What changed in Fortinet's 2025 10-K compared to 2024?

Across the narrative sections we track, Fortinet (FTNT) added 437 paragraphs, removed 414, and edited 349 between the 2024 and 2025 10-K filings. The biggest movers are Item 1A. Risk Factors (+180/−167), Item 7. Management's Discussion & Analysis (+163/−156), Item 1. Business (+67/−63).

Did Fortinet add new Risk Factors in the 2025 10-K?

Yes — Item 1A Risk Factors shows 180 new/edited paragraphs and 167 removed paragraphs versus the 2024 10-K.

What changed in Fortinet's MD&A (Item 7) in 2025?

Item 7 Management's Discussion & Analysis shows 163 new/edited paragraphs and 156 removed paragraphs year-over-year. Read the side-by-side diff to see exactly which revenue, margin, and outlook commentary was rewritten.

Did Fortinet update its Cybersecurity disclosure (Item 1C) in 2025?

Item 1C Cybersecurity has 7 paragraph-level changes between the 2024 and 2025 filings.

Did Fortinet's Legal Proceedings (Item 3) change in 2025?

Item 3 shows 1 added/edited paragraphs and 1 removed paragraphs — usually indicating new litigation disclosed or settled cases removed.

Where does this FTNT 10-K diff come from?

The source filings are Fortinet's official 2024 and 2025 Form 10-K annual reports from SEC EDGAR. 10q10k.net parses each filing, aligns paragraphs by section (Item 1, 1A, 1C, 2, 3, 7, 7A), and highlights every added, removed and edited sentence side-by-side.

What changed in Fortinet's 10-K — 2024 vs 2025

Paragraph-level year-over-year comparison of Fortinet's 2024 and 2025 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2025 report.

+437 added−414 removedSource: 10-K (2026-02-25) vs 10-K (2025-02-21)

Top changes in Fortinet's 2025 10-K

437 paragraphs added · 414 removed · 349 edited across 8 sections

Item 1A. Risk Factors+180 / −167 · 142 edited
Item 7. Management's Discussion & Analysis+163 / −156 · 129 edited
Item 1. Business+67 / −63 · 55 edited
Item 5. Market for Registrant's Common Equity+9 / −9 · 7 edited
Item 7A. Quantitative and Qualitative Disclosures About Market Risk+7 / −8 · 7 edited

Item 1. Business

Business — how the company describes what it does

55 edited+12 added−8 removed54 unchanged

2024 filing

2025 filing

Biggest changeFrom branch and campus to data center solutions, SPU-powered Fortinet appliances deliver superior Security Compute Ratings versus industry alternatives. • FortiCloud —Our organically built global cloud infrastructure, powered by FortiStack which is our secure software as a service (“SaaS”) platform operating as a private cloud service provider and leveraging software and hardware to optimize and secure all layers, provides customers with global reach, flexible connectivity, and cost savings. • FortiAI —Our AI innovations encompass generative AI (“GenAI”), big data AI for threat intelligence to process and analyze trillions of events using AI/Machine Learning (“ML”), network operations AI for self-healing networks and automated network orchestration, automation and response, and AI for Large Language Model (“LLM”) leakage to protection against data leakage into LLMs.

Biggest changeFrom branch and campus to data center solutions, SPU-powered Fortinet appliances deliver superior Security Compute Ratings versus industry alternatives. • FortiCloud —Our organically built global cloud infrastructure provides customers with global reach, flexible connectivity and cost savings.

The principal competitive factors in our markets include: • product security performance, throughput, features, effectiveness, interoperability and reliability; • addition and integration of new networking and security features and technological expertise; • compliance with industry standards and security and other certifications; • price of products and services and total cost of ownership; • brand recognition; • customer service and support across varied and complex customer segments and use cases; • sales and distribution capabilities; • size and financial stability; • breadth of product line; 8 Table of Contents • form factor of the solution; and • other competitive differentiators.

The principal competitive factors in our markets include: • product security performance, throughput, features, effectiveness, interoperability and reliability; • addition and integration of new networking and security features and technological expertise; • compliance with industry standards and security and other certifications; • price of products and services and total cost of ownership; 8 Table of Contents • brand recognition; • customer service and support across varied and complex customer segments and use cases; • sales and distribution capabilities; • size and financial stability; • breadth of product line; • form factor of the solution; and • other competitive differentiators.

Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Act of 1933, as amended (the “Securities Act”), are available free of charge on our investor relations website as soon as reasonably practicable after we electronically file such material with, or furnish it to, the Securities and Exchange Commission (the “SEC”).

Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Act of 1933, as amended (the “Securities Act”), are available free of charge on our investor relations website as soon as reasonably practicable after we electronically file such 10 Table of Contents material with, or furnish it to, the Securities and Exchange Commission (the “SEC”).

(“Zscaler”). We believe we compete favorably based on our products’ security performance, throughput, reliability, breadth and ability to work together, our ability to add and integrate new networking and security features and our technological expertise.

We believe we compete favorably based on our products’ security performance, throughput, reliability, breadth and ability to work together, our ability to add and integrate new networking and security features and our technological expertise.

Manufacturing and Suppliers We outsource the manufacturing of our security appliance products to a variety of contract manufacturers and original design manufacturers. Our current manufacturing partners include Accton Technology (“Accton”), IBASE Technology, Inc. (“IBASE”), Micro-Star International Co. (“Micro-Star”), Senao Networks, Inc. (“Senao”), Wistron Corporation (“Wistron”), and a number of other manufacturers. Approximately 88% of our hardware is manufactured in Taiwan.

Additionally, we provide notifications of news or announcements regarding our financial performance, including SEC filings, investor events and press and earnings releases, as part of our investor relations website. The contents of these websites are not intended to be incorporated by reference into this report or in any other report or document we file. 10 Table of Contents

Our Trusted Supplier Program (“TSP”) was developed in accordance with the requirements defined in National Institute of Standards and Technology Special Publications (“NIST SP”) 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations and other directives as periodically established by the U.S. government for 6 Table of Contents securing the Information and Communication Technology Services supply chain, in response to increasing customer demand for transparency in the security of the hardware, firmware and software that is included in our products and to comply with U.S. government directives.

Our Trusted Supplier Program (“TSP”) was developed in accordance with the requirements defined in National Institute of Standards and Technology Special Publications (“NIST SP”) 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations and other directives as periodically established by the U.S. government for securing the Information and Communication Technology Services supply chain, in response to increasing customer demand for transparency in the security of the hardware, firmware and software that is included in our products and to comply with U.S. government directives.

