Sold by: Fortinet Inc.
Deployed on AWS
FortiGate Enterprise Cloud Native Next Generation Firewall as a Service
Overview
FortiGate Cloud-Native Firewall (CNF) is a highly available SaaS service that simplifies network security while seamlessly scaling and integrating with AWS services such as AWS Gateway Load Balancer and AWS Firewall Manager. FortiGate CNF reduces the network security operations workload by eliminating the need to configure, provision, and maintain any firewall software infrastructure while allowing security teams to focus on security policy management. FortiGate CNF can be billed based on consumption or purchased through annual contracts.
Capabilities:
- Industry-leading NGFW: FortiGate CNF provides next-generation firewall security capabilities such as intrusion prevention, application control, content filtering, and more. These capabilities are powered by FortiGuard Labs AI.
- Simplified Management: The FortiGate CNF console provides users with a comprehensive toolset to manage network security in their cloud infrastructure. Associating AWS accounts, creating CNF instances, defining protected objects, and management of policies are all possible from the FortiGate CNF console. The console offers users less familiar with cloud security management purpose-built wizards to guide them through the process.
- Scalability: FortiGate CNF scales to meet customer needs and each instance can protect up to 1000 subnets from multiple subnets, VPCs, and availability zones across multiple AWS accounts in a given AWS region.
- Security Management Integrations: AWS Customers can utilize AWS Firewall Manager to provision FortiGate CNF instances and push security policies. Fortinet customers can use FortiManager to define and push security policies for FortiGate CNF in their AWS environments.
- Flexible Consumption: FortiGate CNF offers the flexibility to consume the way that best fits your business. On-demand consumption for transient and unpredictable workloads, and annual contracts for cost control when workloads are more predictable.
This product entitles you to 1,000,000 credits. The credits are subtracted based on the actual usage (deployed CNF instances and traffic flowing through them) of different features as follows:
- 1 CNF Hour including support = 96 credits
- 1 Cost Optimized CNF Hour including support = 32 credits
- 1 GB of Traffic processing = 1 credit
- 1 GB of Advanced Security processing = 1 credit
After the 1,000,000 credits are consumed, you will be charged on-demand based on the PAYG listing price for FortiGate CNF. Alternatively, you can purchase additional credits.
Visit the FortiGate CNF Community Resource Hub to find onboarding, deployment, and technical information and join in discussions: https://community.fortinet.com/t5/FortiGate-CNF-All-Marketplaces/gh-p/fortigate-cnf-on-aws
Highlights
- Advanced Network Protection: FortiGate CNF blocks traffic to and from known bad IPs, provides intrusion prevention and content filtering capabilities and supports GEO IP policies. FortiGate CNF supports the complete set of mature FortiOS NGFW capabilities.
- Streamlined Security Management: By aggregating security from all networks in an AWS region into a single FortiGate CNF instance customers can simplify security and manage fewer security policies. Customers are not required to build and maintain separate cloud firewalls for each cloud network or availability zone.
- Lower costs: With no security software infrastructure to build, deploy and operate, operations are simplified and in turn costs are reduced. Furthermore, with FortiGate CNF customers only pay for security processing functionality the use
Details
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
FortiGate CNF Credits | FortiGate-CNF Usage of the different capabilities at a variable rate | $20,000.00 |
Dimension | Cost/unit |
|---|---|
Hours of deployed FortiGate-CNF Instances without credits (Incl. Support) | $2.00 |
GB of Traffic processing without credits | $0.02 |
Advanced security processing units without credits (see documentation) | $0.02 |
Hours for deployed Cost Optimized FortiGate-CNF Instances including support | $1.00 |
Vendor refund policy
No refunds
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Fortinet FortiCare support offerings provide global support and deliver best-in-class support services. With FortiCare support, customers can be assured that their Fortinet security products are performing optimally and protecting their corporate assets.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Check Point Software Technologies
By Palo Alto Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Network Security Capabilities
Next-generation firewall with intrusion prevention, application control, content filtering powered by AI-driven FortiGuard Labs technology
Cloud Integration
Seamless integration with AWS services including AWS Gateway Load Balancer and AWS Firewall Manager
Scalability Architecture
Single instance capable of protecting up to 1000 subnets across multiple VPCs, subnets, and availability zones in an AWS region
Security Policy Management
