What changed in Fortinet's 2024 10-K compared to 2023?

Across the narrative sections we track, Fortinet (FTNT) added 499 paragraphs, removed 435, and edited 371 between the 2023 and 2024 10-K filings. The biggest movers are Item 1A. Risk Factors (+206/−187), Item 7. Management's Discussion & Analysis (+156/−139), Item 1. Business (+94/−71).

Did Fortinet add new Risk Factors in the 2024 10-K?

Yes — Item 1A Risk Factors shows 206 new/edited paragraphs and 187 removed paragraphs versus the 2023 10-K.

What changed in Fortinet's MD&A (Item 7) in 2024?

Item 7 Management's Discussion & Analysis shows 156 new/edited paragraphs and 139 removed paragraphs year-over-year. Read the side-by-side diff to see exactly which revenue, margin, and outlook commentary was rewritten.

Did Fortinet update its Cybersecurity disclosure (Item 1C) in 2024?

Item 1C Cybersecurity has 20 paragraph-level changes between the 2023 and 2024 filings.

Where does this FTNT 10-K diff come from?

The source filings are Fortinet's official 2023 and 2024 Form 10-K annual reports from SEC EDGAR. 10q10k.net parses each filing, aligns paragraphs by section (Item 1, 1A, 1C, 2, 3, 7, 7A), and highlights every added, removed and edited sentence side-by-side.

What changed in Fortinet's 10-K — 2023 vs 2024

Paragraph-level year-over-year comparison of Fortinet's 2023 and 2024 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2024 report.

+499 added−435 removedSource: 10-K (2025-02-21) vs 10-K (2024-02-26)

Top changes in Fortinet's 2024 10-K

499 paragraphs added · 435 removed · 371 edited across 7 sections

Item 1A. Risk Factors+206 / −187 · 169 edited
Item 7. Management's Discussion & Analysis+156 / −139 · 109 edited
Item 1. Business+94 / −71 · 60 edited
Item 1C. Cybersecurity+20 / −14 · 14 edited
Item 5. Market for Registrant's Common Equity+9 / −9 · 7 edited

Item 1. Business

Business — how the company describes what it does

60 edited+34 added−11 removed23 unchanged

2023 filing

2024 filing

Biggest changeFortiCare Technical Support Service is a per-device support service, which provides customers access to experts to ensure efficient and effective operations and maintenance of their Fortinet capabilities. Global technical support is offered 24x7 with flexible add-ons, including enhanced Service Level Agreements (“SLAs”) and premium hardware replacement through in- 3 Table of Contents country depots.

Biggest changeThe portfolio consists of FortiGuard application security services, content security services, device security services, NOC/SOC security services and web security services. 4 Table of Contents FortiCare Technical Support Service is a per-device technical support service, which provides customers access to experts to ensure efficient and effective operations and maintenance of their Fortinet capabilities.

We use a combination of internal marketing professionals and a network of regional and global channel partners. Our internal marketing organization is responsible for messaging, branding, demand generation, product marketing, channel marketing, partner incentives and promotions, event marketing, digital marketing, communications, analyst relations, public relations, and sales enablement.

We use a combination of internal marketing professionals and our network of regional and global channel partners. Our internal marketing organization is responsible for messaging, branding, demand generation, product marketing, channel marketing, partner incentives and promotions, event marketing, digital marketing, communications, analyst relations, public relations, and sales enablement.

We submitted our survey on environment to CDP, which is a not-for-profit charity organization that runs the global disclosure system for companies to manage their environmental impacts. We also disclosed for the first time our Scope 3 emissions, across all 12 relevant categories, as part of our annual reporting on sustainability. Social.

We periodically have discussions with third parties regarding licensing Fortinet’s intellectual property (“IP”) and have sometimes taken legal action against competitors to protect our IP, and as a result third parties have paid us fees in return for licenses or covenants-not-to-sue related to Fortinet IP.

We periodically have discussions with third parties regarding licensing our intellectual property (“IP”) and have sometimes taken legal action against competitors to protect our IP, and as a result third parties have paid us fees in return for licenses or covenants-not-to-sue related to Fortinet IP.

Conditions in our markets could change rapidly and significantly as a result of technological advancements, market consolidation, supply chain constraints, price list or discount changes or inflation. The development and market acceptance of alternative technologies could decrease the demand for our products or render them obsolete.

Conditions in our markets could change rapidly and significantly as a result of technological advancements, market consolidation or de-consolidation, supply chain constraints, price list or discount changes or inflation. The development and market acceptance of alternative technologies could decrease the demand for our products or render them obsolete.

We believe we compete favorably based on our products’ security performance, throughput, reliability, breadth and ability to work together, our ability to add and integrate new networking and security features and our technological expertise.

(“Zscaler”). We believe we compete favorably based on our products’ security performance, throughput, reliability, breadth and ability to work together, our ability to add and integrate new networking and security features and our technological expertise.

Additionally, we provide notifications of news or announcements regarding our financial performance, including SEC filings, investor events and press and earnings releases, as part of our investor relations website. The contents of these websites are not intended to be incorporated by reference into this report or in any other report or document we file.

Our success in designing, developing, manufacturing and selling new or enhanced products will depend on a variety of factors, including identification of market demand for new products or new features, components selection, timely implementation of product design and development, product performance, quality, ease of use, costs of development, bill of materials, effective manufacturing and assembly processes and sales and marketing.

Our success in designing, developing, manufacturing and selling new or enhanced products will depend on a variety of factors, including identification of market demand for new products or new features, components selection, timely implementation of product design and development, product performance, quality, ease of use, costs of development, bill of materials, delivery models, effective manufacturing and assembly processes and sales and marketing.

Government Regulation We are subject to regulation by various federal, state, regional, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, security, product safety, product labeling, environmental laws, consumer protection laws, anti-bribery laws, data privacy laws, import and export controls, federal securities laws and tax laws and regulations.

Government Regulation We are subject to regulation by various federal, state, regional, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, security and security certifications, product safety, product labeling, environmental laws, consumer protection laws, anti-bribery laws, data privacy laws, import and export controls and tariffs, securities laws and tax laws and regulations.

The principal competitive factors in our markets include: • product security performance, throughput, features, effectiveness, interoperability and reliability; • addition and integration of new networking and security features and technological expertise; • compliance with industry standards and security and other certifications; • price of products and services and total cost of ownership; • brand recognition; • customer service and support across varied and complex customer segments and use cases; • sales and distribution capabilities; • size and financial stability; • breadth of product line; • form factor of the solution; and • other competitive differentiators.

The principal competitive factors in our markets include: • product security performance, throughput, features, effectiveness, interoperability and reliability; • addition and integration of new networking and security features and technological expertise; • compliance with industry standards and security and other certifications; • price of products and services and total cost of ownership; • brand recognition; • customer service and support across varied and complex customer segments and use cases; • sales and distribution capabilities; • size and financial stability; • breadth of product line; 8 Table of Contents • form factor of the solution; and • other competitive differentiators.

See Part II, Item 8 of this Annual Report on Form 10-K for more information on our consolidated balance sheets as of December 31, 2023 and 2022 and our consolidated statements of income, comprehensive income, equity (deficit), and cash flows for each of the three years ended December 31, 2023, 2022 and 2021.

See Part II, Item 8 of this Annual Report on Form 10-K for more information on our consolidated balance sheets as of December 31, 2024 and 2023 and our consolidated statements of income, comprehensive income, equity (deficit), and cash flows for each of the three years ended December 31, 2024, 2023 and 2022.

Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Act of 1933, as amended (the “Securities Act”), are available free of charge on our investor relations web site as soon as reasonably practicable after we electronically file such material with, or furnish it to, the Securities and Exchange Commission (the “SEC”).

Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Act of 1933, as amended (the “Securities Act”), are available free of charge on our investor relations website as soon as reasonably practicable after we electronically file such material with, or furnish it to, the Securities and Exchange Commission (the “SEC”).

To support our broadly dispersed global channel and end-customer base, we have sales professionals in over 100 countries around the world. 4 Table of Contents Our marketing strategy is focused on building our brand, driving thought leadership with emphasis on the criticality of cybersecurity platform adoption and the convergence of security and networking as well as driving end-customer demand for our security solutions.

To support our broadly dispersed global channel and end-customer base, we have sales professionals in over 100 countries around the world. Our marketing strategy is focused on building our brand, driving thought leadership with emphasis on the criticality of cybersecurity platform adoption and the convergence of security and networking as well as driving end-customer demand for our security solutions.

Despite our efforts to protect our rights in our technology, unauthorized parties may attempt to copy aspects of our products or obtain and use information and technology that we regard as proprietary. We generally enter into confidentiality agreements with our employees, consultants, vendors and customers, and generally limit access to and distribution of our proprietary information.

Despite our efforts to protect our rights in our technology, unauthorized parties may attempt to copy aspects of our products or obtain and use information and technology that we regard as proprietary. We generally enter into confidentiality 7 Table of Contents agreements with our employees, consultants, vendors and customers, and generally limit access to and distribution of our proprietary information.

In addition, our Chief Executive Officer regularly communicates the importance of Fortinet’s core values of openness, teamwork and innovation. None of our U.S. employees are represented by a labor union. Our employees in certain European and Latin American countries, however, have the right to be represented by external labor organizations if they maintain up-to-date union membership.

In addition, our Chief Executive Officer regularly communicates the importance of our core values of openness, teamwork and innovation. 9 Table of Contents None of our U.S. employees are represented by a labor union. Our employees in certain European and Latin American countries, however, have the right to be represented by external labor organizations if they maintain up-to-date union membership.

Fortinet was founded with the mission of providing a converged networking and security approach that empowers organizations to adopt new technologies without worrying about how it would impact their ability to manage and secure their environments. The escalating threat landscape has resulted in a significant increase in the demand for secure networking solutions.

We were founded with the mission of providing a converged networking and security approach that empowers organizations to adopt new technologies without worrying about how it would impact their ability to manage and secure their environments. The escalating threat landscape has resulted in a significant increase in the demand for secure networking solutions.

In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws 5 Table of Contents of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.

In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.

Our wireless local area network (“LAN”) solution leverages secure networking to provide secure wireless access for the enterprise LAN edge. FortiExtender secures 5G/LTE and remote ethernet extenders to connect and secure any branch environment.

Our wireless LAN solution leverages secure networking to provide secure wireless access for the enterprise LAN edge. FortiExtender secures 5G/LTE and remote ethernet extenders to connect and secure any branch environment.

We have not experienced any work stoppages, and we consider our relations with our employees to be good. Environmental, Social and Governance We are committed to responsible environmental, social and governance (“ESG”) practices and having a positive impact on the sustainability of our society and planet.

We have not experienced any work stoppages, and we consider our relations with our employees to be good. Corporate Sustainability We are committed to responsible corporate sustainability practices and having a positive impact on the sustainability of our society and planet.

We understand there is a shortage of highly skilled employees for security companies like ours, and we believe that our success and competitive advantage depends largely on our ability to continue to attract and retain highly skilled employees with diverse backgrounds and experiences.

Our employees are the foundation of our innovation and cybersecurity leadership for the benefit of our customers. We understand there is a shortage of highly skilled employees for security companies like ours, and we believe that our success and competitive advantage depends largely on our ability to continue to attract and retain highly skilled employees with diverse backgrounds and experiences.

Our compensation programs for our employees include base pay, incentive compensation, opportunities for equity ownership where local statutes allow and employee benefits that promote well-being across different aspects of our employees’ lives, which may include health and welfare insurance, retirement benefits and paid time off.

As a global company headquartered in Sunnyvale, California with a large international customer base, the majority of our research and development is in the United States and Canada with a global footprint of support and centers of excellence around the world.

As a global company headquartered in Sunnyvale, California, our research and development is centered in the United States and Canada with a global footprint of support and centers of excellence around the world.

Manufacturing and Suppliers We outsource the manufacturing of our security appliance products to a variety of contract manufacturers and original design manufacturers. Our current manufacturing partners include ADLINK Technology, Inc. (“ADLINK”), IBASE Technology, Inc. (“IBASE”), Micro-Star International Co. (“Micro-Star”), Senao Networks, Inc. (“Senao”), Wistron Corporation (“Wistron”), and a number of other manufacturers.

Manufacturing and Suppliers We outsource the manufacturing of our security appliance products to a variety of contract manufacturers and original design manufacturers. Our current manufacturing partners include Accton Technology (“Accton”), IBASE Technology, Inc. (“IBASE”), Micro-Star International Co. (“Micro-Star”), Senao Networks, Inc. (“Senao”), Wistron Corporation (“Wistron”), and a number of other manufacturers. Approximately 88% of our hardware is manufactured in Taiwan.

As of December 31, 2023, we had 1,299 U.S. and foreign-issued patents and 252 pending U.S. and foreign patent applications. We also license software from third parties for inclusion in our products, including open source software and other software.

As of December 31, 2024, we had 1,034 U.S. and 1,378 global patents and 451 pending U.S. and foreign patent applications. We also license software from third parties for inclusion in our products, including open source software and other software.

The Network Firewall solution consists of FortiGate data centers, hyperscale and distributed firewalls, as well as encrypted applications (secure sockets layer (“SSL”) inspection, Virtual Private Network and IPsec connectivity). Our ability to converge networking and security also enables the ethernet to become an extension of a company’s security infrastructure through FortiSwitch and FortiLink.

Our network firewall offerings consist of a FortiGate data center, hyperscale and distributed firewalls, as well as encrypted applications (secure sockets layer (“SSL”) inspection, virtual private network and Internet Protocol Security (“IPsec”) connectivity). Our ability to converge networking and security also enables the ethernet to become an extension of our customers’ security infrastructure through FortiSwitch and FortiLink.

ITEM 1. Business Overview Fortinet is a leader in cybersecurity and the convergence of networking and security. Our mission is to secure people, devices and data everywhere. Our integrated platform, the Fortinet Security Fabric, spans secure networking, unified Secure Access Service Edge (“SASE”) and AI-driven security operations to deliver cybersecurity where our customers need it.

ITEM 1. Business Overview Fortinet is a leader in cybersecurity, driving the convergence of networking and security. Our mission is to secure people, devices and data everywhere. Our integrated platform, the Fortinet Security Fabric, spans secure networking, unified Secure Access Service Edge (“SASE”) and artificial intelligence (“AI”)-driven security operations (“SecOps”).

Customers Our end-customers are located in over 100 countries and include small, medium and large enterprises and government organizations across a wide range of industries, including financial services, government, manufacturing, retail, technology, education, healthcare and telecommunications.

This approach strengthens security effectiveness and helps reduce complexity and total cost of ownership. Customers Our end-customers are located in over 100 countries and include small, medium and large enterprises and government organizations across a wide range of industries, including financial services, government, manufacturing, retail, technology, education, healthcare and telecommunications.

Among others, our competitors include Aruba Networks, Inc. (“Aruba”), Check Point Software Technologies Ltd. (“Check Point”), Cisco Systems, Inc. (“Cisco”), CrowdStrike Holdings, Inc. (“CrowdStrike”), F5 Networks, Inc. (“F5 Networks”), Huawei Technologies Co., Ltd. (“Huawei”), Juniper Networks, Inc. (“Juniper”), Palo Alto Networks, Inc. (“Palo Alto Networks”), SonicWALL, Inc. (“SonicWALL”), Sophos Group Plc (“Sophos”), VMware, Inc. (“VMware”) and Zscaler, Inc. (“Zscaler”).

Among others, our competitors include Check Point Software Technologies Ltd. (“Check Point”), Cisco Systems, Inc. (“Cisco”), CrowdStrike Holdings, Inc. (“CrowdStrike”), F5 Networks, Inc. (“F5 Networks”), Hewlett-Packard Enterprise (“HPE”), Huawei Technologies Co., Ltd. (“Huawei”), Juniper Networks, Inc. (“Juniper”), Microsoft Corporation (“Microsoft”), Netskope Inc. (“Netskope”), Palo Alto Networks, Inc. (“Palo Alto Networks”), SonicWALL, Inc. (“SonicWALL”), Sophos Group Plc (“Sophos”) and Zscaler, Inc.

We believe we take reasonable steps designed to ensure we are in compliance with current laws and regulations and do not expect continued compliance to have a material impact on our capital expenditures, earnings, or competitive position.

In addition, the application and interpretation of these laws and regulations often are uncertain, particularly in the industry in which we operate. We believe we take reasonable steps designed to ensure we are in compliance with current laws and regulations and do not expect continued compliance to have a material impact on our capital expenditures, earnings, or competitive position.

We continue to focus on skilling, upskilling and reskilling individuals and are on track to reach our goal of training one million people in cybersecurity by 2026 with over 430,000 individuals trained as of the end of 2023.

We are committed to empower individuals within our organization and across the security industry to reach their full potential. We continue to focus on skilling, upskilling and reskilling individuals and are on track to reach our goal of training one million people in cybersecurity by 2026 with over 630,000 individuals trained as of the end of 2024.

An end-customer deployment may involve as few as one or as many as dozens of different types of integrated products and services from across our broad portfolio that spans secure networking, unified SASE, and security operations. Customers may also access our products via the cloud through certain cloud providers such as Amazon Web Services, Microsoft Azure and Google Cloud.

Fortinet is a member of the Dow Jones Sustainability Indices — World and North America, for the second consecutive year. Our approach to ESG is based on a strong corporate governance structure, starting with the Social Responsibility Committee of our board of directors, which provides oversight of our Corporate Social Responsibility (“CSR”) strategy, initiatives and execution related to ESG matters.

Our approach to corporate sustainability is based on a strong corporate governance structure, starting with the Governance and Social Responsibility Committee (the “GSR Committee”) of our board of directors, which provides oversight of our Corporate Social Responsibility (“CSR”) strategy, initiatives and execution related to corporate sustainability matters.

Our development strategy is to identify features, products and systems for both software and hardware that are, or are expected to be, important to our end-customers.

Research and Development We focus our research and development efforts on developing new hardware and software products and services, and adding new features to existing products, services and operating systems. Our development strategy is to identify features, products and systems for both software and hardware that are, or are expected to be, important to our end-customers.

Some of these larger competitors have substantially broader product offerings and leverage their relationships based on other products or incorporate 6 Table of Contents functionality into existing products in a manner that discourages users from purchasing our products. Based in part on these competitive pressures, we may lower prices or attempt to add incremental features and functionalities to our products.

Some of these larger competitors have substantially broader product offerings and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages users from purchasing our products.

Many of the laws and regulations that are or may be applicable to our business are changing or being tested in courts and could be interpreted in ways that could adversely impact our business. In addition, the application and interpretation of these laws and regulations often are uncertain, particularly in the industry in which we operate.

Many of the laws and regulations that are or may be applicable to our business are changing or being tested in courts and could be interpreted in ways that could adversely impact our business and additional laws and regulations applicable to our business may be enacted.

The information posted on our website is not incorporated by reference into this Annual Report on Form 10-K.

Available Information Our website is located at https://www.fortinet.com, and our investor relations website is located at https://investor.fortinet.com. The information posted on our website is not incorporated by reference into this Annual Report on Form 10-K.

Our sales professionals and engineers typically work closely with our channel partners and directly engage with large end-customers to address their unique security and deployment requirements.

Additionally, our sales teams help drive and support large enterprise and service provider sales through a direct touch model. Our sales professionals and engineers typically work closely with our channel partners and directly engage with large end-customers to address their unique security and deployment requirements.

Our approach to responsible business is based on strong corporate governance practices that aim to ensure accountability while meeting our responsibilities across our value chain, starting with our employees. Our board of directors regularly reviews our governance practices. Our Codes of Conduct apply to employees, partners and suppliers, and we have compliance trainings and controls in place.

Our approach to responsible business is based on strong corporate governance practices that aim to ensure accountability while meeting our responsibilities across our value chain, starting with our employees. Our board of directors regularly reviews our governance practices and in 2024 we formed our GSR committee which combined our Governance Committee with the Social Responsibility Committee to GSR Committee.

The Fortinet Unified SASE solution is a single-vendor SASE solution that includes Firewall, SD-WAN, Secure Web Gateway, Cloud Access Services Broker, Data Loss Prevention, Zero Trust Network Access and cloud security, including Web Application Firewalls, Virtualized Firewalls and Cloud-Native Firewalls, among other products.

The Fortinet Unified SASE solution includes a single-vendor SASE solution that includes firewall, SD-WAN, secure web gateway, cloud access services broker, Data Loss Prevention (“DLP”) and zero trust network access to deliver flexible secure access for all users.

These proprietary ASICs, combined with off-the-shelf central processing units (“CPUs”) and ASICs, allow our systems to scale, run multiple applications at higher performance, lower power consumption and perform more processor-intensive operations, such as inspecting encrypted traffic, including streaming video.

When delivered through our network firewall appliances, functionality is accelerated through our proprietary ASIC technology. These proprietary ASICs, allow our systems to scale, run multiple applications at higher performance, lower power consumption and perform more processor-intensive operations, such as inspecting encrypted traffic, including streaming video.

Organizations have the flexibility to procure different levels of service for different devices based on their availability needs. We offer three per-device support options tailored to the needs of our enterprise customers: FortiCare Premium, FortiCare Elite and FortiCare Essential. The FortiCare Elite service aims to provide 15-minute response times for key product families.