Global technical support is offered 24x7 with flexible add-ons, including enhanced service-level agreements (“SLAs”) and priority hardware replacement through in-country and local depots. Organizations have the flexibility to procure different levels of service for different devices based on their availability needs.

Our Codes of Conduct apply to employees, partners and suppliers, and we have compliance trainings and controls in place. In 2023, we established a risk management committee and steering committee to further enhance our anti-corruption program and we employ a thorough screening process for partners and suppliers, including continuous monitoring in high-risk zones, and resolution process for risk mitigation.

Our Codes of Conduct apply to employees, partners and suppliers, and we have compliance trainings and controls in place. We have a risk management committee and steering committee to further enhance our anti-corruption program and we employ a thorough screening process for partners and suppliers, including continuous monitoring in high-risk zones, and resolution process for risk mitigation.

We offered our Security Awareness Curriculum at no cost to primary and secondary schools across the same countries. We are involved in over 700 education partnerships across more than 100 countries and participates in public-private partnerships, including the World Economic Forum’s Cybersecurity Talent Framework.

We offered our Security Awareness Curriculum at no cost to primary and secondary schools across the same countries. We are involved in over 890 education partnerships across more than 100 countries and participates in public-private partnerships, including the World Economic Forum’s Cybersecurity Talent Framework.

As of December 31, 2024, our end-customers were located in over 100 countries and included enterprises across a wide variety of market verticals, including financial services, retail, healthcare and operational technology (“OT”) market verticals, communication and security service providers, and government organizations.

As of December 31, 2025, our end-customers were located in over 100 countries and included enterprises across a wide variety of market verticals, including financial services, retail, healthcare and operational technology (“OT”) market verticals, communication and security service providers, and government organizations.

Among others, our competitors include Check Point Software Technologies Ltd. (“Check Point”), Cisco Systems, Inc. (“Cisco”), CrowdStrike Holdings, Inc. (“CrowdStrike”), F5 Networks, Inc. (“F5 Networks”), Hewlett-Packard Enterprise (“HPE”), Huawei Technologies Co., Ltd. (“Huawei”), Juniper Networks, Inc. (“Juniper”), Microsoft Corporation (“Microsoft”), Netskope Inc. (“Netskope”), Palo Alto Networks, Inc. (“Palo Alto Networks”), SonicWALL, Inc. (“SonicWALL”), Sophos Group Plc (“Sophos”) and Zscaler, Inc.

Among others, our competitors include Check Point Software Technologies Ltd. (“Check Point”), Cisco Systems, Inc. (“Cisco”), CrowdStrike Holdings, Inc. (“CrowdStrike”), F5 Networks, Inc. (“F5 Networks”), Hewlett-Packard Enterprise (“HPE”), Huawei Technologies Co., Ltd. (“Huawei”), Microsoft Corporation (“Microsoft”), Netskope Inc. (“Netskope”), Palo Alto Networks, Inc. (“Palo Alto Networks”), SonicWALL, Inc. (“SonicWALL”), Sophos Group Plc (“Sophos”) and Zscaler, Inc. (“Zscaler”).

In addition, our Chief Executive Officer regularly communicates the importance of our core values of openness, teamwork and innovation. 9 Table of Contents None of our U.S. employees are represented by a labor union. Our employees in certain European and Latin American countries, however, have the right to be represented by external labor organizations if they maintain up-to-date union membership.

In addition, our Chief Executive Officer regularly communicates the importance of our core values of openness, teamwork and innovation. None of our U.S. employees are represented by a labor union. Our employees in certain European and Latin American countries, however, have the right to be represented by external labor organizations if they maintain up-to-date union membership.

Despite our efforts to protect our rights in our technology, unauthorized parties may attempt to copy aspects of our products or obtain and use information and technology that we regard as proprietary. We generally enter into confidentiality 7 Table of Contents agreements with our employees, consultants, vendors and customers, and generally limit access to and distribution of our proprietary information.

Despite our efforts to protect our rights in our technology, unauthorized parties may attempt to copy aspects of our products or obtain and use information and technology that we regard as proprietary. We generally enter into confidentiality agreements with our employees, consultants, vendors and customers, and generally limit access to and distribution of our proprietary information.

See Part II, Item 8 of this Annual Report on Form 10-K for more information on our consolidated balance sheets as of December 31, 2024 and 2023 and our consolidated statements of income, comprehensive income, equity (deficit), and cash flows for each of the three years ended December 31, 2024, 2023 and 2022.

See Part II, Item 8 of this Annual Report on Form 10-K for more information on our consolidated balance sheets as of December 31, 2025 and 2024 and our consolidated statements of income, comprehensive income, stockholders’ equity (deficit), and cash flows for each of the three years ended December 31, 2025, 2024 and 2023.

We pursue and maintain a broad portfolio of product and information security certifications available at the Fortinet Trust Site. Intellectual Property We rely primarily on patent, trademark, copyright and trade secrets laws, confidentiality procedures and contractual provisions to protect our technology.

We pursue and maintain a broad portfolio of product and information security certifications available at the Fortinet Trust Site. 7 Table of Contents Intellectual Property We rely primarily on patent, trademark, copyright and trade secrets laws, confidentiality procedures and contractual provisions to protect our technology.

The portfolio consists of FortiGuard application security services, content security services, device security services, NOC/SOC security services and web security services. 4 Table of Contents FortiCare Technical Support Service is a per-device technical support service, which provides customers access to experts to ensure efficient and effective operations and maintenance of their Fortinet capabilities.

The 4 Table of Contents portfolio consists of FortiGuard application security services, content security services, device security services, NOC/SOC security services and web security services. FortiCare Technical Support Service is a technical support service, which provides customers access to experts to ensure efficient and effective operations and maintenance of their Fortinet solution.

Our compensation programs for our employees include base pay, incentive compensation, opportunities for equity ownership where local statutes allow and employee benefits that promote well-being across different aspects of our employees’ lives, which may include health and welfare insurance, retirement benefits and paid time off. As a global company, we value diversity and inclusion across our workforce.

FortiGuard Labs is our cybersecurity threat intelligence and research organization comprised of experienced threat hunters, researchers, analysts, engineers and data scientists who develop and utilize machine learning and AI technologies to provide timely protection updates and actionable threat intelligence for the benefit of our customers.

FortiGuard Labs is our cybersecurity threat intelligence and research organization comprised of experienced threat hunters, researchers, analysts, engineers and data scientists who develop and utilize ML and AI technologies to provide timely protection updates and actionable threat intelligence for the benefit of our customers.

Depending on the solution or form factor purchased, customers may also access our products via the cloud through our data centers and PoPs, third-party colocations and cloud providers such as Amazon Web Services, Microsoft Azure and Google Cloud. Often, our customers also purchase our FortiGuard and other security subscription services and FortiCare technical support services.