Comprehensive console with purpose-built wizards for associating AWS accounts, creating firewall instances, defining protected objects, and managing security policies
Multi-Platform Policy Synchronization
Supports policy definition and synchronization across AWS Firewall Manager and FortiManager platforms
Network Traffic Inspection
Inspects traffic entering and exiting private subnets in VPC ("North-South") and between VPCs ("East-West")
Advanced Threat Prevention
Provides multi-layered security capabilities including firewall, IPS, threat emulation, and threat extraction with advanced catch rates
Cloud Infrastructure Integration
Supports infrastructure-as-code tools like Terraform and Ansible, dynamically adapts security policies based on cloud metadata
Security Protocol Coverage
Comprehensive security features including Data Loss Prevention, application control, IPsec VPN, URL filtering, antivirus, and anti-Bot protection
Cloud Service Compatibility
Integrates with AWS services including Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, and AWS Transit Gateway
Network Traffic Processing
Supports DPDK on C5, C5n, M5, and M5n instances running on AWS Nitro System for efficient traffic processing
Threat Prevention
Provides dynamic traffic identification, malware prevention, and threat intelligence technologies to stop known and unknown attacks
Security Policy Management
Enables whitelisting and segmentation policies dynamically updated based on AWS tags to reduce attack surface
Cloud Integration
Supports native AWS services integration including Auto Scaling, ELB, Transit VPC, AWS Transit Gateway, and Gateway Load Balancer
Security Monitoring
Integrates with Amazon GuardDuty and AWS Security Hub for automatic blocking of potentially malicious activities
Standard contract
No
No
No
Customer reviews
4
3 ratings
3 AWS reviews
|
27 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
VIJAICYRIAC
Provides robust cloud security with effective threat detection and prevention
Reviewed on Apr 25, 2025
Review from a verified AWS customer
">
What is our primary use case?
I have been working with FortiGate Cloud-Native Firewall (FortiGate CNF) , primarily focusing on application-level firewalling and network-level security, especially in a cloud environment.
How has it helped my organization?
FortiGate Cloud-Native Firewall (FortiGate CNF) primarily provides application-level gateways and network-level security at a cloud level. It offers secure cloud platforms that meet industry standards for compliance.
What is most valuable?
FortiGate Cloud-Native Firewall (FortiGate CNF) primarily provides application-level gateways and network-level security at a cloud level. It offers secure cloud platforms that meet industry standards for compliance. Additionally, threat detection and prevention features are the most effective aspects of FortiGate CNF.
What needs improvement?
The customization of FortiGate Cloud-Native Firewall (FortiGate CNF) could be improved, particularly in terms of configurations to better adjust to specific needs.
For how long have I used the solution?
I have been using FortiGate Cloud-Native Firewall (FortiGate CNF) for about two years.
What was my experience with deployment of the solution?
Initially, there were network issues, but once in place, the deployment took about three to four hours, making it not very complex. A team of experts, including three to four engineers, was involved in the deployment.
What do I think about the stability of the solution?
I rate the stability of FortiGate Cloud-Native Firewall (FortiGate CNF) at eight out of ten.
What do I think about the scalability of the solution?
I rate the scalability of FortiGate Cloud-Native Firewall (FortiGate CNF) around seven to eight. The scalability allows for increasing the capacity through configuration adjustments.
How are customer service and support?
Fortinet's support is good and helpful. I rate it around eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I mainly work with FortiGate and Palo Alto, due to their features, security protection, deployment, and scalability.
How was the initial setup?
The initial setup was a customized deployment and not very complex.
What about the implementation team?
A team of three to four experts and engineers was involved in the deployment. I managed the overall team overseeing the process.
What was our ROI?
We observed better security and prevention of detection after using FortiGate Cloud-Native Firewall (FortiGate CNF).
What's my experience with pricing, setup cost, and licensing?
The pricing is a bit expensive, primarily due to licensing fees. Extra expenses include upgradations beyond licensing.
Which other solutions did I evaluate?
I mainly work with FortiGate and Palo Alto.
What other advice do I have?
Overall, I rate FortiGate Cloud-Native Firewall (FortiGate CNF) an eight out of ten. Maintenance is managed by my team, which handles multiple devices.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
ІгорКузьменко
Affordable pricing and ease of deployment highlight strengths despite limitations in IPS technology
Reviewed on Apr 04, 2025
Review provided by PeerSpot
">
What is our primary use case?