We offer three per-device support options tailored to the needs of our enterprise customers: FortiCare Elite, FortiCare Premium and FortiCare Essential. The FortiCare Elite service aims to provide a 15-minute response time for key product families. In addition to FortiCare device level services, Advanced Support service options are available per account.

In 2023, we established a risk management committee and steering committee to further enhance our anti-corruption program and we employ a thorough screening process for partners and suppliers, including continuous monitoring in high-risk zones, and resolution process for risk mitigation. Available Information Our web site is located at https://www.fortinet.com, and our investor relations web site is located at https://investor.fortinet.com.

Our Codes of Conduct apply to employees, partners and suppliers, and we have compliance trainings and controls in place. In 2023, we established a risk management committee and steering committee to further enhance our anti-corruption program and we employ a thorough screening process for partners and suppliers, including continuous monitoring in high-risk zones, and resolution process for risk mitigation.

Intellectual Property We rely primarily on patent, trademark, copyright and trade secrets laws, confidentiality procedures and contractual provisions to protect our technology.

We pursue and maintain a broad portfolio of product and information security certifications available at the Fortinet Trust Site. Intellectual Property We rely primarily on patent, trademark, copyright and trade secrets laws, confidentiality procedures and contractual provisions to protect our technology.

Often, our customers also purchase our FortiGuard security subscription services and FortiCare technical support services. Refer to Note 16 Segment Information in Part II, Item 8 of this Annual Report on Form 10-K for distributor customers that accounted for 10% or more of our revenue or net accounts receivable.

Refer to Note 16 Segment Information in Part II, Item 8 of this Annual Report on Form 10-K for distributor customers accounted for 10% or more of our revenue or net accounts receivable. 5 Table of Contents Sales and Marketing We primarily sell our products and services through a two-tier distribution model.

FortiGuard Security Services are a suite of AI-powered security capabilities that are natively integrated as part of the Fortinet Security Fabric to deliver coordinated detection and enforcement across the entire attack surface. The portfolio consists of FortiGuard application security services, content security services, device security services, NOC/SOC security services and web security services.

Using millions of global network sensors, FortiGuard Labs monitors the worldwide attack surface and employs AI to mine that data for new threats. FortiGuard and Other Security Services are a suite of AI-powered security capabilities that are natively integrated as part of the Fortinet Security Fabric to deliver coordinated detection and enforcement across the entire attack surface.

The Secure Connectivity solution includes FortiSwitch Secure Ethernet Switches, FortiAP Wireless Local Area Network Access Points and FortiExtender 5G Connectivity Gateways, among other products. • Unified Secure Access Service Edge (SASE) —As applications move to the cloud and work from anywhere becomes established, cloud delivery is needed to enable secure access to applications on any cloud.

Our Secure Connectivity solution includes FortiSwitch secure ethernet switches, FortiAP wireless local area network access points and FortiExtender 5G connectivity gateways. • Unified Secure Access Service Edge (SASE) —As applications move to the cloud and hybrid workforce is now the norm, enabling secure access for users with zero trust framework becomes important.

Sales and Marketing We primarily sell our products and services through a two-tier distribution model. We sell to distributors that sell to resellers and to service providers and managed security service providers (“MSSPs”), who, in turn, sell products and/or services to end-customers. In certain cases, we sell directly to large service providers and major systems integrators.

We sell to distributors that sell to resellers and to service providers and managed security service providers (“MSSPs”), who, in turn, sell products and/or services to end-customers. In certain cases, we sell directly to large service providers, major systems integrators and large end users. We work with many technology distributors, including Arrow Electronics, Inc., Exclusive, Ingram Micro, and TD Synnex.

As of December 31, 2023, over a half million customers trusted our solutions, including enterprises such as in the financial services, retail and operational technology market verticals, communication and security service providers, government organizations and small and medium-sized businesses.

As of December 31, 2024, our end-customers were located in over 100 countries and included enterprises across a wide variety of market verticals, including financial services, retail, healthcare and operational technology (“OT”) market verticals, communication and security service providers, and government organizations.

As of December 31, 2023, we held 957 U.S. patents and 1,299 global patents and we are recognized in over 80 enterprise analyst reports demonstrating both our vision and execution across networking and security products. • Secure Networking —Our Secure Networking solutions focus on the convergence of networking and security via our network firewall and our switches, access points and other secure connectivity solutions.

As of December 31, 2024, we held 1,034 U.S. patents and 1,378 global patents and we have been recognized in over 140 enterprise analyst reports demonstrating both our vision and execution across security and networking products.

Once our products are manufactured, they are sent to either our warehouse in California or to our logistics partner in Taoyuan City, Taiwan, where accessory packaging and quality-control testing are performed. We believe that outsourcing our manufacturing and a substantial portion of our logistics enables us to focus resources on our core competencies.

We submit purchase orders to our contract manufacturers that describe the type and quantities of our products to be manufactured, the delivery date and other delivery terms. Once our products are manufactured, they are sent to either our warehouse in California or to our logistics partner in Taoyuan City, Taiwan, where accessory packaging and quality-control testing are performed.

We are engaged on a 7 Table of Contents decarbonization path to reach net zero for our Scope 1 and Scope 2 emissions by 2030, and formally signed on to the Science-Based Target Initiative commitment in September 2022.

We have completed our validation process and have been approved by the Science Based Targets Initiatives for a near-term target. We are engaged on a decarbonization path to reach zero emissions for our Scope 1 and Scope 2 emissions by 2030.

The components included in our products are sourced from various suppliers by us or, more frequently, by our contract manufacturers. Some of the components important to our business, including certain CPUs from Intel Corporation (“Intel”) and Advanced Micro Devices, Inc. (“AMD”), network and wireless chips from Broadcom Inc. (“Broadcom”), Marvell Technology Group Ltd.

Some of the components important to our business, including certain Central Processing Units (“CPUs”) from Intel Corporation (“Intel”) and Advanced Micro Devices, Inc. (“AMD”), network and wireless chips from Broadcom Inc. (“Broadcom”), Marvell Technology Group Ltd. (“Marvell”), Qualcomm Incorporated (“Qualcomm”) and Intel and memory devices from Intel, Micron Technology (“Micron”), ADATA Technology Co., Ltd.

Our proprietary ASICs, which are key to the performance of our appliances, are built by contract manufacturers including Toshiba America Electronic Components, Inc. (“Toshiba America”) and Renesas Electronics America, Inc. (“Renesas”). These contract manufacturers use foundries in Taiwan and Japan operated by either Taiwan Semiconductor Manufacturing Company Limited (“TSMC”) or by the contract manufacturer itself.

We believe that outsourcing our manufacturing and a substantial portion of our logistics enables us to focus resources on our core competencies. Our proprietary ASICs, which are key to the performance of our appliances, are built by contract manufacturers including Toshiba America Electronic Components, Inc. (“Toshiba America”) and Renesas Electronics America, Inc. (“Renesas”).

Our senior leadership sponsors the integration of CSR priorities throughout our business operations. In addition, our CSR team, along with our internal cross-functional employee CSR Committee, engage with internal and external stakeholders to lead CSR execution, communications and disclosure. Environmental.

Our senior leadership sponsors the integration of CSR priorities via a CSR Committee, comprised of cross-functional team of senior leaders that drives CSR initiatives and functionality across the company including engaging with internal and external stakeholders to lead CSR execution, communications and disclosure via an annual Sustainability Report.

We support our channel partners with a dedicated team of experienced channel account managers, sales professionals and sales engineers who provide business planning, joint marketing strategy, pre-sales and operational sales support. Additionally, our sales teams help drive and support large enterprise and service provider sales through a direct touch model.

In addition, we provide our cloud-based subscription offerings through Fortinet-owned data centers and PoPs, as well as data centers operated under colocation arrangements globally, and via public cloud providers. We support our channel partners with a dedicated team of experienced channel account managers, sales professionals and sales engineers who provide business planning, joint marketing strategy, pre-sales and operational sales support.

(“Marvell”), Qualcomm Incorporated (“Qualcomm”) and Intel and memory devices from Intel, Micron Technology (“Micron”), ADATA Technology Co., Ltd. (“ADATA”), Toshiba Corporation (“Toshiba”), Samsung Electronics Co., Ltd. (“Samsung”), and Western Digital Technologies, Inc. (“Western Digital”), are available from limited or sole sources of supply.

(“ADATA”), Toshiba Corporation (“Toshiba”), Samsung Electronics Co., Ltd. (“Samsung”), and Western Digital Technologies, Inc. (“Western Digital”), are available from limited or sole sources of supply. We have no long-term contracts related to the manufacturing of our ASICs or other components that guarantee any capacity or pricing terms.

Human Capital Management As of December 31, 2023, our total headcount was 13,568 employees, approximately 30% of whom were employed in the United States and approximately 70% of whom were employed outside of the United States. Our employees are the foundation of our innovation and cybersecurity leadership for the benefit of our customers.

Human Capital Management As of December 31, 2024, our total headcount was 14,138 employees, approximately 30% of whom were employed in the United States, approximately 20% of whom were employed in Canada and approximately 50% of whom were employed outside of the United States and Canada. We do not own any manufacturing or research and development activities in China.

As of December 31, 2023 , women represented 25% of the members of our board of directors, and approximately 50% o f our board of directors was from underrepresented communities. We value diversity at all levels and continue to focus on enhancing our DEI initiatives across our workforce.

Such commitment starts at the top, with a highly skilled and diverse board of directors. As of December 31, 2024 , women represented 40% of the members of our board of directors, and approximately 50% o f our board of directors was from underrepresented communities.

We offered our Security Awareness Curriculum at no cost to primary and secondary schools across the same countries. We continued to expand partnerships with educational institutions and now have over 650 Authorized Academic Partners in 99 countries or territories across the world.

We offered our Security Awareness Curriculum at no cost to primary and secondary schools across the same countries. We are involved in over 700 education partnerships across more than 100 countries and participates in public-private partnerships, including the World Economic Forum’s Cybersecurity Talent Framework.

Since 2020, Fortinet has also offered a number of free online training courses to help address prevalent industry-wide cybersecurity skills gaps and shortages. During the year ended December 31, 2023, we generated total revenue of $5.30 billion and net income of $1.15 billion.

The Fortinet Training Institute has issued over one million certifications to date. During the year ended December 31, 2024, we generated total revenue of $5.96 billion and net income of $1.75 billion.

Removed

FortiOS is our networking and security operating system that is consistent across our firewalls and secure connectivity solutions and supports over 30 functions that can be delivered via a physical, virtual, cloud or Software as a Service (“SaaS”) solution. When delivered via our network firewall appliances, functionality is accelerated through our proprietary Application-Specific Integrated Circuits (“ASIC”) technology.

Added

As of December 31, 2024, our customers included approximately 80% of the Fortune 100 companies and approximately 72% of the Global 2000 companies. We were also ranked #7 in the Forbes Most Trusted Companies list in 2024.

Removed

These functions are delivered through our FortiOS operating systems, which can deploy the full SASE stack through the cloud or on our ASIC-driven appliances.

Added

Our competitive differentiation lies in our core technologies, which together provide performance, security, flexibility and integration across diverse environments. • FortiOS —FortiOS enables the convergence of security and networking to enforce consistent security policies across form factors and edges.

Removed

All functions can be managed through a unified management console. • Security Operations (SecOps) —Fortinet’s Security Operations solutions comply with the National Institute of Standards and Technology (“NIST”) cybersecurity framework of identify, protect, detect, respond and recover, and are delivered as a platform that automates detection and response to accelerate discovery and remediation.

Added

As the foundation of the Fortinet Security Fabric, FortiOS empowers organizations to unify management and analytics for comprehensive network visibility and control at scale.

Removed

The SecOps solution includes FortiAI generative AI assistant, FortiSIEM Security Information and Event Management, FortiSOAR Security Orchestration, Automation and Response, FortiEDR Endpoint Detection and Response, FortiXDR Extended Detection and Response, FortiMDR Managed Detection and Response Service, FortiNDR Network Detection and Response, FortiRecon Digital Risk Protection, FortiDeceptor Deception technology, FortiGuard SoCaaS, FortiSandbox Sandboxing Services and FortiGuard Incident Response Services, among other products.

Added

To further validate our strategy, FortiOS has been recognized across five Gartner Magic Quadrants, including Firewall, Software-Defined Wide-Area Network (“SD-WAN”), Security Service Edge (“SSE”), SASE Platforms and Wired and Wireless Local Area Network (“LAN”). • FortiASIC —Our Application-Specific Integrated Circuit (“ASIC”)-based security processing units (“SPUs”) increase the speed, scale, efficiency and value of our solutions while improving user experience, reducing footprint and power requirements.

Removed

We also offer training services to our end-customers and channel partners through our training team and authorized training partners. We have also implemented a training certification program, Network Security Expert (“NSE”), to help ensure an understanding of our products and services.

Added

From branch and campus to data center solutions, SPU-powered Fortinet appliances deliver superior Security Compute Ratings versus industry alternatives. • FortiCloud —Our organically built global cloud infrastructure, powered by FortiStack which is our secure software as a service (“SaaS”) platform operating as a private cloud service provider and leveraging software and hardware to optimize and secure all layers, provides customers with global reach, flexible connectivity, and cost savings. • FortiAI —Our AI innovations encompass generative AI (“GenAI”), big data AI for threat intelligence to process and analyze trillions of events using AI/Machine Learning (“ML”), network operations AI for self-healing networks and automated network orchestration, automation and response, and AI for Large Language Model (“LLM”) leakage to protection against data leakage into LLMs.

Removed

We work with many technology distributors, including Arrow Electronics, Inc., Exclusive, Ingram Micro and TD Synnex (formerly Tech Data Corporation and Synnex Corporation, separately). In addition, we provide our cloud-based subscription offerings through Fortinet-owned data centers, as well as data centers operated under co-location arrangements globally, and via public cloud providers.

Added

Our GenAI assists security teams to make better decisions, rapidly respond to threats and save time on even the most complex tasks.

Removed

Approximately 95% of our hardware is manufactured in Taiwan. We submit purchase orders to our contract manufacturers that describe the type and quantities of our products to be manufactured, the delivery date and other delivery terms.

Added

FortiAI is seamlessly integrated into the user experience of several of our products, including FortiAnalyzer, FortiSIEM and FortiSOAR, to help optimize threat investigation and response, Security information and event management (“SIEM”) queries, Security, orchestration, automation, and response (“SOAR”) playbook creation, among other functions. • FortiEndpoint —FortiEndpoint converges secure connectivity, endpoint protection and advanced capabilities like endpoint detection and response and extended detection and response (“XDR”), into a single agent.

Removed

We have no long-term contracts related to the manufacturing of our ASICs or other components that guarantee any capacity or pricing terms. Research and Development We focus our research and development efforts on developing new hardware and software products and services, and adding new features to existing products, services and operating systems.

Added

It simplifies management and enhances visibility while reducing costs and complexity. The solution gives IT teams the visibility and control they need, while security teams benefit from automated threat detection and response.

Removed

As a global company, much of our success is rooted in the diversity of our teams and our commitment to diversity, equity and inclusion (“DEI”). Such commitment starts at the top, with a highly skilled and diverse board of directors.

Added

This minimizes the need for manual intervention and provides faster remediation of threats across all environments. • OT Security —The Fortinet Security Fabric enables security for converged IT/OT ecosystems. It also provides an OT Security Platform with features and products to extend Security Fabric capabilities to OT networks in factories, plants, remote locations and ships.

Removed

We are committed to building an inclusive, equitable and diverse workforce within our organization and across the security industry to help empower individuals to reach their full potential.

Added

To help alleviate security risks across the organization, we have continued to enhance our OT Security Platform offerings.

… 25 more changes not shown on this page.

Item 1A. Risk Factors

Risk Factors — what could go wrong, per management

169 edited+37 added−18 removed363 unchanged

2023 filing

2024 filing

Biggest changeAs we have fulfilled, shipped and billed during a quarter to satisfy backlog, this has increased our aggregate billings and revenue during any particular quarter, and as the supply chain challenges normalize, the growth comparisons versus prior quarters where backlog contributed more to billings have become more challenging and may become increasingly challenging; • supplier cost increases and any lack of market acceptance of our price increases designed to help offset any supplier cost increases; • the effects of our reduction of operations in Russia; • the timing of channel partner and end-customer orders and our reliance on a concentration of shipments at the end of each quarter; • the impact to our business, the global economy, disruption of global supply chains and creation of significant volatility and disruption of the financial markets due to factors such as increased inflation or possible stagflation in certain geographies, increasing or decreasing interest rates, the war in Ukraine and the Israel-Hamas war and other factors; • any actual or perceived vulnerabilities in our products or services, and any actual or perceived breach of our network or our customers’ networks; • the timing of shipments, which may depend on factors such as inventory levels, logistics, manufacturing or shipping delays, our ability to ship products on schedule and our ability to accurately forecast inventory requirements and our suppliers’ ability to deliver components and finished goods; • increased expenses, unforeseen liabilities or write-downs and any negative impact on results of operations from any acquisition or equity investment consummated, as well as accounting risks, integration risks related to product plans and products and risks of negative impact by such acquisitions and equity investments on our financial results; • investors’ expectations of our performance relating to environmental, social and governance (“ESG”) and commitment to carbon neutrality; • certain customer agreements which contain service-level agreements, under which we guarantee specified availability of our platform and solutions; • data security requirements that may be inconsistently enforced in certain jurisdictions; 9 Table of Contents • impairments as a result of certain events or changes in circumstances; • the mix of products sold and the mix of revenue between products and services, as well as the degree to which products and services are bundled and sold together for a package price; • the purchasing practices and budgeting cycles of our channel partners and end-customers, including the effect of the end of product lifecycles or refresh cycles; • any decreases in demand by channel partners or end-customers, including any such decreases caused by factors outside of our control such as natural disasters and health emergencies, including earthquakes, droughts, fires, power outages, typhoons, floods, pandemics or epidemics and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars, such as the war in Ukraine and the Israel-Hamas war, and critical infrastructure attacks; • the effectiveness of our sales organization, generally or in a particular geographic region, including the time it takes to hire sales personnel, the timing of hiring and our ability to hire and retain effective sales personnel, as well as our efforts to align our sales capacity and market demand; • sales productivity and sales execution risk related to effectively selling to all segments of the market, including enterprise and small- and medium-sized businesses, government organizations and service providers, and to selling our broad security product and services portfolio, including, among other execution risks, risks associated with the complexity and distraction in selling to all segments, increased competition and unpredictability of timing to close larger enterprise and large organization deals, and the risk that our sales representatives do not effectively sell products and services; • execution risk associated with our efforts to capture the opportunities related to our identified growth drivers, such as risk associated with our ability to capitalize on the convergence of networking and security, vendor consolidation of various cyber security solutions, SD-WAN, infrastructure security, security operations, SASE and other cloud security solutions, endpoint protection, and IoT and OT security opportunities; • the seasonal buying patterns of our end-customers; • the timing and level of our investments in sales and marketing, and the impact of such investments on our operating expenses, operating margin and the productivity, capacity, tenure and effectiveness of execution of our sales and marketing teams; • the timing of revenue recognition for our sales, including any impacts resulting from extension of payment terms to distributors and fluctuations in backlog levels, which could result in more variability and less predictability in our quarter-to-quarter revenue and operating results; • the level of perceived threats to network security, which may fluctuate from period to period; • changes in the requirements, market needs or buying practices and patterns of our distributors, resellers or end-customers; • changes in the growth rates of the network security market in particular and other security and networking markets, such as SD-WAN, OT, switches, access points, security operations, SASE and other cloud solutions for which we and our competitors sell products and services; • the timing and success of new product and service introductions or enhancements by us or our competitors, or any other change in the competitive landscape of our industry, including consolidation among our competitors, partners or end-customers; • the deferral of orders from distributors, resellers or end-customers in anticipation of new products or product enhancements announced by us or our competitors, price decreases or changes in our registration policies, or the acceleration of orders in response to our announced or expected price list increases; • increases or decreases in our billings, revenue and expenses caused by fluctuations in foreign currency exchange rates or a strengthening of the U.S. dollar, as a significant portion of our expenses is incurred and paid in currencies other than the U.S. dollar, and the impact such fluctuations may have on the actual prices that our partners and customers are willing to pay for our products and services; 10 Table of Contents • compliance with existing laws and regulations; • our ability to obtain and maintain permits, clearances and certifications that are applicable to our ability to conduct business with the U.S. federal government, other foreign and local governments and other industries and sectors; • litigation, litigation fees and costs, settlements, judgments and other equitable and legal relief granted related to litigation; • the impact of cloud-based security solutions on our billings, revenue, operating margins and free cash flow; • decisions by potential end-customers to purchase network security solutions from newer technology providers, from larger, more established security vendors or from their primary network equipment vendors; • price competition and increased competitiveness in our market, including the competitive pressure caused by product refresh cycles; • our ability to both increase revenue and manage and control operating expenses in order to maintain or improve our operating margins; • changes in customer renewal rates or attach rates for our services; • changes in the timing of our billings, collection for our contracts or the contractual term of service sold; • changes in our estimated annual effective tax rates and the tax treatment of research and development expenses and the related impact of cash from operations; • changes in circumstances and challenges in business conditions, including decreased demand, which may negatively impact our channel partners’ ability to sell the current inventory they hold and negatively impact their future purchases of products from us; • increased demand for cloud-based services and the uncertainty associated with transitioning to providing such services; • potential shift or migration from physical appliances that deliver on-premises network security to cloud and SaaS-based security services; • our channel partners having insufficient financial resources to withstand changes and challenges in business conditions; • disruptions in our channel or termination of our relationship with important channel partners, including as a result of consolidation among distributors and resellers of security solutions; • insolvency, credit or other difficulties confronting our key suppliers and channel partners, which could affect their ability to purchase or pay for products and services and which could disrupt our supply or distribution chain; • policy changes and uncertainty with respect to immigration laws, trade policy and tariffs, including increased tariffs applicable to countries where we manufacture our products, foreign imports and tax laws related to international commerce; • political, economic and social instability, including geo-political instability and uncertainty, such as that caused by the war in Ukraine, the Israel-Hamas war, tensions between China and Taiwan, and any disruption or negative impact on our ability to sell to, ship product to and support customers in certain regions based on trade restrictions, embargoes and export control law restrictions; • general economic conditions, both in domestic and foreign markets; • future accounting pronouncements or changes in our accounting policies as well as the significant costs that may be incurred to adopt and comply with these new pronouncements; 11 Table of Contents • possible impairments or acceleration of depreciation of our existing real estate due to our current real estate investments and future acquisition and development plans; and • legislative or regulatory changes, such as with respect to privacy, information and cybersecurity, exports, the environment, regional component bans, and requirements for local manufacture.

