Fortinet SASE Overview & Pricing Examples

Fortinet is a globally recognised leader across cybersecurity solutions, the company has made significant strides in the Secure Access Service Edge (SASE) market. With their integration of security and network features, Fortinet offers a platform designed to meet the complex demands of most enterprise businesses. This article provides an overview of Fortinet’s SASE capabilities, market positioning, competitive landscape, pricing strategies, and management features, concluding with an outlook and strategic recommendations.

Market Positioning and Analysis

Fortinet is recognised by industry analysts for its strong presence in the SASE market. However, understanding their position requires a detailed comparison with key competitors.

Fortinet technology is relied upon globally to connect and protect companies from small to very large and in diverse sectors, ranging from retailer, central governments, and global financial service companies.

Gartner Insights

Fortinet is currently positioned as a Leader in the 2025 Gartner Magic Quadrant for SASE Platforms - a significant progression from its Challenger status in earlier iterations of the quadrant. This recognition reflects Fortinet's ability to deliver a unified strategy that converges SD-WAN and cloud-delivered security under a single operating system.

Fortinet Hardware

Given Fortinet’s pedigree in delivering own brand hardware appliances they have one of the broadest ranges of appliances available. Additionally, they have a unique position in the market, using their own ASIC chipset. The latest version of ASIC 5th generation supports superior hardware performance for the core components of SASE (NGFW, zero-trust network access (ZTNA), SD-WAN, and SSL inspection). Fortinet's reliance on the ASIC hardware Fortinet SD-WAN/SASE does not lend itself to running on 3rd party hardware or cloud-based deployments.

How much does Fortinet SASE & SD-WAN cost?

Fortinet's pricing model now covers two distinct tracks. For branch and site deployments, the model remains hardware-led: FortiGate appliances with SD-WAN capabilities included at no additional licence cost within FortiOS 6.2 and above.

For remote and hybrid workers, Fortinet offers FortiSASE - a per-user cloud subscription that operates independently of, or alongside, on-premises FortiGate infrastructure. The two models are designed to coexist, providing a practical migration path for organisations moving gradually toward SASE.

Site specific or mixed licence bundles should be considered as these will deliver a more granular TCO. For example, centralised breakout versus a Next-Gen perimeter at every location. Mixed licensing could improve your TCO by up to 50%.

Like all Secure SD-WAN appliances the more tasks you are asking it to perform the bigger the box. Gone are the days of hub and spoke networks with security deployed in the data centre. Networks are typically meshed and nearly always have the need to protect the local security boundary. Datasheets give an indication of the VPN throughput. We strongly recommend speaking with certified partners to get real-world throughput.

Fortinet Managed Services

FortiSASE now operates as a unified platform built on a single operating system (FortiOS), a single agent (FortiClient), and a single data lake. Management is via FortiManager or the FortiCloud portal, which now includes end-to-end Digital Experience Monitoring (DEM) providing visibility into endpoint health, network paths, and SaaS application performance.

Management limitations persist. The interface is less intuitive than dedicated cloud-native competitors, and the learning curve is steeper for teams without prior Fortinet experience. Granular role-based access controls and multi-tenancy remain less flexible than those found in purpose-built SSE platforms — relevant for organisations with multiple business lines or decentralised IT teams. Recent improvements to automated workflows and AI-assisted security operations have eased day-to-day administration for larger deployments, but the gap with leading SSE vendors in this area has not fully closed.

Analytics - all Fortinet SASE components (NGFW, SD-WAN, ZTNA) analytics data can be stored, viewed, and analysed via FortiAnalyser. Additionally, you can send the relevant data to 3rd party SIEM and SOAR tools.

Training - as companies want to take more control of their SD-WAN the ability for co-managed networks continues to be a key requirement. Therefore, training on the SASE platform is essential.

Fortinet provides broad options for enablement, Hands on Labs, and formal certification via NS labs. Hands on Labs are a great way to test-drive the technology with the support from either Fortinet or one of their partners.

Fortinet have a stated commitment to educating and enabling IT professionals with comprehensive and real-world scenarios.

Implementation

The SD-WAN capabilities are available in a software upgrade, version 6.2 of FortiOS. Fortinet have taken an interesting position in that the SD-WAN features are available at no extra cost to existing Fortinet customers.

Reference architectures – like most of the mature technology vendors there are various technical documents that explain how to achieve recommended configurations. These are relevant if you are considering setting up the network yourself. We would always recommend that an experienced individual or partner is engaged to help you achieve the most relevant topology that has aspects, such as zero trust, designed from the outset.

Fortinet's Single-Vendor SASE Approach

Fortinet builds all SASE functions natively within FortiOS, rather than acquiring or partnering with third parties to fill capability gaps. The platform runs the same operating system across on-premises FortiGate appliances and cloud PoPs - FortiOS instances deployed as virtual machines within Fortinet's global PoP network. This means all security functions, from ZTNA to SD-WAN to inline CASB, share the same codebase and FortiGuard threat intelligence pipeline.

For organisations already running FortiGate appliances, the practical consequence is genuine policy consistency. Existing security rules, FortiGuard threat signatures, and user identity configurations carry over directly into FortiSASE without requiring a policy redesign. The same FortiClient agent manages both endpoint protection and secure access, and the same FortiManager console covers on-premises and cloud-delivered security. The transition to SASE does not require a rip-and-replace of existing network security infrastructure.

The architectural trade-off is worth stating plainly. FortiOS-in-a-VM is not a cloud-native micro-services architecture. Vendors such as Zscaler and Netskope built their SSE platforms as containerised micro-services from the ground up, enabling continuous delivery and horizontal scaling without VM-level constraints. For most mid-market and standard enterprise deployments, this distinction has no practical impact on performance or security efficacy.

