+49 6430 9227117
FORTINET FORTIGATE 40-300 · TPM FOR BRANCH AND MID-MARKET WITH SD-WAN

Fortinet FortiGate 40-90 & 100-300 Maintenance — hardware service for branch and mid-market NGFW with SD-WAN and HA-pair coverage

We service the hardware layer of Fortinet FortiGate branch and mid-market NGFW vendor-independent — two platform series under one contract: FortiGate 40-90 Series (FG-40F, FG-60F, FG-70F, FG-80F, FG-90G — branch/small-office with SD-WAN standard) and FortiGate 100-300 Series (FG-100F, FG-101F, FG-200F, FG-201F, FG-300E, FG-301E — mid-market for mid-sized companies and larger branches). With OEM components and SLA up to 24×7×4. 30 to 60 percent below FortiCare Premium Support for hardware layer. SD-WAN use case as branch standard: FortiGate is one of dominant platforms in DACH SD-WAN market — branch firewalls typically deployed as SD-WAN edge with central control via FortiManager, with MPLS replacement or MPLS augmentation as main motivation. Hardware maintenance must support this SD-WAN architecture — we deliver correspondingly structured service packages for multi-site SD-WAN configurations with hundreds of branch sites. Hardware vs software separation: we replace defective hardware components — PSUs, fans, storage modules (eMMC/SSD for FortiOS and logging), mainboards. FortiOS, all FortiGuard subscriptions (AntiVirus, IPS, Web Filtering, AntiSpam, Application Control, FortiSandbox), FortiCloud services and FortiCare software updates continue unchanged via Fortinet. HA-pair service: active/passive HA configurations branch standard — passive HA nodes have substantially relaxed SLA requirements, directly financially leverageable in TPM contract (additional 20-30 percent savings with differentiated SLA per node).

Which FortiGate 40-90 and 100-300 models we service

FortiGate branch and mid-market platforms differ in throughput, port count, SD-WAN capability and HA capability. FortiGate 40-90 Series is branch class for small offices up to 50 employees with standard SD-WAN functionality, integrated WiFi (some models) and PoE+ ports for direct connection of FortiAP or FortiSwitch. FortiGate 100-300 Series is mid-market class for branches with 50-500 employees or mid-market headquarters — higher throughput, more ports, more robust hardware configuration with redundant PSUs on some models. All models HA-capable (active/passive or active/active) and SD-WAN-capable.

FortiGate 40-90 Series · branch & small-office
FG-40F · FG-60F · FG-70F · FG-80F · FG-90G (with integrated WiFi and PoE+ options)
FortiGate 100-300 Series · mid-market & larger branches
FG-100F · FG-101F · FG-200F · FG-201F · FG-300E · FG-301E (higher throughput, redundant PSUs from FG-200F)
SD-WAN hardware coverage
WAN ports (multi-WAN configuration) · LTE modules · console and management ports · SD-WAN sensors
Hardware components · what we replace
Power supplies · fans · eMMC/SSD modules · mainboards · front panel LEDs · bezels
PoE+ ports · direct FortiAP/FortiSwitch connection
PoE+ port modules for integrated branch topologies with FortiAP and FortiSwitch without extra switch
HA-pair and cluster · branch/mid-market configurations
Active/passive HA pair · active/active HA pair · FGCP cluster · HA-sync cabling

Why TPM hardware maintenance for Fortinet FortiGate branch and mid-market

Fortinet FortiGate is one of dominant platforms in DACH SD-WAN market — typically deployed in multi-site configurations with hundreds of branch sites under central FortiManager control. Fleets with 50-500+ branch firewalls plus 10-30 mid-market firewalls standard in mid-sized and enterprise configurations, especially companies with historically grown branch structure (retail, banking, insurance, logistics). FortiCare Premium Support for a FG-60F runs 600-1,000 EUR/year for hardware layer (premium without FortiGuard bundle), a FG-200F 1,500-2,500 EUR/year, a FG-301E 2,500-4,000 EUR/year. TPM reduces this 30-60 percent below. Bulk pricing lever: for an SD-WAN fleet with 100 FG-60F plus 20 FG-200F plus 5 FG-301E, annual maintenance savings 50,000-90,000 EUR — TPM migration pays back in first quarter. HA-pair pricing lever: active/passive HA branch standard in DACH — passive HA node need not be covered at same SLA level as active. Active 24×7×4 + passive 5×9 NBD saves another 20-30 percent vs. same SLA tier for both nodes. With 100 HA pairs additional 5-figure annual pricing lever.