Biggest changeFor fiscal year 2024, the comparably lower backlog contribution to billings resulted in decreased year-over-year quarterly growth rates; • supplier cost increases and any lack of market acceptance of our price increases designed to help offset any supplier cost increases; • the timing of channel partner and end-customer orders and our reliance on a concentration of shipments at the end of each quarter or changes in shipping terms; 11 Table of Contents • the impact to our business, the global economy, disruption of global supply chains and creation of significant volatility and disruption of the financial markets due to factors such as increased inflation or possible stagflation in certain geographies, changing interest rates, the war in Ukraine and other factors; • defects or vulnerabilities, including critical vulnerabilities, in our products or services, as well as reputational harm from the failure or misuse of our products or services, and any actual or perceived defects or vulnerabilities, including critical vulnerabilities, in our products or services, failure of our products or services to detect or prevent a security incident or to cause a disruption to operations, failure of our customers to implement preventative actions such as updates to one of our deployed solutions or failure to help secure our customers; • compromising of our internal enterprise IT networks, our operational networks, our research and development networks, our back-end labs and cloud stacks hosted in our data centers or PoPs, colocation vendors or public cloud providers, and resulting harm to public perception of our products and services; • the timing of shipments, which may depend on factors such as inventory levels, logistics, manufacturing or shipping delays, our ability to ship products on schedule and our ability to accurately forecast inventory requirements and our suppliers’ ability to deliver components and finished goods; • increased expenses, unforeseen liabilities or write-downs and any negative impact on results of operations from any acquisition or equity investment, as well as accounting risks, integration risks related to product plans and products and risks of negative impact by such acquisitions and equity investments on our financial results; • investors’ expectations of our performance relating to environmental, social and governance (“ESG”) and commitment to carbon neutrality; • certain customer agreements which contain service-level agreements, under which we guarantee specified availability of our platform and solutions; • inconsistent and evolving data and other security requirements and enforcement across certain jurisdictions; • impairments as a result of certain events or changes in circumstances; • the mix of products sold and the mix of revenue between products and services, as well as the degree to which products and services are bundled and sold together for a package price; • the purchasing practices and budgeting cycles of our channel partners and end-customers, including the effect of the end of product lifecycles, refresh cycles or price decreases; • any decreases in demand by channel partners or end-customers, including any such decreases caused by factors outside of our control such as natural disasters and health emergencies, including earthquakes, droughts, fires, power outages, typhoons, floods, pandemics or epidemics and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars, such as the war in Ukraine and critical infrastructure attacks; • the effectiveness of our sales organization, generally or in a particular geographic region, including the time it takes to hire sales personnel, the timing of hiring and our ability to hire and retain effective sales personnel, our efforts to align our sales capacity and productivity with market demand and any negative impact to our sales and the effectiveness of our sales team based on changes to sales compensation or to our sales compensation plan; • sales productivity and sales execution risk related to effectively selling to all segments of the market, including enterprise and small- and medium-sized businesses, government organizations and service providers, and to selling our broad security product and services portfolio, including, among other execution risks, risks associated with the complexity and distraction in selling to all segments, increased competition and unpredictability of timing to close larger enterprise and large organization deals, and the risk that our sales representatives do not effectively sell products and services; • execution risk associated with our efforts to capture the opportunities related to our identified growth drivers, such as risk associated with our ability to capitalize on the convergence of networking and security, vendor consolidation of various cyber security solutions, SD-WAN, infrastructure security, security operations, 12 Table of Contents SASE and other cloud security solutions, endpoint protection, IoT and OT security opportunities and product refresh cycles; • the seasonal buying patterns of our end-customers; • the timing and level of our investments in sales and marketing, and the impact of such investments on our operating expenses, operating margin and the productivity, capacity, tenure and effectiveness of execution of our sales and marketing teams; • the timing of revenue recognition for our sales, including any impacts resulting from extension of payment terms and fluctuations in backlog levels, which could result in more variability and less predictability in our quarter-to-quarter revenue and operating results; • the level of perceived threats to network security, which may fluctuate from period to period; • changes in the requirements, market needs or buying practices and patterns of our distributors, resellers or end-customers; • changes in the growth rates of the network security market in particular and other security and networking markets, such as SD-WAN, OT, switches, access points, security operations, SASE and other cloud solutions for which we and our competitors sell products and services; • the timing and success of new product and service introductions or enhancements by us or our competitors, or any other change in the competitive landscape of our industry, including consolidation among our competitors, partners or end-customers; • the deferral of orders from distributors, resellers or end-customers in anticipation of new products or product enhancements announced by us or our competitors, price decreases or changes in our registration policies, or the acceleration of orders in response to our announced or expected price list increases; • increases or decreases in our billings, revenue and expenses caused by fluctuations in foreign currency exchange rates or a strengthening of the U.S. dollar, as a significant portion of our expenses is incurred and paid in currencies other than the U.S. dollar, and the impact such fluctuations may have on the actual prices that our partners and customers are willing to pay for our products and services; • compliance with existing laws and regulations; • our ability to obtain and maintain permits, clearances and certifications that are applicable to our ability to conduct business with the U.S. federal government, other foreign and local governments and other industries and sectors; • litigation, litigation fees and costs, settlements, judgments and other equitable and legal relief granted related to litigation; • the impact of cloud-based and hosted security solutions on our billings, revenue, operating margins and free cash flow; • decisions by potential end-customers to purchase network security solutions from newer technology providers, from larger, more established security vendors or from their primary network equipment vendors; • price competition and increased competitiveness in our market, including the competitive pressure caused by product refresh cycles and inventory levels; • our ability to both increase revenue and manage and control operating expenses in order to maintain or improve our operating margins; • changes in customer renewal rates or attach rates for our services; • changes in the timing of our billings, collection for our contracts or the contractual term of service sold; 13 Table of Contents • changes in our estimated annual effective tax rates and the tax treatment of research and development expenses and the related impact of cash from operations; • changes in circumstances and challenges in business conditions, including decreased demand, which may negatively impact our channel partners’ ability to sell the current inventory they hold and negatively impact their future purchases of products from us; • increased demand for cloud-based and hosted services and the uncertainty associated with transitioning to providing such services; • potential shift or migration from physical appliances that deliver on-premises network security to cloud and SaaS-based security services; • our channel partners having insufficient financial resources to withstand changes and challenges in business conditions; • disruptions in our channel or termination of our relationship with important channel partners, including as a result of consolidation among distributors and resellers of security solutions; • insolvency, credit or other difficulties confronting our key suppliers and channel partners, which could affect their ability to purchase or pay for products and services and which could disrupt our supply or distribution chain; • political, economic and social instability, including geo-political instability and uncertainty, such as that caused by the war in Ukraine, tensions between China and Taiwan, and any disruption or negative impact on our ability to sell to, ship product to and support customers in certain regions based on trade restrictions, embargoes and export control law restrictions; • general economic conditions, both in domestic and foreign markets; • future accounting pronouncements or changes in our accounting policies as well as the significant costs that may be incurred to adopt and comply with these new pronouncements; • possible impairments or acceleration of depreciation of our existing real estate due to our current real estate investments and future acquisition and development plans; and • legislative or regulatory changes, such as with respect to privacy, information and cybersecurity, exports, the environment, regional component bans, and requirements for local manufacture.

In order to sustain our growth in certain of our existing and new markets, we may expand existing data centers, lease new facilities or acquire suitable land, with or without structures, to build new data centers or office buildings.

In order to sustain our growth in certain of our existing and new markets, we may acquire or expand existing data centers, lease new facilities or acquire suitable land, with or without structures, to build new data centers or office buildings.

Federal Risk and Authorization Management Program (“FedRAMP”), and until the time that we also certify under FedRAMP, we risk losing sales for government deals to certified competitors for deals where FedRAMP certification is a requirement. The rules and regulations applicable to sales to government organizations may also negatively impact sales to other organizations.

Federal Risk and Authorization Management Program (“FedRAMP”), and until the time that we also certify under FedRAMP, we risk losing deals to certified competitors for deals where FedRAMP certification is a requirement. The rules and regulations applicable to sales to government organizations may also negatively impact sales to other organizations.

We may undertake corporate operating restructurings or transfers of assets that involve our group of foreign country subsidiaries through which we do business abroad, in order to maximize the operational and tax efficiency of our group structure. If ineffectual, such restructurings or transfers could increase our income tax liabilities, and in turn, increase our global effective tax rate.

Moreover, our existing corporate structure and intercompany arrangements have been implemented in a manner we believe reasonably ensures that we are in compliance with current prevailing tax laws.

These risks include: • increased competition from competitors that traditionally target large and medium-sized businesses, service providers and government organizations and that may already have purchase commitments from those end-customers; • increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements; 18 Table of Contents • unanticipated changes in the capital resources or purchasing behavior of large end-customers, including changes in the volume and frequency of their purchases and changes in the mix of products and services, willingness to change to cloud delivery model and related payment terms; • more stringent support requirements in our support service contracts, including stricter support response times, more complex requirements and increased penalties for any failure to meet support requirements; • longer sales cycles and the associated risk that deals are delayed and that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products and services; • increased requirements from these customers that we have certain third-party security or other certifications, which we may not have, the lack of which may adversely affect our ability to successfully sell to such customers; • uncertainty as to timing to close large deals and any delays in closing those deals; and • longer ramp-up periods for enterprise sales personnel as compared to other sales personnel.

These risks include: • increased competition from competitors that traditionally target large- and medium-sized businesses, service providers and government organizations and that may already have purchase commitments from those end-customers; • increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements; • unanticipated changes in the capital resources or purchasing behavior of large end-customers, including changes in the volume and frequency of their purchases and changes in the mix of products and services, willingness to change to cloud delivery model and related payment terms; • more stringent support requirements in our support service contracts, including stricter support response times, more complex requirements and increased penalties for any failure to meet support requirements; 22 Table of Contents • longer sales cycles and the associated risk that deals are delayed and that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products and services; • increased requirements from these customers that we have certain third-party security or other certifications, which we may not have, the lack of which may adversely affect our ability to successfully sell to such customers; • uncertainty as to timing to close large deals and any delays in closing those deals; and • longer ramp-up periods for enterprise sales personnel as compared to other sales personnel.

Our billings and revenue for any quarter could fall below our expectations or those of securities analysts and investors, resulting in a decline in our stock price, if expected orders at the end of any quarter are delayed or deals are lost for any reason or our ability to fulfill orders at the end of any quarter is hindered for any reason, including, among others: • the failure of anticipated purchase orders to materialize; • our logistics partners’ failure or inability to ship products prior to quarter-end to fulfill purchase orders received near the end of the quarter; • disruption in manufacturing or shipping based on power outages, system failures, labor disputes or constraints, excessive demand, natural disasters or widespread public health problems including pandemics and epidemics; • our failure to accurately forecast our inventory requirements and to appropriately manage inventory to meet demand; • our inability to release new products on schedule; • any failure of our systems related to order review and processing; and • any delays in shipments due to trade compliance requirements, labor disputes or logistics changes at shipping ports, airline strikes, severe weather or otherwise.

Our billings and revenue for any quarter could fall below our expectations or those of securities analysts and investors, resulting in a decline in our stock price, if expected orders at the end of any quarter are delayed or deals are lost for any reason or our ability to fulfill orders at the end of any quarter is hindered for any reason, including, among others: • the failure of anticipated purchase orders to materialize; • our logistics partners’ failure or inability to ship products prior to quarter-end to fulfill purchase orders received near the end of the quarter; • disruption in manufacturing or shipping based on power outages, system failures, labor disputes or constraints, excessive demand, natural disasters, geopolitical matters or widespread public health problems including pandemics and epidemics; • our failure to accurately forecast our inventory requirements and to appropriately manage inventory to meet demand; • our inability to release new products on schedule; • any failure of our systems related to order review and processing; and • any delays in shipments due to trade compliance requirements, labor disputes or logistics changes at shipping ports, airline strikes, severe weather or otherwise.

As part of the Circular Economy Action Plan, the European Commission amended the EU Waste Framework Directive (“WFD”) to include a number of measures related to waste prevention and recycling, whereby we are responsible for submitting product data to a Substances of Concern In articles as such or in complex objects (Products) (“SCIP”) database containing information on Substances of Very High Concern (“SVHC”) in articles and in complex objects.

As a result, any failure by us to maintain profitability and margins and continue our billings, revenue and free cash flow growth could cause the price of our common stock to materially decline. Our real estate investments, including construction or acquisition of new data centers, data center expansions or office buildings, could involve significant risks to our business.

As a result, any failure by us to maintain profitability and margins and continue our billings, revenue and free cash flow growth could cause the price of our common stock to materially decline. Our real estate investments, including construction, acquisition or leasing of new data centers, data center expansions or office buildings, could involve significant risks to our business.

Government demand, sales and payment for our products and services may be negatively impacted by numerous factors and requirements unique to selling to government agencies, such as: • policies, laws and regulations have in the past, and may in the future, require us to obtain and maintain certain security and other certifications in order to sell our products and services into certain government organizations, and such certifications may be costly and time-consuming to obtain and maintain; • funding authorizations and requirements unique to government agencies, with funding or purchasing reductions or delays adversely affecting public sector demand for our products; and • geopolitical matters, including tariff and trade disputes, government shutdowns, impact of the war in Ukraine and the Israel-Hamas war, tensions between China and Taiwan and trade protectionism and other political dynamics that may adversely affect our ability to sell in certain locations or obtain the requisite permits and clearances required for certain purchases by government organizations of our products and services.

Government demand, sales and payment for our products and services may be negatively impacted by numerous factors and requirements unique to selling to government agencies, such as: • policies, laws and regulations have in the past, and may in the future, require us to obtain and maintain certain security and other certifications in order to sell our products and services into certain government organizations, and such certifications may be costly and time-consuming to obtain and maintain; • funding authorizations and requirements unique to government agencies, with funding or purchasing reductions or delays adversely affecting public sector demand for our products; and • geopolitical matters, including tariff and trade disputes, government shutdowns, impact of the war in Ukraine, tensions between China and Taiwan and trade protectionism and other political dynamics that may adversely affect our ability to sell in certain locations or obtain the requisite permits and clearances required for certain purchases by government organizations of our products and services.

For example, AI technologies, including generative AI, may create content that appears correct but is factually inaccurate or flawed, or contains copyrighted or other protected material, and if our customers or others use this flawed content to their detriment, we may be exposed to brand or reputational harm, competitive harm, or legal liability.

For example, AI technologies, including generative AI, may create content that appears correct but is factually inaccurate (hallucinations) or flawed, or contains copyrighted or other protected material, and if our customers or others use this flawed content to their detriment, we may be exposed to brand or reputational harm, competitive harm, or legal liability.

In addition, if we do not have certain certifications, this may restrict our ability to sell to certain government customers until we have obtained certain certifications and we may not obtain the certifications in a timely manner or at all. For example, certain of our competitors may have decided to become certified under the U.S.

In addition, if we do not have certain certifications, this may restrict our ability to sell to certain customers until we have obtained certain certifications and we may not obtain the certifications in a timely manner or at all. For example, certain of our competitors may have decided to become certified under the U.S.

The SCIP database is established under the WFD and managed by the European Chemicals Agency (“ECHA”). We have incurred costs in order to comply with this new requirement. Similar laws and regulations have been passed or are pending in the European Economic Area and the UK.

The SCIP database is established under the WFD and managed by the European Chemicals Agency. We have incurred costs in order to comply with this new requirement. Similar laws and regulations have been passed or are pending in the European Economic Area and the UK.

If we cannot manufacture and ship our products due to, for example, global chip shortages, excessive demand on contract manufacturers capacity, natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, cyber events, pandemics and epidemics or manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars or other foreign conflicts, such as the war in Ukraine and the Israel-Hamas war or tensions between China and Taiwan, and critical infrastructure attacks, our business and financial results could be materially and adversely impacted.

If we cannot manufacture and ship our products due to, for example, global chip shortages, excessive demand on contract manufacturers capacity, natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, health pandemics and epidemics or manmade events such as civil unrest, labor disruption, cyber events, international trade disputes, international conflicts, terrorism, wars or other foreign conflicts, such as the war in Ukraine or tensions between China and Taiwan, and critical infrastructure attacks, our business and financial results could be materially and adversely impacted.

Our new products, services or enhancements could fail to attain sufficient market acceptance for many reasons, including: • delays in releasing our new products, services or enhancements to the market; • failure to accurately predict market demand in terms of product and service functionality and to supply products and services that meet this demand in a timely fashion; 22 Table of Contents • failure to have the appropriate research and development expertise and focus to make our top strategic products and services successful; • failure of our sales force and partners to focus on selling new products and services; • inability to interoperate effectively with the networks or applications of our prospective end-customers; • inability to protect against new types of attacks or techniques used by hackers; • actual or perceived defects, vulnerabilities, errors or failures; • negative publicity about their performance or effectiveness; • introduction or anticipated introduction of competing products and services by our competitors; • poor business conditions for our end-customers, causing them to delay IT purchases; • changes to the regulatory requirements around security; and • reluctance of customers to purchase products or services incorporating open source software.

Our new products, services or enhancements could fail to attain sufficient market acceptance for many reasons, including: • actual or perceived defects, vulnerabilities, errors or failures; • delays in releasing our new products, services or enhancements to the market; • failure to accurately predict market demand in terms of product and service functionality and to supply products and services that meet this demand in a timely fashion; • failure to have the appropriate research and development expertise and focus to make our top strategic products and services successful; • failure of our sales force and partners to focus on selling new products and services; • inability to interoperate effectively with the networks or applications of our prospective end-customers; • inability to protect against new types of attacks or techniques used by hackers; • negative publicity about their performance or effectiveness; • introduction or anticipated introduction of competing products and services by our competitors; • poor business conditions for our end-customers, causing them to delay IT purchases; • changes to the regulatory requirements around security; and • reluctance of customers to purchase products or services incorporating open source software.

Efforts to withdraw from or materially modify international trade agreements, to change tax provisions related to global manufacturing and sales or to impose new tariffs, economic sanctions or related legislation, any of which could adversely affect our financial condition and results of operations.

Any efforts to withdraw from or materially modify international trade agreements, change tax provisions related to global manufacturing and sales or impose new tariffs, economic sanctions or related legislation, could adversely affect our financial condition and results of operations.

We are subject to various environmental laws and regulations, including laws governing the hazardous material content of our products, laws relating to our real property and future expansion plans and laws concerning the recycling of Electrical and Electronic Equipment (“EEE”).

In addition, a strengthening of the U.S. dollar may increase the real cost of our products to our customers outside of the United States, which may also adversely affect our financial condition and results of operations. 38 Table of Contents We could be subject to changes in our tax rates, the adoption of new U.S. or international tax legislation, exposure to additional tax liabilities or impacts from the timing of tax payments.

In addition, a strengthening of the U.S. dollar may increase the real cost of our products to our customers outside of the United States, which may also adversely affect our financial condition and results of operations. 41 Table of Contents We could be subject to changes in our tax rates, the adoption of new U.S. or international tax legislation, exposure to additional tax liabilities or impacts from the timing of tax payments.

Our channel partner sales structure could subject us to lawsuits, potential liability and reputational harm if, for 14 Table of Contents example, any of our channel partners misrepresent the functionality of our products or services to end-customers, our service provider customers suffer a cyber event impacting end-users, or our channel partners violate laws or our corporate policies.

Our channel partner sales structure could subject us to lawsuits, potential liability and reputational harm if, for 17 Table of Contents example, any of our channel partners misrepresent the functionality of our products or services to end-customers, our service provider customers suffer a cyber event impacting end-users, or our channel partners violate laws or our corporate policies.

In addition, regional instability, international disputes, wars, such as the war in Ukraine and the Israel-Hamas war and any expansion thereof, and other acts of aggression, civil and political unrest, labor disruptions, rebellions, acts of terrorism and other geo-political unrest could cause disruptions in our business or the business of our manufacturers, suppliers, logistics providers, partners or end-customers, or of the economy as a whole.

