Fortinet AIOps: A Comprehensive Guide to FortiAIOps and FortiAI
.
Fortinet offers two distinct but complementary AI-powered solutions: FortiAIOps for network operations intelligence and FortiAI for security threat analysis. While their names are similar, they address different operational domains within an organization's IT infrastructure. FortiAIOps focuses on simplifying network oversight across Fortinet's ecosystem (FortiGate, FortiSwitch, FortiAP), while FortiAI acts as a virtual security analyst to detect and investigate advanced malware threats. This guide synthesizes critical ordering, licensing, and deployment information from official Fortinet documentation to assist IT leaders and procurement specialists in making informed decisions.
1. Understanding the Two AI Solutions
Before diving into specifications, it's crucial to distinguish between the two products covered in the provided documents.
| Feature | FortiAIOps | FortiAI |
|---|---|---|
| Primary Purpose | Network Operations & Monitoring | Security Operations & Malware Analysis |
| Core Function | Provides visibility and AI-driven insights for the entire Fortinet networking stack (SD-WAN, Wi-Fi, Switching). | Acts as a Virtual Security Analyst™ to identify, classify, and respond to advanced malware and threats. |
| Key Technology | AI/ML for network analytics, trend forecasting, and root cause analysis. | Deep Neural Networks (DNN) and patented Artificial Neural Network (ANN) for sub-second malware verdicts. |
| Target Domain | Network Operations Center (NOC) | Security Operations Center (SOC) |
Table: Core differentiation between FortiAIOps and FortiAI.
2. FortiAIOps: In-Depth Ordering Guide
FortiAIOps is categorized under "Unified AI-Ops" and "FortiGate Secure LAN Controller" in Fortinet's solution architecture.
2.1 Deployment Models
You can deploy FortiAIOps in multiple ways to fit your infrastructure:
- Virtual Machine (VM): Subscription-based offering for public cloud (AWS, Azure, GCP, OCI) in BYOL mode, and private cloud (VMware, KVM, Hyper-V, Proxmox, Nutanix).
- Appliance: On-premises hardware (
FAO-100G,FAO-500G) for out-of-the-box performance. - Note: Hardware appliances do not include any subscriptions by default. All subscriptions must be purchased separately.
2.2 Licensing Structure & Key SKUs
Licensing is based on the number of managed "devices," with separate counts for different subscription types.
A. Virtual Machine Subscriptions (Include FortiCare Premium)
- FortiAIOps Monitoring: For visibility of wired/wireless infrastructure.
- SKUs:
FC1-10-AOVMS-668-01-DD(25 devices) toFC4-10-AOVMS-668-01-DD(10,000 devices).
- SKUs:
- Monitoring & AI Insights Bundle: Adds AI-driven analytics like trend forecasting and root cause analysis.
- SKUs:
FC1-10-AOVMS-670-01-DD(25 devices) toFC4-10-AOVMS-670-01-DD(10,000 devices).
- SKUs:
- SD-WAN Subscription: Specifically for monitoring FortiGate SD-WAN.
- SKUs:
FC1-10-AOVMS-671-01-DD(25 fortigate) toFC4-10-AOVMS-671-01-DD(10,000 fortigate).
- SKUs:
B. Hardware Appliance Subscriptions (Do not include FortiCare Premium)
- Corresponding SKUs for hardware have the prefix
FCXX-10-AIOHR-(e.g.,FC1-10-AIOHR-1087-01-DDfor the 25-device Hardware Monitoring & AI Insights bundle).
C. Appliance Hardware
- FortiAIOps 100G (
FAO-100G): Includes 1GE RJ45 ports, console port, and SSD storage. - FortiAIOps 500G (
FAO-500G): Includes 1GE & 10GE SFP+ ports, console port, and larger SSD storage.
2.3 Core Capabilities by Subscription Tier
The value of each subscription tier is defined by its feature set:
| Feature Category | Monitoring Subscription | Monitoring & AI Insights Bundle | SD-WAN Subscription |
|---|---|---|---|
| Wireless & Wired Monitoring (FortiAP, Clients, Heatmaps, Topology, etc.) | ✅ | ✅ | |
| AI Insights (Trending, Root Cause, Recommendations, FortiAI-Assist) | ✅ | ||
| SD-WAN & FortiExtender AI Insights | ✅ |
2.4 Sizing and Scalability
For VM deployments, capacity is determined by subscription size and allocated resources.
| Resource / Device Count | Small | Medium | Large |
|---|---|---|---|
| vCPUs / Memory / Storage | 8vCPU / 32GB / 1TB | 24-40vCPU / 128GB / 4TB | 104vCPU / 256GB / 8TB |
| FortiGate (Monitoring) | 200 | 2,500 | 5,000 |
| FortiAP (Monitoring) | 1,200 | 15,000 | 30,000 |
Table: Example VM scaling for Monitoring-only subscriptions. Limits differ for AI Insights bundles.