We service Fortinet FortiGate branch and mid-market hardware with OEM original parts and deep refurbishing pools across multiple FortiOS hardware generations. Current F and G generations (FG-40F, FG-60F, FG-90G, FG-100F, FG-200F, FG-301E) completely in active pool. Older E generations (FG-300E, FG-301E) and D generations (FG-100D, FG-200D, FG-300D — typically deployed in DACH fleets 2016-2020) structured available in our refurbishing pool. For FG-60F with integrated WiFi (FG-60F-WiFi-6) we consider wireless hardware specifics. SD-WAN hardware specifics: multi-WAN configurations with two or three separate WAN connections (typically internet plus MPLS plus LTE as backup) require correspondingly more WAN ports and stable multi-path hardware performance — we also service LTE module hardware on models with integrated LTE (FG-60F-3G4G, FG-90G-LTE). Hardware vs software separation honestly communicated: we replace hardware components — all FortiGuard subscriptions, FortiCloud services and FortiOS updates continue unchanged via Fortinet. With hardware defects you have two service paths in parallel: Fortinet ticket for FortiGuard/FortiOS issues, TechCare ticket for hardware. Split is transparent — a FortiGate solution without active FortiGuard subscription would be just a dumb packet filter and accordingly worthless.

30–60 %
Savings vs. FortiCare Premium Support (hardware layer)
SD-WAN multi-site
Structured maintenance for 100+ branch configurations with bulk pricing
HA-pair differentiation
Active 24×7×4 + passive 5×9 NBD: additional 20-30 % savings
FortiGuard stays
AntiVirus, IPS, Web Filtering, FortiSandbox — unchanged at Fortinet

Generations timeline & TPM coverage

Per hardware generation: vendor phase (slate) and TechCare coverage window (teal) up to ~5 years post-OEM EOSL.

Lifecycle status of FortiGate 40-90 and 100-300 series

Fortinet FortiGate branch and mid-market platforms typically 6-8 year lifecycle. Current F and G generations, older E and D generations approaching EOSL.

Model family Released OEM support ends TPM status
FortiGate G-Generation (FG-90G) 2023+ ca. 2030+ Supported
FortiGate F-Generation (FG-40F bis FG-201F) 2020+ ca. 2028+ Supported
FortiGate E-Generation (FG-300E, FG-301E) 2018+ ca. 2026 Supported
FortiGate D-Generation (FG-100D bis FG-300D) 2014-2017 EOSL erreicht oder bevorstehend Recommended

As of 2026. EOSL data based on official vendor roadmaps and subject to change. Binding case-by-case information available on request.

What we deliver

Battery refresh service

Original Liebert or certified alternatives, BattG-compliant used battery disposal.

Hardware components

Power modules, battery cabinets, fans, LCD displays, IntelliSlot cards from our pool.

Liebert-certified engineers

German-speaking engineers with Liebert/Vertiv training, 4-hour response time guaranteed.

Flexible SLA per system

Parts Only, 5×9 NBD or 24×7×4 — freely combinable by location and criticality.

Multi-class Vertiv contract

GXT/ITA + NXC/APM/EXM + NXL/EXL + Hipulse in one construct, one point of contact.

EOSL and migration coverage

GXT4, Hipulse, Liebert NX 1st Gen still serviceable.