In addition, regional instability, international disputes, wars, such as the war in Ukraine and any expansion thereof, and other acts of aggression, civil and political unrest, labor disruptions, rebellions, acts of terrorism and other geo-political unrest could cause disruptions in our business or the business of our manufacturers, suppliers, logistics providers, partners or end-customers, or of the economy as a whole.

Any breach of our networks, systems or websites could impair our ability to operate our business, including our ability to provide FortiGuard and other security subscription and FortiCare technical support services to our end-customers, lead to interruptions or system slowdowns, cause loss of critical data or lead to the unauthorized disclosure or use of confidential, proprietary or sensitive information.

Any breach of our networks, systems or websites could impair our ability to operate our business, including our ability to provide FortiGuard and other security subscriptions and FortiCare technical support services to our end-customers, lead to interruptions or system slowdowns, cause loss of critical data or lead to the unauthorized disclosure or use of confidential, proprietary or sensitive information.

For example, our order processing relies on both manual data entry of customer purchase orders received through email and electronic data interchange (EDI).

For example, our order processing relies on both manual data entry of customer purchase orders received through email and electronic data interchange.

Although our most recent assessment, testing and evaluation resulted in our conclusion that, as of December 31, 2023, our internal controls over financial reporting were effective, we cannot predict the outcome of our testing in 2024 or future periods and there can be no assurance that, in the future, our internal controls over financial reporting will be effective or deemed effective.

Although our most recent assessment, testing and evaluation resulted in our conclusion that, as of December 31, 2024, our internal controls over financial reporting were effective, we cannot predict the outcome of our testing in 2025 or future periods and there can be no assurance that, in the future, our internal controls over financial reporting will be effective or deemed effective.

Our FortiGuard and other security subscription and FortiCare technical support services revenue also makes it difficult for us to rapidly increase our revenue through additional service sales in any period, as revenue from new and renewal support services contracts must be recognized over the applicable service term.

Our FortiGuard and other security subscriptions and FortiCare technical support services revenue also makes it difficult for us to rapidly increase our revenue through additional service sales in any period, as revenue from new and renewal support services contracts must be recognized over the applicable service term.

The EU’s WEEE Directive, which requires electronic goods producers to be responsible for the collection, recycling and treatment of such products.

The EU’s WEEE Directive requires electronic goods producers to be responsible for the collection, recycling and treatment of such products.

These projects 12 Table of Contents expose us to risks which could have an adverse effect on our results of operations and financial condition. The current global supply chain and inflation issues have exacerbated many of these construction risks and created additional risks for our business.

These projects expose us to risks which could have an adverse effect on our results of operations and financial condition. The 15 Table of Contents current global supply chain and inflation issues have exacerbated many of these construction risks and created additional risks for our business.

Because we recognize revenue from these services over the term of the relevant service period, downturns or upturns in sales of FortiGuard and other security subscription and FortiCare technical support services are not immediately reflected in full in our operating results.

Because we recognize revenue from these services over the term of the relevant service period, downturns or upturns in sales of FortiGuard and other security subscriptions and FortiCare technical support services are not immediately reflected in full in our operating results.

We outsource the manufacturing of our security appliance products to contract manufacturing partners and original design manufacturing partners, including manufacturers with facilities located in Taiwan and other countries outside the United States such as ADLINK, IBASE, Micro-Star, Senao and Wistron.

The loss of the services or the 13 Table of Contents distraction of our senior management for any reason could adversely affect our business, financial condition and results of operations. We rely on third-party channel partners for substantially all of our revenue.

The loss of the services or the 16 Table of Contents distraction of our senior management for any reason could adversely affect our business, financial condition and results of operations. We rely on third-party channel partners for substantially all of our revenue.

These can negatively impact our business by putting downward pressure on growth if we are unable to achieve the increases in product prices necessary to appropriately offset the additional costs in a manner sufficient to maintain margins. Any of these impacts may materially and adversely affect our business, financial condition, results of operations and liquidity.

These can negatively impact our business by putting downward pressure on growth if we are unable to achieve the increases in 14 Table of Contents product prices necessary to appropriately offset the additional costs in a manner sufficient to maintain margins. Any of these impacts may materially and adversely affect our business, financial condition, results of operations and liquidity.

Given the nature of AI technology, we face an evolving regulatory landscape and significant competition from other companies. Our AI efforts may not be successful and our competitors may incorporate AI into their products more quickly or more successfully than us, which 31 Table of Contents could impair our ability to compete effectively and adversely affect our financial results.

Given the nature of AI technology, we face an evolving regulatory landscape and significant competition from other companies. Our AI efforts may not be successful and our competitors may incorporate AI into their products more quickly or more successfully than us, which could impair our ability to compete effectively and adversely affect our financial results.

We may experience slowing growth or a decrease in billings, revenue, operating margin and free cash flow for a number of reasons, including a slowdown in demand for our products or services, a shift in demand from products to services, decrease in services revenue growth, increased competition, execution challenges including sales execution challenges and lack of optimal sales productivity, worldwide or regional economic challenges based on inflation or possible stagflation, a regional recession or a recession in the global economy, rising interest rates, the war in Ukraine and the Israel-Hamas war, a decrease in the growth of our overall market or softness in demand in certain geographies or industry verticals, such as the service provider industry, changes in our strategic opportunities, execution risks, lower sales productivity and our failure for any reason to continue to capitalize on sales and growth opportunities due to other risks identified in the risk factors described in this periodic report.

We may experience slowing growth or a decrease in billings, revenue, operating margin and free cash flow for a number of reasons, including a slowdown in pipeline growth or for demand for our products or services generally, a shift in demand from products to services, decrease in services revenue growth, increased competition, execution challenges including sales execution challenges and lack of optimal sales productivity, worldwide or regional economic challenges based on inflation or possible stagflation, a regional recession or a recession in the global economy, changing interest rates, the war in Ukraine, a decrease in the growth of our overall market or softness in demand in certain geographies or industry verticals, such as the service provider industry, changes in our strategic opportunities, execution risks, lower sales productivity and our failure for any reason to continue to capitalize on sales and growth opportunities due to other risks identified in the risk factors described in this periodic report.

We order components from third-party manufacturers based on our forecasts of future demand and targeted inventory levels, which exposes us to the risk of both product shortages, which may result in lost sales and higher expenses, and excess inventory, which may require us to sell our products at discounts and lead to write-offs.

We order components from third-party manufacturers based on our forecasts of future demand and targeted inventory levels, which exposes us to the risk of product shortages, which may result in lost sales, higher expenses and excess inventory, which may require us to sell our products at discounts and lead to inventory charges or write-offs.

Any actual, possible or perceived defects, errors or vulnerabilities in our products, or misuse of our products, could result in: • the expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate or work around errors or defects or to address and eliminate vulnerabilities; • the loss of existing or potential end-customers or channel partners; • delayed or lost revenue; 27 Table of Contents • delay or failure to attain market acceptance; • negative publicity and harm to our reputation; and • disclosure requirements, litigation, regulatory inquiries or investigations that may be costly and harm our reputation and, in some instances, subject us to potential liability that is not contractually limited.

Any actual, possible or perceived defects, errors or vulnerabilities, including critical vulnerabilities, in our products, or misuse of our products, could result in: • the expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate or work around errors or defects or to address and eliminate vulnerabilities; • the loss of existing or potential end-customers or channel partners; • delayed or lost revenue; • delay or failure to attain market acceptance; • negative publicity and harm to our reputation; and • disclosure requirements, litigation, regulatory inquiries or investigations that may be costly and harm our reputation and, in some instances, subject us to potential liability that is not contractually limited.

Furthermore, we recognize FortiGuard and other security subscription and FortiCare technical support services revenue ratably over the term of the service period, which is typically from one to five years.

Furthermore, we recognize FortiGuard and other security subscriptions and FortiCare technical support services revenue ratably over the term of the service period, which is typically from one to five years.

In addition, computer hackers and others who try to attack networks employ increasingly sophisticated techniques to gain access to and attack systems and networks. The technology in our products is especially complex because of the requirements to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance.

In addition, computer hackers and others who try to attack networks employ increasingly 28 Table of Contents sophisticated techniques to gain access to and attack systems and networks. The technology in our products is especially complex because of the requirements to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance.

We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover any claim asserted against us, if at all, and in some instances may subject us to potential liability that is not contractually limited.

We 33 Table of Contents maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover any claim asserted against us, if at all, and in some instances may subject us to potential liability that is not contractually limited.

In certain jurisdictions, these regulatory requirements may be 34 Table of Contents more stringent than in the United States. Non-compliance with applicable regulations or requirements could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages and civil and criminal penalties or injunctions.

In certain jurisdictions, these regulatory requirements may be more stringent than in the United States. Non-compliance with applicable regulations or requirements could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages and civil and criminal penalties or injunctions.

Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations.

Any change in export or import regulations, economic sanctions or related legislation, shift 39 Table of Contents in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations.

Many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking products, which may make them reluctant to add new components to their networks, particularly from other vendors such as us.

Many organizations have invested substantial personnel and financial resources to design and operate their networks and have 29 Table of Contents established deep relationships with other providers of networking products, which may make them reluctant to add new components to their networks, particularly from other vendors such as us.

In addition, defects or errors in our FortiGuard and other security subscription or FortiCare updates or our Fortinet appliances and operating systems could result in a failure of our FortiGuard and other security subscription services to effectively or correctly update end-customers’ Fortinet appliances and cloud-based products and thereby leave customers vulnerable to attacks.

In addition, defects or errors in our FortiGuard and other security subscriptions or FortiCare updates or our Fortinet appliances and operating systems could result in a failure of our FortiGuard and other security subscription services to effectively or correctly update end-customers’ Fortinet appliances and cloud-based products and thereby leave customers vulnerable to attacks or to disruptions in operations.

There is also a risk that we are slower to offer these solutions than competitors. The risks are compounded by the uncertainty concerning the future success of any of our particular subscription 23 Table of Contents cloud-based business models and the future demand for our subscription cloud-based models by customers.

There is also a risk that we are slower to offer these solutions than competitors. The risks are compounded by the uncertainty concerning the future success of any of our particular subscription cloud-based business models and the future demand for our subscription cloud-based models by customers.

Moreover, the inclusion in our products of software or other IP licensed from third parties on a non-exclusive basis could limit our ability to differentiate our products from those of our competitors. 33 Table of Contents We also rely on technologies licensed from third parties in order to operate functions of our business.

Moreover, the inclusion in our products of software or other IP licensed from third parties on a non-exclusive basis could limit our ability to differentiate our products from those of our competitors. We also rely on technologies licensed from third parties in order to operate functions of our business.

Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations. 36 Table of Contents If we fail to comply with environmental requirements, our business, financial condition, operating results and reputation could be adversely affected.

Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations. If we fail to comply with environmental requirements, our business, financial condition, operating results and reputation could be adversely affected.

The results of certain businesses that we invest in, such as Linksys, are, or may in the future, be reflected in our operating results, and we depend on these companies to provide us financial information in a timely manner in order to meet our financial reporting requirements.

The results of certain businesses that we invest in are, or may in the future, be reflected in our operating results, and we depend on these companies to provide us financial information in a timely manner in order to meet our financial reporting requirements.

Further, any refusal to grant certain certifications or clearances by one government agency, or any decision by one government agency that our products do not meet certain standards, may 20 Table of Contents reduce business opportunities and cause reputational harm and cause concern with other government agencies, governments and businesses and cause them to not buy our products and services and/or lead to a decrease in demand for our products generally.

Further, any refusal to grant certain certifications or clearances by one government agency, or any decision by one government agency that our products do not meet certain standards, may reduce business opportunities and cause reputational harm and cause concern with other government agencies, governments and businesses and cause them to not buy our products and services and/or lead to a decrease in demand for our products generally.

Because we depend on several third-party manufacturers to build our products, we are susceptible to manufacturing delays that could prevent us from shipping customer orders on time, if at all, and may result in the loss of sales and customers, and third-party manufacturing cost increases could result in lower gross margins and free cash flow.

Because we depend on several third-party manufacturers to build our products, we are susceptible to manufacturing delays that could prevent us from shipping customer orders on time, if at all, and may result in the loss of sales and customers, additional third-party manufacturing cost increases and changes in the geopolitical environment could result in lower gross margins and free cash flow.

As a result, much of the FortiGuard and other security subscription and FortiCare technical support services revenue we report each quarter is the recognition of deferred revenue from FortiGuard and other security subscription and FortiCare technical support services contracts entered into during previous quarters or years.

As a result, much of the FortiGuard and other security subscriptions and FortiCare technical support services revenue we report each quarter is the recognition of deferred revenue from FortiGuard and other security subscriptions and FortiCare technical support service contracts entered into during previous quarters or years.

We cannot ensure that our products will prevent all adverse security events. Because the techniques used by malicious adversaries to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques.

We cannot ensure that our products will prevent all adverse security events or not cause disruptions to our customers’ operations. Because the techniques used by malicious adversaries to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques.

Future changes in growth or fluctuations in cash flow may also negatively impact our ability to pay for these projects or free cash flow. Additionally, inaccuracies in our projected capital expenditures could negatively impact our business, operating results and financial condition. We may experience difficulties maintaining and expanding our internal business management systems.

Future changes in growth or fluctuations in cash flow may also negatively impact our ability to pay for these projects or free cash flow. Additionally, inaccuracies in our projected capital expenditures could negatively impact our business, operating results and financial condition. 34 Table of Contents We may experience difficulties maintaining and expanding our internal business management systems.

In addition, in the event significant customers require payment 15 Table of Contents terms for FortiGuard and other security subscription and FortiCare technical support services in arrears or for shorter periods of time than annually, such as monthly or quarterly, this may negatively impact our billings and revenue.

In addition, in the event significant customers require payment terms for 18 Table of Contents FortiGuard and other security subscriptions and FortiCare technical support services in arrears or for shorter periods of time than annually, such as monthly or quarterly, this may negatively impact our billings and revenue.

The introduction by component suppliers of new versions of their products, particularly if not anticipated by us or our contract manufacturers, could 25 Table of Contents require us to expend significant resources to incorporate these new components into our products.

The introduction by component suppliers of new versions of their products, particularly if not anticipated by us or our contract manufacturers, could require us to expend significant resources to incorporate these new components into our products.

This could harm our relationships with our channel partners and end-customers and could cause delays in shipment of our products and adversely affect our results of operations. In addition, increased component costs could result in lower gross margins.

This could harm our relationships with our channel partners 31 Table of Contents and end-customers and could cause delays in shipment of our products and adversely affect our results of operations. In addition, increased component costs could result in lower gross margins.

In some cases, we may not have a contractual right with our public cloud or co-location providers that compensates us for any losses due to availability interruptions in our cloud-based subscription services.

In some cases, we may not have a contractual right with our public cloud or colocation providers that compensates us for any losses due to availability interruptions in our cloud-based subscription services.

If we fail to optimize our channel partner model or fail to manage existing sales channels, our business will be seriously harmed. Reliance on a concentration of shipments at the end of the quarter could cause our billings and revenue to fall below expected levels.

If we fail to optimize our channel partner model or fail to manage existing sales channels, our business will be seriously harmed. Reliance on a concentration of shipments at the end of the quarter or changes in shipping terms could cause our billings and revenue to fall below expected levels.

We rely significantly on revenue from FortiGuard and other security subscription and FortiCare technical support services, and revenue from these services may decline or fluctuate.

We rely significantly on revenue from FortiGuard and other security subscriptions and FortiCare technical support services, and revenue from these services may decline or fluctuate.

Our FortiGuard and other security subscription and FortiCare technical support services revenue has historically accounted for a significant percentage of our total revenue.

Our FortiGuard and other security subscriptions and FortiCare technical support services revenue has historically accounted for a significant percentage of our total revenue.

Revenue from the sale of new, or from the renewal of existing, FortiGuard and other security subscription and FortiCare technical support service contracts may decline and fluctuate as a result of a number of factors, including fluctuations in purchases of secure networking, unified SASE and security operations, changes in the sales mix between products and services, end-customers’ level of satisfaction with our products and services, the prices of our products and services, the prices of products and services offered by our competitors, reductions in our customers’ spending levels and the timing of revenue recognition with respect to these arrangements.

Revenue from the sale of new, or from the renewal of existing, FortiGuard and other security subscriptions and FortiCare technical support service contracts may decline and fluctuate as a result of a number of factors, including fluctuations and changes in the mix of our sales from secure networking, unified SASE and security operations between products and services, end-customers’ level of satisfaction with our products and services, the prices of our products and services, the prices of products and services offered by our competitors, reductions in our customers’ spending levels and the timing of revenue recognition with respect to such sales.

We have incurred indebtedness and may incur other debt in the future, which may adversely affect our financial condition and future financial results. As of December 31, 2023, we had an aggregate of $992.3 million of indebtedness outstanding under our Senior Notes. Under the agreements governing our indebtedness, we are permitted to incur additional debt.

We have incurred indebtedness and may incur other debt in the future, which may adversely affect our financial condition and future financial results. As of December 31, 2024, we had an aggregate of $994.3 million of indebtedness outstanding under our Senior Notes. Under the agreements governing our indebtedness, we are permitted to incur additional debt.

Any such damages, penalties, disruptions or limitations in our ability to do business could have an adverse effect on our business and operating results. 35 Table of Contents We are subject to governmental export and import controls that could subject us to liability or restrictions on sales, and that could impair our ability to compete in international markets.

Any such damages, penalties, disruptions or limitations in our ability to do business could have an adverse effect on our business and operating results. We are subject to governmental export and import controls that could subject us to liability or restrictions on sales, and that could impair our ability to compete in international markets.

We are also subject to a number of risks typically associated with international sales and operations, including: • disruption in the supply chain or in manufacturing or shipping, or decreases in demand by channel partners or end-customers, including any such disruption or decreases caused by factors outside of our control such as natural disasters and health emergencies, including earthquakes, droughts, fires, power outages, typhoons, floods, pandemics or epidemics and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars or other foreign conflicts, such as the war in Ukraine and the Israel-Hamas war or tensions between China and Taiwan, and critical infrastructure attacks; • fluctuations in foreign currency exchange rates or a strengthening of the U.S. dollar, as a significant portion of our expenses is incurred and paid in currencies other than the U.S. dollar, and the impact such fluctuations may have on the actual prices that our partners and customers are willing to pay for our products and services; • economic or political instability in foreign markets, such as any economic or political instability caused by economic downturns and wars or other foreign conflicts, such as the war in Ukraine and the Israel-Hamas war, tensions between China and Taiwan and any expansions thereof; • instability in the global banking system; • greater difficulty in enforcing contracts and accounts receivable collection, including longer collection periods; • longer sales processes for larger deals; • changes in regulatory requirements; • difficulties and costs of staffing and managing foreign operations; • the uncertainty of protection for Intellectual Property (“IP”) rights in some countries; • costs of compliance with foreign policies, laws and regulations and the risks and costs of non-compliance with such policies, laws and regulations; • protectionist policies and penalties, and local laws, requirements, policies and perceptions that may adversely impact a U.S.-headquartered business’s sales in certain countries outside of the United States; • costs of complying with, and the risks, reputational damage and other costs of non-compliance with, U.S. or other foreign laws and regulations for foreign operations, including the U.S.

We are also subject to a number of risks typically associated with international sales and operations, including: • disruption in the supply chain or in manufacturing or shipping, or decreases in demand by channel partners or end-customers, including any such disruption or decreases caused by factors outside of our control such as natural disasters and health emergencies, including earthquakes, droughts, fires, power outages, typhoons, floods, pandemics or epidemics and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars or other foreign conflicts, such as the war in Ukraine or tensions between China and Taiwan, and critical infrastructure attacks; • fluctuations in foreign currency exchange rates or a strengthening of the U.S. dollar, as a significant portion of our expenses is incurred and paid in currencies other than the U.S. dollar, and the impact such fluctuations may have on the actual prices that our partners and customers are willing to pay for our products and services; • political instability, changes in trade agreements and conflicts such as the war in Ukraine, tensions between China and Taiwan and any expansions thereof, could adversely affect our business and financial performance; • economic instability in foreign markets, such as any economic instability caused by economic downturns or recessions, could adversely affect our business and financial performance; • greater difficulty in enforcing contracts and accounts receivable collection, including longer collection periods; • longer sales processes for larger deals; • changes in regulatory requirements; • difficulties and costs of staffing and managing foreign operations; • the uncertainty of protection for IP rights in some countries; • costs of compliance with foreign policies, laws and regulations and the risks and costs of non-compliance with such policies, laws and regulations; • protectionist policies and penalties, and local laws, requirements, policies and perceptions that may adversely impact a U.S.-headquartered business’s sales in certain countries outside of the United States; • costs of complying with, and the risks, reputational damage and other costs of non-compliance with, U.S. or other foreign laws and regulations for foreign operations, including the U.S.

The existence of inflation in certain economies has resulted in, and may continue to result in, increasing or decreasing interest rates and capital costs, increased component or shipping costs, increased costs of labor, weakening exchange rates and other similar effects.

The existence of inflation in certain economies has resulted in, and may continue to result in, changing interest rates and capital costs, increased component or shipping costs, increased costs of labor, weakening exchange rates and other similar effects.

