Fortinet adds FortiGate 3500G, 400G

Firewalls are having a weird moment. AI pushes more traffic inside the data center, more of that traffic is encrypted, and the old trick of “just inspect everything” gets expensive fast. That is the gap Fortinet is aiming at with two new boxes it announced on May 6 — the FortiGate 3500G for high-capacity data center use and the FortiGate 400G for midrange enterprise edge deployments. Fortinet’s pitch is simple: stop making customers choose between deep inspection and line-rate performance. ### What did Fortinet actually launch? Fortinet added two appliances to its G-series portfolio: the FortiGate 3500G and FortiGate 400G. The company is positioning the 3500G higher up the stack for data center and hybrid infrastructure work, while the 400G is meant to bring the same general architecture down into branch-heavy or distributed enterprise environments. Both run FortiOS and use Fortinet’s NP7 and SP5 processors. (fortinet.com) ### Why are these boxes showing up now? Because “AI workload” in networking terms usually means more east-west traffic, more internal segmentation, and more encrypted sessions between apps, models, agents, and data stores. That matters because TLS inspection is one of the fastest ways to turn a fast firewall into a slow one. Fortinet is explicitly tying these launches to growing encrypted traffic, distributed environments, and AI-driven workloads rather than just generic perimeter security. (fortinet.com) ### Why does encrypted traffic change the math? A firewall can forward packets quickly without doing much thinking. It slows down when you ask it to decrypt sessions, inspect payloads, run IPS, and then re-encrypt traffic at scale. That is why Fortinet keeps highlighting SSL inspection and threat-protection throughput, not just raw firewall throughput. In other words, the useful number is not “how fast is the box in a lab,” but “how much security can it apply before it becomes the bottleneck.” (fortinet.com) ### So what is the 3500G for? The 3500G is the bigger statement. In Fortinet’s own ordering guide, it is listed at 595 Gbps of firewall throughput, 112 Gbps of SSL inspection, 125 Gbps of IPS throughput, 163 Gbps of IPsec VPN throughput, and 105 Gbps of threat protection throughput. It also supports 400G, 100G, 40G, 25G, and 10G connectivity, which tells you this is aimed at dense, high-speed data center fabrics rather than ordinary branch offices. (fortinet.com) ### And what is the 400G for? The 400G is the more practical rollout story. Fortinet says it brings G-series architecture and operational consistency to the midrange firewall segment, basically giving existing enterprise edge customers a faster upgrade path without forcing a redesign around a giant chassis platform. Search results tied to the launch list it at 164 Gbps firewall throughput and 28 million concurrent sessions. (fortinet.com) ### What is the AI angle beyond marketing? Some of it is ordinary 2026 branding, sure. But not all of it. Fortinet says the new models include native shadow AI detection, and it is tying them into FortiOS 8.0 features for inspecting MCP and agent-to-agent traffic. Basically, the company is betting that security teams will need visibility into machine-to-machine AI traffic the same way they once needed visibility into SaaS and mobile traffic. (markets.businessinsider.com) ### Why use custom chips here? Because specialized silicon is how Fortinet tries to keep inspection from crushing performance or power efficiency. The company’s whole NGFW strategy leans on custom ASICs rather than doing everything in general-purpose CPUs. The catch is that buyers have to believe these workloads are stable enough to justify hardware optimization — but for TLS-heavy and segmentation-heavy environments, that bet looks pretty reasonable. (fortinet.com) ### Bottom line? This is not a consumer-facing AI story. It is a plumbing story. Fortinet is telling customers that AI adoption changes firewall sizing, internal segmentation, and TLS inspection design — and the 3500G and 400G are the hardware answer it wants in those refresh cycles. (fortinet.com)