Network Device Testing - FortiTester
AI-Driven Security Operations (SOC) | Fortinet
DATA SHEET FortiTester Available in: Appliance Virtual Machine Hosted Cloud Performance Testing and Breach Attack Simulation Fortinet's FortiTester solution offers enterprise and managed service providers a highly effective and affordable solution to ensure the most SECURE and RESILIENT infrastructure. Continuous validation is the best way to maintain a future- SECURE | SPEED | SIMULATE proof and secure infrastructure. FortiTester defines Network Performance Testing and Breach Attack Simulation (BAS) market, where security operations can assess the people, process, and technology on which the security of their organization depends. Performance Testing and Traffic Generation HTTP, HTTPS, HTTP/2, UDP Throughput, RFC2544, SSLVPN and IPSEC testing, Traffic enterprise mix generation, and Q-in-Q traffic generation Breach Attack Simulation MITRE ATT&CK simulation testing, CVE-based IPS testing, Fuzzing testing, Web/IOT attacks, FortiGuard Malware strike pack (with 20+ Ransomware), DDoS traffic generation, and PCAP replay Comprehensive API Automate testing and simulation with full system, test simulation, and reporting API Highlights n Up-to-date cyber threat simulation based on real world insight of FortiGuard n Best price and performance traffic generation and security testing system for enterprises and service providers n Flexible operation modes from one standalone device up to 8 devices combined in Test Center mode n Hardware, virtual appliances, and public cloud (AWS, Azure, GCP, OCI and Alibaba) n Server-Class hardware and packet-processing enhancements n Throughput Testing up to 80 Gbps/ 800 Gbps Bi-directional Throughput with Standalone or Test Center mode n Easy and Simple Web UI 1 DATA SHEET | FortiTester HIGHLIGHTS Traffic Generation and Performance Testing § HTTP, HTTPS, and HTTP/2 § UDP (PPS/Payload) § TCP (Throughput, TurboTCP, CPS) § RFC 2544 / RFC 3511 § SSLVPN and IPSEC testing (CPS/RPS/CC/Throughput) § PCAP Replay, GTP Replay § Q-in-Q Traffic Generation § Scheduled Testing (hourly, daily, monthly) Traffic Mix § Enterprise Mix, Fortinet Enterprise, Enterprise Lite, Custom Protocol Support § TCP (CIFS, SMBv2, FIX, FTP, IMAP, LDAP, NFS, POP3, RDP, SMTP, SSH), UDP, DHCP, ICMP, RTSP/RTP Applications § Amazon S3, AOL Chat, BitTorrent, DB2, Facebook, Gmail, GTalk, MSSQL, MySQL, NetFlix, Oracle TNS, PSQL, Twitter, WebEx, WhatsApp, Yahoo Mail, YouTube Security Testing § DDoS testing (HTTP/UDP/TCP Session Flood) § TCP / UDP / ICMP / IP Fuzzing Attack § IPS Attacks (CVE-based and HTTP Evasion, Buffer Overflow, Code Injection, Path Traversal) § Malware Strike Pack (Updated by FortiGuard daily with categories such as Ransomware and Trojan) § Web Attacks (Cross Site scripting, SQL injection, Bad Robots, Privilege Escalation) § Web Crawler (bulk URL replay) Flexible Form Factor § Powerful Appliances with 1G/10G/40G/100G Output § Up to 80 Gbps (3000E) and 800 Gbps (4000E x8) Bi- Directional Traffic Simulation § VM Form Factor supporting ESXi, KVM, OpenStack § Public Cloud Support: AWS, Azure, Alibaba, GCP, OCI* § Test Centre Mode - up to eight devices in cluster (see model compatibility) Breach Attack Simulation § MITRE ATT&CK® Adversary Simulation § Pre and Post Breach Simulation § Comprehensive Reporting Comprehensive Reporting § PDF Exports § API Retrieval of Cases Result and Reports Extensive API Support § Case Management § System Management § Object Management § User Management § MITRE ATT&CK Management Third Party Integration § Administrator and RADIUS Support § FortiSIEM Native Support § SYSLOG § SNMP Traps and MIBs Support § Certification Management * BYOL support for public cloud, contact SE if images are not available on market place. 22 DATA SHEET | FortiTester DEPLOYMENT Standalone Mode Test center works with the local traffic generator and receiver. Test Centre Mode Scale FortiTester performance by combining up to eight FortiTesters in a cluster. Public Cloud Support FortiTester supports major public cloud providers to validate cloud infrastructure both in performance and security. Intuitive GUI FortiTester features a simple, easy to use, and intuitive graphic user interface. Use Cases Secure Infrastructure Validation Breach Attack Simulation Vendor Bake-Off Public Cloud Testing (AWS, Azure, GCP, OCI, Alibaba) Evaluate Advanced Threat Protection (ATP) Technology Validate Technology, People, and Process MITRE ATT&CK® Simulation Pre/Post Breach Simulation Datasheet Performance Evaluation Future Proofing Architecture Validation Load Testing in Market Places 3 DATA SHEET | FortiTester SPECIFICATIONS Hardware Specifications Total Interfaces Storage Form Factor FORTITESTER 100F 2x 10 GE SFP+, 2x GE SFP, 2x GE RJ45, 1x Console GE RJ45, 1x Management GE RJ45, 2x USB 3.0 1 TB HDD 1U FORTITESTER 2000E 4x 10 GE SFP+ slots, 1x Management GE RJ45 port 1 TB HD 1U FORTITESTER 2500E 4x 10 GE SFP+ slots, 1x Management GE RJ45 port 1 TB HD 1U SSL Acceleration Card No No Yes Performance Examples and Application Support HTTP Throughput HTTP Connections Per Second HTTP Concurrent Connections SSL Throughput SSL Connections Per Second SSL Concurrent Connections IPsec SSL-VPN Protocol TCP (CIFS, SMB, FIX, FTP, IMAP, LDAP, NFS, POP3, RDP, SMTP, SSH), UDP, DHCP, ICMP, RTSP/RTP RFC2544 and 3511 IPS, Malware, MITRE ATT&CK, FUZZING, and DDOS Replay -- PCAP, Traffic, Attack, GTP Standalone Mode 10.0 Gbps 700,000 9,000,000 9.9 Gbps 2,500 80,000 Yes Yes Yes Yes Yes Yes Test Center Mode with 8 Devices 80.0 Gbps 5,600,000 72,000,000 79.6 Gbps 10,000 640,000 Yes Yes Yes Yes Yes Yes Standalone Mode 20.0 Gbps 1,019,000 9,000,000 15.9 Gbps 3,000 80,000 Yes Yes Yes Yes Yes Yes Test Center Mode with 8 Devices 160.0 Gbps 7,856,000 72,000,000 119.4 Gbps 24,000 640,000 Yes Yes Yes Yes Yes Yes Standalone Mode 20.0 Gbps 1,035,000 9,000,000 14.07 Gbps 16,900 80,000 Yes Yes Yes Yes Yes Yes Test Center Mode with 8 Devices 160.0 Gbps 8,135,000 72,000,000 109.92 Gbps 128,400 640,000 Yes Yes Yes Yes Yes Yes Traffic Mix (Enterprise / Lite / Fortinet Mix) Yes Yes Yes Yes Yes Yes Dimensions and Power Height x Width x Length (inches) Height x Width x Length (mm) Weight Power Required Power Consumption (Average / Maximum) Maximum Current Heat Dissipation Redundant Power Supplies 1.73 x 17.32 x 19.69 44 x 440 x 500 15.9 lbs (7.2 kg) 100240V AC, 50-60 Hz, 6A-3A 90W / 120W 120V/6A, 240V/3A 477 BTU/h No 1.73 x 17.24 x 22.83 44 x 438 x 580 22 lbs (10 kg) 100240V AC, 63-47 Hz, Redundant 280 W / 330 W 120V/5A, 240V/3A 1126 BTU/h Dual Power Supplies 1.73 x 17.24 x 22.83 44 x 438 x 580 22.6 lbs (10.3 kg) 100240V AC, 63-47 Hz, Redundant 300 W / 360 W 120V/5A, 240V/3A 1160 BTU/h Dual Power Supplies Environment Operating Temperature Storage Temperature Humidity Operating Altitude 32104°F (040°C) -4167°F (-2075°C) 590% non-condensing Up to 7,400 ft (2,250 m) 32104°F (040°C) -4158°F (-2070°C) 590% non-condensing Up to 7,400 ft (2,250 m) Compliance Regulatory Compliance Safety FCC, ICES, CE, RCM, VCCI, BSMI (Class A) U/cUL, CB, BSMI FCC Part 15 Class A, RCM, VCCI, CE, UL/c CSA, C/US, CE, UL FortiTester 2000E/2500E Based on SSL/TLS cipher suite: AES256-GCM-SHA384 with 2K key size. 44 DATA SHEET | FortiTester SPECIFICATIONS Hardware Specifications Total Interfaces Storage Form Factor FORTITESTER 3000E 2x 40 G QSFP+ 1x Management GE RJ45 port (break out cable supported) 2 TB HDD 1U FORTITESTER 4000E 1x 100 GE QSFP28, 1x GE RJ45 (breakout cable not supported) 2 TB HDD 1U SSL Acceleration Card Yes Yes Performance Examples and Application Support HTTP Throughput HTTP Connections Per Second HTTP Concurrent Connections SSL Throughput SSL Connections Per Second SSL Concurrent Connections IPsec SSL-VPN Protocol TCP (CIFS, SMB, FIX, FTP, IMAP, LDAP, NFS, POP3, RDP, SMTP, SSH), UDP, DHCP, ICMP, RTSP/RTP RFC2544 and 3511 IPS, Malware, MITRE ATT&CK, FUZZING, and DDOS Replay -- PCAP, Traffic, Attack, GTP Standalone Mode 37.48 Gbps 1,697,000 18,000,000 23.0 Gbps 28,600 160,000 Yes Yes Yes Yes Yes Yes Test Center Mode with 8 Devices 303.12 Gbps 13,744000 144,000,000 184.0 Gbps 176,800 1,280,000 Yes Yes Yes Yes Yes Yes Standalone Mode Client-only Client-only Client-only Client-only Client-only Client-only No (requires additional 4000E) No (requires additional 4000E) Client-only No (requires additional 4000E) Client-only No (requires additional 4000E) Test Center Mode with 8 Devices 376.0 Gbps 7,200,000 304,000,000 148.0 Gbps * 120,000 2,560,000 Yes Yes Yes Yes Yes Yes Traffic Mix Enterprise / Lite / Fortinet Mix Yes Yes No Yes Dimensions and Power Height x Width x Length (inches) Height x Width x Length (mm) Weight Power Required Power Consumption (Average / Maximum) Maximum Current Heat Dissipation Redundant Power Supplies 1.73 x 17.24 x 22.83 44 x 438 x 580 22.6 lbs (10.3 kg) 100240V AC, 63-47 Hz, Redundant 300 W / 360 W 120V/5A, 240V/3A 1228.4 BTU/h Dual Power Supplies Environment Operating Temperature Storage Temperature Humidity Operating Altitude 32104°F (040°C) -4158°F (-2070°C) 595% non-condensing Up to 7,400 ft. (2,250 m) Compliance Regulatory Compliance Safety FCC Part 15 Class A, RCM, VCCI, CE, UL/c CSA, C/US, CE, UL FortiTester 3000E/4000E Based on SSL/TLS cipher suite: AES256-GCM-SHA384 with 2K key size * FortiTester 4000E has slightly lower SSL performance than 3000E due to using 6 cores instead of 8 cores in 3000E, 2 cores are used for system/management. 