License & Contract
FortiAppSec Cloud offers several licensing options. Review the information below to determine the most suitable contract type for you.
|
If you are using a legacy FortiWeb Cloud/ FortiGSLB/ FortiABP contract, you will be required to transition fully to a FortiAppSec Cloud contract to continue service past its expiry date. For information on the transition, please refer to Contract Migration. |
|
Only one primary contract type can be active at a time within a single account. While a contract type is active, any other contract types remain inactive and cannot be used. An inactive contract's specified seat quantity is not available and does not count toward the total number of available seats. Gateway licenses are not subject to this restriction. |
FortiAppSec Cloud license options
Annual contract or pay-as-you-go
Annual contracts:
-
Billing: Single upfront charge for agreed-upon usage.
-
With a Fortinet Contract, bandwidth and application can be purchased under separate contracts.
-
With Marketplace (AWS/Azure), you pre-pay for a set number of usage points (for example, 10,000). Any usage beyond this is billed as overage.
-
-
Cost: More cost-effective for consistent, long-term usage. Discounts may apply for multi-year terms (24 or 36 months).
-
Renewal: Service access expires if the contract is not renewed.
-
Enterprise Support: Supported for all annual contract types.
Pay-as-you-go:
-
Billing: Monthly charges based on actual usage, ideal for variable workloads.
Some services have a minimum billable usage, regardless of actual traffic.
For example, if a WAF application is deployed, a minimum of 25 Mbps per day of WAF bandwidth will be billed, even if the application receives no traffic.
-
Cost: Flexible, no upfront commitment.
-
Enterprise Support: Supported through FortiFlex, but not available on public marketplaces (AWS, Azure, GCP).
For more information, please see the Contract comparison table.
Where to purchase FortiAppSec Cloud licenses
FortiAppSec Cloud contracts are available through three different purchasing avenues.
-
Fortinet Sales offers contracts priced based on bandwidth usage, with the following features available to different tiers: Web Application Firewall (WAF), bandwidth management, Dynamic Application Security Testing (DAST), Global Server Load Balancing (GSLB) with query-per-second (QPS) limits and health checks, Advanced Bot Protection (ABP), and Security Operations Center (SOC) services.
-
WAF: Requires both an Application contract and a Bandwidth contract. The number of applications and bandwidth limits are fixed at purchase.
Plan tiers cannot be mixed. For example, if you register a Standard plan for Application and an Advanced plan for Bandwidth, both contracts will be invalid.
-
GSLB: Can be purchased as a standalone contract or together with other services.
-
ABP: Available in the Enterprise contract tier
To purchase a new contract or make changes to an existing one, contact Fortinet Sales.
-
-
FortiFlex offers a pay-as-you-go billing model where FortiFlex points are consumed based on your usage.
To purchase a new contract that includes FortiFlex points, contact Fortinet Sales. To manage changes to an existing account, log into the FortiFlex portal.
-
AWS/Azure/GCP Marketplace offers tailored subscriptions for AWS, Azure, and Google Cloud Platform, including usage-based pricing, contract-based pricing, and contracts with consumption-based billing.
New contracts can be purchased by logging into the portals for AWS, Azure, or Google Cloud Platform. To upgrade or downgrade your existing plan, navigate to the General > Contracts page
Contract comparison table
The following table lists the FortiAppSec Cloud contracts available for purchase. Usage limits vary by contract.
For additional details on the supported features of the Standard, Advanced, and Enterprise plans, please see Standard, Advanced, and Enterprise plans
|
Payment type |
Contract type |
Plan |
Support |
|---|---|---|---|
|
Annual Contract |
Fortinet Contract
|
Standard |
Included:
Add-on options:
|
|
Advanced |
Included:
Add-on options:
|
||
|
Enterprise |
Included:
|
||
|
AWS Annual contract
|
Standard |
Included:
|
|
|
Advanced |
Included:
|
||
|
Enterprise |
Included:
Please note, SOCaaS is not supported as an add-on. |
||
|
Azure Annual Contract
|
Standard |
Included:
|
|
|
Advanced |
Included:
|
||
|
Enterprise |
Included:
Please note, SOCaaS is not supported as an add-on. |
||
|
Pay-As-You-Go |
FortiFlex
|
Standard |
Included:
Add-on options:
|
|
Advanced |
Included:
Add-on options:
|
||
|
Enterprise |
Included:
|
||
|
AWS/ Azure/ GCP Pay-As-You-Go (PAYG)
|
Standard |
Included:
|
|
|
Advanced |
Included:
|
Standard, Advanced, and Enterprise plans
FortiAppSec Cloud contracts are available in 3 tiers:
- Standard: Focuses on core protections, including negative security model policies, default configurations such as signatures, request limits, and more.
