Skip to content
Fortinet

FortiGate Models: Key Differences Explained

FortiGate models differ by performance, capacity, and connectivity. The number marks the tier; the letter (E/F/G) marks the generation. Most small offices want a current G-series desktop (30G, 50G, 70G, 90G) on the FortiSP5, with 2-3x the threat protection of the F-series it replaces.

Maxim Kazachek Maxim Kazachek · · · 6 min read

FortiGate models differ mainly in three things: performance (how much traffic they can inspect with security services on), capacity (how many users and sessions they support), and connectivity (the number and speed of ports). The number in the model name tracks roughly to performance tier, and the letter suffix (E, F, or G) marks the hardware generation. For most Canadian mid-market offices the decision is a desktop model in the current G-series (30G, 50G, 70G, 90G); larger sites and data centres move up to the rack and chassis lines.

FortiGate

FortiGate is Fortinet’s line of next-generation firewalls (NGFWs). Each model combines firewalling, intrusion prevention (IPS), antivirus, application control, web filtering, and VPN in one appliance, accelerated by Fortinet’s custom security processors (SPUs). Models scale from small fanless desktop units to multi-terabit chassis systems, all managed with the same FortiOS operating system.

Do not shop on the “firewall throughput” headline number. Match the model to your real internet bandwidth and user count using threat protection throughput (performance with IPS, antivirus, and application control turned on), then leave 30 to 50 percent headroom for growth. For new multi-year purchases, price the current G-series rather than the older F-series.

Struggling To Choose The Right FortiGate?

Take our quick quiz to get a personalized suggestion for your business.

Start Quiz
FortiGate firewall lineup graphic

How does FortiGate model numbering work?

The number tells you the performance class and the trailing letter tells you the hardware generation. A higher number means more throughput, more ports, and more session capacity: an 80-class unit outperforms a 60-class unit, and a 400-class rack unit outperforms both. The letter is the generation marker, and it moves forward over time: E preceded F, and F is now being succeeded by G on Fortinet’s newest security processor.

  • The number = tier. 30 to 90 class are desktop units for small and branch offices. 100 to 900 class are rack-mount units for mid-market and campus. 1000 class and up are high-end enterprise and data-centre platforms; the 7000 series is chassis-based for carriers and hyperscale.
  • The letter = generation. E, then F, then G. Each generation brings a new security processor and a large jump in threat-protection performance at a similar price and power draw.
  • Suffixes and variants. A FortiWiFi (FWF) model is the same hardware with built-in Wi-Fi. A POE variant adds Power over Ethernet ports to run phones, cameras, and access points. Rugged and industrial models carry different naming for harsh environments.

What are the current FortiGate model tiers?

Fortinet groups FortiGate into four broad tiers by network size and traffic load. Match your organization to a tier first, then pick the specific model on the specs that matter to you.

  • Entry / SMB desktop (30G, 50G, 70G, 90G): Fanless desktop units for small businesses, retail sites, and branch offices. Core NGFW security with Gigabit and, higher up, multi-gig and SFP ports. This is where most GTA small offices land.
  • Mid-range rack (100F, 200F, 400F class): Rack-mount units for growing and medium organizations. Higher throughput, more concurrent sessions, 10GbE interfaces, and redundant power options.
  • High-end enterprise (1000F, 2000F class): Large enterprise, campus, and data-centre firewalls. Very high throughput, 10/25/40GbE interfaces, dual power supplies, and virtual domains (VDOMs).
  • Chassis / ultra-high-end (7000 series): Chassis-based systems for service providers and hyperscale data centres, delivering terabit-scale throughput and 100/400GbE density.

FortiGate SMB desktop models compared: 30G, 50G, 70G, 90G

For most small and branch offices, the choice comes down to the current G-series desktop lineup. All four run on the FortiSP5 security processor and share the same FortiOS features; they differ in throughput, ports, and user headroom. Threat protection throughput is the realistic day-to-day number because it reflects security services turned on.

ModelThreat protectionFirewall throughputIPsec VPNBest fit
FortiGate 30G500 Mbps4 Gbps~4 GbpsVery small office / micro-branch
FortiGate 50G1.1 Gbps5 Gbps~5 GbpsSmall office, fibre internet
FortiGate 70G1.3 Gbps10 Gbps~11 GbpsBusy small office / larger branch
FortiGate 90G2.2 Gbps28 Gbps25 GbpsGrowing SMB, heavy VPN or SSL inspection
Figures from Fortinet G-series datasheets (July 2026). Threat protection = enterprise traffic mix with IPS, antivirus, and application control enabled.