F urther, we cannot be sure that third parties have not been, or will not in the future be, successful in improperly accessing our systems and our customers’ systems, which could negatively impact us and our customers.

Further, we cannot be sure that third parties have not been, or will not in the future be, successful in improperly accessing our systems and our customers’ systems, which could negatively impact us and our customers.

Larger competitors with more diverse product offerings may reduce the price of products and services that compete with ours in order to promote the sale of other products or services or may bundle them with other products or 26 Table of Contents services.

To forecast our global tax rate, we estimate our pre-tax profits and losses by jurisdiction and forecast our tax expense by 39 Table of Contents jurisdiction.

To forecast our global tax rate, we estimate our pre-tax profits and losses by jurisdiction and forecast our tax expense by 42 Table of Contents jurisdiction.

Moreover, the threat landscape continues to evolve as a result of new technologies, including artificial intelligence (“AI”), and malicious parties may use AI to help attack our solutions, systems, and our customers.

Moreover, the threat landscape continues to evolve as a result of new technologies, including AI, and malicious parties may use AI to help attack our solutions, systems, and our customers.

Some of our existing and potential competitors enjoy competitive advantages such as: • greater name recognition and/or longer operating histories; • larger sales and marketing budgets and resources; • broader distribution and established relationships with distribution partners and end-customers; • access to larger customer bases; • greater customer support resources; • greater resources to make acquisitions; • stronger U.S. government relationships; • lower labor and development costs; and • substantially greater financial, technical and other resources.

Some of our existing and potential competitors enjoy competitive advantages such as: • greater name recognition and/or longer operating histories; • larger sales and marketing budgets and resources; • broader distribution and established relationships with distribution partners and end-customers; • access to larger customer bases; • greater customer support resources; • greater expertise in certain single point solutions; • greater resources to make acquisitions; • stronger U.S. government relationships; • lower labor and development costs; and • substantially greater financial, technical and other resources.

Under these rules, we are required to obtain sourcing data from suppliers, perform supply chain due diligence, and file annually with the SEC a specialized disclosure report on Form SD covering the prior calendar year.

Under these rules, we are required to obtain sourcing data 30 Table of Contents from suppliers, perform supply chain due diligence, and file annually with the SEC a specialized disclosure report on Form SD covering the prior calendar year.

The criteria by which our corporate 37 Table of Contents responsibility practices are assessed may change due to the constant evolution of the sustainability landscape, which could result in greater expectations of us and cause us to undertake costly initiatives to satisfy such new criteria.

The criteria by which our corporate responsibility practices are assessed may change due to the constant evolution of the global sustainability landscape, which could result in greater expectations of us and cause us to undertake costly initiatives to satisfy such new criteria.

If our sales of new, or renewals of existing, FortiGuard and other security subscription and FortiCare technical support service contracts decline, our revenue and revenue growth may decline and our business could suffer.

If our sales of new, or renewals of existing, FortiGuard and other security subscriptions and FortiCare technical support service contracts decline, our revenue and revenue growth may decrease and our business could suffer.

Some of the risks associated with construction projects include: • construction delays; • lack of availability and delays for data center equipment, including items such as generators and switchgear; • unexpected budget changes; • increased prices for and delays in obtaining building supplies, raw materials and data center equipment; • labor availability, labor disputes and work stoppages with contractors, subcontractors and other third parties; • unanticipated environmental issues and geological problems; • delays related to permitting and approvals to open from public agencies and utility companies; • unexpected lack of power access; • failure or inability for any reason to meet customer requirements; • investor expectations regarding ESG; • delays in site readiness leading to our failure to meet commitments made to customers; and • unanticipated customer requirements that would necessitate alternative data center design, making our sites less desirable or leading to increased costs in order to make necessary modifications or retrofits.

Some of the risks associated with construction projects include: • construction delays; • lack of availability and delays for data center equipment, including items such as generators and switchgear; • unexpected budget changes; • increased prices for and delays in obtaining building supplies, raw materials and data center equipment; • labor availability, labor disputes and work stoppages with contractors, subcontractors and other third parties; • unanticipated environmental or regulatory issues and geological problems; • delays related to permitting and approvals to open from public agencies and utility companies; • unexpected lack of power access or unexpected increases in power needs; • failure or inability for any reason to meet customer requirements and service level agreements, and any resulting penalties or liabilities related thereto; • investor expectations regarding sustainability; • delays in site readiness leading to our failure to meet commitments made to customers; and • unanticipated customer requirements that would necessitate alternative data center design, making our sites less desirable or leading to increased costs in order to make necessary modifications or retrofits.

Consequently, a decline in new or renewed FortiGuard and other security subscription and FortiCare technical support services contracts in any one quarter will not be fully reflected in revenue in that quarter but will negatively affect our revenue in future quarters.

Consequently, a decline in new or renewed FortiGuard and other security subscriptions and FortiCare technical support service contracts in any one quarter will not be fully reflected in revenue in that quarter but will negatively affect our revenue in future quarters.

Additionally, a small number of distributors represents a large percentage of our revenue and accounts receivable, and one distributor accounted for 33% of our total net accounts receivable as of December 31, 2023.

Additionally, a small number of distributors represents a large percentage of our revenue and accounts receivable, and one distributor accounted for 31% of our total net accounts receivable as of December 31, 2024.

Weak global and regional economic conditions and spending environments, based on a downturn in the economy, a possible recession and the effects of ongoing or increased inflation or possible stagflation in certain geographies, increasing or decreasing interest rates, geopolitical instability and uncertainty, a reduction in information technology spending regardless of macroeconomic conditions, the effects of epidemics and pandemics and the impact of the war in Ukraine and the Israel-Hamas war each could have a material adverse impacts on our financial condition and results of operations and our business, including resulting in longer sales cycles, lower prices for our products and services, increased component costs, higher default rates among our channel partners, reduced unit sales, lower prices and slower or declining growth.

Weak global and regional economic conditions and spending environments, based on a downturn in the economy, a possible recession and the effects of ongoing or increased inflation or possible stagflation in certain geographies, tariffs or other trade disruptions, changing interest rates, geopolitical instability and uncertainty, a reduction in information technology spending regardless of macroeconomic conditions, the effects of epidemics and pandemics and the impact of the war in Ukraine could have a material adverse impacts on our financial condition and results of operations and our business, including resulting in longer sales cycles, lower prices for our products and services, increased component costs, higher default rates among our channel partners, reduced unit sales, lower prices and slower or declining growth.

Any person or entity purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to this provision.

Any person or entity 44 Table of Contents purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to this provision.

Any manufacturing disruption related to our third-party manufacturers or their component suppliers for any reason, including global chip shortages, natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, health pandemics and epidemics and manmade events such as civil unrest, labor disruption, cyber events, international trade disputes, international conflicts, terrorism, wars, such as the war in Ukraine and the Israel-Hamas war, and critical infrastructure attacks, could impair our ability to fulfill orders.

Any manufacturing disruption related to our third-party manufacturers or their component suppliers for any reason, including global chip shortages, natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, health pandemics and epidemics and manmade events such as civil unrest, labor disruption, cyber events, international trade disputes, international conflicts, terrorism, wars or other foreign conflicts, such as the war in Ukraine or tensions between China and Taiwan, and critical infrastructure attacks, could impair our ability to fulfill orders.

Defects, errors or vulnerabilities may impede or block network traffic, cause our products or services to be vulnerable to electronic break-ins, cause them to fail to help secure our customers or cause our products or services to allow unauthorized access to our customers’ networks.

AI presents new risks and challenges that may affect our business. We have made, and expect to continue to make investments to integrate AI and machine learning technology into our solutions. AI presents risks, challenges, and potentially unintended consequences that could impact our ability to effectively use of AI successfully in our business.

AI presents new risks and challenges that may affect our business. We have made, and expect to continue to make investments to integrate AI and machine learning technology into our solutions, as evidenced by our acquisition of Lacework. AI presents risks, challenges, and potentially unintended consequences that could impact our ability to effectively use of AI successfully in our business.

Despite our efforts and processes to prevent breaches of our internal networks, systems and websites, we are still vulnerable to computer viruses, break-ins, phishing attacks, ransomware attacks, attempts to overload our servers with denial-of-service, vulnerabilities in vendor hardware and software that we leverage, advanced persistent threats from sophisticated actors and other cyber-attacks and similar disruptions from unauthorized access to our internal networks, systems or websites.

Despite our efforts and processes to prevent breaches of our internal networks, systems and websites, whether in our owned data centers, cloud providers or colocations, we are still vulnerable to computer viruses, break-ins, phishing attacks, ransomware attacks, attempts to overload our servers with denial-of-service, vulnerabilities in vendor hardware and software that we leverage, advanced persistent threats from sophisticated actors and other cyber-attacks and similar disruptions from unauthorized access to our internal networks, systems or websites, whether in our owned data centers, cloud providers or colocations.

Any earthquake in the Bay Area or Burnaby, or flooding in Burnaby, could materially negatively impact our ability to provide products and services, such as FortiCare support and FortiGuard subscription services and could otherwise materially negatively impact our business.

Any earthquake in the Bay Area or Burnaby, or flooding in Burnaby, could materially negatively impact our ability to provide products and services, 45 Table of Contents such as FortiCare support and FortiGuard subscription services and could otherwise materially negatively impact our business.

… 144 more changes not shown on this page.

Item 1C. Cybersecurity

Cybersecurity — threats and controls disclosure

14 edited+6 added−0 removed12 unchanged

2023 filing

2024 filing

Biggest changeITEM 1C. Cybersecurity Our board of directors recognizes the critical importance of maintaining the trust and confidence of our customers, end users, business partners, stockholders and employees. Our board of directors is actively involved in oversight of our risk management program, and information and product security represent an important component of our overall approach to enterprise risk management (“ERM”).

Biggest changeOur board of directors is actively involved in oversight of our risk management program, and information and product security represent an important component of our overall approach to enterprise risk management (“ERM”). Our risks from cybersecurity threats are considered in conjunction with other risks in our ERM program.

Information Security: We implement organizational, administrative and technical measures based on commercially reasonable procedures using: (i) industry standard information security measures prescribed for use by NIST; (ii) security measures aligned with the ISO/IEC 27000 series of standards, (iii) Sarbanes-Oxley and SSAE 18/ISAE 3402; (iv) privacy regulations such as the GDPR and the CCPA; (v) business continuity management measures aligned with the ISO/IEC 22301 standard; and (vi) other generally recognized industry standards, in each case, designed to safeguard the confidentiality, integrity, and availability of our infrastructure and data and the resiliency of our operations. 44 Table of Contents Technical Safeguards: We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence.

Information Security: We implement organizational, administrative and technical measures based on commercially reasonable procedures using: (i) industry standard information security measures prescribed for use by NIST; (ii) security measures aligned with the ISO/IEC 27000 series of standards, (iii) Sarbanes-Oxley and SSAE 18/ISAE 3402; (iv) privacy regulations such as the GDPR and the CCPA; (v) business continuity management measures aligned with the ISO/IEC 22301 standard; and (vi) other generally recognized industry standards, in each case, designed to safeguard the confidentiality, integrity, and availability of our infrastructure and data and the resiliency of our operations. 47 Table of Contents Technical Safeguards: We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence.

The Audit Committee also receives prompt and timely information regarding any cybersecurity threat or incident that meets established reporting thresholds, as well as ongoing updates regarding any such threat or incident until it has been mitigated, resolved or otherwise addressed. We believe our systems and processes with respect to the management of risks associated with cybersecurity threats are adequate.

The Cybersecurity Committee also receives prompt and timely information regarding any cybersecurity threat or incident that meets established reporting thresholds, as well as ongoing updates regarding any such threat or incident until it has been mitigated, resolved or otherwise addressed. We believe our systems and processes with respect to the management of risks associated with cybersecurity threats are adequate.

For more information regarding cybersecurity risks that we face and potential impacts on our business related thereto, see our risk factors, including our risk factor titled “If our internal enterprise IT networks, on which we conduct internal business and interface externally, our operational networks, through which we connect to customers, vendors and partners systems and provide services, or our research and development networks, our back-end labs and cloud stacks hosted in our data centers, colocation vendors or public cloud providers, through which we research, develop and host products and services, are compromised, public perception of our products and services may be harmed, our customers may be breached and harmed, we may become subject to liability, and our business, operating results and stock price may be adversely impacted.” Risk Management and Strategy As one of the critical elements of our overall ERM approach, our cybersecurity program is focused on the following key areas: Governance: As discussed in more detail above under the heading, “Governance,” our board of directors’ oversight of cybersecurity risk management is supported by the Audit Committee, which regularly interacts with executives with responsibility for cybersecurity, our Chief Executive Officer, Chief Technology Officer and President, Chief Financial Officer, Chief Operating Officer/General Counsel and other members of management.

For more information regarding cybersecurity risks that we face and potential impacts on our business related thereto, see our risk factors, including our risk factor titled “ If our internal enterprise IT networks, on which we conduct internal business and interface externally, our operational networks, through which we connect to customers, vendors and partners systems and provide services, or our research and development networks, our back-end labs and cloud stacks hosted in our data centers or PoPs, colocation vendors or public cloud providers, through which we research, develop and host products and services, are compromised, public perception of our products and services may be harmed, our customers may be breached and harmed, we may become subject to liability, and our business, operating results and stock price may be adversely impacted. ” Risk Management and Strategy As one of the critical elements of our overall ERM approach, our cybersecurity program is focused on the following key areas: Governance: As discussed in more detail above under the heading, “Governance,” our board of directors’ oversight of cybersecurity risk management is supported by the Cybersecurity Committee, which regularly interacts with executives with responsibility for cybersecurity, our Chief Executive Officer, Chief Technology Officer and President, Chief Financial Officer, Chief Operating Officer/General Counsel, our CISO, and other members of management.

In addition, all members of our board of directors receive management’s cybersecurity updates to the Audit Committee as part of their regular attendance at meetings of our board of directors.

In addition, all members of our board of directors receive management’s cybersecurity updates to the Cybersecurity Committee as part of their regular attendance at meetings of our board of directors.

Incident Response and Recovery Planning: We have established and maintains broad incident response and recovery plans that help enable its effective and orderly management of, and response to, any identified security incidents, including escalation and internal and external-notification steps, allowing the incident response team to respond in a timely manner and enlist appropriate personnel and third-party experts.

Incident Response and Recovery Planning: We have established and maintain broad incident response and recovery plans that help enable its effective and orderly management of, and response to, any identified security incidents, including escalation and internal and external-notification steps, allowing the incident response team to respond in a timely manner and enlist appropriate personnel and third-party experts.

In general, we seek to address cybersecurity risks through a broad, cross-functional approach that is focused on 43 Table of Contents preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.

In general, we seek to address cybersecurity risks through a broad, cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.

Management is promptly updated regarding any significant security events and the Audit Committee regularly reviews updates from our information security and product security leaders about cyber threat response preparedness, security controls and procedures, security program maturity milestones, risk and approaches to risk mitigation and the current and emerging threat landscape.

Management is promptly updated regarding any significant security events and the Cybersecurity Committee regularly reviews updates from our CISO, information security and product security leaders about cyber threat response preparedness, security controls and procedures, security program maturity milestones, risk and approaches to risk mitigation and the current and emerging threat landscape.

Education and Awareness: We provide regular, mandatory training for personnel and contractors regarding cybersecurity threats as a means to equip Fortinet personnel with effective tools to address cybersecurity threats and to communicate Fortinet ’s evolving information security policies, standards, processes and practices.

Education and Awareness: We provide regular, mandatory training for personnel and contractors regarding cybersecurity threats as a means to equip our personnel with effective tools to address cybersecurity threats and to communicate our evolving information security policies, standards, processes and practices.

These reports include updates on our cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program and the emerging threat landscape. Our program is regularly evaluated by internal and external experts with the results of those reviews reported to senior management and the Audit Committee.

The quarterly reports to the Cybersecurity Committee include updates on cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program and the emerging threat landscape. Our cybersecurity program is regularly evaluated by internal and external experts with the results of those reviews reported to senior management and the Cybersecurity Committee.

The results of such assessments, audits and reviews are reported to the Audit Committee and our board of directors and to our management, and we adjust its cybersecurity policies, standards, processes and practices as necessary based on the information provided by these assessments, audits and reviews . Insurance: We maintain information security risk insurance coverage.

The results of such assessments, audits and reviews are reported to the Cybersecurity Committee and our board of directors and to our management, and we adjust its cybersecurity policies, standards, processes and practices as necessary based on the information provided by these assessments, audits and reviews . Insurance: We maintain information security risk insurance coverage. 48 Table of Contents

Our executives with responsibility over cybersecurity provide quarterly reports to the Audit Committee as well as to the Chief Executive Officer and other members of our senior management as appropriate.

Our executives with responsibility over cybersecurity, including our Chief Information Security Officer, provide quarterly reports to the Cybersecurity Committee as well as to the Chief Executive Officer and other members of our senior management as appropriate.

Our risks from cybersecurity threats are considered in conjunction with other risks in our ERM program. In addition, we leverage a cybersecurity-specific risk assessment process and strategy based on the NIST Cybersecurity Framework to manage risks to organizational operations and assets, individuals and other organizations associated with the operation and use of systems.

In addition, we leverage a cybersecurity-specific risk assessment process and strategy based on the NIST Cybersecurity Framework to manage risks to organizational operations and assets, individuals and other organizations associated with the operation and use of systems.

Governance The Audit Committee of our board of directors (the “Audit Committee”) is responsible for reviewing with management our cybersecurity and other information technology risks, controls and processes, including the processes used to prevent or mitigate cybersecurity risks and respond to cybersecurity events.

Governance As a global cybersecurity provider, cybersecurity risk management is integral to our company. Historically, the Audit Committee of our board of directors (the “Audit Committee”) was responsible for reviewing with management our cybersecurity and other information technology risks, controls and processes, including the processes used to prevent or mitigate cybersecurity risks and respond to cybersecurity events.

Added

ITEM 1C. Cybersecurity Our board of directors recognizes the critical importance of maintaining the trust and confidence of our customers, end users, business partners, governmental entities, stockholders and employees.

Added

However, due to the importance of cybersecurity to our company, in July 2024, our board of directors formed Cybersecurity Committee of our board of directors (the “Cybersecurity 46 Table of Contents Committee”), which is solely dedicated to cybersecurity risk management.

Added

Each member of our board of directors is invited to attend all meetings of the committees of our board of directors, including the Cybersecurity Committee, and thus all of the members of our board of directors are apprised of cybersecurity developments.

Added

Our CISO is primarily responsible for our cybersecurity risk management program and partners with our legal team on data privacy matters at the management level. Our CISO, Dr.

Added

Carl Windsor, has over 25 years of experience in various technology and cybersecurity leadership positions, including over 18 years at our company driving product security and strategy and reports to the board Cybersecurity Committee.

Added

The CISO’s leadership team members are all seasoned information security professionals, covering a wide range of security disciplines, who have worked at some of the largest well-known brand names and are experts in their fields. Our CISO monitors, and participates in, our various cybersecurity policies and procedures, and our cybersecurity team regularly updates our CISO on the current status.

Item 2. Properties

Properties — owned and leased real estate

6 edited+1 added−0 removed0 unchanged

2023 filing

2024 filing

Biggest changeAlong with our corporate headquarters, as of December 31, 2023, we operated the following facilities: Location Owned Square Footage Description of Use Burnaby and Ottawa, Canada 560,000 Datacenter operations, support functions and research and development Union City, California 350,000 Manufacturing assembly and operations Plano & Frisco, Texas 130,000 Office space and datacenter operations Torija, Spain 120,000 Future development of datacenter operations Chicago, Illinois 100,000 Office space and retail Sunrise, Florida 100,000 Office space Valbonne, France 70,000 Sales and support functions We also own additional building space in Sunnyvale and Union City, California, and Sydney, Australia, for future development of approximately 450,000 square feet in the aggregate.

Biggest changeAlong with our corporate headquarters, as of December 31, 2024, we operated the following facilities: Location Owned Square Footage Description of Use Union City, California 770,000 Warehousing, operations, and PoP Burnaby, Calgary and Ottawa, Canada 680,000 Data center, PoP, support functions and research and development Atlanta, Georgia 226,000 Sales and support functions and PoP Plano & Frisco, Texas 130,000 Office space and data center Torija, Spain 120,000 Data center Chicago, Illinois 114,000 Office space and PoP Sunrise, Florida 100,000 Office space Sunnyvale, California 97,000 Development Valbonne, France 70,000 Sales and support functions and PoP McMahons Point, Australia 40,000 Office space and PoP New York, New York 40,000 Sales and support functions and PoP We maintain additional leased offices throughout the world, predominantly used as sales and support offices and PoPs, and leased data center spaces throughout the world operated under colocation arrangements.

However, we expect to incur additional operating expenses and capital expenditures in connection with such new or expanded facilities. For information regarding the geographical location of our property and equipment, refer to Note 16 to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K.

However, we expect to incur additional operating expenses and capital expenditures in connection with such new or expanded facilities. For information regarding the geographical location of our property and equipment, refer to Note 16 of our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K.

We intend to expand our facilities, develop unoccupied space, or add new facilities to support our future growth and enter new product markets, and we believe that suitable additional or alternative space will be available or can be developed as needed to accommodate ongoing operations and any such growth.