Depending on the solution or form factor purchased, customers may also access our products via the cloud through our data centers and PoPs, third-party colocations and cloud providers such as Amazon Web Services, 5 Table of Contents Microsoft Azure and Google Cloud. Often, our customers also purchase our FortiGuard and other security subscription services and FortiCare technical support services.

We offer three per-device support options tailored to the needs of our enterprise customers: FortiCare Elite, FortiCare Premium and FortiCare Essential. The FortiCare Elite service aims to provide a 15-minute response time for key product families. In addition to FortiCare device level services, Advanced Support service options are available per account.

We offer three support options tailored to the needs of our enterprise customers: FortiCare Elite, FortiCare Premium and FortiCare Essential. The FortiCare Elite service aims to provide a 15-minute response time for key product families. In addition to FortiCare solution based services, Advanced Support service options are available per account.

Refer to Note 16 Segment Information in Part II, Item 8 of this Annual Report on Form 10-K for distributor customers accounted for 10% or more of our revenue or net accounts receivable. 5 Table of Contents Sales and Marketing We primarily sell our products and services through a two-tier distribution model.

Refer to Note 15. Segment Information in Part II, Item 8 of this Annual Report on Form 10-K for distributor customers accounted for 10% or more of our revenue or net accounts receivable. Sales and Marketing We primarily sell our products and services through a two-tier distribution model.

Examples of our initiatives focused on our employees include our company matching program for employee charitable contributions and the free security training programs we offer to help with career development for our employees, in addition to the general public. Our culture is defined by our commitment to ethics and integrity.

Examples of our initiatives focused on our employees include our company matching program for employee charitable contributions, paid volunteering days (where applicable) and the free security training programs we offer to help with career development for our employees, in addition to the general public. Our culture is defined by our commitment to ethics and integrity.

We are one of the few vendors to deliver consistent convergence and AI-powered security across Secure SD-WAN and SSE to enable a single-vendor SASE framework with a cloud-centric architecture powered by FortiOS. Our global and scalable cloud network includes 150+ points of presence to deliver the seamless secure access experience.

We are one of the few vendors to deliver consistent convergence and AI-powered security across Secure SD-WAN and SSE to enable a single-vendor SASE framework with a cloud-centric architecture powered by FortiOS. Our global and scalable cloud network includes over 190 PoPs to deliver a seamless secure access experience.

Our Secure Connectivity solution includes FortiSwitch secure ethernet switches, FortiAP wireless local area network access points and FortiExtender 5G connectivity gateways. • Unified Secure Access Service Edge (SASE) —As applications move to the cloud and hybrid workforce is now the norm, enabling secure access for users with zero trust framework becomes important.

Our Secure Connectivity solution includes FortiSwitch secure ethernet switches, FortiAP wireless local area network access points and FortiExtender 5G connectivity gateways and Network Access Control (“NAC”) for securing Internet of Things (“IoT”) devices. • Unified Secure Access Service Edge (SASE) —As applications move to the cloud and hybrid workforce is now the norm, enabling secure access for users with zero trust framework becomes important.

Our competitive differentiation lies in our core technologies, which together provide performance, security, flexibility and integration across diverse environments. • FortiOS —FortiOS enables the convergence of security and networking to enforce consistent security policies across form factors and edges.

Our competitive differentiation lies in our core technologies, which together provide performance, security, flexibility and integration across diverse environments. • FortiOS —Our unified operating system enables the convergence of networking and AI-powered security to enforce consistent policies across all form factors and edges.

These services are available for regional account support in three options: Core, Pro and Pro Plus, and can be globalized at the Pro and Pro Plus levels. Advanced Support brings support directly to each account, helping account holders to make their operations more effective and to plan and manage their solution lifecycle.

These services are available for regional account support in three options: Core, Pro and Pro Plus, and can be available or provided on a global basis at the Pro and Pro Plus levels. Advanced Support brings support directly to each account, helping account holders to make their operations more effective and to plan and manage their solution lifecycle.

As the foundation of the Fortinet Security Fabric, FortiOS empowers organizations to unify management and analytics for comprehensive network visibility and control at scale.

As the foundational engine of the Fortinet Security Fabric, FortiOS empowers organizations to unify management and analytics, providing network visibility and control at scale.

As of December 31, 2024, we had 1,034 U.S. and 1,378 global patents and 451 pending U.S. and foreign patent applications. We also license software from third parties for inclusion in our products, including open source software and other software.

As of December 31, 2025, we had 1,064 U.S. and a total of 1,405 global patents, and 365 pending U.S. and foreign patent applications. We also license software from third parties for inclusion in our products, including open source software and other software.

Our supply chain plays a critical role in providing safety for our customers and protection for our brand. Supply chain security management begins with the establishing control of a qualified supplier base, which provides qualified and trusted components for use in design, development, manufacturing and post-sale product support.

Supply chain security management begins with establishing control of a qualified supplier base, which provides qualified and trusted components for use in design, development, manufacturing and post-sale product support.

In 2023, we obtained the ISO14001 certification for our largest company-owned warehouse in Union City, California, and have continued to be a leader on energy efficiency with the launch of our SP5 ASIC and our FortiGate-90G model.

In 2025, we maintained the ISO 14001 certification we obtained in 2023 for our largest company-owned warehouse in Union City, California, and have continued to be a leader on energy efficiency with the launch of our SP5 ASIC and our FortiGate-90G model. We have been certified to Environmental Product Declarations for our FortiGate 50G family.

The Fortinet Unified SASE solution includes a single-vendor SASE solution that includes firewall, SD-WAN, secure web gateway, cloud access services broker, Data Loss Prevention (“DLP”) and zero trust network access to deliver flexible secure access for all users.

The Fortinet Unified SASE solution includes a single-vendor SASE solution that includes firewall, SD-WAN, secure web gateway, cloud access services broker, Data Loss Prevention (“DLP”), Digital Experience Monitoring (“DEM”), Remote Browser Isolation (“RBI”) and ZTNA to deliver flexible secure access for all users.

At the core is FortiAnalyzer, which serves as the central SOC platform with its unified data lake that provides built-in SIEM, SOAR, XDR and threat intelligence, enabling centralized visibility, analytics and automation with complete control. FortiSIEM delivers robust security information and event management for more advanced SOC requirements, while FortiSOAR enables automated orchestration and playbook-driven response.

At the core is FortiAnalyzer, which serves as the central SOC platform with its unified data lake that provides: built-in security information and event management (“SIEM”); security, orchestration, automation, and response (“SOAR”); XDR and threat intelligence, enabling centralized visibility, analytics and automation with complete control.

