Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate - Wireguard Support



I did a less-than-thorough search on the web, but was wondering if Fortinet has plans to integrate Wireguard VPN in their Fortigates?  We've all had some sports with IPSEC tunnels that drop and never come back - might be time to embrace the future. :) 



1 Solution
New Contributor II

wireguard is fantastic


Implement it (also in beta ) can provide a big advantage on competitors.

it is the future: faster , secure , simple...


View solution in original post

New Contributor

Not fully sure what you mean, but I've done a feature request through partner and a contact in FortiNet :) Fingers crossed for future relases!

Esteemed Contributor III

Time will tell,  but I highly doubt they are going to implement a rather new protocol into their new features list &  anytime soon nor immediately. Especially since nobody in the industry has not caught up or on wireguard. Then you have software license and end users and other items they would to investigate.


I look at it as the same way as OpenVPN, highly used out of commercial firewalls and that is just about it.


Ken Felix





Fortigates support almost all - even ancient - tunneling and VPN protocols. Adding a modern, highly acclaimed and easy to implement (from a code point of view) protocol is a logical choice ... all it needs is some nudging from partners and customers ... would be nice to see it appear some time soon!

New Contributor II

Would you please share your source on those bandwidth and response time measurements ?
I was under the impression that the ASICs acceleration(NPU, SPU) of FortiGate can do better than WireGuard.

New Contributor II

Nevermind, I found it my self
WireGuard was benchmarked alongside IPsec in two modes and OpenVPN, using iperf3(1) between an Intel
Core i7-3820QM and an Intel Core i7-5200U with Intel 82579LM and Intel I218LM gigabit Ethernet cards
respectively, with results averaged over thirty minutes.
WireGuard outperformed OpenVPN and both modes of IPsec. The CPU was at 100%
utilization during the throughput tests of OpenVPN and IPsec, but was not completely utilized for the test of
WireGuard, suggesting that WireGuard was able to completely saturate the gigabit Ethernet link.
While the AES-NI-accelerated AES-GCM IPsec cipher suite appears to outperform the AVX2-accelerated
ChaCha20Poly1305 IPsec cipher suite, as future chips increase the width of vector instructions—such as the upcom-
ing AVX512—it is expected that over time ChaCha20Poly1305 will outperform AES-NI [4]. ChaCha20Poly1305
is especially well suited to be implemented in software, free from side-channel attacks, with great efficiency, in
contrast to AES, so for embedded platforms with no dedicated AES instructions, ChaCha20Poly1305 will also
be most performant.
Furthermore, WireGuard already outperforms both IPsec cipher suites, due to the simplicity of implementation
and lack of overhead. The enormous gap between OpenVPN and WireGuard is to be expected, both in terms of
ping time and throughput, because OpenVPN is a user space application, which means there is added latency
and overhead of the scheduler and copying packets between user space and kernel space several times.
we have on average 1,5k VPN connections on our FGT
I rest my case

New Contributor II

I also would like to see Wireguard on Fortigate!

New Contributor

20k views and 2 years later: small bump!

New Contributor III

I am joining too!