We intend to expand our facilities, develop unoccupied space, or add new facilities to support our future growth and enter new product markets, and we believe that suitable additional space will be available or can be developed as needed to accommodate ongoing operations and any such growth.

ITEM 2. Properties Our corporate headquarters is located in Sunnyvale, California and comprises approximately 395,000 square feet of building space on 21 acres of land.

ITEM 2. Properties Our corporate headquarters is located in Sunnyvale, California, and comprises approximately 395,000 square feet of building space on 21 acres of land and includes space for future development of PoPs.

Refer to Note 17, Subsequent Events, in Part II, Item 8 of this Annual Report on Form 10-K for the January 2024 purchase of an additional 480,000 square feet in Santa Clara, CA which is located in close proximity to corporate headquarters.

In January 2024, we purchased an additional 480,000 square feet of building space in Santa Clara, California, which is located in close proximity to our corporate headquarters and includes space for future development of a data center. Refer to Note 17.

We maintain additional leased offices throughout the world, predominantly used as sales and support offices, and leased data center spaces throughout the world operated under co-location arrangements. We believe that our existing properties 45 Table of Contents are sufficient and suitable to meet our current needs.

We believe that our existing properties are sufficient and suitable to meet our current needs.

Added

Subsequent Events, in Part II, Item 8 of this Annual Report on Form-10K for the February 2025 signing of a definitive agreement subject to regulatory approval for an additional 540,000 square feet of building space in Frankfurt, Germany.

Item 5. Market for Registrant's Common Equity

Market for Common Equity — stock, dividends, buybacks

7 edited+2 added−2 removed5 unchanged

2023 filing

2024 filing

Biggest changeIn April 2023 and July 2023, our board of directors approved $1.0 billion and $500.0 million increases in the authorized stock repurchase amount under the Repurchase Program, respectively, bringing the aggregate amount authorized to be repurchased to $6.75 billion.

Biggest changeIn January 2024, our board of directors approved a $500.0 million increase in the authorized stock repurchase amount under the Repurchase Program, bringing the aggregate amount authorized to be repurchased to $7.25 billion of our outstanding common stock. In February 2024, our board of directors approved an extension of the Repurchase Program to February 28, 2025.

Stock Performance Graph This performance graph shall not be deemed “filed” for purposes of Section 18 of the Securities and Exchange Act of 1934 ( the “Exchange Act”), or incorporated by reference into any filing of Fortinet under the Securities Act of 1933, as amended (the “Securities Act”), or the Exchange Act, except as shall be expressly set forth by specific reference in such filing. 46 Table of Contents The following graph compares the cumulative five-year total return for our common stock, the Standard & Poor’s 500 Stock Index (the “S&P 500 Index”) and the NASDAQ Computer Index.

Stock Performance Graph This performance graph shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934 ( the “Exchange Act”), or incorporated by reference into any filing of Fortinet under the Securities Act of 1933, as amended (the “Securities Act”), or the Exchange Act, except as shall be expressly set forth by specific reference in such filing. 50 Table of Contents The following graph compares the cumulative five-year total return for our common stock, the Standard & Poor’s 500 Stock Index (the “S&P 500 Index”) and the NASDAQ Computer Index.

Purchases of Equity Securities by the Issuer and Affiliated Purchasers Share Repurchase Program In January 2016, our board of directors approved our Share Repurchase Program (the “Repurchase Program”), which authorized the repurchase of up to $200.0 million of our outstanding common stock through December 31, 2017.

Purchases of Equity Securities by the Issuer and Affiliated Purchasers Share Repurchase Program In January 2016, our board of directors approved our Share Repurchase Program, which authorized the repurchase of up to $200.0 million of our outstanding common stock through December 31, 2017.

Under the Repurchase Program, share repurchases may be made by us from time to time in privately negotiated transactions or in open market transactions. The Repurchase Program does not require us to purchase a minimum number of shares, and may be suspended, modified or discontinued at any time without prior notice.

Under the Repurchase Program, share repurchases may be made by us from time to time in privately negotiated transactions or in open market transactions. The Repurchase Program does not require us to purchase a minimum number of shares, and may be 51 Table of Contents suspended, modified or discontinued at any time without prior notice.

ITEM 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Common Stock Our common stock is traded on The Nasdaq Global Select Market under the symbol “FTNT.” Holders of Record As of February 22, 2024, there were 45 holders of record of our common stock.

ITEM 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Common Stock Our common stock is traded on The Nasdaq Global Select Market under the symbol “FTNT.” Holders of Record As of February 18, 2025, there were 50 holders of record of our common stock.

From 2016 through 2022, our board of directors approved increases to our Repurchase Program by various amounts and extended the term to February 28, 2023. In February 2023, our board of directors approved an extension of the Repurchase Program to February 29, 2024.

From 2016 through 2023, our board of directors approved increases to our Repurchase Program by various amounts and extended the term to February 29, 2024.

COMPARISON OF CUMULATIVE TOTAL RETURN* Among Fortinet, Inc., the S&P 500 Index and the NASDAQ Computer Index December 2018 * December 2019 December 2020 December 2021 December 2022 December 2023 Fortinet, Inc. $ 100 $ 152 $ 211 $ 510 $ 347 $ 416 S&P 500 Index $ 100 $ 129 $ 150 $ 190 $ 153 $ 190 NASDAQ Computer $ 100 $ 150 $ 225 $ 311 $ 200 $ 332 * Assumes that $100 was invested on December 31, 2018 in stock or index, including reinvestment of dividends.

COMPARISON OF CUMULATIVE TOTAL RETURN* Among Fortinet, Inc., the S&P 500 Index and the NASDAQ Computer Index December 2019 * December 2020 December 2021 December 2022 December 2023 December 2024 Fortinet, Inc. $ 100 $ 139 $ 337 $ 229 $ 274 $ 442 S&P 500 Index $ 100 $ 116 $ 148 $ 119 $ 148 $ 182 NASDAQ Computer $ 100 $ 150 $ 207 $ 133 $ 221 $ 301 * Assumes that $100 was invested on December 31, 2019 in stock or index, including reinvestment of dividends.

Removed

Since its inception, we have repurchased 238.6 million shares of our common stock under the Repurchase Program for an aggregate purchase price of $6.22 billion. 47 Table of Contents The following table provides information with respect to the shares of common stock we repurchased under the Repurchase Program during the three months ended December 31, 2023 (in millions, except average price paid per share amounts): Period Total Number of Shares Purchased Average Price Paid per Share Total Number of Shares Purchased as Part of Publicly Announced Plan or Program Approximate Dollar Value of Shares that May Yet Be Purchased Under the Plans or Programs October 1 - October 31, 2023 7.7 $ 57.43 7.7 $ 980.0 November 1 - November 30, 2023 9.1 $ 49.75 9.1 $ 529.1 December 1 - December 31, 2023 — $ — — $ 529.1 Total 16.8 $ 53.29 16.8 In January 2024, our board of directors approved a $500.0 million increase in the authorized stock repurchase amount under the Repurchase Program, bringing the aggregate amount authorized to be repurchased to $7.25 billion of our outstanding common stock.

Added

In October 2024, our board of directors approved a $1.0 billion increase in the authorized stock repurchase amount under the Repurchase Program and extended the term of the Repurchase Program to February 28, 2026, bringing the aggregate amount authorized to be repurchased to $8.25 billion of our outstanding common stock through February 28, 2026.

Removed

As of February 23, 2024, approximately $1.03 billion remained available for future share repurchases. In February 2024, our board of directors approved an extension of the Repurchase Program to February 28, 2025. ITEM 6. [Reserved] 48 Table of Contents

Added

Since its inception, we have repurchased 238.6 million shares of our common stock under the Repurchase Program for an aggregate purchase price of $6.22 billion. There were no repurchases of common stock during the three months ended December 31, 2024. As of December 31, 2024, approximately $2.03 billion remained available for future share repurchases under the Repurchase Program.

Item 7. Management's Discussion & Analysis

Management's Discussion & Analysis (MD&A) — revenue / margin commentary

109 edited+47 added−30 removed48 unchanged

2023 filing

2024 filing

Biggest changeFinancial Highlights • Total revenue was $5.30 billion in 2023, an increase of 20% compared to $4.42 billion in 2022. • Product revenue was $1.93 billion in 2023, an increase of 8% compared to $1.78 billion in 2022. • Service revenue was $3.38 billion in 2023, an increase of 28% compared to $2.64 billion in 2022. • Total gross profit was $4.07 billion in 2023, an increase of 22% compared to $3.33 billion in 2022. • Operating income was $1.24 billion in 2023, an increase of 28% compared to $969.6 million in 2022. • Cash, cash equivalents, investments and marketable equity securities were $2.44 billion as of December 31, 2023, an increase of $183.9 million, or 8%, from December 31, 2022. • Long-term debt, net of unamortized discount and debt issuance costs, was $992.3 million and $990.4 million as of December 31, 2023 and 2022, respectively. 51 Table of Contents • In 2023, we repurchased 27.2 million shares of common stock under the Repurchase Program for an aggregate purchase price of $1.50 billion, which excludes a $10.9 million accrual related to the 1% excise tax imposed by the Inflation Reduction Act of 2022.

Biggest changeFinancial Summary • Total revenue was $5.96 billion in 2024, an increase of 12% compared to $5.30 billion in 2023. • Product revenue was $1.91 billion in 2024, a decrease of 1% compared to $1.93 billion in 2023. • Service revenue was $4.05 billion in 2024, an increase of 20% compared to $3.38 billion in 2023. • Total gross profit was $4.80 billion in 2024, an increase of 18% compared to $4.07 billion in 2023. • Total gross margin was 80.6% in 2024, an increase of 3.9 percentage points compared to 76.7% in 2023. • Operating income was $1.80 billion in 2024, an increase of 45% compared to $1.24 billion in 2023. • Operating margin was 30.3% in 2024, an increase of 6.9 percentage points compared to 23.4% in 2023. 56 Table of Contents • Cash, cash equivalents, short-term and long-term investments and marketable equity securities were $4.07 billion as of December 31, 2024, an increase of $1.63 billion, or 67%, from December 31, 2023. • Deferred revenue was $6.36 billion as of December 31, 2024, an increase of $625.9 million, or 11%, from December 31, 2023.

A limitation of using free cash flow rather than the GAAP measures of cash provided by or used in operating activities, investing activities, and financing activities is that free cash flow does not represent the total increase or decrease in the cash and cash equivalents balance for the period because it excludes cash flows from investing activities other than capital expenditures and cash flows from financing activities.

A limitation of using free cash flow rather than the GAAP measures of cash provided by or used in operating activities, investing activities, and financing activities is that free cash flow does not represent the total increase or decrease in the cash and cash equivalents balance for the period because it excludes investing activities other than capital expenditures and cash flows from financing activities.

Other expense—net consists primarily of foreign exchange gains and losses related to foreign currency remeasurement, gains or losses due to the changes in fair value of our marketable equity securities, realized gains and losses of available-for-sale investments, net rental income from real estate, as well as the gain on the sale or the impairment of investments in privately held companies without readily determinable fair values, which are not accounted for under the equity method.

Other income (expense)—net consists primarily of foreign exchange gains and losses related to foreign currency remeasurement, gains or losses due to the changes in fair value of our marketable equity securities, realized gains and losses of available-for-sale investments, net rental income from real estate, as well as the gain on the sale or the impairment of investments in privately held companies without readily determinable fair values, which are not accounted for under the equity method.

We undertake no obligation, and specifically disclaim any obligation, to revise or publicly release the results of any revision to these and any other forward-looking statements. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements. Business Overview Fortinet is a leader in cybersecurity and the convergence of networking and security.

Historically, our interest-bearing investments include corporate debt securities, certificates of deposit and term deposits, commercial paper, money market funds, U.S. government and agency securities and municipal bonds. Interest expense. Interest expense consists of interest expense due to the senior notes and other miscellaneous interest expense. Other expense — net .

It is primarily comprised of net income, as adjusted for non-cash items and changes in operating assets and liabilities. Non-cash adjustments consist primarily of amortization of deferred contract costs, stock-based compensation and depreciation and amortization. Changes in operating assets and liabilities consist primarily of changes in deferred revenue, deferred contract costs, deferred tax assets, inventory and accounts receivable—net.

It is primarily comprised of net income, as adjusted for non-cash items and changes in operating assets and liabilities. Non-cash adjustments consist primarily of amortization of deferred contract costs, stock-based compensation and depreciation and amortization. Changes in operating assets and liabilities consist primarily of changes in deferred revenue, deferred contract costs, accrued liabilities, deferred tax assets, inventory and accounts receivable—net.

Business Model We typically sell our security solutions to distributors that sell to networking security focused resellers and to certain service providers and managed security service providers (“MSSPs”), who, in turn, sell to end-customers or use our products and services to provide hosted solutions to other enterprises.

Business Model We typically sell our security solutions to distributors that sell to networking security focused resellers and to certain service providers and managed security service providers, who, in turn, sell to end-customers or use our products and services to provide hosted solutions to other enterprises.

We expect proceeds from the exercise of stock options in future years to be impacted by the increased mix of restricted stock units and performance stock units versus stock options granted to our employees and to vary based on our share price.

We expect proceeds from the exercise of stock options in future years to continue to be impacted by the increased mix of restricted stock units and performance stock units versus stock options granted to our employees and to vary based on our share price.

Product revenue is primarily generated from sales of our physical and virtual machine appliances. The majority of our product revenue continues to be generated by our secure networking product lines. Product revenue also includes revenue from sales of unified SASE and SecOps technologies.

During 2023, 2022 and 2021, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities that would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes. Operating Activities Cash generated by operating activities is our primary source of liquidity.

During 2024, 2023 and 2022, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities that would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes. Operating Activities Cash generated by operating activities is our primary source of liquidity.

We believe this is due to customer buying patterns typical in this industry. Our quarterly revenue over the past two years has increased sequentially each quarter within the year. Total gross margin has fluctuated on a quarterly basis primarily due to the relative product and service mix.

We believe this is due to customer buying patterns typical in this industry. Our quarterly revenue over the past three years has increased sequentially each quarter within the year. Total gross margin has fluctuated on a quarterly basis primarily due to the relative product and service mix.

We intend to hire additional personnel focused on sales and marketing and expand our sales and marketing efforts worldwide in order to capture market share. • General and administrative . General and administrative expense consists of personnel costs, as well as professional fees, depreciation of property and equipment and software and facility-related expenses.

We have elected to account for the tax effect of the Global Intangible Low-Taxed Income (“GILTI”) as a current period expense. 58 Table of Contents Results of Operations The following tables set forth our results of operations for the periods presented and as a percentage of our total revenue for those periods.

We have elected to account for the tax effect of the Global Intangible Low-Taxed Income (“GILTI”) as a current period expense. 63 Table of Contents Results of Operations The following tables set forth our results of operations for the periods presented and as a percentage of our total revenue for those periods.

Our sales contracts typically contain multiple deliverables, such as hardware, software license, security subscription, technical support services and other services, which are generally capable of being distinct and accounted for as separate performance obligations. Our hardware and software licenses have significant standalone functionalities and capabilities.

Our sales contracts typically contain multiple performance obligations, such as hardware, software license, security subscription, technical support services, cloud and other services, which are generally capable of being distinct and accounted for as separate performance obligations. Our hardware and software licenses have significant standalone functionalities and capabilities.

Historically, in making a lease-versus-ownership decision related to warehouse, office or data center space, we have considered various factors including financial metrics, expected long-term growth rates, time to market and changes in asset values.

As a percentage of total revenue, our product revenue has varied from quarter to quarter. • Service revenue . Service revenue is generated primarily from FortiGuard security subscription services and FortiCare technical support services. We recognize revenue from FortiGuard security subscription and FortiCare technical support services ratably over the service term.

As a percentage of total revenue, our product revenue has varied from quarter to quarter. • Service revenue . Service revenue is generated primarily from FortiGuard and other security subscription services and FortiCare technical support services. We recognize revenue from FortiGuard and other security subscriptions and FortiCare technical support services ratably over the service term.

Accordingly, we believe these are the most critical to fully understand and evaluate our financial condition and results of operations. 56 Table of Contents Revenue Recognition Revenues are recognized when control of goods or services is transferred to our customers, in an amount that reflects the consideration we expect to be entitled to in exchange for those goods or services.

Accordingly, we believe these are the most critical to fully understand and evaluate our financial condition and results of operations. Revenue Recognition Revenues are recognized when control of goods or services is transferred to our customers, in an amount that reflects the consideration we expect to be entitled to in exchange for those goods or services.

We generate the majority of our revenue from sales of our hardware and software products and amortization of amounts included in deferred revenue related to previous sales of FortiGuard security subscription and FortiCare technical support services. We also recognize revenue from cloud security solutions, professional services, and training. Our total revenue is comprised of: • Product revenue .

We generate the majority of our revenue from sales of our hardware and software products and amortization of amounts included in deferred revenue related to previous sales of FortiGuard and other security subscriptions and FortiCare technical support services. We also recognize revenue from cloud security solutions, professional services, and training. Our total revenue is comprised of: • Product revenue .

We currently intend to continue to make investments in sales and marketing resources, which are critical to support our future growth, and expect sales and marketing expense to increase in absolute dollars in 2024.

These statements include, among other things, statements concerning our expectations regarding: • continued growth and market share gains; • variability in sales in certain product and service categories from year to year and between quarters; • expected impact of sales from certain products and services; • increasing or decreasing inflation or stagflation, and changing interest rates in many geographies and changes in currency exchange rates and currency regulations; • competition in our markets; • macroeconomic, geopolitical factors and other disruption on our manufacturing or sales, including public health issues, wars and natural disasters; • real estate investments, management of future growth including expansions and enhancements of current properties; • government regulation, tariffs and other policies; • drivers of long-term growth and operating leverage, such as pricing of our products and services, sales productivity, pipeline and capacity, functionality, value and technology improvements in our service offerings; • growing our solution sales through channel partners to businesses, service providers and government organizations, our ability to execute these sales and the complexity of providing solutions to all segments (including the increased competition and unpredictability of timing associated with sales to larger enterprises), the impact of sales to these organizations on our long-term growth, expansion and operating results, and the effectiveness of our sales organization; • our ability to successfully anticipate market changes related to cloud-based solutions and to sell, support and meet service level agreements related to cloud-based solutions; • growth expectations for the secure networking market; • supply chain constraints, component availability and other factors affecting our manufacturing capacity, delivery, cost and inventory management; • forecasts of future demand and targeted inventory levels, including changing market drivers and demands; • the effect of backlog from prior quarters, including its effect on growth of in-quarter billings and revenue; • instability in the global banking system; • our ability to hire properly qualified and effective sales, support and engineering employees; • risks and expectations related to acquisitions and equity interests in private and public companies, including integration issues related to go-to-market plans, product plans, employees of such companies, controls and processes and the acquired technology, and risks of negative impact by such acquisitions and equity investments on our financial results; • trends in revenue, cost of revenue and gross margin, including expectations regarding product revenue and service revenue growth; 49 Table of Contents • trends in our operating expenses, including sales and marketing expense, research and development expense, general and administrative expense, and expectations regarding these expenses; • expected impact of plans and strategy for the acceleration of our points of presence (“PoP”) deployment; • expectations that our operating expenses will increase year over year in absolute dollars during 2024; • expectations that proceeds from the exercise of stock options in future years will be adversely impacted by the increased mix of restricted stock units and performance stock units versus stock options granted or a decline in our stock price; • expectations regarding uncertain tax benefits and our effective domestic and global tax rates, the impact of interpretations of or changes to tax law, and the timing of tax payments; • expectations regarding spending related to real estate acquisitions and development, including data center, office building and warehouse investments, as well as other capital expenditures and to the impact on free cash flow and expenses; • estimates of a range of 2024 spending on capital expenditures; • expected outcomes and liabilities in litigation; • our intentions regarding share repurchases and the sufficiency of our existing cash, cash equivalents and investments to meet our cash needs, including our debt servicing requirements, for at least the next 12 months; • other statements regarding our future operations, financial condition and prospects and business strategies; and • adoption and impact of new accounting standards.