3. FortiAI: The Virtual Security Analyst
FortiAI is a standalone advanced threat protection solution designed to augment SOC teams.
3.1 Key Specifications and Features
- Core Technology: Uses a pre-trained, on-premise learning Artificial Neural Network (ANN) with over 6 million nodes and 200 billion exposed features.
- Performance: Achieves a 99.9% detection rate with sub-second (<100ms) verdicts, processing over 100,000 files per hour.
- Threat Coverage: Classifies malware into 20+ attack scenarios, including ransomware, worms, fileless attacks, and trojans.
- Integration: Works seamlessly with FortiGate (for inline blocking), FortiAnalyzer, FortiSIEM, and FortiSOAR. Also supports ICAP for third-party integration.
3.2 Deployment and Ordering Information
- Form Factor: Available as an appliance (
FAI-3500F) or a Virtual Machine (FortiAI-VM). - Appliance Specs: The
FAI-3500Fis a 2RU device with 10G throughput, dual power supplies, and custom GPUs for ANN acceleration. - Key SKU:
FAI-3500F-BDL-228-DD: Hardware appliance bundle including 24x7 FortiCare and FortiGuard Neural Network updates.FC3-10-AMMS-238-02-DD: Example subscription license for the FortiAI-VM.
4. Practical Ordering Scenarios
The FortiAIOps guide provides concrete examples to illustrate licensing logic:
Centralized Large Deployment: A customer with 1,500 extension devices (FortiAP/FortiSwitch) wants a 3-year AI Insights subscription on an appliance.
- Solution: Purchase one
FAO-500Gappliance, its FortiCare support, and a singleFC3-10-AIOHR-1087-01-36SKU for 2,000 devices. Buying a larger SKU is more cost-effective than stacking smaller ones and allows room for growth.
- Solution: Purchase one
Large-Scale Virtual Deployment: A customer with 5,900 devices and 90 fortigate needs 1-year Monitoring, AI Insights, and SD-WAN subscriptions.
- Solution: Deploy a standalone VM. Purchase three 2,000-device AI Insights bundles (
FC3-10-AOVMS-670-01-12) to cover 6,000 devices, and one 100-FortiGate SD-WAN bundle (FC4-10-AOVMS-671-01-12). FortiCare is included.
- Solution: Deploy a standalone VM. Purchase three 2,000-device AI Insights bundles (
5. Frequently Asked Questions (FAQ)
Q1: For FortiAIOps, what counts as a "device" for licensing?
- Monitoring/AI Insights Subscriptions: Count only FortiSwitch and FortiAP devices. fortigate are not counted but are required to manage them.
- SD-WAN Subscriptions: Count only FortiGate devices that have SD-WAN enabled. FortiGate clusters in High Availability (HA) count as one device.
Q2: Can I start with a VM and later move to an appliance?
- VM and hardware subscriptions use different SKUs. You would need to purchase a new subscription license compatible with the appliance. Planning your long-term deployment model upfront is essential.
Q3: What is the difference between FortiAIOps' "AI Insights" and the FortiAI product?
- FortiAIOps AI Insights provides network-centric AI for operational issues (e.g., predicting Wi-Fi congestion, analyzing SD-WAN path failures).
- FortiAI provides security-centric AI focused exclusively on detecting and analyzing malware behaviors and cyber attacks. They are designed to work in tandem.
Q4: Does FortiAI require an internet connection?
- It requires connectivity to the FortiGuard Labs network to receive periodic updates to its Neural Network model, ensuring protection against the latest threats. On-premise learning adapts the model to your specific environment.
Q5: Is there a "base license" for the FortiAIOps VM?
- No. The license is created when you register your first subscription certificate. You must purchase at least one device-count subscription to activate the VM.
6. Conclusion and Strategic Recommendations
Choosing the right Fortinet AI solution hinges on identifying your primary challenge:
- Choose FortiAIOps if your pain points are network complexity, lack of visibility, and troubleshooting delays across your Fortinet wired, wireless, and SD-WAN infrastructure.
- Choose FortiAI if you need to augment a resource-constrained SOC with automated, deep-learning-powered malware investigation and breach protection.
For comprehensive network management, FortiAIOps integrates directly into the Fortinet Security Fabric, with FortiAI serving as a specialized security layer. When ordering, carefully assess your current device counts and future growth, leveraging the bundling and scaling examples to optimize licensing costs. Always consult with a Fortinet partner or sales representative to validate your final bill of materials against your specific technical requirements.