I primarily use FortiGate Cloud-Native Firewall (FortiGate CNF) as a firewall with general bundles of licenses, including Intrusion Prevention System (IPS) and antivirus. We employ it in medium and enterprise-level businesses, not small businesses.
What is most valuable?
FortiGate Cloud-Native Firewall (FortiGate CNF) is highly valued for its pricing, which is considered very affordable. The rates and reviews it receives, such as from Gartner, underscore its reliability. Its price policies are flexible, and it is widely favored in the market with significant coverage in security. It holds around 60% of the security market in Ukraine.
What needs improvement?
The Intrusion Prevention System (IPS) in Fortinet products, including FortiGate Cloud-Native Firewall (FortiGate CNF), is not very strong; we often prefer Cisco IPS instead. AI features are not well developed in Fortinet solutions compared to Check Point.
What do I think about the scalability of the solution?
Unfortunately, FortiGate Cloud-Native Firewall (FortiGate CNF) is not very scalable. For businesses that grow or develop further, only about ten percent can handle the increase.
How are customer service and support?
Customer service for Fortinet is rated at four out of five. This translates to approximately eighty percent satisfaction.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I've previously used solutions from Trend Micro, Check Point, and Palo Alto. For email protection tools and general security, I often use Trend Micro and Check Point.
How was the initial setup?
Overall, the initial setup for FortiGate Cloud-Native Firewall (FortiGate CNF) is straightforward and hassle-free. It takes two to four weeks to complete.
What's my experience with pricing, setup cost, and licensing?
FortiGate Cloud-Native Firewall (FortiGate CNF) offers a very flexible price policy, with medium pricing, making it an attractive option for many businesses.
Which other solutions did I evaluate?
I have evaluated solutions like those from Trend Micro, Check Point, Palo Alto, and Cisco IPS.
What other advice do I have?
Overall, I rate FortiGate Cloud-Native Firewall (FortiGate CNF) around seven out of ten due to its flexible pricing, significant market presence, and ease of deployment.
RiaanDu Preez
Integration is seamless with both physical and virtual firewalls
Reviewed on Mar 28, 2025
Review provided by PeerSpot
">
What is our primary use case?
I use FortiGate Cloud-Native Firewall (FortiGate CNF) to enable better segregation and integration with on-premise firewalls and infrastructure. It allows me to have a unified approach, so I can work on both on-prem physical firewalls and cloud firewalls.
What is most valuable?
The most valuable feature of FortiGate Cloud-Native Firewall (FortiGate CNF) is its open-source configuration. The simplicity of its setup stands out, as it has the same look and feel as physical firewalls, making it easy for me to work with and integrate. Additionally, it enables better segregation and integration with on-premise firewalls and infrastructure so that I can seamlessly handle both on-prem physical firewalls and cloud firewalls.
What needs improvement?
I have not had any complaints regarding integration. At this moment, I cannot say what needs improvement, as it will take a few months to observe its capabilities and limitations. There might be future challenges in different development environments, but they haven't appeared yet.
For how long have I used the solution?
I have used FortiGate Cloud-Native Firewall (FortiGate CNF) for about three to four months now.
What do I think about the stability of the solution?
The stability of FortiGate Cloud-Native Firewall (FortiGate CNF) is highly appreciated by the people I work with, as they love its reliability. I consider it a stable solution when it's not causing issues.
What do I think about the scalability of the solution?
With my current experience, I would rate the scalability of FortiGate Cloud-Native Firewall (FortiGate CNF) at about a seven out of ten.
How are customer service and support?
From my interactions, technical support from Fortinet is rated high, a nine out of ten, though there is always room for improvement. I know some of the engineering personnel, which helps in understanding their approach and response.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup can be straightforward if one understands the environment and how FortiGate works. For someone new to security, it might be difficult as they see security as a hindrance instead of an enabler for improved work.
What's my experience with pricing, setup cost, and licensing?
In South Africa, the price point is challenging due to the Rand-dollar exchange rate. A $80 or $200 device translates to approximately 8,000 to 10,000 Rand, which includes licensing costs. The exchange rate makes it difficult, although this is not a problem with Fortinet itself.
What other advice do I have?
There is always room for improvement, even though progress is evident. I rate the overall solution at eight.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Rahool Sharma
Policy creation and management ensure comprehensive security for cloud infrastructure
Reviewed on Mar 14, 2025
Review provided by PeerSpot
">
What is our primary use case?
