Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortinet firewalls - quick question

if I understand it right there's the firewall appliance , then there is FortiCare (which is support basically) and FortiGuard (which are paid addons like IPS, IDS, antimalware...)is the standalone appliance such as 60E with only FortiCare for updates capable of everything such as site to site IPSec VPNs? basic ACLs, port forwarding etc..I get that buying a next-gen firewall without next-gen addons is kinda pointless, but my current ASAs are very very old, without support so I mainly want a new appliance that isn't ancient and basic firmware/OS support for now. If budget allows I'll gladly add UTM/UTP services on top later.

appvalley tutuapp tweakbox
Honored Contributor

quick answer: no


FortiCare gives you support and hardware exchange

Firmware & general updates needs to be licensed too


UTM (IPS,IDS,webfilter etc) and HA require additional licensing.


So with only FortiCare you have support and rma service, you will have the basic functionality you wrote but you won't get any updates.


"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Valued Contributor

quick answer: yes


if you buy the appliance and support you get the all non UTM stuff and firmware upgrades, that is what forticare gets you.


FortiCare device-based support is the foundation of the support services, providing firmware updates, technical support, and foundational FortiGuard subscriptions for dynamic policies. Two levels are available: 24x7 and Advanced Support Engineer (ASE). ASE provides higher ticket servicing for faster starts and ticket resolution.

Esteemed Contributor III

I have to agree with boneyard


. UTM (IPS,IDS,webfilter etc) and HA require additional licensing. 


BTW,  HA does not require any licensing and in general none of the other things mentioned in that same line require licensing. You could run your appliance with no active subscription IDS,IPS,WEBfiltering....


Your active subscription to forticare is what give you the active updates. You could run all UTM mention above and with no active subscription, but in general, that would not keep your appliance up to date on threats. And would be. heavily ill-advised for webfiltering.


Ken Felix





PCNSE NSE StrongSwan
Top Kudoed Authors