The Fortinet Training Institute has issued over one million certifications to date. During the year ended December 31, 2024, we generated total revenue of $5.96 billion and net income of $1.75 billion.

The Fortinet Training Institute has issued approximately two million certifications to date. During the year ended December 31, 2025, we generated total revenue of $6.80 billion and net income of $1.85 billion.

As a global company headquartered in Sunnyvale, California, our research and development is centered in the United States and Canada with a global footprint of support and centers of excellence around the world. As of December 31, 2025, we held 1,064 U.S. patents and a total of 1,405 global patents, including 321 AI-related patents.

As of December 31, 2024, we held 1,034 U.S. patents and 1,378 global patents and we have been recognized in over 140 enterprise analyst reports demonstrating both our vision and execution across security and networking products.

We have been recognized in over 140 enterprise analyst reports demonstrating both our vision and execution across security and networking products.

Some of the components important to our business, including certain Central Processing Units (“CPUs”) from Intel Corporation (“Intel”) and Advanced Micro Devices, Inc. (“AMD”), network and wireless chips from Broadcom Inc. (“Broadcom”), Marvell Technology Group Ltd. (“Marvell”), Qualcomm Incorporated (“Qualcomm”) and Intel and memory devices from Intel, Micron Technology (“Micron”), ADATA Technology Co., Ltd.

The components included in our products are sourced from various suppliers by us or, more frequently, by our contract manufacturers. Some of the components important to our business, including certain Central Processing Units (“CPUs”) from Intel Corporation (“Intel”) and Advanced Micro Devices, Inc. (“AMD”), network and wireless chips from Broadcom Inc. (“Broadcom”), Marvell Technology Group Ltd.

Our employees are the foundation of our innovation and cybersecurity leadership for the benefit of our customers. We understand there is a shortage of highly skilled employees for security companies like ours, and we believe that our success and competitive advantage depends largely on our ability to continue to attract and retain highly skilled employees with diverse backgrounds and experiences.

We understand there is a shortage of highly skilled employees for security companies like ours, and we believe that our success and competitive advantage depends largely on our ability to continue to attract and retain highly skilled employees. We believe we offer fair, competitive compensation and benefits, and we encourage a merit-based and inclusive culture.

FortiSIEM delivers security information and event management for more advanced SOC requirements, while FortiSOAR enables automated orchestration and playbook-driven response. This solution set also includes FortiEndpoint, FortiNDR, FortiSandbox, FortiDeceptor, FortiDLP and FortiRecon, helping organizations achieve defense in depth, ensuring attackers face multiple layers of detection and mitigation across endpoints, networks, and applications.

We deliver a holistic approach to cloud security, offering a single unified platform for cloud security and secure Continuous Integration/Continuous Delivery (“CI/CD”) application development needs, consolidating protection across multiple disparate tools, including coding, deploying, and running applications across hybrid and multi-clouds, and delivering AI-driven security across integrated solutions with visibility and context across hybrid and multi-cloud.

Our solutions include application security that includes web application firewalls, cloud network security with virtualized firewalls and cloud-native firewalls, cloud-native application protection and code security. We deliver a holistic approach to cloud security, offering a single unified platform, consolidating protection across multiple disparate tools, including coding, deploying, and running applications across hybrid and multi-clouds.

Additionally, we also offer flexible consumption licensing programs that enable organizations to dynamically optimize their cloud security needs and investments as well as readily meet their cloud minimum spend commitment obligations with Cloud Service Providers. • AI-Driven Security Operations (SecOps) —Our AI-Driven SecOps portfolio provides a comprehensive suite of cybersecurity solutions that identify, protect, detect, respond and recover from threats, all integrated within the Fortinet Security Fabric.

We are a member of the Dow Jones Sustainability Indices — World and North America, for the second consecutive year.

We are a member of the Dow Jones Sustainability Indices — World and North America, and report to both Carbon Disclosure Project (“CDP”) and Ecovadis.

We are also committed to community engagement and social responsibility with regards to our employees and beyond, and our board of directors has active oversight of such initiatives.

As of December 31, 2025 , women represented approximately 40% of the members of our board of directors, and approximately 60% o f our board of directors was from underrepresented communities. 9 Table of Contents We are also committed to community engagement and social responsibility with regards to our employees and beyond, and our board of directors has active oversight of such initiatives.

We submit purchase orders to our contract manufacturers that describe the type and quantities of our products to be manufactured, the delivery date and other delivery terms. Once our products are manufactured, they are sent to either our warehouse in California or to our logistics partner in Taoyuan City, Taiwan, where accessory packaging and quality-control testing are performed.

Once our products are manufactured, they are sent to either our warehouse in California, our warehouse in the Netherlands or to our logistics partner in Taoyuan City, Taiwan, where accessory packaging and quality-control testing are performed. We believe that outsourcing our manufacturing and a substantial portion of our logistics enables us to focus resources on our core competencies.

These innovations range from edge products to Network Operations Center (“NOC”) and Security Operations Center (“SOC”) tools and services to provide effective and efficient networking and cybersecurity performance and operation. 3 Table of Contents These competitive differentiators allow us to provide Chief Information Officer (“CIO”)s, Chief Information Security Officer (“CISO”)s, Chief Technology Officer (“CTO”)s, and their organizations with an integrated AI-driven cybersecurity platform with over 50 products across three solution pillars. • Secure Networking —Our Secure Networking solutions focus on the convergence of networking and security via FortiOS, our networking and security operating system that is the foundation of our Fortinet Security Fabric platform and supports over 30 functions that can be delivered via a physical, virtual, cloud or software as a SaaS solution.

These offerings include security capabilities for CPS assets and tools that support centralized NOC and SOC functions. 3 Table of Contents These competitive differentiators provide networking and security professionals with a cyber security platform comprised of over 50 products across three solution pillars: • Secure Networking —Our Secure Networking solutions focus on the convergence of networking and security via FortiOS, our networking and security operating system that is the foundation of our Fortinet Security Fabric platform and supports a broad range of functions that can be delivered via a physical, virtual, cloud or SaaS solutions.

Human Capital Management As of December 31, 2024, our total headcount was 14,138 employees, approximately 30% of whom were employed in the United States, approximately 20% of whom were employed in Canada and approximately 50% of whom were employed outside of the United States and Canada. We do not own any manufacturing or research and development activities in China.

Human Capital Management As of December 31, 2025, our total headcount was 15,109 employees, approximately 30% of whom were employed in the United States, approximately 20% of whom were employed in Canada and approximately 50% of whom were employed outside of the United States and Canada, primarily in Europe, Middle East and Africa (“EMEA”), consistent with our customer base.

