FortiGate CNF Cloud Firewalls
SaaS-delivered NGFW service for AWS VPCs and Azure VNets. Enterprise-grade protection without the complexity of managing security infrastructure.
NGFW Delivered as a Service
FortiGate CNF is a next-generation firewall (NGFW) service delivered as SaaS that simplifies protection for your cloud workloads by eliminating the need to manage security infrastructure.
Get all FortiOS NGFW capabilities including IPS, web filtering, DNS Security and botnet protection, powered by FortiGuard Labs threat intelligence updated in real-time.
Multi‑Cloud Firewall
Zero-Management SaaS
Fully managed service: no software licensing, sizing, deployment or patching. Pay only for security processing credits.
Enterprise NGFW
Full FortiOS capabilities: known bad IP blocking, geo-IP filtering, IPS, DNS security, anti-botnet protection and sandbox/AV.
Global Geo-Fencing
Restrict traffic by geographic location for regulatory compliance and attack surface reduction with granular per-country policies.
East-West Security
Lateral movement protection between VPCs/VNets with microsegmentation and consistent security policies across your cloud infrastructure.
Dynamic Security
Policies based on FQDN objects, geo objects, cloud metadata and resource tags for adaptive security in dynamic environments.
Centralized Multi-Account
Manage security for multiple AWS accounts or Azure subscriptions from a single centralized CNF instance.
Complete Egress Traffic Control
Protect all outbound traffic from your cloud workloads with deep inspection and granular policies that prevent communications with malicious destinations.
- Block known malicious IPs with FortiGuard reputation
- URL category filtering for browsing control
- Prevent communication with C&C servers
- Geo-fencing for data sovereignty compliance
Lateral Movement Protection
Implement segmentation and microsegmentation between VPCs and VNets to detect and prevent threats attempting to spread laterally in your cloud infrastructure.
- Microsegmentation between workloads and applications
- IPS inspection of inter-VPC/VNet traffic
- Anomalous behavior detection between segments
- Integration with Transit Gateway and VNET peering
Dynamic Policies for Cloud Environments
Create security policies that automatically adapt to changes in your cloud infrastructure using metadata, tags and dynamic objects.
- FQDN objects for dynamic network destinations
- Geographic objects for location-based policies
- Integration with cloud instance metadata
- Resource tags for policy automation
Enterprise Use Cases
Enterprise Cloud Migration
Organizations migrating critical workloads to the cloud that need enterprise-grade security without operational complexity.
Multi-VPC Architectures
Enterprises with multiple VPCs or VNets requiring consistent security policies and centralized management across their cloud footprint.
Regulatory Compliance
Regulated industries (finance, healthcare) that must comply with GDPR, HIPAA, PCI-DSS and require geo-fencing and traffic controls.
Secure DevOps
DevOps teams needing API-automatable security, integrated with CI/CD pipelines and compatible with infrastructure as code.
FortiGuard Services
Intrusion Prevention (IPS)
Protection against exploits, vulnerabilities and known attacks with signatures continuously updated by FortiGuard Labs.
DNS Security
Blocking malicious domains, DNS tunneling prevention and protection against DNS query-based attacks.
Botnet Protection
Detection and blocking of communications with known botnets and command and control (C&C) servers.
Sandbox & Antivirus
Analysis of suspicious files in cloud sandbox and antivirus protection with real-time updated signatures.
Geo IP & IP Reputation
Global IP reputation and geolocation database for location-based policies and blocking malicious sources.
URL Filtering
URL categorization and web filtering to control site access by category, risk or corporate policy.
Operational Benefits
Supported Cloud Architectures
AWS Multi-VPC
Centralized deployment for multiple VPCs with Transit Gateway integration and AWS Firewall Manager.
Azure Multi-VNet
Protection for multiple subscriptions and VNets with Azure Load Balancer integration and VNET peering.
FortiGate VM
Virtual FortiGate instances for ESXi, KVM, Hyper-V and all major clouds with full control.
Containers
FortiGate CNF for Kubernetes and container environments with native network policies.
Transit Hub
Hub-and-spoke architecture with FortiGate as central inspection point for all inter-VPC traffic.
Security Fabric
Native integration with Fortinet Security Fabric for unified visibility and management.
Supported Regulations
FortiGate CNF helps comply with major global security and data privacy regulations.
PCI-DSS
Network controls and segmentation for card payment environments
HIPAA
Health information protection with access controls and encryption
GDPR
Geo-fencing and data sovereignty controls for European compliance
SOX
Security controls and auditing for corporate financial information
Compatible Ecosystem
Native integration with leading cloud platforms, enterprise tools, and the Fortinet Security Fabric ecosystem.
Protect Your Cloud Infrastructure with FortiGate CNF
Get enterprise-grade NGFW security delivered as a service, with no infrastructure to manage and FortiGuard Labs intelligence.
Request Demo