Fortinet FortiGate FG-40F Internal Hardware Overview
Opening the unit, we can see a neat custom PCB. Note, this is a Gen1 motherboard, and Fortinet releases revisions over time. It is just what we had.
Under the big heatsink is the reason we are taking this apart.
Here you can see the FortiSOC4. Fortinet makes its own silicon. This is a tiny package compared to switch chips or modern CPUs/ GPUs. Still, this is a huge differentiator because Fortinet is spinning custom 28nm silicon to optimize the power and performance for these gateway workloads. There are cores, custom accelerators, and more in here. We could not find real photos of this using a Google search before this article, so hopefully, this helps folks see some cool Fortinet engineering.
There was another heatsink (not dedicated to power components).
Here we have a Marvell Alaska 88E1545, which is a 1GbE Ethernet Transceiver. It is crazy how many devices we open up and see are using the Alaska series.
Sam just took photos of some of the other parts of the board so you can see them.
Since Alaska is only a four-port interface, we need one for the WAN port. This is the Marvell 88E1514.
Here is another quick shot.
If you want to see the board without its big heatsinks, here you go.
Looking at the bottom side of the board, you can see there is a neat feature.
Here is the CRS2032 battery. To be fair, that is a bit of a pain to get to if you ever had to change it.
One other small but nice part is that the chassis lid is not held on just by screws. Instead, there are these retention pegs. This is just a small quality bump over a low-cost chassis that solely relies upon screws to mate sections.
Next, let us get to the software.
I can’t wait for y’all to do more firewall reviews. Talk ’bout an opaque industry.
Any chance you will review the Watchguard Firebox M-Series (M270, M290) ?
We’ve got a few hundred of these deployed. They’re far from perfect, but you don’t have millions of hours of experience on them. You’re right. I’ve never seen a review like this and excellent work
Please test the IPsec performance vs other products (enterprise or not) in this price range! Forti does it all in the ASIC and IPsec performance is insane, even on a small box like this. I’d like to see if any other vendors can compare. Just a note that it is particular on what algos it will accelerate, but AES256/SHA256 should not be an issue at all.
HeloPatrik, excellent work. Could you please test the firmware on the PA-440 firewall?
Thank you, and I wish you many pleasant days ahead.
How about flow setup rate, under different conditions? Flow setup (of permitted flows) is also a very basic attack (generally against an Internet-connected device). Most devices can deny at a decent rate, but setup is another matter.
A 5 page ad for Fortigate.
As someone that manages a fleet of 50+ Fortigates, there are serious issues with these models and the firmware, but none of that seems to be mentioned here. Coincidence, I’m sure.
Wonder if HPE will ever release an update to the SRX branch devices, the SRX300 line is 10 years old now, been looking at fortinet now because at least the hardware is current, even PA needs a refresh too at that level
I don’t see this as a Fortigate ad. I’ve never seen anything like the license discussion in an ad. Greybeard IT must be like an old highly quantized llama2 with that bad of comprehension. lolz @ the low IQ bots
These are 2G devices so they’re on the way out on Forti anyway.
Hehe… never thought I’d see a review on the sites I frequent for Fortinet hardware I’ve deployed; big thanks for this guys.
I can say the 40F is one hell of a step up from the 30E; it was a joke at 1GB RAM. You had to run limited geoip or ips rule sets IIRC, but that was 2020ish; right around the beginning of IT security apocalypse.
I agree that these routers (fortigate) aren’t perfect. But for piece of mind they can provide if you’ve done your diligence in designing your networks; as long as the client is willing to pay the license costs, i sure sleep better at night knowing there’s a team of engineers working on the CVE’s & fixes. Also that i can pick up the phone and have them help of I’m stumped. Big plus in my books.
@Greybeard IT I don’t have a doubt that this chinese spyware has a lot of issues. ^^
Please tell us more about licensing costs, ongoing or one-shot ? How much? Can they be bought directly?
Great idea, firewall / router tests! I would love to see vs. Sophos XGS comparison when all security features are on.
This right here is the mainstream appeal of STH. Anyone working IT with 20-200 end users can use real, hard, data like this to guide and inform decisions, report to management, or check the recommendations from a VAR. I will continue to read STH and watch the YouTube channel as long as reviews like this are being made!
Updated: 2026-03-31
Published: 2026-02-06
Description
An improper neutralization of special elements used in an sql command (‘sql injection’) vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CWE 1 Total
Learn more
CWE-89: Execute unauthorized code or commands
CVSS 1 Total
Learn more
Score Severity Version Vector String
9.1 CRITICAL 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Product Status
Learn more
Vendor
Fortinet
Product
FortiClientEMS
Versions 1 Total
Default Status: unaffected
affected
affected at 7.4.4
References 1 Total
fortiguard.fortinet.com: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
One of many ongoing issues with FortiNET environs.