We believe that outsourcing our manufacturing and a substantial portion of our logistics enables us to focus resources on our core competencies. Our proprietary ASICs, which are key to the performance of our appliances, are built by contract manufacturers including Toshiba America Electronic Components, Inc. (“Toshiba America”) and Renesas Electronics America, Inc. (“Renesas”).

Our proprietary ASICs, which are key to the performance of our appliances, are built by contract manufacturers including Toshiba America Electronic Components, Inc. (“Toshiba America”) and Renesas Electronics America, Inc. (“Renesas”). These contract manufacturers use foundries in Taiwan and Japan operated by either Taiwan Semiconductor Manufacturing Company Limited (“TSMC”) or by the contract manufacturer itself.

Such commitment starts at the top, with a highly skilled and diverse board of directors. As of December 31, 2024 , women represented 40% of the members of our board of directors, and approximately 50% o f our board of directors was from underrepresented communities.

Such commitment starts at the top, with a highly skilled and diverse board of directors.

We are committed to empower individuals within our organization and across the security industry to reach their full potential. We continue to focus on skilling, upskilling and reskilling individuals and are on track to reach our goal of training one million people in cybersecurity by 2026 with over 630,000 individuals trained as of the end of 2024.

We also disclose our Scope 3 emissions, across all 12 relevant categories, as part of our annual reporting on sustainability. We are committed to empower individuals within our organization and across the security industry to reach their full potential. We continue to focus on skilling, upskilling and reskilling individuals.

(“ADATA”), Toshiba Corporation (“Toshiba”), Samsung Electronics Co., Ltd. (“Samsung”), and Western Digital Technologies, Inc. (“Western Digital”), are available from limited or sole sources of supply. We have no long-term contracts related to the manufacturing of our ASICs or other components that guarantee any capacity or pricing terms.

(“Marvell”), Qualcomm Incorporated (“Qualcomm”) and Intel and memory devices from Intel, Micron Technology (“Micron”), ADATA Technology Co., Ltd. (“ADATA”), Toshiba Corporation (“Toshiba”), Samsung Electronics Co., Ltd. (“Samsung”), and Western Digital Technologies, Inc. (“Western Digital”), are available from limited or sole sources of supply.

Our network firewall offerings consist of a FortiGate data center, hyperscale and distributed firewalls, as well as encrypted applications (secure sockets layer (“SSL”) inspection, virtual private network and Internet Protocol Security (“IPsec”) connectivity). Our ability to converge networking and security also enables the ethernet to become an extension of our customers’ security infrastructure through FortiSwitch and FortiLink.

Our network firewall offerings consist of a FortiGate, which can be deployed at branch, campus, data center, internal segmentation, private and public cloud to enable hybrid mesh firewall solutions, as well as encrypted applications (secure sockets layer (“SSL”) inspection, virtual private network and Internet Protocol Security connectivity).

Our wireless LAN solution leverages secure networking to provide secure wireless access for the enterprise LAN edge. FortiExtender secures 5G/LTE and remote ethernet extenders to connect and secure any branch environment.

Our ability to converge networking and security also enables the ethernet to become an extension of our customers’ security infrastructure through FortiSwitch and FortiLink. FortiExtender secures 5G/LTE and remote ethernet extenders to connect and secure any branch environment.

This minimizes the need for manual intervention and provides faster remediation of threats across all environments. • OT Security —The Fortinet Security Fabric enables security for converged IT/OT ecosystems. It also provides an OT Security Platform with features and products to extend Security Fabric capabilities to OT networks in factories, plants, remote locations and ships.

This minimizes the need for manual intervention and provides faster remediation of threats across environments. • OT Security —The Fortinet Security Fabric enables security for OT systems and Cyber-Physical Systems (“CPS”), including converged IT/OT architectures. Our OT Security Platform is purpose-built to protect the engineered systems that underpin critical infrastructure and supply chains around the world.

Given this, we are well positioned to support customers expanding from SD-WAN to a single-vendor SASE platform. Additionally, we offer a full suite of comprehensive, integrated cloud security solutions that enable customers to secure their applications from code to cloud.

FortiSASE Sovereign delivers full SASE capabilities within infrastructure environments that organizations control, including on-premises, in private data centers or trusted colocation environments. Additionally, we offer a full suite of integrated cloud security solutions that enable customers to secure their applications from code to cloud.

To further validate our strategy, FortiOS has been recognized across five Gartner Magic Quadrants, including Firewall, Software-Defined Wide-Area Network (“SD-WAN”), Security Service Edge (“SSE”), SASE Platforms and Wired and Wireless Local Area Network (“LAN”). • FortiASIC —Our Application-Specific Integrated Circuit (“ASIC”)-based security processing units (“SPUs”) increase the speed, scale, efficiency and value of our solutions while improving user experience, reducing footprint and power requirements.

FortiOS includes advanced encryption and other security technologies designed to address evolving cybersecurity threats, including emerging quantum-resistant cryptographic capabilities. • FortiASIC —Our Application-Specific Integrated Circuit (“ASIC”)-based security processing units (“SPUs”) increase the speed, scale, efficiency and value of our solutions while reducing footprint and power requirements.

Removed

As of December 31, 2024, our customers included approximately 80% of the Fortune 100 companies and approximately 72% of the Global 2000 companies. We were also ranked #7 in the Forbes Most Trusted Companies list in 2024.

Added

FortiCloud is our private cloud software as a service (“SaaS”) platform, powered by FortiStack, which is our secure SaaS platform operating as a private cloud service provider and leveraging software and hardware to optimize and secure all layers. • FortiAI —FortiAI provides a dual-layered defense across the Fortinet Security Fabric through the AI for Security and Security for AI framework.

Removed

Our GenAI assists security teams to make better decisions, rapidly respond to threats and save time on even the most complex tasks.

Added

Within AI for Security, FortiAI-Assist uses generative and agentic AI to support Network Operations Center (“NOC”) and Security Operations Center (“SOC”) teams in monitoring, analysis and response activities across enterprise environments. Security for AI comprises of FortiAI-Protect and FortiAI-SecureAI.

Removed

FortiAI is seamlessly integrated into the user experience of several of our products, including FortiAnalyzer, FortiSIEM and FortiSOAR, to help optimize threat investigation and response, Security information and event management (“SIEM”) queries, Security, orchestration, automation, and response (“SOAR”) playbook creation, among other functions. • FortiEndpoint —FortiEndpoint converges secure connectivity, endpoint protection and advanced capabilities like endpoint detection and response and extended detection and response (“XDR”), into a single agent.

