30,000-student campus edge
A major public university uses a 600F HA cluster as the campus backbone firewall. Guest Wi-Fi, student, admin, lab and research traffic each in separate VDOMs. KVKK-compliant student data protection.
Quick answer
FortiGate 600F delivers 98 Gbps firewall and 14 Gbps threat prevention for 1000–2000 user large campus and data center branch environments. 40G QSFP+ uplinks integrate with DC spine switches.
FortiGate 600F targets dense-traffic campus organizations. 40G QSFP+ uplinks and high session counts.
The flagship of the mid-range: while the 200F is the perfect HQ device, the 600F suits higher-density environments (large universities, multi-company holdings, government main buildings). At 98 Gbps firewall it doubles as a data center edge (north-south) device; multi-VDOM hosts 50+ isolated virtual firewalls for intra-campus microsegmentation.
40G QSFP+ uplinks and DC integration: the 600F's 4x 40G QSFP+ ports aggregate into Cisco Nexus, Arista 7050X and Aruba CX 8400-class DC spine switches. Typical usage: 2x 40G LACP active-active = 80 Gbps usable. Even with SSL inspection on, ~14 Gbps threat prevention is preserved — a level software-based competitors cannot reach alone.
NP6 + CP9 ASIC hardware acceleration: 6x NP6 (Network Processor 6) and 2x CP9 (Content Processor 9) ASICs inside the 600F parallelize IPS signature matching, SSL inspection, AES-256 IPSec encryption and flow-based antivirus scanning. This multi-ASIC design delivers 3–5x more simultaneous secure sessions than single-ASIC competitors — 16 million concurrent connections.
Multi-VDOM for multi-tenant operation: the 600F supports 25 VDOMs by default, 100 with license. In a holding HQ, each subsidiary's traffic isolates into its own VDOM; a single 600F cluster covers a 30+ company group. Each VDOM has its own administrator UI, policy set, route table and QoS policies — VDOM administrators cannot affect each other.
HA cluster and zero downtime: the 600F is always deployed as a two-unit HA cluster in production. FGCP (active-passive) is the default; mission-critical environments pick FGSP (active-active). Session synchronization completes in under 100 ms; on failure users continue without losing their sessions. Critical for bank branches, hospital HBYS and factory SCADA where downtime is costly.
Integrated operations with FortiManager + FortiAnalyzer: for 600F-class organizations the standard trio is FortiManager (policy) + FortiAnalyzer (logs) + FortiSIEM (SOC). FortiManager centralizes policy across 100+ distributed branches; FortiAnalyzer's 1-year retention satisfies KVKK and PCI-DSS audit reports; FortiSIEM escalates critical events to SOC operators.
- 98 Gbps firewall
- 40G QSFP+ uplink
- high session count
Key features
What this model offers
- 98 Gbps firewall, 14 Gbps threat prevention
- 18x GbE + 16x 10G SFP+ + 4x 40G QSFP+
- FortiASIC NP6 (6x) + CP9 (2x)
- Multi-VDOM (default 25, license to 100)
- Dual hot-swappable power supplies
- HA cluster (FGCP A-P, FGSP A-A)
- Hardware-accelerated IPSec/SSL (16 Gbps)
- FortiGuard AI IPS, antivirus, web filter
- FortiSandbox integration
- FortiManager + FortiAnalyzer + FortiSIEM
- ZTNA Application Gateway
- Container security (pod-level firewall)
Tech Summary
Technical data
- Firewall throughput
- 98 Gbps
- Threat prevention
- 14 Gbps
- IPS throughput
- 18 Gbps
- SSL inspection
- 15 Gbps
- VPN throughput (IPsec)
- 55 Gbps
- Concurrent sessions
- 16 million
- New sessions/sec
- 750,000
- Ports
- 18x GbE + 16x 10G + 4x 40G
- Form factor
- 2U rack
- FortiASIC
- 6x NP6 + 2x CP9
- Power consumption (typical)
- 320 W
- VDOM capacity
- 25 (license to 100)
Use CasesLarge university Holding Data center branch Healthcare Government
At what scale is this model preferred?