5 DATA SHEET | FortiTester SPECIFICATIONS Virtual Machine Hypervisor Support vCPUs Memory Storage Network Interfaces Traffic Mix Enterprise / Lite / Fortinet Mix FORTITESTER VM02 2 4 GB No, Limited Traffic Mix FORTITESTER VM04 FORTITESTER VM08 FORTITESTER VM16 FORTITESTER VM32 VMware ESX/ESXi, KVM, AWS, Azure, GCP, OCI, Alibaba 4 8 16 8 GB 16 GB 32 GB 60 GB 1 Management (E1000) + 4 Tester (VMXNET3/VIRTIO) No, Limited Traffic Mix Enterprise Lite Enterprise, Fortinet Mix, Lite 32 64 GB Enterprise, Fortinet Mix, Lite FORTITESTER TEST CENTER MODE SUPPORT In order to run Test Center mode, FortiTester supports grouping similar members above in the same Test Center group. TEST CENTER GROUP 100 2K 3K 4K VM VM ESXI AWS AWS_BYOL AZR_BYOL OCI_BYOL GCP_BYOL MEMBERS FTS-100F FTS-2000D, FTS-2000E, FTS-2500E FTS-3000E FTS-4000E FTS_VM_KVM FTS_VM FTS_VM_AWS FTS_VM_AWS_BYOL FTS_VM_AZURE_BYOL FTS_VM_OCI_BYOL FTS_VM_GCP_BYOL ORDER INFORMATION HARDWARE Product FortiTester 100F FortiTester 2000E FortiTester 2500E FortiTester 3000E FortiTester 4000E SKU FTS-100F FTS-100F-BDL-293-DD FTS-2000E FTS-2000E-BDL-293-DD FTS-2500E FTS-2500E-BDL-293-DD FTS-3000E FTS-3000E-BDL-293-DD FTS-4000E FTS-4000E-BDL-293-DD Description Network Performance and Security Testing System for Enterprises and Service Providers 1x GE MGMT port, 2x GE RJ45 ports, 2x GE SFP ports, 2x 10GE SFP+ ports. 1TB HDD Storage. Hardware plus Enterprise bundle (IPS attack PCAPs update, malware strike pack, web protection & MITRE ATT&CK signature updates), with 24x7 FortiCare support Network Performance and Security Testing System for Enterprises and Service Providers 1x GE RJ45, 4x 10 GE SFP+, 1 TB storage. Hardware plus Enterprise bundle (IPS attack PCAPs update, malware strike pack, web protection & MITRE ATT&CK signature updates), with 24x7 FortiCare support Network Performance and Security Testing System for Enterprises and Service Providers 1x GE RJ45, 4x 10 GE SFP+, 1 TB storage. Hardware plus Enterprise bundle (IPS attack PCAPs update, malware strike pack, web protection & MITRE ATT&CK signature updates), with 24x7 FortiCare support Network Performance and Security Testing System for Enterprises and Service Providers 1x GE RJ45, 2x 40 GE QSFP, 2 TB HDD storage. Hardware plus Enterprise bundle (IPS attack PCAPs update, malware strike pack, web protection & MITRE ATT&CK signature updates), with 24x7 FortiCare support Network Performance and Security Testing System for Enterprises and Service Providers 1x GE RJ45, 1x 100 GE QSFP28, 2 TB HDD storage. (Please note, 2 devices using Test Center mode are typically required.) Hardware plus Enterprise bundle (IPS attack PCAPs update, malware strike pack, web protection & MITRE ATT&CK signature updates), with 24x7 FortiCare support 66 DATA SHEET | FortiTester ORDER INFORMATION VM WARE Product FortiTester VM02 FortiTester VM04 FortiTester VM08 FortiTester VM16 FortiTester VM32 SKU FTS-VM02 FC-10-FTV02-294-02-DD FTS-VM04 FC-10-FTV04-294-02-DD FTS-VM08 FC-10-FTV08-294-02-DD FTS-VM16 FC-10-FTV16-294-02-DD FTS-VM32 FC-10-FTV32-294-02-DD