Added

FortiAI-Protect utilizes AI/Machine Learnings (“ML”) to address AI-driven threats and zero-day attacks, and support governance over generative AI (“GenAI”) applications, FortiAI-SecureAI focus on protecting an organization’s AI infrastructure, including large language models (“LLMs”) and Application Programming Interface (“APIs”), and preventing data leakage into and out of LLMs.

Removed

To help alleviate security risks across the organization, we have continued to enhance our OT Security Platform offerings.

Added

FortiAI protects the AI ecosystem, infrastructure, models, workloads, data and supply chains, while leveraging unified AI intelligence across the Fortinet Security Fabric to defend against threats. • FortiEndpoint —FortiEndpoint converges secure connectivity, endpoint protection and advanced capabilities like endpoint detection and response and Universal Zero Trust Network Access (“ZTNA”), into a single agent.

Removed

Our solutions include application security that includes our web application firewalls, cloud network security with virtualized firewalls and cloud-native firewalls, cloud-native application protection and code security.

Added

This includes securing energy and utilities systems, manufacturing environments, and transportation, utilizing FortiGuard OT Security Services.

Removed

These contract manufacturers use foundries in Taiwan and Japan operated by either Taiwan Semiconductor Manufacturing Company Limited (“TSMC”) or by the contract manufacturer itself. The components included in our products are sourced from various suppliers by us or, more frequently, by our contract manufacturers.

Added

Leveraging this global infrastructure, we believe we are well positioned to support customers expanding from SD-WAN to a single-vendor SASE platform. We also allow our customers to deploy our FortiSASE as Sovereign SASE, which provides control over the technology elements needed for a SASE solution.

Removed

We believe we offer fair, competitive compensation and benefits, and we encourage a culture of fairness and meritocracy.

Added

We continue to develop all the core SASE capabilities in a single operating system, FortiOS, including Next-Gen Firewall, SD-WAN, ZTNA, secure web gateway, cloud access security broker and DLP.

Removed

We submitted our survey on environment to CDP, which is a not-for-profit charity organization that runs the global disclosure system for companies to manage their environmental impacts. We also disclosed for the first time our Scope 3 emissions, across all 12 relevant categories, as part of our annual reporting on sustainability.

Added

This native integration of our Next-Gen Firewall, SD-WAN and SASE has become the New-Generation SASE Firewall. • AI-Driven Security Operations (SecOps) —Our AI-Driven SecOps portfolio provides a suite of cybersecurity solutions that identify, protect, detect, respond and recover from threats, all integrated within the Fortinet Security Fabric.

Added

We submit purchase orders to our contract manufacturers that describe the type and quantities of our products to be manufactured, the delivery date and other delivery terms.

Added

We have no long-term contracts related to the manufacturing of our ASICs or other components that guarantee any capacity or pricing terms. Additionally, we manage global memory component supply through diversified sourcing arrangements, strategic inventory planning and coordination with key supply chain partners.

Added

Memory components are obtained from multiple suppliers, and we continuously monitor availability, lead times and logistics conditions to support manufacturing continuity and delivery schedules. These actions are intended to mitigate supply volatility and maintain operational flexibility. 6 Table of Contents Our supply chain plays a critical role in providing safety for our customers and protection for our brand.

Added

We do not own any manufacturing or research and development activities in China. Our employees are the foundation of our innovation and cybersecurity leadership for the benefit of our customers.