-
Advanced: Includes all features of the Standard plan and adds advanced capabilities, such as machine learning for web/API/bot protection, Threat Analytics, and additional security enhancements.
-
Enterprise: Includes all features of the Advanced plan, and also bundles services that are billed separately in the Standard and Advanced plans, such as Advanced Bot Protection, GSLB, and SOCaaS.
-
Each GSLB application includes a lifetime allocation of 10 GSLB health checks (HC).
-
For every 5 Mbps of licensed bandwidth, the system allows a monthly average of up to 20 queries per second (QPS).
-
Review plan feature differences here:
View contract
To view your contract type for an active service, log into the FortiAppSec Cloud web portal and go to General > Contracts.
For details on what you can do on this page, please see Contracts
Renew contract
|
|
If you have an active contract, your new contract will automatically begin when your existing contract ends. If you need to increase the number of applications, bandwidth, or seats before your current contract ends, please upgrade your contract. For detailed instructions specific to your contract type, see Contracts. |
To renew your annual contract, purchase a new FortiAppSec Cloud license by contacting your Fortinet sales representative directly or from your public cloud marketplace platform (AWS or Azure).
For service continuity and correct licensing, ensure to register the new FortiAppSec Cloud contract under the same Fortinet (FortiCloud/FortiCare) account as your existing service.
Overage and expiration behavior
FortiAppSec Cloud may enter read-only mode due to contract violation or expiration. If your license has expired or your usage exceeds the license contract, please buy or upgrade your existing contract immediately.
-
Bandwidth Overage
If your bandwidth usage exceeds your quota limits for two consecutive months, your account will enter read-only mode.
To regain full access:
-
Register a new or upgraded license
Contact your sales representative to adjust the quantity on your existing contract.
The 95th percentile bandwidth quota resets on the 1st of each month. When the new cycle begins, access will automatically be restored as long as your usage remains within quota for that cycle. Because read-only mode limits service functionality, we do not recommend waiting for the next billing cycle in place of increasing your bandwidth limit. Consider it only if you are very close to the start of the next cycle and do not expect to exceed your bandwidth quota again.
-
-
Application Overage
If you have more applications than is supported by your contract, your account will enter read-only mode.
To regain full access:
-
Increase your application limit
Contact your sales representative to adjust the quantity on your existing contract.
-
Decrease number of applications
Delete applications until the number of applications falls under your contract quota.
-
-
Expired Contract
When your contract expires, your account enters a 21-day grace period during which it remains in read-only mode.
To regain full access:
-
Purchase additional contracts
You can purchase additional FortiAppSec Cloud contracts through any supported platform.
-
Extend expiration date
Contact your sales representative to extend your current contract.
Once the 21 day grace period ends, your applications will be deleted from your FortiAppSec Cloud account.
-
|
If the license is managed via FortiFlex, a 7-day FortiFlex grace period begins first. The entitlement may show as “Expired” but remains active during this time. The 7-day FortiAppSec Cloud grace period starts after the FortiFlex period ends. |
|
|
Changing license types (e.g., from legacy FortiWeb Cloud to FortiAppSec UC contract) may result in a change to the serial number. |
License Upgrade Trial
If you have an active Fortinet Contract, you can now explore more advanced features available in other FortiAppSec Cloud Plans with a free 30-day trial. To enable, contact Fortinet Sales.
The trial license operates independently from your existing FortiAppSec Cloud contract.
Once activated:
-
Any changes made to your original contract license will not affect the trial license.
-
Any updates to the trial license itself (for example, changing plans or the number of seats) must be requested through Fortinet Sales, and require Product Management approval before changes are applied.
Service Impact on Plan Downgrade
When the trial expires, your license enters a 7-day grace period. After the grace period ends, the system automatically reverts to your original contract license.
If this involves a plan downgrade (for example, from Enterprise to Standard), certain modules may be disabled automatically.
For instance, features such as Content Routing may stop functioning after downgrade, which can result in service interruption.
You can check your trial license expiration date on the General > Contracts page.