Multi-company holding HQ
A 30+ company holding runs 600F HA at HQ. Each company in its own VDOM; controlled access to shared DC resources (SAP, file servers). Monthly $25K MPLS spend reduced to $8K via SD-WAN.
DC north-south edge
A local cloud provider uses 600F HA as the data center north-south edge. 40G uplinks deliver high bandwidth into backside spine switches. PCI-DSS audit-compliant.
Large city hospital
A 1500-bed city hospital uses 600F + 8 VDOMs (HBYS, lab, imaging, admin, patient Wi-Fi, doctor Wi-Fi, IoT devices, guest). HIPAA + KVKK-compliant configuration.
Ministry main building
A ministry main building runs 600F HA + 50 VDOMs to isolate each department. 200+ provincial branches managed centrally via FortiManager. Turkish Cybersecurity Standards-aligned.
Who is it for?
1000–2000 user large campus, multi-company holdings, universities, large hospitals, ministry HQs, data center branches; organizations needing multi-VDOM.
Frequently Asked Questions
Common questions about this model
Should I buy a 600F or a 900G?
The 900G is the next generation (NP7 + SP5 ASIC); at a similar price it delivers 40% higher performance (140 Gbps firewall) + AI-driven IPS. For new projects pick 900G; if your existing 600F is healthy, no urgent change. Plan around EOS announcements.
How are 40G uplinks used?
High-bandwidth aggregation into DC spine switches (Cisco Nexus, Arista, Aruba CX). Typical usage: 2x 40G LACP active-active = 80 Gbps usable. When a single 40G is insufficient, two units share via ECMP routing.
Multi-tenant (VDOM) capacity?
25 VDOMs by default; license up to 100 VDOMs. Critical for holdings, universities, government and MSPs. Each VDOM has its own administrator UI, route table and policy base.
HA cluster configuration?
Standard configuration is FGCP active-passive HA; two 600Fs + 2 dedicated HA ports (heartbeat sync). Failover under 1 second. Active-active load balancing uses FGSP (FortiGate Session Sync Protocol); sessions synchronize across both units.
Licensing and cost?
UTM Bundle (FortiCare + all FortiGuard modules) 1 or 3 years. 3-year package is ~20% discounted for enterprise. Typical 600F 3-year UTM Bundle ~$20K; total per device (hardware + 3-year license) ~$45K–55K.
Warranty and support level?
For this class, FortiCare Premium 24x7 + 4-hour response is recommended. Mission-critical environments prefer FortiCare Elite (5 years + dedicated TAM + product strategist). Sora Yazılım adds a layer of local support via NSE 7 certified field engineers.
Supply and stock?
The 600F is a mid-range model with continuous stock in Türkiye. Typical 1–2 week delivery. Dual-unit HA pair same lead time. Custom configurations (e.g., fiber transceivers included) may take 4–6 weeks.
Is FortiAnalyzer required?
A single 600F can start with FortiAnalyzer Cloud; for enterprise we recommend on-prem FortiAnalyzer 400F or 1000F. 1+ year log retention is mandatory for PCI-DSS, KVKK, SOX audits. Sora Yazılım jointly sizes it.
Is SD-WAN an extra license?
No. All FortiGates include SD-WAN in firmware — no extra license. One of Fortinet's biggest market advantages. 500+ branch SD-WAN orchestration is possible from a mid-range 600F.
Container and Kubernetes support?
The 600F works with FortiGate Containerized firewall; it's typically paired with FortiGate VM for Kubernetes pod-level microsegmentation. The 600F hardware itself doesn't run containers; FortiManager orchestrates security policy on Kubernetes clusters.
Vendor's official model page
Opens the vendor's original datasheet and product page in a new tab.
Fortinet — FortiGate 600F →Same Family
Other models of this product
FortiGate 40F
5 Gbps firewall for micro offices up to ~10 users.
DetailsFortiGate 60F
10 Gbps firewall for 10–30 user small offices.
DetailsFortiGate 70G
Successor to the 60F; 2x performance at the same price, SD-WAN-optimized.
DetailsFortiGate 80F
50–100 user branch with PoE+ ports to power FortiAP/FortiSwitch.
DetailsFortiGate 600F — licensing + deployment + support
Sora Yazılım handles sizing, licensing, deployment and ongoing management — all from a single team.