Item 1A. Risk Factors

Risk Factors — what could go wrong, per management

142 edited+38 added−25 removed402 unchanged

2024 filing

2025 filing

Biggest changeFor fiscal year 2024, the comparably lower backlog contribution to billings resulted in decreased year-over-year quarterly growth rates; • supplier cost increases and any lack of market acceptance of our price increases designed to help offset any supplier cost increases; • the timing of channel partner and end-customer orders and our reliance on a concentration of shipments at the end of each quarter or changes in shipping terms; 11 Table of Contents • the impact to our business, the global economy, disruption of global supply chains and creation of significant volatility and disruption of the financial markets due to factors such as increased inflation or possible stagflation in certain geographies, changing interest rates, the war in Ukraine and other factors; • defects or vulnerabilities, including critical vulnerabilities, in our products or services, as well as reputational harm from the failure or misuse of our products or services, and any actual or perceived defects or vulnerabilities, including critical vulnerabilities, in our products or services, failure of our products or services to detect or prevent a security incident or to cause a disruption to operations, failure of our customers to implement preventative actions such as updates to one of our deployed solutions or failure to help secure our customers; • compromising of our internal enterprise IT networks, our operational networks, our research and development networks, our back-end labs and cloud stacks hosted in our data centers or PoPs, colocation vendors or public cloud providers, and resulting harm to public perception of our products and services; • the timing of shipments, which may depend on factors such as inventory levels, logistics, manufacturing or shipping delays, our ability to ship products on schedule and our ability to accurately forecast inventory requirements and our suppliers’ ability to deliver components and finished goods; • increased expenses, unforeseen liabilities or write-downs and any negative impact on results of operations from any acquisition or equity investment, as well as accounting risks, integration risks related to product plans and products and risks of negative impact by such acquisitions and equity investments on our financial results; • investors’ expectations of our performance relating to environmental, social and governance (“ESG”) and commitment to carbon neutrality; • certain customer agreements which contain service-level agreements, under which we guarantee specified availability of our platform and solutions; • inconsistent and evolving data and other security requirements and enforcement across certain jurisdictions; • impairments as a result of certain events or changes in circumstances; • the mix of products sold and the mix of revenue between products and services, as well as the degree to which products and services are bundled and sold together for a package price; • the purchasing practices and budgeting cycles of our channel partners and end-customers, including the effect of the end of product lifecycles, refresh cycles or price decreases; • any decreases in demand by channel partners or end-customers, including any such decreases caused by factors outside of our control such as natural disasters and health emergencies, including earthquakes, droughts, fires, power outages, typhoons, floods, pandemics or epidemics and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars, such as the war in Ukraine and critical infrastructure attacks; • the effectiveness of our sales organization, generally or in a particular geographic region, including the time it takes to hire sales personnel, the timing of hiring and our ability to hire and retain effective sales personnel, our efforts to align our sales capacity and productivity with market demand and any negative impact to our sales and the effectiveness of our sales team based on changes to sales compensation or to our sales compensation plan; • sales productivity and sales execution risk related to effectively selling to all segments of the market, including enterprise and small- and medium-sized businesses, government organizations and service providers, and to selling our broad security product and services portfolio, including, among other execution risks, risks associated with the complexity and distraction in selling to all segments, increased competition and unpredictability of timing to close larger enterprise and large organization deals, and the risk that our sales representatives do not effectively sell products and services; • execution risk associated with our efforts to capture the opportunities related to our identified growth drivers, such as risk associated with our ability to capitalize on the convergence of networking and security, vendor consolidation of various cyber security solutions, SD-WAN, infrastructure security, security operations, 12 Table of Contents SASE and other cloud security solutions, endpoint protection, IoT and OT security opportunities and product refresh cycles; • the seasonal buying patterns of our end-customers; • the timing and level of our investments in sales and marketing, and the impact of such investments on our operating expenses, operating margin and the productivity, capacity, tenure and effectiveness of execution of our sales and marketing teams; • the timing of revenue recognition for our sales, including any impacts resulting from extension of payment terms and fluctuations in backlog levels, which could result in more variability and less predictability in our quarter-to-quarter revenue and operating results; • the level of perceived threats to network security, which may fluctuate from period to period; • changes in the requirements, market needs or buying practices and patterns of our distributors, resellers or end-customers; • changes in the growth rates of the network security market in particular and other security and networking markets, such as SD-WAN, OT, switches, access points, security operations, SASE and other cloud solutions for which we and our competitors sell products and services; • the timing and success of new product and service introductions or enhancements by us or our competitors, or any other change in the competitive landscape of our industry, including consolidation among our competitors, partners or end-customers; • the deferral of orders from distributors, resellers or end-customers in anticipation of new products or product enhancements announced by us or our competitors, price decreases or changes in our registration policies, or the acceleration of orders in response to our announced or expected price list increases; • increases or decreases in our billings, revenue and expenses caused by fluctuations in foreign currency exchange rates or a strengthening of the U.S. dollar, as a significant portion of our expenses is incurred and paid in currencies other than the U.S. dollar, and the impact such fluctuations may have on the actual prices that our partners and customers are willing to pay for our products and services; • compliance with existing laws and regulations; • our ability to obtain and maintain permits, clearances and certifications that are applicable to our ability to conduct business with the U.S. federal government, other foreign and local governments and other industries and sectors; • litigation, litigation fees and costs, settlements, judgments and other equitable and legal relief granted related to litigation; • the impact of cloud-based and hosted security solutions on our billings, revenue, operating margins and free cash flow; • decisions by potential end-customers to purchase network security solutions from newer technology providers, from larger, more established security vendors or from their primary network equipment vendors; • price competition and increased competitiveness in our market, including the competitive pressure caused by product refresh cycles and inventory levels; • our ability to both increase revenue and manage and control operating expenses in order to maintain or improve our operating margins; • changes in customer renewal rates or attach rates for our services; • changes in the timing of our billings, collection for our contracts or the contractual term of service sold; 13 Table of Contents • changes in our estimated annual effective tax rates and the tax treatment of research and development expenses and the related impact of cash from operations; • changes in circumstances and challenges in business conditions, including decreased demand, which may negatively impact our channel partners’ ability to sell the current inventory they hold and negatively impact their future purchases of products from us; • increased demand for cloud-based and hosted services and the uncertainty associated with transitioning to providing such services; • potential shift or migration from physical appliances that deliver on-premises network security to cloud and SaaS-based security services; • our channel partners having insufficient financial resources to withstand changes and challenges in business conditions; • disruptions in our channel or termination of our relationship with important channel partners, including as a result of consolidation among distributors and resellers of security solutions; • insolvency, credit or other difficulties confronting our key suppliers and channel partners, which could affect their ability to purchase or pay for products and services and which could disrupt our supply or distribution chain; • political, economic and social instability, including geo-political instability and uncertainty, such as that caused by the war in Ukraine, tensions between China and Taiwan, and any disruption or negative impact on our ability to sell to, ship product to and support customers in certain regions based on trade restrictions, embargoes and export control law restrictions; • general economic conditions, both in domestic and foreign markets; • future accounting pronouncements or changes in our accounting policies as well as the significant costs that may be incurred to adopt and comply with these new pronouncements; • possible impairments or acceleration of depreciation of our existing real estate due to our current real estate investments and future acquisition and development plans; and • legislative or regulatory changes, such as with respect to privacy, information and cybersecurity, exports, the environment, regional component bans, and requirements for local manufacture.

Biggest changeGenerally, a reduction to backlog increases our aggregate billings and revenue during the quarter when delivered; • the timing and level of our investments in sales and marketing, and the impact of such investments on our operating expenses, operating margin and the productivity, capacity, tenure and effectiveness of execution of our sales and marketing teams; • the timing of revenue recognition for our sales, including any impacts resulting from extension of payment terms and fluctuations in backlog levels, which could result in more variability and less predictability in our quarter-to-quarter revenue and operating results; • the level of perceived threats to network security, which may fluctuate from period to period; • changes in the requirements, market needs or buying practices and patterns of our distributors, resellers or end-customers; • changes in the growth rates of the network security market in particular and other security and networking markets, such as SD-WAN, OT, switches, access points, security operations, SASE and other cloud solutions for which we and our competitors sell products and services; • the timing and success of new product and service introductions or enhancements by us or our competitors, or any other change in the competitive landscape of our industry, including consolidation among our competitors, partners or end-customers; • the deferral of orders from distributors, resellers or end-customers in anticipation of new products or product enhancements announced by us or our competitors, price decreases or changes in our registration policies, or the acceleration of orders in response to our announced or expected price list increases, including those related to tariffs; • increases in our expenses caused by fluctuations in foreign currency exchange rates or a weakening of the U.S. dollar, as a significant portion of our expenses are incurred and paid in currencies other than the U.S. dollar, and such fluctuations may negatively affect our financial condition and results of operations; • compliance with existing laws and regulations; • our ability to obtain and maintain permits, clearances and certifications that are applicable to our ability to conduct business with the U.S. federal government, other foreign and local governments and other industries and sectors; • litigation, litigation fees and costs, settlements, judgments and other equitable and legal relief granted related to litigation; • the impact of cloud-based and hosted security solutions, including increased demand for such services and uncertainty associated with transition to providing such services, on our billings, revenue, operating margins and free cash flow; • decisions by potential end-customers to purchase network security solutions from newer technology providers, from larger, more established security vendors or from their primary network equipment vendors; • price competition and increased competitiveness in our market, including the competitive pressure caused by product refresh cycles and inventory levels; • our ability to both increase revenue and manage and control operating expenses in order to maintain or improve our operating margins; • changes in customer renewal rates or attach rates for our services; 14 Table of Contents • changes in the timing of our billings, collection for our contracts or the contractual term of service sold; • changes in our estimated annual effective tax rates and the tax treatment of research and development expenses and the related impact of cash from operations; • changes in circumstances and challenges in business conditions, including decreased demand, which may negatively impact our channel partners’ ability to sell the current inventory they hold and negatively impact their future purchases of products from us; • potential shift or migration from physical appliances that deliver on-premises network security to cloud and SaaS-based security services; • our channel partners having insufficient financial resources to withstand changes and challenges in business conditions; • disruptions in our channel or termination of our relationship with important channel partners, including as a result of consolidation among distributors and resellers of security solutions; • insolvency, credit or other difficulties confronting our key suppliers and channel partners, which could affect their ability to purchase or pay for products and services and which could disrupt our supply or distribution chain; • political, economic and social instability, including geo-political instability and uncertainty, such as that caused by the war in Ukraine, tensions between China and Taiwan, conflicts in the Middle East, and any disruption or negative impact on our ability to sell to, ship product to and support customers in certain regions based on trade restrictions, embargoes and export control law restrictions; • general economic conditions, both in domestic and foreign markets; • future accounting pronouncements or changes in our accounting policies as well as the significant costs that may be incurred to adopt and comply with these new pronouncements; • possible impairments or acceleration of depreciation of our existing real estate due to our current real estate investments and future acquisition and development plans; and • legislative or regulatory changes, such as with respect to privacy, information and cybersecurity, exports, the environment, regional component bans, and requirements for local manufacturing.