If you are weighing the older SMB units instead, our detailed FortiGate 40F vs 60F vs 80F comparison breaks down the previous generation the G-series replaces.

What is the difference between the FortiGate F-series and G-series?

The G-series is the current generation and the F-series is the previous one. G-series desktop models run on the FortiSP5, Fortinet’s fifth-generation security processor, which delivers roughly two to three times the threat-protection throughput of the equivalent F-series model at a similar price, in a smaller fanless form factor that draws less power. The F-series (40F, 60F, 80F) is still sold and supported with no end-of-life announced, so existing units are fine to keep running, but new multi-year purchases should price the G-series.

2-3x

threat-protection throughput of the FortiSP5 G-series over the equivalent F-series model (Fortinet 90G / 80F datasheets)

The practical upgrade path maps almost one to one:

  • 40F is succeeded by the 30G (similar tier) or 50G (a step up).
  • 60F is succeeded by the 70G.
  • 80F is succeeded by the 90G, which delivers more than double the 80F’s threat protection.
Important:

Firmware matters as much as hardware. Run a mature FortiOS branch (7.4 or 7.6; 7.6.6+ is widely recommended) and do not deploy 8.0 in production yet. If you are still on FortiOS 7.2, plan your upgrade now: 7.2 reaches end-of-support in September 2026. Fortinet is also removing SSL VPN tunnel mode in newer FortiOS releases, so design remote access around IPsec VPN (and ZTNA for application access) rather than SSL VPN.

Which specs actually matter when comparing FortiGate models?

Beyond the tier, five specifications separate the models. Read them in this order and the right size becomes obvious.

  1. Threat protection throughput. Performance with IPS, antivirus, and application control on. This is the number to size against, not raw firewall throughput.
  2. SSL inspection throughput. Performance while decrypting and inspecting HTTPS. It is computationally heavy and drops fastest under load, so if you inspect encrypted traffic (most networks should), check this figure closely.
  3. Interfaces. Count and speed of ports: enough 1GbE for endpoints, plus 10GbE or SFP+ uplinks if you have fast internet or server segments. Confirm POE ports if you run phones, cameras, or access points off the firewall.
  4. Session capacity. Concurrent sessions (how many connections it tracks at once) and new sessions per second (how fast it opens them). Make sure concurrent sessions comfortably exceed your user and device count.
  5. Redundancy and scalability. High availability (HA) pairing for failover, redundant power supplies (mid-range and up), and VDOMs to split one appliance into several virtual firewalls (high-end).

Size against your projected internet bandwidth with SSL inspection enabled, not your current speed with it off. Enabling deep inspection can cut usable throughput by more than half on entry models, so a firewall that looks oversized on the firewall-throughput line is often exactly right once real security services are running.

How do I choose the right FortiGate model?

Work from your network reality to a specific model in five steps.

Start with scale: match your site size to a tier. Small or branch office points to a G-series desktop unit; a growing head office points to a 100F-class rack unit or higher.

Assess your reality: note your current and projected internet bandwidth, your user and device count, and the security services you will run (IPS, web filtering, SSL inspection, VPN).

Check the right specs: on the datasheets, compare threat protection and SSL inspection throughput, and confirm concurrent sessions exceed your device count.

Verify connectivity: confirm the port mix (1GbE, 10GbE, SFP/SFP+, POE) covers what you need now and in the near future.

Factor in growth: pick a model with 30 to 50 percent headroom over today’s needs so it lasts the full refresh cycle, and buy the current G-series generation for a longer support runway.

Choosing the right FortiGate is about matching the appliance to your real traffic, not buying the biggest box. As a Fortinet Advanced Partner, we size, deploy, and run these firewalls every day; our managed firewall services take model selection, licensing, firmware, and 24/7 monitoring off your plate.

Sources

Written by Maxim Kazachek

Sr. Systems Engineer

Maxim is a core member of the technical team at BALANCED+, responsible for architecting, deploying, and maintaining the systems infrastructure that clients depend on every day. From on-premises server environments to hybrid cloud deployments, he ensures that every system is configured for performance, security, and resilience. His deep technical knowledge spans Windows and Linux server […]

Frequently Asked Questions

Need IT Expertise?

Our team is ready to help. Book a free consultation and see how we can support your business.