fortinet FortiGate. We evaluated both Palo Alto and Sophos firewalls during our selection process.
What was our ROI?
It is a time-saving product.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Fortinet FortiGate is generally positive from a value perspective.
What other advice do I have?
I advise others to use Fortinet FortiGate, considering the firewall size, throughput including IPS, SSL-VPN, web filtering throughput, VPN load, and UTM versus Enterprise bundle.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Srinivasan Arumugam
Security has improved with deep inspection and vpn access, but reporting and upgrades need work
Reviewed on Mar 11, 2026
Review provided by PeerSpot
What is our primary use case?
I have been using Fortinet FortiGate for the past six years.
I have been using Fortinet FortiGate to provide security for network and perimeter networks and gateways, and I rely on Fortinet FortiGate to protect my applications from various Layer 4 and Layer 7 attacks and traffic from malicious IPs while blocking traffic from unwanted IPs.
Fortinet FortiGate is also mainly used to establish IPsec tunnel connectivity with other networks, and users from outside the office network can connect to resources via IPsec VPN as well as site-to-site and client-to-site VPN, which leverages access and resource availability across various networks and simplifies resource accessibility worldwide.
One of the main features that I use in real time with Fortinet FortiGate is web filtering and App IDs based on application control. Previously, I allowed application access policies based on ports, but it could not prevent traffic based on the same application port with different use cases. For example, port 443 can be used for various purposes, but it could not restrict access for some specific applications. The App ID based control is useful for me to restrict traffic based on application usage and user access, which is the primary purpose of Fortinet FortiGate in real time.
What is most valuable?
Fortinet FortiGate offers next-generation firewall features and security features that restrict access for malicious traffic, URLs, and IPs, which is a major feature that Fortinet FortiGate offers.
The next-generation firewall capabilities including deep packet inspection and application controls via App IDs, Intrusion Prevention Systems, web filtering, URL filtering, and anti-malware protections are essential features that are present in Fortinet FortiGate to prevent various cyber attacks and threats in the network.
Fortinet FortiGate is also mainly used to establish IPsec tunnel connectivity with other networks, and users from outside the office network can connect to resources via IPsec VPN as well as site-to-site and client-to-site VPN, which leverages access and resource availability across various networks and simplifies resource accessibility worldwide.
What needs improvement?
The security features could have been more similar to those in the Palo Alto firewall with major data protections and WildFire, and deeper inspection capabilities, which Fortinet FortiGate lacks. Additionally, I notice that Fortinet FortiGate often experiences resource utilization problems where memory is heavily occupied regularly, necessitating cleanup tasks.
During firmware upgrades, the process is not smooth; one of the VMs often goes out of sync and exits the HA cluster. Therefore, I separate the HA between the firewalls and perform upgrade activities one by one manually. The graphical dashboard representation of the data is frequently inaccurate, leading me to rely on syslogs for more dependable information. The log retention period on the device seems too short despite having ample memory and disk capacity, which is a major issue.
For how long have I used the solution?
I have been working in my current field for the past seven years.
What do I think about the scalability of the solution?
The scalability experience indicates that if I need additional features or security capabilities, such as sandbox features, I can add them by opting for separate licenses, making it convenient for me.
How are customer service and support?
Fortinet FortiGate customer support appears somewhat good, but for complex cases or major incidents, I often do not receive prompt support from the OEM, resulting in multiple follow-ups to get the necessary assistance.
Which solution did I use previously and why did I switch?
Previously, I used to have a Cisco ASA firewall, which had fewer security features for protecting the network from day-to-day attacks and threats. Fortinet FortiGate firewall has next-generation capabilities with various security features including deep inspections, filters, URL filters, URL categories, and IPS protections while controlling application access based on application IDs, along with anti-malware protections to safeguard applications from malicious threats and attacks. By using Fortinet FortiGate, I significantly reduced major attacks that could exploit my network.
What other advice do I have?
I would advise others considering Fortinet FortiGate, particularly those concerned about budget and pricing with decent performance and support, to proceed with Fortinet FortiGate, as compared to other next-generation firewall products, Fortinet FortiGate has lower license support costs, which is a significant advantage. Moreover, from my experience, it performs its job effectively with no major issues related to performance or functionalities including policy control, VPN, and security features. I would rate this product a 7 out of 10.
reviewer2808123
Long-term deployment has supported flexible security services for diverse customer needs
Reviewed on Mar 11, 2026
Review provided by PeerSpot
What is our primary use case?
I integrate service with Fortinet FortiGate . I integrate service, and some manage service, so the customer already has the firewall and we manage them, or we sell the hardware. But mostly for hardware, there are a lot of sellers, so mostly we do the services.
If the customer wants Fortinet FortiGate , I give Fortinet FortiGate. If the customer wants Sophos, I give Sophos. Both have a different market and different customer profile.
Whatever the customer asks, we provide. I'm running Fortinet FortiGate now because a customer wants that in my data center.
What is most valuable?