FAQ on FortiGate 40-300 maintenance

Which Fortinet FortiGate branch and mid-market models do you service?
Complete branch and mid-market NGFW family: FortiGate 40-90 Series (FG-40F, FG-60F, FG-70F, FG-80F, FG-90G — branch/small-office), FortiGate 100-300 Series (FG-100F, FG-101F, FG-200F, FG-201F, FG-300E, FG-301E — mid-market). Plus older D generations (FG-100D, FG-200D, FG-300D — deployed in DACH fleets 2014-2017, EOSL reached or imminent at Fortinet) in refurbishing pool. Including all hardware components: PSUs (1+1 redundant from FG-200F, single PSU on FG-40F to FG-100F), fans (modular on FG-200F+, integrated on smaller models), eMMC/SSD modules for FortiOS and logging, mainboards, front panel LEDs, bezels, PoE+ port modules on models with integrated PoE ports and LTE modules on FG-60F-3G4G and FG-90G-LTE. For very old fleets (deployed pre-2014 with FG generations before D series) we check coverage individually.
What does hardware TPM cost for FG-60F, FG-200F and FG-301E vs FortiCare Premium Support?
30 to 60 percent savings on hardware maintenance component, plus additional bulk pricing levers for large fleets. FG-40F with 24×7×4: FortiCare Premium typically 400-700 EUR/year for hardware layer, TechCare 180-320 EUR. FG-60F: 600-1,000 vs 280-450. FG-90G: 800-1,300 vs 360-600. FG-100F: 1,000-1,700 vs 450-770. FG-200F: 1,500-2,500 vs 680-1,150. FG-201F: 1,800-3,000 vs 800-1,350. FG-300E: 2,000-3,300 vs 900-1,500. FG-301E: 2,500-4,000 vs 1,150-1,800. SD-WAN fleet with 100 FG-60F plus 20 FG-200F plus 5 FG-301E: annual maintenance savings 50,000-90,000 EUR, TPM migration pays back in first quarter. Bulk pricing: with 50+ FortiGate devices in one contract we negotiate additional 5-10 percent bulk discount. FortiGuard subscriptions stay independent at Fortinet.
How does hardware maintenance work for multi-site SD-WAN configurations?
Structured service for hundreds of branch sites explicitly our strength. Multi-site SD-WAN configurations have specific service requirements: standardized hardware configuration across all branches (typically all branches with same FortiGate model and same PSU/storage configuration), simplifying refurbishing pool logic and spare part reservation. Geographic service coverage: branch sites distributed across DACH (or pan-European), correspondingly onsite engineer availability in service regions. We deliver onsite service typically within 4 hours for 24×7×4 SLA in DACH main regions, NBD in regional sites. Bulk spare reservation: for fleets with 100+ identical FortiGate devices proactive spare reservation at main site or in regional hubs efficient — we deliver spare FortiGate devices as advance equipment with reduced reservation pricing terms. Multi-vendor SD-WAN consolidation: for DACH companies with mixed SD-WAN fleets (typically Fortinet plus Cisco SD-WAN plus VMware VeloCloud from historically grown acquisitions) we consolidate hardware maintenance across all SD-WAN vendors. FortiManager integration: hardware replacement on branch devices coordinated with your central FortiManager setup — we provide hardware replacement information for FortiManager configuration push, you push branch configuration to replacement device.
Do FortiGuard subscriptions, FortiOS and FortiCloud remain unchanged?
Yes, fully and unchanged. We service exclusively hardware layer — all software- and subscription-related continues via Fortinet. FortiGuard subscriptions: AntiVirus (signature updates typically every 5-15 minutes), IPS (intrusion prevention with daily signature updates), Web Filtering (categorized URL database with cloud lookup), AntiSpam, Application Control (thousands of application signatures for layer-7 filtering), FortiSandbox (cloud sandbox integration for unknown files), FortiClient EMS (endpoint management integration) — all continue unchanged via active FortiCare subscription. FortiOS software: code updates (major versions, maintenance releases, hotfixes) require active FortiCare software support. For very old devices (FG D generation from 2014-2017) FortiOS updates eventually no longer released — last supported FortiOS version is practical hardware EOL marker. FortiCloud: cloud services for logging, reporting and multi-site visibility run via Fortinet. FortiManager: central management of all branch firewalls runs via separate FortiManager appliance (hardware or VM), license and software support stay at Fortinet. FortiAnalyzer: central log aggregation and reporting runs via separate FortiAnalyzer appliance — hardware maintenance of FortiAnalyzer/FortiManager covered in our separate spoke.
How does HA-pair service with FGCP (FortiGate Cluster Protocol) work?
