Fortinet glossary
Key Fortinet certification terms and acronyms.
Definitions are AI-assisted and reviewed for general accuracy — verify critical details against Fortinet's official documentation.
Application Control
A FortiGate security profile that identifies and enforces policy on network applications using deep packet inspection signatures.
ASICApplication-Specific Integrated Circuit
Fortinet's purpose-built hardware chips (e.g., NP and CP processors) that accelerate firewall, VPN, and content-inspection functions.
BGPBorder Gateway Protocol
A path-vector exterior routing protocol configurable on FortiGate for peering with ISPs or in SD-WAN overlay designs.
BGPBorder Gateway Protocol
A path-vector routing protocol used by FortiOS to exchange routing information between autonomous systems, commonly used with SD-WAN and ISPs.
DLPData Loss Prevention
A FortiOS security profile that inspects traffic for sensitive data patterns and can block or log transmissions matching defined rules.
DoS PolicyDenial of Service Policy
A FortiGate policy that applies rate-based thresholds to detect and block flood-type attacks before they reach firewall policies.
EMSEndpoint Management Server
A Fortinet management platform that centrally manages FortiClient endpoints, enforces compliance policies, and shares endpoint tags with FortiGate.
FGCPFortiGate Clustering Protocol
Fortinet's proprietary protocol used to synchronize configuration, session tables, and heartbeat information between FortiGate HA cluster members.
FGCPFortiGate Clustering Protocol
Fortinet's proprietary protocol used to synchronize configuration, session tables, and failover state between HA cluster members.
FortiAnalyzer
Fortinet's log aggregation and analytics appliance that collects FortiGate logs and generates reports and security event analysis.
FortiAnalyzer
Fortinet's centralized log management and analytics appliance that collects, stores, and correlates logs from FortiGate and other Fortinet devices.
FortiClient
Fortinet's endpoint agent that provides SSL-VPN or IPsec connectivity, endpoint compliance checks, and telemetry reporting to EMS.
FortiGuard
Fortinet's cloud-based threat intelligence and update service that delivers AV signatures, IPS updates, URL ratings, and other security feeds.
FortiGuard
Fortinet's cloud-based threat intelligence service that delivers signature updates for AV, IPS, web filtering, and application control to FortiGate.
FortiManager
Fortinet's centralized management platform used to configure, deploy policies, and manage firmware across multiple FortiGate devices.
FSSOFortinet Single Sign-On
A Fortinet mechanism that transparently maps authenticated Windows or LDAP user identities to IP addresses for identity-based policies.
FSSOFortinet Single Sign-On
A method for FortiGate to receive authenticated user-to-IP mappings from domain controllers without requiring users to re-authenticate.
HAHigh Availability
A FortiGate clustering configuration using FGCP that provides active-active or active-passive failover between two or more units.
HAHigh Availability
A FortiOS clustering mode—active-passive or active-active—that provides redundancy and failover between two or more FortiGate units.
IPSIntrusion Prevention System
A FortiOS security profile that inspects traffic against a signature database to detect and block known exploits and attacks.
IPSIntrusion Prevention System
A security profile on FortiGate that inspects traffic for known exploit signatures and anomalies, blocking or logging matches.
IPsecInternet Protocol Security
A suite of protocols used to authenticate and encrypt IP packets, commonly configured on FortiGate for site-to-site VPN tunnels.
IPsecInternet Protocol Security
A protocol suite that authenticates and encrypts IP packets to create secure tunnel or transport connections between endpoints.
LDAPLightweight Directory Access Protocol
A protocol FortiOS uses to query directory services such as Active Directory for user authentication and group membership lookups.
LDAPLightweight Directory Access Protocol
A protocol used by FortiGate to query directory services such as Active Directory for user authentication and group membership.
NATNetwork Address Translation
A FortiOS mechanism that rewrites source or destination IP addresses in packet headers, enabling private hosts to communicate over public networks.
NATNetwork Address Translation
The process by which FortiGate rewrites source or destination IP addresses in packets, typically to enable private hosts to reach the internet.
NGFWNext-Generation Firewall
A firewall that combines traditional packet filtering with application awareness, intrusion prevention, and deep packet inspection.
NGFWNext-Generation Firewall
A firewall that combines traditional packet filtering with application-layer inspection, IPS, and user-identity awareness.
NGFW Policy
A firewall policy mode on FortiGate that matches traffic using application and URL category objects instead of service port objects.
OSPFOpen Shortest Path First
A link-state interior gateway routing protocol supported by FortiGate for dynamic route distribution within an autonomous system.
OSPFOpen Shortest Path First
A link-state interior gateway routing protocol supported by FortiOS for dynamic route distribution within an autonomous system.
RADIUSRemote Authentication Dial-In User Service
An AAA protocol used by FortiGate to delegate user authentication and policy attribute assignment to an external RADIUS server.
RADIUSRemote Authentication Dial-In User Service
A networking protocol providing centralized authentication, authorization, and accounting for users connecting through FortiGate.
SAMLSecurity Assertion Markup Language
An XML-based standard supported by FortiOS for exchanging authentication assertions, enabling SSO integration with identity providers.
SD-WANSoftware-Defined Wide Area Network
A FortiGate feature that abstracts WAN link selection using health monitoring and application-aware steering policies.
SD-WANSoftware-Defined Wide Area Network
A FortiOS feature that intelligently distributes traffic across multiple WAN links based on performance metrics and policy rules.
Security Fabric
Fortinet's architecture that interconnects FortiGate with other Fortinet products to share threat intelligence and enforce coordinated policy.
SSL Inspection
A FortiGate feature that decrypts, inspects, and re-encrypts TLS/SSL traffic to allow security profiles to analyze encrypted content.
SSL Inspection
A FortiOS feature that decrypts TLS traffic for deep inspection by security profiles, then re-encrypts it before forwarding.
SSL-VPNSecure Sockets Layer Virtual Private Network
A remote-access VPN method in FortiOS that uses TLS to provide clientless web-portal or tunnel-mode connectivity.
SSL-VPNSecure Sockets Layer Virtual Private Network
A FortiGate remote-access solution that tunnels traffic over HTTPS, supporting both web-mode and tunnel-mode clients.
UTMUnified Threat Management
A deployment mode on FortiGate that consolidates multiple security features—AV, web filtering, IPS, and application control—into a single policy.
UTMUnified Threat Management
A security approach that consolidates multiple protection features—antivirus, IPS, web filtering, and more—into a single device.
VDOMVirtual Domain
A logical partition within a FortiGate that operates as an independent firewall with its own policies, interfaces, and routing tables.
VDOMVirtual Domain
A logical partition within a single FortiGate that operates as an independent firewall with its own policies, interfaces, and routing tables.
VIPVirtual IP
A FortiOS object that performs destination NAT by mapping an external IP and optional port to an internal server address.
VIPVirtual IP
A FortiGate destination NAT object that maps an external IP and optional port to an internal server address.
WAN Link Load Balancing
An SD-WAN capability in FortiOS that distributes sessions or traffic volume across multiple WAN interfaces based on configured algorithms.
Web Filtering
A FortiGate security profile that controls user access to websites based on FortiGuard URL categories or custom URL lists.