Fortinet Professional Services engagement

Due to the maturity of Fortinet’s partner ecosystem, there are deeply experienced partners that offer a broad range of professional services. They range from design, build, implementation, and in-life support.

Fortinet does offer their own professional services. From our own research we understand that the typical professional service engagement is primarily focus on complex security deployments such as data centres, not broad secure SD-WAN. Furthermore, partners with deep SD-WAN experience would likely offer a more cost effective and timely option and be able to provide greater assistance with integrating the ‘as-is’ and ‘to-be’ networks.

Fortinet Lead-time

Like all vendors lead-times are variable. For the SD-WAN models listed, UK distributors typically hold good stock for the small and medium devices, with delivery within 10 working days. For the larger models lead-times can be extended, 3+ weeks. Fortinet’s distributors can provide you with accurate lead-times and offer additional services like pre-staging and drop-shipping to sites. If you are deploying services outside of the UK, consider the tax and logistics implications. A fallout from Brexit. This Brexit effect is true for all technology procurement that has a hardware device.

Fortinet - Owned vs Rented

Historically the WAN, circuits, and routers, has been consumed as a rented service over a multi-year term (3-or-5 years). Today, we are seeing more businesses exploring the option to uncouple the overlay and underlay. A few market dynamics have caused this, such as the adoption of SaaS, move to Public Cloud, hybrid workforce. It is no longer about connecting and protecting offices and servers.

Fortinet Partners

As of writing and through our own market research we are aware of a range of partners that offer have built services using some or all the Fortinet SASE portfolio.

The SD-WAN overlay is typically 15-20% of the overall total cost of ownership of a WAN. Choosing the right overlay is essential and the impact of a flexible platform far outweighs the cost.

Each of these partners has varying degrees of capabilities, expertise, and proactive/reactive in-life management options available.

• Axians
• BT – via their Security team
• Claranet
• Colt Telecommunications
• Exponential-E
• Kyndryl

Companies are generally asking for more from their ‘managed’ WAN. For example:

• Co-managed – ability to make small moves, adds and changes. Without the need for lengthy and sometimes costly changes by a managed service partner.
• Underlay – ability to have a broader choice of underlay, for example not being restricted to the chosen partners’ network.
• Single point of contact – ability to procure 3rd party circuits and have them managed by a single partner.

Enterprise agreements, who are they are for? Fortinet offers Enterprise Agreement (EA), intended for Enterprise customers with a larger spend (£500k+). The Fortinet EA is intended to streamline support and licensing by transitioning from a per-unit to an account-based model, reducing the need for managing separate licenses per asset and enhancing time efficiency, predictability, and flexibility. This EA provides inclusive support and licensing, catering to both the current setup and anticipated expansion, which is particularly beneficial for extensive or expanding security frameworks. It consolidates present and future requirements into a single contract, offering more stable costs and easier management of support and licensing.

Renewal/price changes – like all other vendors Fortinet has consistently increased prices over the last twenty-four months. Over recent years, there have been several price hikes which may impact the cost of renewals since service and support fees are tied to the hardware's price. Since Fortinet doesn't sell to the end user directly, they don’t set the final price. A partner's change in status or their decision to increase their profit margin can influence the cost you pay. It's advisable to seek quotations from various partners to secure a more favourable rate. We recommend asking your partners regarding year-on-year price changes/renewal particularly for the UTM licence.

Fortinet Competitive landscape

There are a few key areas of weakness for Fortinet SASE:

1. Cloud connectivity - SASE PoP or on-ramp cloud experience is not as mature as others in the market. Today they use Google Cloud for their Fortinet Secure Internet Access (SIA) product. If you are considering a more SaaS/cloud centric experience there are other vendors that provide a more comprehensive set of capabilities, such as VeloCloud and Versa Networks.
2. Ease of use - the management tooling is steadily improving. Administrators and users are vocal about the clunky interface and lack of granular controls to administer rules.

Conclusion

Fortinet enters 2026 as a Leader in the Gartner Magic Quadrant for SASE Platforms, a significant progression from earlier Challenger status and a reflection of genuine platform maturity across both SD-WAN and cloud-delivered security. The commercial case remains strongest for organisations already running FortiGate appliances, where the path to SASE involves no rip-and-replace and no policy redesign.

The financial momentum supports this direction. Unified SASE Annual Recurring Revenue reached $1.12 billion in Q4 2024, a 27.9% year-on-year increase, demonstrating that enterprises are moving toward Fortinet's single-vendor model in meaningful numbers. With over half a million customers globally and $5.96 billion in total revenue for 2024, Fortinet has the scale to continue investing in platform development.

Fortinet is best suited to security-focused organisations that want a converged networking and security estate under a single operating system, and that either already run FortiGate infrastructure or are open to a hardware-led SASE architecture. Organisations with a cloud-first posture and no existing Fortinet estate should evaluate Zscaler, Netskope, or Cato Networks alongside Fortinet before committing. Netify recommends including Fortinet in any SASE shortlist where branch SD-WAN is part of the scope.

Robert Sturt

Managing Director

Robert Sturt is a leading expert in SD-WAN and enterprise network solutions with extensive experience in telecommunications and network infrastructure. As a Forbes Business Council member and contributor to TechTarget, he provides strategic insights on network transformation and digital connectivity solutions. His expertise spans SD-WAN implementation, network security, and enterprise digital transformation initiatives.

LinkedIn • Forbes • TechTarget

Fact-checked by: Harry Yelland - Cybersecurity Writer, Netify

Frequently Asked Questions