Next time, at least check CISA for advisories prior to giving such an unmerited glittering review, right now.
There is also significant history. I am not going to list all 10+ known issues…I have already already compiled a comprehensive report on these issues and it is available on demand
Looking at a new firewall cluster to set-up later this year, and Fortinet is a probable candidate. So I’m very glad I could read your review. I would have liked if the “HA” feature would have been reviewed or even just described.
Y’all are freakn’ out over Fortinet has CVEs. Every Linux distro just had a big ugly one. There’s going to be so many soon. CVEs get found and reported when someone is looking. It’s way worse to have a small vendor firewall and no CVEs.
I like that STH is at least doing the hardware teardown and providing something new and useful in the space. They’re doing what they do for servers.
I have hundreds of these deployed across the EU in smaller sites, along with their 60F brothers for larger locations. While these boxes certainly have some minor issues, I like their cost/performance point and remote management features. Licensing is troublesome, and license renewals are painful, but that is the Forti business case: cheap up front, get paid during renewal, although licensing is not Oracle-level abusive. Enterprise-level discounts are significant btw.
Someone mentioned CVEs, but I see this as a plus when it comes to Forti’s transparency and their speed in fixing them.
Watchguard (inherited 100+ installed units) has proven to be cheaper but much more troublesome, to the point that we’re ripping them out for Forti’s.
Fortinet, the Swiss cheese of firewalls.
Some of these comments are hilarious. The one guy posting a a CVE about FortiClientEMS apparently thinking it’s a firewall is just classic. I’ve worked for a large MSSP for over 24 years and we deploy Check Point, Cisco, Fortinet, Juniper, and Palo firewalls. Fortinet is by far the easiest to deal with. They are very upfront about everything, provide advance noticed concerning CVEs and remediation. Some of the vendors I mentioned almost never mention CVEs in patch release notes unless they’ve made the news cycle. I’ve got firewalls from each of those listed in my home lab, but only the FortiGate is connected to the Internet and in production.
Some notes for the folks asking about the licensing.
These firewalls are meant for business use; the licensing is best done via business write-offs. It’s an annual license, with many levels of care; think similar to anti-virus licenses, just with a different set of protection tools (network level versus endpoint level).
Something I’m not sure if anyone’s mentioned having worked with Fortinet support – I’ve used it a fair amount, and it’s an INCREDIBLE safety net in the event your IT guy gets hit by a bus (for example). They can provide remote support for type devices so long as they are actively licensed; just be aware that they have two license ranges: 8×5 support (no evenings or weekends), and 24×7 support.
They also do 24hr cross-ship on defective units, depending on the level of unit (enterprise cloud units likely have shorter).
Just like any highly recognized brand, they’re going to have security flaws. Fortinet is pretty good about informing off these, as well as remediation techniques, just make sure you set up these notifications within your Fortinet support portal.
Dr_b_: SRX 400 series have been “paper released”. It will come in a 420,440,460 and 480 editions 4x SFP+ ports on 460 and 480 if my memory does not play games with me.
Anyway, SSL decrypt should also be considered when enterprise grade NGFW solutions is validated, aswell as possible SASE integrations and also thirdparty compliance/integration
I use one of these at home and some 100f’s at work. I got mine used with no license, because that’s way cheaper and still has many features that beat consumer crap. They’re down to like $50-100 now IIRC. I would suggest pointing out a few things about the ports on page 1 for this 40f. The A / fortilink port can be reassigned to be just another lan port, giving you 4 lan ports. The usb however can’t do the cheapo-nas function that many consumer routers use. The power connector is the same spec as the other brand of firewall, IIRC sonicwall, to the point that you can save a few bucks buying theirs as a replacement if you got one of these used without an adapter. The underside of the 40f has a place where on a related model, m.2 storage would go, but that’s also not for nas use.
The 40f has a couple fewer license-free features than the 60f IIRC, sorry that I don’t remember which ones. Of course if you keep it licensed, that’s fine. But unlicensed ones are very cheap on ebay, for 40f and 60f. Do keep in mind the rating comparison chart, which indicates the 40f may have insufficient performance for some purposes, and of course it’s gigabit only at this tier. I wouldn’t use their built in SSL vpn anyway, I’d run a separate server with some other type and port forward. And some of the performance-hogging filters / features are licensed, so I don’t use them. You can still define your own filters which can pull from public lists, for certain purposes. So you could definitely do dns filtering like people do with pihole / adguard. I also enjoy being able to define domain names (using the .internal tld) for local use in the same device that defines what those devices can do.
If your wan and any segmented parts of your network don’t need to be mutually accessible at more than a gigabit, e.g. iot and guest devices don’t need multi-gig and your wan connection is not multi-gig, then you can use vlans and switches to let your lan devices access each other and a nas device or server faster than that, with only the other segments being limited.