Fortinet License Question

Good morning all,

I am interested in getting a Fortinet firewall for a SOHO setup. I would like to do some testing with the TLS 1.3 Deep Packet Inspection, which Fortinet advertises their devices as capable of. Unfortunately their licensing model isn’t very clear to me and I am not sure whether or not their Unified Threat Protection bundle includes the DPI capability.

The image below comes from their “ordering guides” but the information I am looking for is still provided.
FortiGuard Bundles:
FortiGuard Bundles

Does anyone happen to know whether the UTP bundles does in fact include DPI that will work with TLS 1.3?

Also here is an image for their FortiGuard Services:

I think the decryption is based on the OS version and not the licensing. You should be fine as long as you are running FortiOS version 6.2 or later.

I’d be interested what you decide to implement.

Replying for the updates.

All the packages will do DPI or SSL decrypt with TLS 1.3, but once that traffic is decrypted you need to know what feature is needed to further inspect the traffic.

Personally I would look into the lab license offering since it’ll save you a good bit of money for labbing and testing.

Hey! I ran into the same confusion when setting up my FortiGate at home. From what I found, TLS 1.3 DPI is supported, but you’ll need the Enterprise Protection bundle—not just UTP. It’s a licensing rabbit hole, honestly. Definitely worth double-checking with a Fortinet rep too.