We enhance our cloud security strategy through FortiGate Cloud-Native Firewall (FortiGate CNF) by implementing zero trust policies for our cloud infrastructure APIs. This includes the secure communication between our on-site data center and cloud premises.
What is most valuable?
FortiGate Cloud-Native Firewall (FortiGate CNF) greatly enhances our cloud security strategy with features such as policy creation and management. We implemented IPS and IDS, which contribute significantly to our security. The visibility and exposure to logs provide valuable insights for our InfraSec team, aiding in monitoring and managing communication and policies.
What needs improvement?
I would be glad if there were free solutions to help manage migrations. Migration can be quite challenging when moving from a different firewall to FortiGate Cloud-Native Firewall. Solutions like FortiConverter are good but are paid, and getting approval to purchase can take some time. It would be great to have something more readily available for engineers.
For how long have I used the solution?
We have been using FortiGate Cloud-Native Firewall (FortiGate CNF) for around one year.
What do I think about the stability of the solution?
I would rate the stability of FortiGate Cloud-Native Firewall (FortiGate CNF) as nine out of ten, indicating it is very stable.
What do I think about the scalability of the solution?
As of now, we haven't scaled our cloud network much, and the deployment is working fine. There are plans to launch new projects, and once that's done, we will definitely scale our FortiGate Cloud-Native Firewall as needed. I would rate the scalability as an eight out of ten.
How are customer service and support?
There are some bugs that need to be fixed, and they can take some time to resolve. I would rate the customer service and support an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have worked on Palo Alto and Cisco firewalls before. The organization decided to cut CapEx costs and was looking for vendors offering the same features at a lower cost. We ultimately chose FortiGate Cloud-Native Firewall.
How was the initial setup?
The initial setup involved a smooth deployment with some challenges during the migration process, as we had to manually transfer our rules and policies without FortiConverter.
What about the implementation team?
Our deployment team consisted of three network engineers and two infrastructure managers.
What was our ROI?
The primary benefit we experienced is the reduction in CapEx costs. FortiGate Cloud-Native Firewall provides the same features that higher-end models offer, but at a much lower cost.
What's my experience with pricing, setup cost, and licensing?
The pricing of FortiGate Cloud-Native Firewall is very good and is not considered expensive compared to other products.
What other advice do I have?
I would rate FortiGate Cloud-Native Firewall (FortiGate CNF) an eight out of ten. While the pricing, features, and stability are good, the presence of bugs and the time it takes to fix them prevent a higher rating.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Uri Harf
Provides comprehensive security with helpful backups and configurations
Reviewed on Dec 23, 2024
Review provided by PeerSpot
">
What is our primary use case?
We use FortiGate firewalls for endpoint protection and communication lines, and we have some Cloud-Native and local appliances for VPN connections or multiple sites.
What is most valuable?
FortiGate provides features such as Internet connections, monitoring, VPN, WiFi management, and centralized management system with FortiManager. It also offers backup of configurations with FortiCloud . These features help balance security and comfort for customers, ensuring they can operate without too much hassle.
What needs improvement?
The prices for FortiGate are way too high and are perceived as overpriced.
For how long have I used the solution?
We have been working with FortiGate for quite a while.
What do I think about the stability of the solution?
When we install FortiGate firewall, I do not hear back from the clients often, indicating there are usually no issues caused by the appliance.
What do I think about the scalability of the solution?
FortiGate is suitable for medium-sized companies, and we work on a lease basis, administering the machine without selling it outright.
How are customer service and support?
Support is excellent. There is local support through the distributor, which is efficient and provides a friendly relationship.
Which solution did I use previously and why did I switch?
We tried Check Point, but their solution wasn't up to par until they introduced Quantum Spark. However, adopting it requires policy changes and re-educating technicians, so it is currently on hold.
How was the initial setup?
Setting up FortiGate from end to end, including communication with clients and configuring security policies, takes about three hours.
What about the implementation team?
We use the local distributor for support, and we also manage devices in-house.
What's my experience with pricing, setup cost, and licensing?
The pricing is considered too high and does not justify the value provided by the devices.
Which other solutions did I evaluate?
We considered Check Point with their new Quantum Spark suite. We didn't proceed due to complexity in transitioning.
What other advice do I have?
We aim to work with products that have local distributors for better responsiveness. I rate FortiGate around eight to eight and a half out of ten since there are usually no technical issues. Still, the pricing is a concern.
Which deployment model are you using for this solution?
On-premises