Branch and mid-market fleets typically deployed in FGCP HA-pair configuration (FortiGate Clustering Protocol by Fortinet) — two firewalls as redundant pair, one active (processes traffic), one passive (syncs state, takes over on failure). From TPM perspective pricing logic directly leverageable: Active node: 24×7×4 SLA for critical branches with business-critical SD-WAN connectivity (branches with real-time transaction processing, production sites with ERP connectivity), 5×9 NBD sufficient for standard branches with office workloads. Passive node: 5×9 NBD or Parts Only — active node services traffic during hardware swap of passive. This SLA differentiation saves additional 20-30 percent. FGCP-specific hardware coverage: HA-sync cabling (typically dedicated heartbeat ports), HA-sync configuration migration on mainboard replacement, HA cluster member replacement coordination with your FortiManager. Active/active FGCP: with active/active configurations (load-balanced traffic across both nodes) both nodes need 24×7×4 SLA because failure of any node directly reduces throughput. HA-sync hardware defects: defective HA-sync cables or HA-sync ports typically overlooked in OEM contracts — we explicitly service these because HA-sync defect operationally severe (cluster loses sync, both nodes interpreted as active, split-brain situation possible).
Which SLA levels do you recommend for branch and mid-market?
Branch sites (FortiGate 40-90): pricing leverage via HA-pair differentiation. Active nodes 24×7×4 for critical branches (branches with real-time transactions, production sites with ERP connectivity, logistics hubs with WMS integration), 5×9 NBD sufficient for standard branches with pure office workloads. Passive HA nodes default 5×9 NBD or Parts Only. Mid-market sites (FortiGate 100-300): typically deployed at HQ or datacenter edge, higher criticality — 24×7×4 for active nodes standard. Passive HA nodes 5×9 NBD. Single-WAN configurations without HA pair: 24×7×4 mandatory for critical branches because hardware failure directly loses internet access. SD-WAN multi-WAN configurations: hardware SLA can be more relaxed when at least 2 WAN paths configured (internet + LTE backup) because on FortiGate hardware failure LTE backup routing can work via alternative devices at site. Branch consolidation lever: with 50+ branch firewalls in one contract we negotiate bulk pricing additional to regular 30-60 percent TPM savings — typically another 5-10 percent extra. Multi-vendor consolidation: Fortinet FortiGate plus Palo Alto plus Check Point branch firewalls in one contract explicitly our strength.
Which hardware components concretely for FortiGate branch and mid-market?
Complete hardware component coverage. Power supplies: single PSU on smaller branch models (FG-40F to FG-100F — no hot-swap, therefore higher SLA sensitivity on PSU defect), 1+1 redundant from FG-200F with hot-swap capability. Fans: integrated fan systems on smaller models (replacement requires device opening in maintenance window), modular hot-swap fans from FG-300E. eMMC/SSD modules: eMMC storage for FortiOS and configuration on smaller models, SSD storage on larger models (FG-200F+) — both have finite write cycle reserve, typically exhausted after 5-7 years with active local logging at high throughput. Mainboards: replacement with configuration migration via FortiOS backup, plus license re-activation with Fortinet (they transmit new hardware serial for FortiGuard subscription binding). Front panel LEDs and bezels: status LEDs, bezel replacement for visible damage. PoE+ port modules: on models with integrated PoE (FG-60F-PoE, FG-100F-PoE) we also service defective PoE+ port hardware. LTE modules: on FG-60F-3G4G and FG-90G-LTE we service LTE module hardware (SIM slot, LTE antenna connector). HA-sync cabling: typically RJ45 for smaller models, SFP+ for larger models — explicitly in coverage. Not in our coverage: SFP/SFP+/QSFP+ transceivers (separate vendor relationship), console cables, regulatory cable sets.
Can we have FortiGate branch, enterprise, FortiSwitch and FortiAP/FortiAnalyzer/FortiManager in the same contract?
Yes, natural multi-product Fortinet consolidation across entire Fortinet hardware family. Multi-product contract covers: FortiGate branch and mid-market (FG 40-300 Series with HA-pair differentiation) plus FortiGate enterprise and datacenter (FG 400-7000 incl. chassis class with linecard hot-swap and EOSL coverage for older FG models) plus FortiSwitch campus and datacenter (FS Campus with PoE+ service, FS Datacenter with high-throughput coverage) plus FortiAP and management appliances (FAP Wireless incl. outdoor/industrial variants, FortiAnalyzer for central log aggregation, FortiManager for multi-site configuration management) in one construct. Cross-vendor extension — DACH multi-vendor standard: other vendors can be consolidated in same contract — Palo Alto Networks NGFW (PA branch, PA enterprise, PA-7000 chassis), Check Point Quantum platform plus server/storage/network hardware (Dell, HPE, Cisco, NetApp). Multi-vendor NGFW TPM substantial operational advantage especially for DACH mid-market with historically grown multi-vendor security landscape — typically through different acquisition phases, strategic diversification or regulatory separation. One service contract with one point of contact for entire hardware maintenance instead of three or four separate OEM service relationships.
Service performance

Real actuals Q1 2026 — straight from our ITIL ticketing.

99,2 %
Tickets resolved within agreed response time
2,4 h
Avg. first response on 4h SLA tier
88 %
First-time fix on initial dispatch
97 %
Spare part on site within 4 h, DACH depots
More from Fortinet

Other Fortinet models and service