Description Network Performance and Security Testing System for Enterprises and Service Providers Virtual appliance with 2x vCPU cores and 4 GB memory, supporting VMware/VMXNET3 and KVM/VIRTIO. Enterprise bundle (IPS attack PCAPs update, malware strike pack, web protection & MITRE ATT&CK signature updates), with 24x7 FortiCare support Network Performance and Security Testing System for Enterprises and Service Providers Virtual appliance with 4x vCPU cores and 8 GB memory, supporting VMware/VMXNET3 and KVM/VIRTIO. Enterprise bundle (IPS attack PCAPs update, malware strike pack, web protection & MITRE ATT&CK signature updates), with 24x7 FortiCare support Network Performance and Security Testing System for Enterprises and Service Providers Virtual appliance with 8x vCPU cores and 16 GB memory, supporting VMware/VMXNET3 and KVM/VIRTIO. Enterprise bundle (IPS attack PCAPs update, malware strike pack, web protection & MITRE ATT&CK signature updates), with 24x7 FortiCare support Network Performance and Security Testing System for Enterprises and Service Providers Virtual appliance with 16x vCPU cores and 32 GB memory, supporting VMware/VMXNET3 and KVM/VIRTIO. Enterprise bundle (IPS attack PCAPs update, malware strike pack, web protection & MITRE ATT&CK signature updates), with 24x7 FortiCare support Network Performance and Security Testing System for Enterprises and Service Providers Virtual appliance with 32x vCPU cores and 64 GB memory, supporting VMware/VMXNET3 and KVM/VIRTIO. Enterprise bundle (IPS attack PCAPs update, malware strike pack, web protection & MITRE ATT&CK signature updates), with 24x7 FortiCare support ACCESSORIES Product 40G/100G QSFP+ to 4x SFP+/ SFT28 optical breakout 1m 40G/100G QSFP+ to 4x SFP+/ SFT28 optical breakout 5m SKU FG-TRAN-QSFP-4XSFP FG-TRAN-QSFP-4SFP-5 Description (applicable to 3000E only) 40G/100G QSFP+/QSFP28 to SFP+/SFP28 Parallel Breakout MPO to 4xLC connectors, 1m reach, transceivers not included 40G/100G QSFP+QSFP28 to SFP+SFP28 Parallel Breakout MPO to 4xLC connectors, 5m reach, transceivers not included SECURITY SERVICES PRODUCT SKU FortiTester XXXX FC-10-XXXX-293-02-DD FC-10-XXXX-187-02-DD FC-10-XXXX-318-02-DD FC-10-XXXX-261-02-DD Description Enterprise bundle (IPS attack PCAPs update, malware strike pack, web protection, and MITRE ATT&CK signature updates), with 24x7 FortiCare support FortiTester Premium Attack Signatures (FDS update of IPS attack PCAPs update, plus web protection signatures updates) FortiTester ATT&CK MITRE Attack Package (Windows/ Linux/ Mac attacks based on MITRE techniques) FortiTester Malware Strike Pack (FortiGuard auto update) XXXX = hardware model such as FT01H, FTE2K, FT2KE, FTK3K, FTK4K SERVICES SKU / UPDATES ENTITLEMENT IPS Web Attacks IOT / SCADA Attacks Malware Strike Pack MITRE ATT&CK ENTERPRISE BUNDLE PREMIUM ATTACK SIGNATURES MALWARE STRIKE PACK MITRE ATT&CK www.fortinet.com Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet's General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet's internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. FTS-DAT-R15-20210407Adobe PDF Library 15.0