These statements include, among other things, statements concerning our expectations regarding: • continued growth and market share gains; • variability in sales in certain product and service categories from year to year and between quarters; • expected impact of sales from certain products and services; • increasing or decreasing inflation or stagflation, and changing interest rates in many geographies and changes in currency exchange rates and currency regulations; • competition in our markets; • macroeconomic, geopolitical factors and other disruption on our manufacturing or sales, including the transition in administrations, tariffs or other trade disruptions, public health issues, wars, natural disasters and economic growth; • government regulation, tariffs and other policies; • drivers of long-term growth and operating leverage, such as pricing of our products and services, sales productivity, pipeline and capacity, functionality, value and technology improvements in our service offerings; • growing our solution sales through channel partners to businesses, service providers and government organizations, our ability to execute these sales and the complexity of providing solutions to all segments (including the increased competition and unpredictability of timing associated with sales to larger enterprises), the impact of sales to these organizations on our long-term growth, expansion and operating results, and the effectiveness of our sales organization; • our ability to successfully anticipate market changes, including those related to cloud-based solutions and to sell, support and meet service level agreements related to cloud-based solutions; • growth expectations for the secure networking market; • supply chain constraints, component availability and other factors affecting our manufacturing capacity, delivery, cost and inventory management; • forecasts of future demand and targeted inventory levels, including changing market drivers and demands; • the effect of backlog from current or prior quarters, including its effect on growth of in-quarter billings and revenue; • our ability to hire properly qualified and effective sales, support and engineering employees; • risks and expectations related to acquisitions and equity interests in private and public companies, including integration issues related to go-to-market plans, product plans, employees of such companies, controls and processes and the acquired technology, and risks of negative impact by such acquisitions and equity investments on our financial results; • trends in revenue, cost of revenue and gross margin, including expectations regarding product revenue, service revenue and inventory related charges; • trends in our operating expense, including sales and marketing expense, research and development expense, general and administrative expense, and expectations regarding these expenses; 53 Table of Contents • expected impact of plans and strategy for the acceleration of our data center footprint and our points of presence deployment; • expectations that our operating expense will increase year over year in absolute dollars during 2025; • expectations that proceeds from the exercise of stock options in future years will be adversely impacted by the increased mix of restricted stock units and performance stock units versus stock options granted or a decline in our stock price; • uncertain tax benefits and our effective domestic and global tax rates, the impact of interpretations of or changes to tax law, and the timing of tax payments; • expectations regarding spending related to real estate assets, acquisitions and development, including data centers and points of presence, office building and warehouse investments, as well as other capital expenditures and to the impact on free cash flow and expenses; • estimates of a range of 2025 spending on capital expenditures; • expansions and other changes to our real property holdings and development; • expected outcomes and liabilities in litigation; • our intentions regarding share repurchases and the sufficiency of our existing cash, cash equivalents and investments to meet our cash needs, including our debt servicing requirements, for at least the next 12 months; • other statements regarding our future operations, financial condition and prospects and business strategies; and • adoption and impact of new accounting standards.

We determine revenue recognition through the following steps: • identification of a contract or contracts with a customer; • identification of the performance obligations in a contract, including evaluation of performance obligations as to being distinct goods or services in a contract; • determination of a transaction price; • allocation of a transaction price to the performance obligations in a contract; and • recognition of revenue when, or as, we satisfy a performance obligation.

We determine revenue recognition through the following steps: • identification of a contract or contracts with a customer; • identification of the performance obligations in a contract, including evaluation of performance obligations as to being distinct goods or services in a contract; • determination of a transaction price; 61 Table of Contents • allocation of a transaction price to the performance obligations in a contract; and • recognition of revenue when, or as, we satisfy a performance obligation.

The extent of the impact of economic conditions on our operational and financial performance will depend on ongoing developments, including those 52 Table of Contents discussed above and others identified in Part I, Item 1A “Risk Factors” in this Form 10-K.

The extent of the impact of economic conditions on our operational and financial performance will depend on ongoing developments, including those discussed above and others identified in Part I, Item 1A “Risk Factors” in this Form 10-K.

The provision was partially offset by excess tax benefits of $55.1 million from stock-based compensation expense, a tax benefit of $89.5 million from the FDII deduction, and a tax benefit of $14.0 million from federal research and development tax credits.

The 68 Table of Contents provision was partially offset by excess tax benefits of $55.1 million from stock-based compensation expense, a tax benefit of $89.5 million from the FDII deduction, and a tax benefit of $14.0 million from federal research and development tax credits.

First, billings include amounts that have not yet been recognized as revenue and are impacted by the term of FortiGuard security subscription and FortiCare and other support agreements. Second, we may calculate billings in a manner that is different from peer companies that report similar financial measures.

First, billings include amounts that have not yet been recognized as revenue and are impacted by the term of security and support agreements. Second, we may calculate billings in a manner that is different from peer companies that report similar financial measures.

Additional research and development expenses include ASIC and system prototypes and certification-related 55 Table of Contents expenses, depreciation of property and equipment and facility-related expenses. The majority of our research and development is focused on software and hardware development. We record research and development expenses as incurred.

Additional research and development expenses include ASIC and system prototypes and certification-related expenses, depreciation of property and equipment and facility-related expenses. The majority of our research and development is focused on software and hardware development. We record research and development expenses as incurred.

As of December 31, 2023, the long-term debt, net of unamortized discount and debt issuance costs, was $992.3 million. $500.0 million in aggregate principal amount of senior notes is due on March 15, 2026 and $500.0 million in aggregate principal amount of senior notes is due on March 15, 2031.

As of December 31, 2024, the long-term debt, net of unamortized discount and debt issuance costs, was $994.3 million. $500.0 million in aggregate principal amount of senior notes is due on March 15, 2026 and $500.0 million in aggregate principal amount of senior notes is due on March 15, 2031.

Our cost of product revenue also includes supplies, shipping costs, personnel costs associated with logistics and quality control, facility-related costs, excess and obsolete inventory costs, warranty costs and amortization of intangible assets. Personnel costs include compensation benefits and stock-based compensation. • Cost of service revenue .

Our cost of product revenue also includes supplies, shipping costs, personnel costs associated with logistics and quality control, facility-related costs, excess and obsolete inventory costs, charges related to excess inventory commitments and amortization of intangible assets. Personnel costs include compensation benefits and stock-based compensation. • Cost of service revenue .

Service revenue and software licenses have higher gross margins compared to hardware products. Overall gross margin in 2024 will be impacted by service and product revenue mix. Operating expenses . Our operating expenses consist of research and development, sales and marketing and general and administrative expenses.

Generally, service revenue and software licenses have higher gross margins compared to hardware products. Overall gross margin in 2025 will be impacted by service and product revenue mix and their respective gross margins. Operating expenses . Our operating expenses consist of research and development, sales and marketing and general and administrative expenses.

Our total cost of revenue is comprised of: • Cost of product revenue . The majority of the cost of product revenue consists of third-party contract manufacturers’ costs and the costs of materials used in production.

Our total cost of revenue is comprised of: • Cost of product revenue . Cost of product revenue is primarily comprised of third-party contract manufacturers’ costs and the costs of materials used in production.

We define billings as revenue recognized in accordance with generally accepted accounting principles in the United States (“GAAP”) plus the change in deferred revenue from the beginning to the end of the period, less any deferred revenue balances acquired from business combination(s) and adjustment due to adoption of new accounting standard during the period.

We define billings as revenue recognized in accordance with generally accepted accounting principles in the United States (“GAAP”) plus the change in deferred revenue from the beginning to the end of the period less any deferred revenue balances acquired from business combination(s) during the period.

Our provision for income taxes for 2022 reflects an effective tax rate of 3%, compared to an effective tax rate of 2% for 2021. The provision for income taxes for 2022 was comprised primarily of a $233.4 million tax expense related to U.S. federal and state income taxes, other foreign income taxes, foreign withholding taxes and unrecognized tax benefits.

Our provision for income taxes for 2023 reflects an effective tax rate of 11%, compared to an effective tax rate of 3% for 2022. The provision for income taxes for 2023 was comprised primarily of a $302.4 million tax expense related to U.S. federal and state income taxes, other foreign income taxes, foreign withholding taxes and unrecognized tax benefits.

We consider billings to be a useful metric for management and investors because billings drive current and future revenue, which is an important indicator of the health and viability of our business. There are several 53 Table of Contents limitations related to the use of billings instead of GAAP revenue.

We consider billings to be a useful metric for management and investors because billings drive current and future revenue, which is an important indicator of the health and viability of our business and cash flows. There are a number of limitations related to the use of billings instead of GAAP revenue.

At times, we also sell directly to certain large enterprise customers, large service providers and major systems integrators. In addition, we sell our software licenses and services via different cloud service provider platforms, both directly and through our channel partners.

At times, we also sell directly to enterprise customers, service providers, systems integrators and large enterprises. We also sell our software licenses and cloud delivered services via different cloud service provider platforms, both directly and through our channel partners.

We periodically review significant claims and litigation matters for the probability of an adverse outcome. We accrue for a loss contingency if a loss is probable and the amount of the loss can be reasonably estimated. These accruals are generally based on a range of possible outcomes that require significant judgement. Estimates can change as individual claims develop.

We accrue for a loss contingency if a loss is probable and the amount of the loss can be reasonably estimated. These accruals are generally based on a range of possible outcomes that require significant judgement. Estimates can change as individual claims develop.

Additional increases in billings may depend on a number of factors, including demand for and availability of our products and services, competition, pricing actions, market or industry changes, macroeconomic events such as rising inflation and interest rates, economic strength, supply chain capacity and disruptions, international conflicts, including the war in Ukraine and the Israel-Hamas war, and our ability to execute.

Additional increases in billings may depend on a number of factors, including demand for and availability of our products and services, competition, pricing actions, market or industry changes, macroeconomic events such as rising inflation and changing interest rates, economic strength, supply chain capacity and disruptions, tariffs and other trade restrictions, international conflicts, including the war in Ukraine, an increase in installment billing, and our ability to execute.

The provision for income taxes for 2023 w as comprised primarily of a $302.4 million tax expense related to U.S. federal and state income taxes, other foreign income taxes, foreign withholding taxes and unrecognized tax benefits.

The provision for income taxes for 2024 w as comprised primarily of a $454.6 million tax expense related to U.S. federal and state income taxes, other foreign income taxes, foreign withholding taxes and unrecognized tax benefits.

Our operating activities during 2023 provided cash flows of $1.94 billion as a result of the continued growth of our business, improved profitability and our ability to successfully manage our working capital.

Our operating activities during 2024 provided cash flows of $2.26 billion as a result of the continued growth of our business, improved profitability and our ability to successfully manage our working capital.

As of December 31, 2023, our cash, cash equivalents and short-term and long-term investments of $2.44 billion were invested primarily in deposit accounts, commercial paper, corporate debt securities, U.S. government and agency securities, certificates of deposit and term deposits, money market funds, municipal bonds.

As of December 31, 2024, our cash, cash equivalents and short-term and long-term investments of $4.07 billion were invested primarily in deposit accounts, commercial paper, corporate debt securities, U.S. government and agency securities, certificates of deposit and term deposits and money market funds.

In the long term, our ability to support our requirements and plans for cash, including our working capital and capital expenditure requirements will depend on many factors, including our growth rate; the timing and amount of our share repurchases; the expansion of sales and marketing activities, pricing actions, the introduction of new and enhanced products and services offerings; the continuing market acceptance of our products; the timing and extent of spending to support development efforts; our investments in purchasing, developing or leasing real estate; cash tax payments and macroeconomic impacts such as rising inflation and interest rates; the war in Ukraine and the Israel-Hamas war; and instability in the global 65 Table of Contents banking system.

In the long term, our ability to support our requirements and plans for cash, including our working capital and capital expenditure requirements will depend on many factors, including our growth rate; the timing and amount of our share repurchases and debt retirement; the expansion of sales and marketing activities, pricing actions, the introduction of new and enhanced products and services offerings; the continuing market acceptance of our products; the timing and extent of spending to support development efforts; our investments in purchasing, developing or leasing real estate; cash paid for taxes and macroeconomic impacts such as rising inflation and changing interest rates; and the war in Ukraine.

A reconciliation of net cash provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with GAAP, to free cash flow is provided below: 54 Table of Contents Year Ended December 31, 2023 2022 2021 (in millions) Free Cash Flow: Net cash provided by operating activities $ 1,935.5 $ 1,730.6 $ 1,499.7 Less: Purchases of property and equipment (204.1) (281.2) (295.9) Free cash flow (non-GAAP) $ 1,731.4 $ 1,449.4 $ 1,203.8 Net cash provided by (used in) investing activities $ (649.3) $ 763.9 $ (1,325.1) Net cash provided by (used in) financing activities $ (1,570.4) $ (2,130.3) $ 82.8 Components of Operating Results Revenue.

A reconciliation of net cash provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with GAAP, to free cash flow is provided below: Year Ended December 31, 2024 2023 2022 (in millions) Free Cash Flow: Net cash provided by operating activities $ 2,258.1 $ 1,935.5 $ 1,730.6 Less: Purchases of property and equipment (378.9) (204.1) (281.2) Free cash flow (non-GAAP) $ 1,879.2 $ 1,731.4 $ 1,449.4 Net cash provided by (used in) investing activities $ (727.4) $ (649.3) $ 763.9 Net cash used in financing activities $ (50.1) $ (1,570.4) $ (2,130.3) 59 Table of Contents Components of Operating Results Revenue.

Our mission is to secure people, devices and data everywhere. Our integrated platform, the Fortinet Security Fabric, spans secure networking, unified SASE and AI-driven security operations to deliver cybersecurity where our customers need it.

Our mission is to secure people, devices and data everywhere. Our integrated platform, the Fortinet Security Fabric, spans secure networking, unified SASE and AI-driven security operations.

As of December 31, 2023, we had $66.9 million in other contractual commitments having a remaining term in excess of one year that are non-cancelable.

As of December 31, 2024, we had $101.2 million in other contractual commitments having a remaining term in excess of one year that are non-cancelable.

Changes in operating assets and liabilities primarily resulted from an increase in sales of our security subscription services and technical support services to new and existing customers, as reflected by an increase of $1.10 billion in our deferred revenue during 2023.

A reconciliation of revenue, the most directly comparable financial measure calculated and presented in accordance with GAAP, to billings is provided below: Year Ended December 31, 2023 2022 2021 (in millions) Billings: Revenue $ 5,304.8 $ 4,417.4 $ 3,342.2 Add: Change in deferred revenue 1,094.7 1,187.4 847.6 Less: Deferred revenue balance acquired in business combinations — (10.8) (4.1) Less: Adjustment due to adoption of ASU 2021-08 — — (4.3) Total billings (non-GAAP) $ 6,399.5 $ 5,594.0 $ 4,181.4 Free cash flow (non-GAAP).

A reconciliation of revenue, the most directly comparable financial measure calculated and presented in accordance with GAAP, to billings is provided below: Year Ended December 31, 2024 2023 2022 (in millions) Billings: Revenue $ 5,955.8 $ 5,304.8 $ 4,417.4 Add: Change in deferred revenue 625.9 1,094.7 1,187.4 Less: Deferred revenue balance acquired in business combinations (49.2) — (10.8) Total billings (non-GAAP) $ 6,532.5 $ 6,399.5 $ 5,594.0 Free cash flow (non-GAAP).

Liquidity and Capital Resources As of December 31, 2023 2022 2021 (in millions) Cash and cash equivalents $ 1,397.9 $ 1,682.9 $ 1,319.1 Short-term and long-term investments 1,021.5 548.1 1,634.8 Marketable equity securities 21.0 25.5 38.6 Total cash, cash equivalents, investments and marketable equity securities $ 2,440.4 $ 2,256.5 $ 2,992.5 Working capital $ 709.3 $ 732.0 $ 1,282.5 Year Ended December 31, 2023 2022 2021 (in millions) Net cash provided by operating activities $ 1,935.5 $ 1,730.6 $ 1,499.7 Net cash provided by (used in) investing activities (649.3) 763.9 (1,325.1) Net cash provided by (used in) financing activities (1,570.4) (2,130.3) 82.8 Effect of exchange rate changes on cash and cash equivalents (0.8) (0.4) (0.1) Net increase (decrease) in cash and cash equivalents $ (285.0) $ 363.8 $ 257.3 Liquidity and capital resources are primarily impacted by our operating activities, proceeds from issuance of our investment grade debt, as well as cash used on stock repurchases, real estate purchases and other capital expenditures, investments in various companies and business acquisitions. 64 Table of Contents In recent years, we have received significant capital resources from our billings to customers, issuance of investment grade debt and, to some extent, from the exercise of stock options by our employees.

Liquidity and Capital Resources As of December 31, 2024 2023 2022 (in millions) Cash and cash equivalents $ 2,875.9 $ 1,397.9 $ 1,682.9 Short-term and long-term investments 1,126.4 1,021.5 548.1 Marketable equity securities 64.2 21.0 25.5 Total cash, cash equivalents, investments and marketable equity securities $ 4,066.5 $ 2,440.4 $ 2,256.5 Working capital $ 1,910.8 $ 709.3 $ 732.0 Year Ended December 31, 2024 2023 2022 (in millions) Net cash provided by operating activities $ 2,258.1 $ 1,935.5 $ 1,730.6 Net cash provided by (used in) investing activities (727.4) (649.3) 763.9 Net cash used in financing activities (50.1) (1,570.4) (2,130.3) Effect of exchange rate changes on cash and cash equivalents (2.6) (0.8) (0.4) Net increase (decrease) in cash and cash equivalents $ 1,478.0 $ (285.0) $ 363.8 Liquidity and capital resources are primarily impacted by our operating activities, as well as real estate purchases, other capital expenditures, and business acquisitions, payment of taxes in connection with the net settlement of equity awards and proceeds from the issuance of common stock and investment grade debt and repurchases of our common stock. 69 Table of Contents In recent years, we have received significant capital resources from our billings to customers, issuance of investment grade debt and, to some extent, from the exercise of stock options by our employees.

We expect to continue to increase our data centers, PoPs, office and warehouse capacity to support growth and the expansion of existing services or introduction of new services. As we purchase new properties, we will work to incorporate these properties into the environmental goals we have established. We estimate 2024 capital expenditures to be between $370.0 million and $420.0 million.

The Network Firewall solution consists of FortiGate data centers, hyperscale and distributed firewalls, as well as encrypted applications (SSL inspection, Virtual Private Network and 50 Table of Contents IPsec connectivity). Our ability to converge networking and security also enables the ethernet to become an extension of a company’s security infrastructure through FortiSwitch and FortiLink.

Our network firewall offerings consist of a FortiGate data center, hyperscale and distributed firewalls, as well as encrypted applications (SSL inspection, virtual private network and IPsec connectivity). Our ability to converge networking and security also enables the ethernet to become an extension of our customers’ security infrastructure through FortiSwitch and FortiLink.

Year Ended or As of December 31, 2023 2022 2021 (in millions) Revenue $ 5,304.8 $ 4,417.4 $ 3,342.2 Deferred revenue $ 5,735.0 $ 4,640.3 $ 3,452.9 Billings (non-GAAP) $ 6,399.5 $ 5,594.0 $ 4,181.4 Net cash provided by operating activities $ 1,935.5 $ 1,730.6 $ 1,499.7 Free cash flow (non-GAAP) $ 1,731.4 $ 1,449.4 $ 1,203.8 Deferred revenue.

Year Ended or As of December 31, 2024 2023 2022 (in millions) Revenue $ 5,955.8 $ 5,304.8 $ 4,417.4 Deferred revenue $ 6,360.9 $ 5,735.0 $ 4,640.3 Billings (non-GAAP) $ 6,532.5 $ 6,399.5 $ 5,594.0 Net cash provided by operating activities $ 2,258.1 $ 1,935.5 $ 1,730.6 Free cash flow (non-GAAP) $ 1,879.2 $ 1,731.4 $ 1,449.4 Deferred revenue.

These differences result in deferred tax assets, which are included in our consolidated balance sheets. In general, deferred tax assets represent future tax benefits to be received when certain expenses previously recognized in our consolidated statements of income become deductible expenses under applicable income tax laws, or loss or credit carryforwards are utilized.

In general, deferred tax assets 62 Table of Contents represent future tax benefits to be received when certain expenses previously recognized in our consolidated statements of income become deductible expenses under applicable income tax laws, or loss or credit carryforwards are utilized.

Year Ended December 31, 2023 2022 2021 (in millions) Consolidated Statements of Income Data: Revenue: Product $ 1,927.3 $ 1,780.5 $ 1,255.0 Service 3,377.5 2,636.9 2,087.2 Total revenue 5,304.8 4,417.4 3,342.2 Cost of revenue: Product 763.6 691.3 487.7 Service 473.6 393.6 295.3 Total cost of revenue 1,237.2 1,084.9 783.0 Gross profit: Product 1,163.7 1,089.2 767.3 Service 2,903.9 2,243.3 1,791.9 Total gross profit 4,067.6 3,332.5 2,559.2 Operating expenses: Research and development 613.8 512.4 424.2 Sales and marketing 2,006.0 1,686.1 1,345.7 General and administrative 211.3 169.0 143.5 Gain on intellectual property matter (4.6) (4.6) (4.6) Total operating expenses 2,826.5 2,362.9 1,908.8 Operating income 1,241.1 969.6 650.4 Interest income 119.7 17.4 4.5 Interest expense (21.0) (18.0) (14.9) Other expense—net (6.1) (13.5) (11.6) Income before income taxes and loss from equity method investments 1,333.7 955.5 628.4 Provision for income taxes 143.8 30.8 14.1 Loss from equity method investments (42.1) (68.1) (7.6) Net income including non-controlling interests 1,147.8 856.6 606.7 Less: net loss attributable to non-controlling interests, net of tax — (0.7) (0.1) Net income attributable to Fortinet, Inc. $ 1,147.8 $ 857.3 $ 606.8 59 Table of Contents Year Ended December 31, 2023 2022 2021 (as percentage of revenue) Revenue: Product 36 % 40 % 38 % Service 64 60 62 Total revenue 100 100 100 Cost of revenue: Product 14 16 15 Service 9 9 9 Total cost of revenue 23 25 23 Gross margin: Product 60 61 61 Service 86 85 86 Total gross margin 77 75 77 Operating expenses: Research and development 12 12 13 Sales and marketing 38 38 40 General and administrative 4 4 4 Gain on intellectual property matter — — — Total operating expenses 53 53 57 Operating margin 23 22 19 Interest income 2 — — Interest expense — — — Other expense—net — — — Income before income taxes and loss from equity method investments 25 22 19 Provision for income taxes 3 1 — Loss from equity method investments (1) (2) — Net income including non-controlling interests 22 19 18 Less: net loss attributable to non-controlling interests, net of tax — — — Net income attributable to Fortinet, Inc. 22 % 19 % 18 % Percentages have been rounded for presentation purposes and may differ from unrounded results.

