Fortinet FortiGate G-Series: Technical Review & Model Comparison (2025)

Bottom Line Up Front (BLUF)

The Fortinet FortiGate G-Series is the next evolution of the company's firewall hardware, replacing the successful F-Series. Its primary differentiator is a purpose-built FortiASIC architecture designed to accelerate security functions, avoiding the performance bottlenecks common in software-based firewalls.

The series scales from small branch offices to large campus networks. Entry-level models like the FortiGate 90G (FG-90G) offer up to 2.5 Gbps of NGFW throughput, while mid-range appliances like the FortiGate 900G (FG-900G) handle up to 31 Gbps. All performance values are maximums and vary based on firmware, policies, and specific configurations.

A core advantage is the integration into the Fortinet Security Fabric. This allows IT teams to manage firewalls, switches, and access points from a single console, simplifying operations for distributed enterprises. The platform is built to support modern network architectures natively.

The G-Series includes robust support for Secure SD-WAN, universal Zero Trust Network Access (ZTNA) enforcement, and 5G connectivity. This positions the appliances for organizations navigating hybrid work and cloud adoption.

Competitionally, the G-Series offers a strong balance of performance and cost. It differs from Palo Alto Networks' focus on granular application visibility and Cisco's deep integration with its existing networking ecosystem, presenting a compelling option for performance-conscious organizations.

FortiGate G-Series Architecture

FortiGate appliances use a hybrid design that combines general-purpose CPUs with custom FortiASIC processors. This allows the device to offload computationally intensive tasks to specialized hardware, preserving CPU resources for control and management.

What is a FortiASIC?

A FortiASIC (Application-Specific Integrated Circuit) is a proprietary processor that accelerates security and networking functions. By handling tasks like IPS, VPN encryption, and SSL inspection in hardware, it enables high-throughput performance even with multiple security services enabled.

The G-Series is built on the latest FortiASIC technology, which includes several key components:

• SoC5 (System-on-a-Chip): Integrates CPU cores and multiple co-processors onto a single chip for compact, high-performance branch appliances.
• SP5 (Security Processor): Handles deep packet inspection for services like IPS, anti-malware scanning, and SSL/TLS decryption at line rate.
• NP7 (Network Processor): Accelerates packet forwarding, routing, and IPsec VPN encryption.
• TP (Threat Processor): Works with the SP5 to detect advanced, zero-day threats using inline security models.
• CP (Content Processor): Offloads content-based security functions like application control and web filtering.

Why This Matters

This division of labor is critical for modern networks. It means an IT manager can enable a full SSL/TLS inspection task that cripples many CPU-only firewalls—without causing a significant network slowdown. This ensures comprehensive security does not come at the expense of user experience.

Note: Component versions are typical for the G-Series, but specific hardware can vary by model. Always consult the official datasheet for the exact specifications of each appliance.

How a Packet Flows Through a FortiGate

The G-Series architecture processes traffic through a clear, optimized sequence designed to maximize speed.

1. Packet Ingress: A packet arrives at a physical interface and is immediately handled by the Network Processor (NP7), which checks for basic errors.

2. Session Lookup: The FortiGate checks if the packet belongs to an existing, approved session. If it does, it is forwarded via the hardware "fast path" directly to the egress interface.

3. Policy Enforcement: For new sessions, the main CPU performs a policy lookup to determine which security services are required (e.g., IPS, web filtering, application control).

4. Security Inspection: The CPU offloads the inspection workload to the relevant ASICs. The SP5 performs deep packet inspection, while the TP scans for advanced threats.

5. Fast Path Hand-Off: Once the first packet is approved, the session is added to the hardware session table. Subsequent packets in the same flow bypass these CPU-heavy checks, ensuring maximum throughput.

6. Packet Egress: The processed packet is sent out the correct egress interface by the Network Processor, ensuring minimal latency.

Entry-Level Models: Branch and SMB Deployments

These models are designed for distributed locations requiring enterprise-grade security in a compact form factor.

FortiGate 30G (FG-30G)

The FG-30G is a fanless desktop appliance ideal for small offices and retail sites.

• NGFW Throughput: up to 0.57 Gbps
• Threat Protection: up to 0.5 Gbps
• Concurrent Sessions: 600,000
• Recommended Deployments: Small branch offices (<10 users), retail (PCI DSS), secure home offices.

FortiGate 90G (FG-90G)

The FG-90G is a top-tier branch model with SFP ports for fiber connectivity.

• NGFW Throughput: up to 2.5 Gbps
• Threat Protection: up to 2.2 Gbps
• Concurrent Sessions: 3 Million
• Recommended Deployments: Large branch offices, SD-Branch hubs, manufacturing facilities.

Other models in this range include the FortiGate 50G (FG-50G), which offers a performance jump for hybrid WAN setups, and the FortiGate 70G (FG-70G), designed for larger branches needing more session capacity.

NGFW throughput includes IPS and application control, while Threat Protection throughput includes IPS, application control, and malware inspection. Values are measured with recommended security profiles enabled.

Branch Model Comparison Table

Mid-Range Models: Campus and Enterprise Deployments

These rackmount appliances provide the high performance and port density required for corporate headquarters and data center edges.

FortiGate 200G (FG-200G)

The FG-200G is built for large campuses and features multi-gigabit ports for modern switches and access points.

• NGFW Throughput: up to 7 Gbps
• Threat Protection: up to 6 Gbps
• Concurrent Sessions: 11 million
• Recommended Deployments: Large corporate campuses, internal network segmentation, and regional data center edges.

FortiGate 900G (FG-900G)

The FG-900G delivers powerful performance for mission-critical enterprise networks.

• NGFW Throughput: up to 31 Gbps
• Threat Protection: up to 30 Gbps
• Concurrent Sessions: 16 Million
• Recommended Deployments: Enterprise headquarters, large-scale encrypted traffic inspection, primary data centers.

Other models in this range include the FortiGate 120G (FG-120G), a balanced entry point for campus deployments, and the FortiGate 700G (FG-700G), suited for high-performance networks requiring 25GE uplinks.

Campus Model Comparison Table

Competitor Comparisons

FortiGate vs. Palo Alto Networks

Pros for FortiGate

Offers high performance with notable energy efficiency due to ASICs. The integrated Security Fabric and simplified licensing can reduce operational overhead.

Pros for Palo Alto Networks

Widely regarded for its highly accurate App-ID for granular application control. The Prisma suite provides a deeply integrated cloud-native security ecosystem.

FortiGate vs. Cisco Firepower

Pros for FortiGate

Purpose-built for security performance, often leading in threat protection throughput. Management is unified across the security stack from a single console.

Pros for Cisco

Unmatched integration with existing Cisco enterprise networking infrastructure. Backed by the robust threat intelligence of Cisco Talos.

Conclusion

The FortiGate G-Series is more than just an upgrade; it’s a rethinking of how hardware and software should integrate to deliver secure, high-performance networking.

From small branches to sprawling campuses, the G-Series provides unmatched throughput, advanced AI-driven security, and exceptional energy efficiency, making it a strong contender for any organization planning its next security investment.