I find Fortinet FortiGate valuable due to Fortinet's ASIC, as I have known Fortinet FortiGate since a long time ago, from the first time they ran. They use ASIC. While Sophos also has a special hardware solution such as Xstream, they have all different purposes and different advantages, so I can utilize both. It depends on the customer.
I don't have any problem with Fortinet Unified SASE . Mostly in Indonesia, in our market, customers buy the brand without knowing the full capability of it. So actually with Fortinet FortiGate, you also have to implement FortiManager, FortiAnalyzer and for hardware control, FortiNAC and so on. But because it's so modular, sometimes customers mistakenly just buy the firewall. The firewall doesn't work right. That's a problem. I understand that this product design philosophy of Fortinet FortiGate is meant to serve very big corporations which have established SOC teams. They put segmentation of who is the manager and who is the analyzer. That's why they put the separate server for that. But because the brand is so famous, even small customers want to buy it.
What needs improvement?
For how long have I used the solution?
I have been working with Fortinet FortiGate for maybe five or six years, or maybe longer than that. It could be 10 years as well.
What other advice do I have?
I have been working with Fortinet FortiGate for quite a long time, but I am not a partner yet. Last year I took partnership with Sophos, so we do both.
I don't have experience integrating SD-WAN capabilities with Fortinet FortiGate yet, as we had a case but the project didn't go. SD-WAN is not mostly firewall. Yesterday, I just had a discussion with a new customer that wants to buy ZTNA and NAC.
I think the pricing of Fortinet FortiGate is affordable to some small customers, but they can only afford the firewall without the other components. Mostly firewall, so it's just selling products, not selling a security system.
In my opinion, Fortinet FortiGate doesn't need to be improved. It's because it has a different market. I had a case maybe five or six years ago. There was a tender of SD-WAN implementation for 10,000 mini marts. A company that has 10,000 outlets of mini marts needs security. In the data center at their headquarters, they need a very big firewall, up to 500 Gbps. But in the outlet, which is a small store or mini mart, they need a very small firewall that's capable to do SD-WAN, authentication, security, VPN and so on. Fortinet FortiGate has it all. Fortinet FortiGate is suitable for that kind of organization. They have a special SOC, so they buy FortiManager, FortiAnalyzer and so on. I rate this review an 8.
reviewer2292894
Security platform has strengthened multi-purpose protection and supports AI-driven threat defense
Reviewed on Mar 10, 2026
Review from a verified AWS customer
What is our primary use case?
There are many main use cases for Fortinet FortiGate for my clients, including network firewall, VPN, ZTNA , and SD-WAN. The firewall is basically the primary function and one of the best features in Fortinet FortiGate .
How has it helped my organization?
The AI aspect has helped to protect data centers at scale by improving the reduction of false positive errors and handling unknown threats.
What is most valuable?
I have hands-on experience with demos and implementation of Fortinet FortiGate. The AI and ML enhanced FortiGuard services are quite new, and I have some experience but not much since they are a new feature.
What needs improvement?
The stability and performance of Fortinet FortiGate are mixed, as some features are quite good and very stable while others are quite new and very buggy.
There are quite a lot of bugs in Fortinet FortiGate, and they introduce new features every day that come with problems. I think they introduce them too fast.
Fortinet brings in new products every year and acquires new companies while inventing new products, which is good but also bad because they introduce a lot of workload and problems or bugs onto the table.
For how long have I used the solution?
I have been using Fortinet FortiGate for almost three years.
What do I think about the stability of the solution?
The stability and performance of Fortinet FortiGate are mixed, as some features are quite good and very stable while others are quite new and very buggy.
What do I think about the scalability of the solution?
Scalability highly depends on the purchase decision. If the user bought the appliance, then it is not scalable, but for the VM on the software side, it can expand.
How are customer service and support?
I have some experience with Fortinet's customer service and technical support. I would rate the technical support of Fortinet on a scale of 1 to 10 around a 7 or 8, primarily because they have local operations in Thailand, so they have at least some people who can speak Thai.
Which solution did I use previously and why did I switch?
I do have experience in working with technologies other than email security solutions.
How was the initial setup?
If talking about the general product, the initial setup of Fortinet FortiGate is quite straightforward, simple, and easy. However, it depends on the DNA of the product. If the Fortinet product was acquired from another company, that is a different story.
What about the implementation team?
My role is usually on the pre-sales and the POC role in integrating SD-WAN capabilities with Fortinet FortiGate. I am not involved in the implementation side and cannot tell much about it.
What other advice do I have?
In Thailand, the concept of unified SASE is not very popular because the traffic has to go through the cloud, and they are not very afraid of the cloud or highly adopting it at this time.
I know about dynamic segmentation in Fortinet FortiGate from the book and theory side, but on the implementation side, there are not many projects that implement it that way. It is probably never done.
There are several benefits that Fortinet FortiGate brings to the table, and I cannot speak of only one or two as it is too extensive. It highly depends on the use case, and the only word I can tell is that it is very multi-purpose or all-purpose and highly usable in many use cases.
Fortinet FortiGate is quite a mix for organizations considering it, as some products are very easy and straightforward to start, making it easy to sell, and then they can expand to other more complex and advanced products.