Year Ended December 31, 2024 2023 2022 (in millions) Consolidated Statements of Income Data: Revenue: Product $ 1,908.7 $ 1,927.3 $ 1,780.5 Service 4,047.1 3,377.5 2,636.9 Total revenue 5,955.8 5,304.8 4,417.4 Cost of revenue: Product 652.0 763.6 691.3 Service 505.6 473.6 393.6 Total cost of revenue 1,157.6 1,237.2 1,084.9 Gross profit: Product 1,256.7 1,163.7 1,089.2 Service 3,541.5 2,903.9 2,243.3 Total gross profit 4,798.2 4,067.6 3,332.5 Operating expenses: Research and development 716.8 613.8 512.4 Sales and marketing 2,044.8 2,006.0 1,686.1 General and administrative 237.8 211.3 169.0 Gain on intellectual property matter (4.6) (4.6) (4.6) Total operating expenses 2,994.8 2,826.5 2,362.9 Operating income 1,803.4 1,241.1 969.6 Interest income 155.2 119.7 17.4 Interest expense (20.0) (21.0) (18.0) Gain on bargain purchase 106.3 — — Other income (expense)—net 13.6 (6.1) (13.5) Income before income taxes and loss from equity method investments 2,058.5 1,333.7 955.5 Provision for income taxes 283.9 143.8 30.8 Loss from equity method investments (29.4) (42.1) (68.1) Net income including non-controlling interests 1,745.2 1,147.8 856.6 Less: net loss attributable to non-controlling interests, net of tax — — (0.7) Net income attributable to Fortinet, Inc. $ 1,745.2 $ 1,147.8 $ 857.3 64 Table of Contents Year Ended December 31, 2024 2023 2022 (as percentage of revenue) Revenue: Product 32 % 36 % 40 % Service 68 64 60 Total revenue 100 100 100 Cost of revenue: Product 11 14 16 Service 8 9 9 Total cost of revenue 19 23 25 Gross margin: Product 66 60 61 Service 88 86 85 Total gross margin 81 77 75 Operating expenses: Research and development 12 12 12 Sales and marketing 34 38 38 General and administrative 4 4 4 Gain on intellectual property matter — — — Total operating expenses 50 53 53 Operating margin 30 23 22 Interest income 3 2 — Interest expense — — — Gain on bargain purchase 2 — — Other income (expense)—net — — — Income before income taxes and loss from equity method investments 35 25 22 Provision for income taxes 5 3 1 Loss from equity method investments — (1) (2) Net income including non-controlling interests 29 22 19 Less: net loss attributable to non-controlling interests, net of tax — — — Net income attributable to Fortinet, Inc. 29 % 22 % 19 % Percentages have been rounded for presentation purposes and may differ from unrounded results.

Product gross margin varies based on the types of products sold, their cost profile and their average selling prices. Service gross margin is impacted by revenue growth and our personnel-related costs, third-party repair and contract fulfillment, data center, colocation fees, cloud hosting, supplies, facility-related costs and foreign currency fluctuations.

Product gross margin varies based on the types of products sold, their cost profile and their average selling prices. Service gross margin is impacted by revenue growth and our personnel-related costs, replacement cost, data center infrastructure, software and delivery costs, colocation and cloud provider fees, facility-related costs and foreign currency fluctuations.

Total gross margin increased 1.3 percentage points in 2023 compared to 2022, primarily driven by a shift in the revenue mix and increased service gross margin, partially offset by decreased product gross margin. Revenue mix shifted by 4.0 percentage points from product revenue to service revenue, as a percentage of total revenue.

Total gross margin increased 3.9 percentage points in 2024 compared to 2023, primarily driven by a shift in the revenue mix to higher margin service revenue and increased product and service gross margin. Revenue mix shifted by 4.3 percentage points from product revenue to service revenue, as a percentage of total revenue.

The increase in our operating margin primarily benefits from a 1.3 percentage points increase in gross margin and 0.4 percentage points decrease in sales and marketing expense as a percentage of revenue, partially offset by 0.2 percentage points increase in general and administrative expense as percentage of revenue.

The increase in our operating margin primarily benefits from 3.9 percentage points increase in gross margin and 3.5 percentage points decrease in sales and marketing expense as a percentage of revenue, partially offset by 0.5 percentage points increase in research and development expense as percentage of revenue.

We define free cash flow as net cash provided by operating activities minus purchases of property and equipment and excluding any significant non-recurring items.

We define free cash flow as net cash provided by operating activities minus purchases of property and equipment.

In addition, non-personnel-related product development costs increased $13.8 million and depreciation expense and other occupancy-related expense increased $11.4 million.

In addition, non-personnel-related product development costs increased $14.1 million and depreciation expense and other occupancy-related expense increased $6.8 million.

The increases in service revenue were primarily due to the recognition of revenue from our growing deferred revenue balance related to FortiGuard and other security subscriptions delivered to on-premise and cloud-based environments. Security subscriptions outpaced technical support growth due to strength in secure networking subscriptions, SecOps and SASE.

The increase was primarily due to the recognition of service revenue from our growing deferred revenue balance related to FortiGuard and other security subscriptions delivered to on-premise and cloud-based environments and strength in unified SASE and SecOps.

In 2023, we repurchased 27.2 million shares of common stock under the Repurchase Program for an aggregate purchase price of $1.50 billion. As of December 31, 2023, $529.1 million remained available for future share repurchases under the Repurchase Program.

In 2024, we repurchased less than 0.1 million shares of common stock under the Repurchase Program for an aggregate purchase price of $0.6 million. As of December 31, 2024, approximately $2.03 billion remained available for future share repurchases under the Repurchase Program.

We currently intend to continue to invest in our research and development organization, and expect research and development expense to increase in absolute dollars in 2024. 62 Table of Contents Sales and marketing Sales and marketing expense increased $319.9 million, or 19%, in 2023 compared to 2022, primarily due to an increase of $244.3 million in personnel-related costs.

We currently intend to continue to invest in our research and development organization, and expect research and development expense to increase in absolute dollars in 2025. 67 Table of Contents Sales and marketing Sales and marketing expense increased $38.8 million, or 2%, in 2024 compared to 2023, primarily due to an increase of $44.0 million in personnel-related costs.

Worsening economic conditions, including inflation, higher interest rates, slower growth, any recession, fluctuations in foreign exchange rates, instability in the global banking industry and other changes in economic conditions, may result in decreased sales productivity and growth and adversely affect our results of operations and financial performance.

Worsening economic conditions, including inflation, changing interest rates, tariffs and other trade disruptions, slower growth, any recession, fluctuations in foreign exchange rates and other changes in economic conditions, may result in decreased sales productivity and 57 Table of Contents growth and adversely affect our results of operations and financial performance.

It is our investment policy to invest excess cash in a manner that preserves capital, provides liquidity and generates return without significantly increasing risk. We do not enter into investments for trading or speculative purposes.

It is our investment policy to invest excess cash in a manner that preserves capital, provides liquidity, and generates return without significantly increasing risk.

Discussion regarding our financial condition and results of operations for 2022 as compared to 2021 can be found in Item 7 of our Annual Report on Form 10-K for the fiscal year ended December 31, 2022, filed with the SEC on February 24, 2023. 60 Table of Contents 2023 and 2022 Revenue Year Ended December 31, 2023 2022 Amount % of Revenue Amount % of Revenue Change % Change (in millions, except percentages) Revenue: Product $ 1,927.3 36 % $ 1,780.5 40 % $ 146.8 8 % Service 3,377.5 64 2,636.9 60 740.6 28 Total revenue $ 5,304.8 100 % $ 4,417.4 100 % $ 887.4 20 % Revenue by geography: Americas $ 2,175.2 41 % $ 1,785.0 41 % $ 390.2 22 % EMEA 2,072.9 39 1,691.8 38 381.1 23 APAC 1,056.7 20 940.6 21 116.1 12 Total revenue $ 5,304.8 100 % $ 4,417.4 100 % $ 887.4 20 % Total revenue increased $887.4 million, or 20%, in 2023 compared to 2022.

Discussion regarding our financial condition and results of operations for 2023 as compared to 2022 can be found in Item 7 of our Annual Report on Form 10-K for the fiscal year ended December 31, 2023, filed with the SEC on February 26, 2024. 65 Table of Contents 2024 and 2023 Revenue Year Ended December 31, 2024 2023 Amount % of Revenue Amount % of Revenue Change % Change (in millions, except percentages) Revenue: Product $ 1,908.7 32 % $ 1,927.3 36 % $ (18.6) (1) % Service 4,047.1 68 3,377.5 64 669.6 20 Total revenue $ 5,955.8 100 % $ 5,304.8 100 % $ 651.0 12 % Revenue by geography: Americas $ 2,442.2 41 % $ 2,175.2 41 % $ 267.0 12 % EMEA 2,396.2 40 2,072.9 39 323.3 16 APAC 1,117.4 19 1,056.7 20 60.7 6 Total revenue $ 5,955.8 100 % $ 5,304.8 100 % $ 651.0 12 % Total revenue increased $651.0 million, or 12%, in 2024 compared to 2023.

Contingent Liabilities From time to time, we are involved in disputes, litigation and other legal actions. However, there are many uncertainties associated with any litigation, and these actions or other third-party claims against us may cause us to incur substantial settlement charges, which are inherently difficult to estimate and could adversely affect our results of operations.

However, there are many uncertainties associated with any litigation, and these actions or other third-party claims against us may cause us to incur substantial settlement charges, which are inherently difficult to estimate and could adversely affect our results of operations. We periodically review significant claims and litigation matters for the probability of an adverse outcome.

Cost of service revenue is primarily comprised of personnel costs, third-party repair and contract fulfillment, data center costs, colocation expenses and cloud provider fees, supplies, facility-related costs and amortization of intangible assets. Gross margin .

Cost of service revenue is primarily comprised of personnel costs, replacement cost, data center infrastructure, software and delivery costs, colocation and cloud provider fees, facility-related costs and amortization of intangible assets. Gross margin .

Interest income varies depending on our average investment balances during the period, types and mix of investments, and market interest rates. Interest expense increased $3.0 million in 2023 as compared to 2022.

Interest income varies depending on our average investment balances during the period, types and mix of investments, and market interest rates. Interest expense decreased $1.0 million in 2024 as compared to 2023. Gain on bargain purchase was $106.3 million in 2024 and is related to our acquisition of Lacework.

Provision for income taxes Year Ended December 31, Change % Change 2023 2022 (in millions, except percentages) Provision for income taxes $ 143.8 $ 30.8 $ 113.0 367 % Effective tax rate (%) 11 % 3 % Our provision for income taxes for 2023 reflects an effective tax rate of 11%, compared to an effective tax rate of 3% for 2022.

Provision for income taxes Year Ended December 31, Change % Change 2024 2023 (in millions, except percentages) Provision for income taxes $ 283.9 $ 143.8 $ 140.1 97 % Effective tax rate (%) 14 % 11 % Our provision for income taxes for 2024 reflects an effective tax rate of 14%, compared to an effective tax rate of 11% for 2023.

Sales and marketing expense is the largest component of our operating expenses and primarily consists of personnel costs. Additional sales and marketing expenses include product marketing, public relations, field marketing and events and channel marketing programs (e.g., partner cooperative marketing arrangements), as well as travel, depreciation of property and equipment and facility-related expenses.

Additional sales and marketing expenses include product marketing, public relations, field marketing and events and channel marketing programs (e.g., partner cooperative marketing arrangements), as well as travel, depreciation of property and equipment and facility-related 60 Table of Contents expenses.

These proprietary ASICs, combined with off-the-shelf CPUs and ASICs, allow our systems to scale, run multiple applications at higher performance, lower power consumption and perform more processor-intensive operations, such as inspecting encrypted traffic, including streaming video.

As part of the process of preparing our consolidated financial statements, we are required to estimate our taxes in each of the jurisdictions in which we operate. We estimate actual current tax exposure together with assessing temporary differences resulting from differing treatment of items, such as accruals and allowances not currently deductible for tax purposes.

We estimate actual current tax exposure together with assessing temporary differences resulting from differing treatment of items, such as accruals and allowances not currently deductible for tax purposes. These differences result in deferred tax assets, which are included in our consolidated balance sheets.

Interest income, interest expense and other expense — net Year Ended December 31, 2023 2022 Change % Change (in millions, except percentages) Interest income $ 119.7 $ 17.4 $ 102.3 588 % Interest expense (21.0) (18.0) (3.0) 17 % Other expense—net (6.1) (13.5) 7.4 (55) % Interest income increased $102.3 million in 2023 as compared to 2022, primarily as a result of higher interest rates and investment balances.

Interest income, interest expense, gain on bargain purchase and other income (expense) — net Year Ended December 31, 2024 2023 Change % Change (in millions, except percentages) Interest income $ 155.2 $ 119.7 $ 35.5 30 % Interest expense (20.0) (21.0) 1.0 (5) % Gain on bargain purchase 106.3 — 106.3 100 % Other income (expense)—net 13.6 (6.1) 19.7 (323) % Interest income increased $35.5 million in 2024 as compared to 2023, primarily as a result of higher investment balances.

An end-customer deployment may involve as few as one or as many as thousands of secure networking, unified SASE and security operations technology products, depending on the end-customer’s size and security requirements. Our customers purchase our hardware products, software licenses and cloud-delivered solutions, as well as our FortiGuard and other security subscription and FortiCare technical support services.

An end-customer deployment may involve as few as one or as many as thousands of secure networking, unified SASE and security operations technology products or users, depending on the end-customer’s size and security requirements.

Headcount increased 8% to 13,568 employees as of December 31, 2023, up from 12,595 as of December 31, 2022. Impact of Macroeconomic Developments Our overall performance depends in part on worldwide economic and geopolitical conditions, such as the war in Ukraine and the Israel-Hamas war or tensions between China and Taiwan, and their impact on customer behavior.

Impact of Macroeconomic and Geopolitical Developments Our overall performance depends in part on worldwide economic and geopolitical conditions, such as GDP growth, the war in Ukraine or tensions between China and Taiwan, and their impact on customer behavior.

Of the service revenue recognized in 2023, 67% was included in the deferred revenue balance as of December 31, 2022. Of the service revenue recognized in 2022, 66% was included in the deferred revenue balance as of December 31, 2021.

Of the service revenue recognized in 2023, 67% was included in the deferred revenue balance as of December 31, 2022. Of the service revenue recognized in each quarter of 2024, from 88% to 90% was included in deferred revenue as of the beginning of the respective quarter.

Service revenue growth of 28% in 2023 was primarily driven by the strength of our security subscription revenue, which grew 33%. The increase was primarily due to the recognition of revenue from our growing deferred revenue balance related to FortiGuard and other security subscriptions delivered to on-premise and cloud-based environments.

The increase was primarily due to the recognition of revenue from our growing deferred revenue balance related to FortiGuard and other security subscriptions delivered to on-premise and cloud-based environments and growth in SaaS solutions, including unified SASE and SecOps. Of the service revenue recognized in 2024, 70% was included in the deferred revenue balance as of December 31, 2023.

In addition, changes in operating assets and liabilities were driven by an increase of $353.5 million in deferred contract costs, an increase of $301.9 million in deferred tax assets, an increase of $253.5 million in inventory and an increase of $146.4 million in accounts receivable—net.

In addition, changes in operating assets and liabilities were driven by an increase of $311.1 million in deferred contract costs, an increase of $223.2 million in deferred tax assets, a decrease of $131.2 million in inventory, a decrease of $106.7 million in accrued liabilities, and an increase of $45.4 million in accounts receivable—net.

Management accounts for these limitations by providing specific information regarding GAAP revenue and evaluating billings together with GAAP revenue. Total billings were $6.53 billion in 2024, an increase of 2% compared to $6.40 billion in 2023. Our backlog may fluctuate over quarters. A reduction to backlog increases our aggregate billings and revenue during the quarter when delivered.

Deferred tax assets and liabilities are measured using the currently enacted tax rates that 57 Table of Contents apply to taxable income in effect for the years in which those tax assets and liabilities are expected to be realized or settled. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.

In addition, deferred tax assets are recorded for the future benefit of utilizing net operating losses and research and development credit carryforwards. Deferred tax assets and liabilities are measured using the currently enacted tax rates that apply to taxable income in effect for the years in which those tax assets and liabilities are expected to be realized or settled.

Revenue from all regions grew, with the Americas contributing the largest portion of the increase on an absolute dollar basis and EMEA, contributing the largest portion of the increase on a percentage basis. Product revenue increased $146.8 million, or 8%, in 2023 compared to 2022 .

We continued to experience diversification of revenue geographically, and across customer and industry verticals. Revenue from all regions grew, with EMEA contributing the largest portion of the increase on an absolute dollar basis and on a percentage basis. Product revenue remained comparatively flat in 2024 compared to 2023 .

Recent Accounting Pronouncements Refer to Note 1 of the notes to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K for a full description of recently adopted accounting pronouncements.

During 2024, cash used in financing activities was $50.1 million, primarily driven by $37.8 million used to pay tax withholding, net of proceeds from the issuance of common stock. 71 Table of Contents Recent Accounting Pronouncements Refer to Note 1 of the notes to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K for a full description of recently adopted accounting pronouncements.

… 106 more changes not shown on this page.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Market Risk — interest-rate, FX, commodity exposure

6 edited+1 added−3 removed7 unchanged

2023 filing

2024 filing

Biggest changeThe risk associated with fluctuating interest rates is limited to our investment portfolio.

Biggest changeThe risk associated with fluctuating interest rates is limited to our investment portfolio. A 10% decrease in interest rates would have resulted in a decrease of $15.5 million in our interest income in 2024, and would have resulted in an insignificant decrease in our interest income in 2023 and 2022.

For foreign currency exchange rate risk, a 10% increase or decrease of foreign currency exchange rates against the U.S. dollar with all other variables held constant would have resulted in a $14.2 million change in the value of our foreign currency cash balances as of December 31, 2023.

The rate of inflation, however, affects our cost of revenue and expenses, such as those for employee compensation, which may not be readily recoverable in the price of products and services offered by us. 67 Table of Contents

To minimize this risk, we maintain our 66 Table of Contents portfolio of cash, cash equivalents, investments and marketable equity securities in a variety of securities, including commercial paper, corporate debt securities, U.S. government and agency securities, certificates of deposit and term deposits, money market funds, municipal bonds and marketable equity securities.

To minimize this risk, we maintain our portfolio of cash, cash equivalents, investments and marketable equity securities in a variety of securities, including commercial paper, corporate debt securities, U.S. government and agency securities, certificates of deposit and term deposits, money market funds, municipal bonds and marketable equity securities.

We record changes in the fair value of forward exchange contracts related to balance sheet accounts in other expense—net in the consolidated statements of income. We recognized an expense of $7.0 million in 2023 due to foreign currency transaction losses. Our use of forward exchange contracts is intended to reduce, but not eliminate, the impact of currency exchange rate movements.

We record changes in the fair value of forward exchange contracts related to balance sheet accounts in other income (expense)—net in the consolidated statements of income. We recognized an expense of $16.9 million in 2024 due to foreign currency transaction losses.

Our forward exchange contracts are relatively short-term in nature and are focused on the CAD. Long-term material changes in the value of the U.S. dollar against other foreign currencies, such as the EUR, GBP and JPY could adversely impact our operating expenses in the future.

Long-term material changes in the value of the U.S. dollar against other foreign currencies, such as the EUR, GBP and JPY could adversely impact our operating expenses in the future. We assessed the risk of loss in fair values from the impact of hypothetical changes in foreign currency exchange rates.

Removed

A 10% decrease in interest rates would have resulted in a decrease of $12.0 million in our interest income in 2023, and would have resulted in an insignificant decrease in our interest income in 2022 and 2021 On March 5, 2021, we issued $1.0 billion aggregate principal amount of senior notes, consisting of $500.0 million aggregate principal amount of 1.0% notes due March 15, 2026 and $500.0 million aggregate principal amount of 2.2% notes due March 15, 2031.

Added

Our use of forward exchange contracts is intended to reduce, but not eliminate, the impact of currency exchange rate movements. Our forward exchange contracts are relatively short-term in nature and are focused on the CAD.

Removed

We carry the senior notes at face value less unamortized discount on our consolidated balance sheets. As the senior notes bear interest at a fixed rate, we have no financial statement risk associated with changes in interest rates. Refer to Note 11. Debt in Part II, Item 8 of this Annual Report on Form 10-K.

Removed

We assessed the risk of loss in fair values from the impact of hypothetical changes in foreign currency exchange rates.

Top changes in Fortinet's 2024 10-K

Item 1. Business

Item 1A. Risk Factors

Item 1C. Cybersecurity

Item 2. Properties

Item 5. Market for Registrant's Common Equity

Item 7. Management's Discussion & Analysis

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Other FTNT 10-K year-over-year comparisons