From Wikipedia, the free encyclopedia
Jump to: navigation, search
Fortinet, Inc.
Type Public
Industry Network security & Computer security
Founded 2000
Headquarters Sunnyvale, California
Key people Founder and CEO: Ken Xie
Founder and CTO: Michael Xie
Products FortiGate Unified threat management (UTM), Next-generation firewall, Firewalls, Antivirus, Intrusion-prevention system, Antispyware, Antispam, VPN, Virtualization, Wireless (WLAN) Security, Application Control, Web filtering, Content-control software
Revenue Increase US$ $533.64 million (2012)
Employees 2,100+ (Q2 2013)

Fortinet is an American multinational corporation that sells high performance network security products and services. It was founded in 2000 by brothers Ken and Michael Xie, and is headquartered in Sunnyvale, California. Fortinet distributes its systems and subscription-based services using the Channel partner sales method, having over 1,500 partners worldwide.[citation needed] Fortinet's position as the revenue leader in Unified Threat Management (UTM) has been validated by IDC several times over.[1]

Fortinet is a publicly held company. The stock was listed on NASDAQ on November 18, 2009.[2]


In 1993, 29 year old Ken Xie started Stanford Information Systems (SIS) with classmates and friends to develop and sell software-based firewalls. The part-time venture led Xie to realize the limitations of software-based firewalls and in 1997 he founded NetScreen with Yan Ke and Feng Deng. NetScreen developed ASIC-based Internet security systems and appliances and paved the way for what would become one of Fortinet's key technologies. In 2004 NetScreen was sold to Juniper Networks for $4 billion.[3]

In 1999, Ken Xie left NetScreen and founded Fortinet with his brother Michael Xie. With $1 million in angel funds and a personal investment of $50,000, Fortinet quickly grew, gaining recognition for their growth in Forbes Magazine, Entrepreneur, and on the Deloitte Fast 500.[4][5]

In 2009 the company filed for its initial public offering, opening at $12.50 per share and closing the same day $16.62, a 33% increase.[citation needed]

In April 2011, Fortinet acquired TalkSwitch, a VoIP (Voice over IP) manufacturer [6]

In March 2013, Fortinet acquired Coyote Point Systems, an application delivery controller (ADC) manufacturer.[7]


Fortinet offers a variety of products including network, content, and application security gateways for small and medium enterprises, data center, government, service provider and large enterprise environments. The company provides numerous products that comprise 24 product lines.

SSL Inspection[edit]

Some Fortinet products prompt users to accept a new root level Fortigate SSL certificate then act as an intermediate instead of connecting the user directly to their intended end SSL server (e.g. Yahoo's mail server). This is necessary in a Unified Threat Management context where total control over incoming malware and viruses is a key attribute. Older corporate firewalls either blocked the HTTPS port completely (preventing users from using their Internet banking from work for example), or they allowed HTTPS but could not filter the encrypted data stream for security threats such as viruses, or breaches of IT policy such as accessing porn from the office.

It is noteworthy, however, that this process is itself a man-in-the-middle technology approach as used by hackers of many types. While this may be a man-in-the-middle attack approved or instructed by office IT managers, there are risks associated with asking or forcing users to accept a new root level certificate in order to achieve their expected functionality. One is privacy related: it is up to the implementing party to inform their users that their SSL protection is compromised compared to use outside the corporate network (see reference to Myanmar below). The second is a social-engineering aspect: the more users are expected to surrender their encryption protection to "trustworthy" corporate, school or hotel firewalls on a regular basis, the more likely they are to get used to just pressing 'connect' when prompted with some future maliciously intended root certificate. (There is also the risk that if the Fortigate certificate itself were compromised, or its presence exploited, a malicious attacker would have full access to the user's SSL data as the user has already accepted the root level Fortigate certificate).[8] [9]

Criticism and Controversy[edit]

US government sanctions violation[edit]

According to the OpenNet Initiative,[10] FortiGuard is used by the dictatorship of Myanmar to block communications critical of the regime carried over the Internet, a system known as the Myanmar Wide Web.[11] Fortinet has promised to investigate the allegations, and the implied violation of US government sanctions against the regime, noting that the software may have been sold to the regime by a third party;[12] meanwhile, the Myanmar government features its adoption of the Fortinet firewall on its official website[13] with other photos showing a Fortinet sales director presenting a gift to the Myanmar Prime Minister during a ceremony.[13] In 2005, after becoming aware that its product may have reached Myanmar, Fortinet conducted an exhaustive review of channel partners and their compliance with import/export controls. The company implemented additional back-end controls which now render a product useless if it is diverted without appropriate authorizations to a party located in a U.S. sanctioned country.

GPL violations[edit]

In 2005, the project uncovered evidence that Fortinet had used GPL code in its products against the terms of the license, and used cryptographic tools to conceal the violation. The violation was alleged to have occurred in the FortiOS system, which the project said contained elements of the Linux kernel. In response, a Munich court granted a temporary injunction against the company, preventing it from selling products until they were in compliance with the necessary license terms;[14] Fortinet was required to make the source code of GPL portions of their FortiOS freely available in compliance with GPL licensing.[15]

See also[edit]


External links[edit]