We may undertake corporate operating restructurings or transfers of assets that involve our group of foreign country subsidiaries through which we do business abroad, in order to maximize the operational and tax efficiency of our group structure. If ineffectual, such restructurings or transfers could increase our income tax liabilities, and in turn, increase our global effective tax rate.

Moreover, our existing corporate structure and intercompany arrangements have been implemented in a manner we believe reasonably ensures that we are in compliance with current prevailing tax laws.

Some of the risks associated with construction projects include: • construction delays; • lack of availability and delays for data center equipment, including items such as generators and switchgear; • unexpected budget changes; • increased prices for and delays in obtaining building supplies, raw materials and data center equipment; • labor availability, labor disputes and work stoppages with contractors, subcontractors and other third parties; • unanticipated environmental or regulatory issues and geological problems; • delays related to permitting and approvals to open from public agencies and utility companies; • unexpected lack of power access or unexpected increases in power needs; • failure or inability for any reason to meet customer requirements and service level agreements, and any resulting penalties or liabilities related thereto; • investor expectations regarding sustainability; • delays in site readiness leading to our failure to meet commitments made to customers; and • unanticipated customer requirements that would necessitate alternative data center design, making our sites less desirable or leading to increased costs in order to make necessary modifications or retrofits.

Some of the risks associated with construction projects include: • construction delays; • lack of availability and delays for data center equipment, including items such as generators and switchgear; • unexpected budget changes; • increased prices for and delays in obtaining building supplies, raw materials and data center equipment; • labor availability, labor disputes and work stoppages with contractors, subcontractors and other third parties; • unanticipated environmental or regulatory issues and geological problems; • delays related to permitting and approvals to open from public agencies and utility companies; • unexpected lack of power access or unexpected increases in power needs or connectivity; • failure or inability for any reason to meet customer requirements and service level agreements, and any resulting penalties or liabilities related thereto; • investor expectations regarding sustainability; • delays in site readiness leading to our failure to meet commitments made to customers; and • unanticipated customer requirements that would necessitate alternative data center design, making our sites less desirable or leading to increased costs in order to make necessary modifications or retrofits.

If we elect not to or are unable to satisfy such new criteria, investors may conclude that our policies and/or actions with respect to corporate social responsibility are inadequate and we may be subject to fines from regulatory authorities. We may face reputational damage in the event that we do not meet the ESG standards set by various constituencies.

These risks include: • increased competition from competitors that traditionally target large- and medium-sized businesses, service providers and government organizations and that may already have purchase commitments from those end-customers; • increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements; • unanticipated changes in the capital resources or purchasing behavior of large end-customers, including changes in the volume and frequency of their purchases and changes in the mix of products and services, willingness to change to cloud delivery model and related payment terms; • more stringent support requirements in our support service contracts, including stricter support response times, more complex requirements and increased penalties for any failure to meet support requirements; 22 Table of Contents • longer sales cycles and the associated risk that deals are delayed and that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products and services; • increased requirements from these customers that we have certain third-party security or other certifications, which we may not have, the lack of which may adversely affect our ability to successfully sell to such customers; • uncertainty as to timing to close large deals and any delays in closing those deals; and • longer ramp-up periods for enterprise sales personnel as compared to other sales personnel.

These risks include: • increased competition from competitors that traditionally target large- and medium-sized businesses, service providers and government organizations and that may already have purchase commitments from those end-customers; • increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements; • unanticipated changes in the capital resources or purchasing behavior of large end-customers, including changes in the volume and frequency of their purchases and changes in the mix of products and services, willingness to change to cloud delivery model and related payment terms; • more stringent support requirements in our support service contracts, including stricter support response times, more complex requirements and increased penalties for any failure to meet support requirements; • longer sales cycles and the associated risk that deals are delayed and that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products and services; • increased requirements from these customers that we have certain third-party security or other certifications, which we may not have, the lack of which may adversely affect our ability to successfully sell to such customers; • uncertainty as to timing to close large deals and any delays in closing those deals; and • longer ramp-up periods for enterprise sales personnel as compared to other sales personnel.

Our new products, services or enhancements could fail to attain sufficient market acceptance for many reasons, including: • actual or perceived defects, vulnerabilities, errors or failures; • delays in releasing our new products, services or enhancements to the market; • failure to accurately predict market demand in terms of product and service functionality and to supply products and services that meet this demand in a timely fashion; • failure to have the appropriate research and development expertise and focus to make our top strategic products and services successful; • failure of our sales force and partners to focus on selling new products and services; • inability to interoperate effectively with the networks or applications of our prospective end-customers; • inability to protect against new types of attacks or techniques used by hackers; • negative publicity about their performance or effectiveness; • introduction or anticipated introduction of competing products and services by our competitors; • poor business conditions for our end-customers, causing them to delay IT purchases; • changes to the regulatory requirements around security; and • reluctance of customers to purchase products or services incorporating open source software.

Our new products, services or enhancements could fail to attain sufficient market acceptance for many reasons, including: • actual or perceived defects, vulnerabilities, errors or failures; • delays in releasing our new products, services or enhancements to the market; • failure to accurately predict market demand in terms of product and service functionality and to supply products and services that meet this demand in a timely fashion; • failure to have the appropriate research and development expertise and focus to make our top strategic products and services successful; • failure of our sales force and partners to focus on selling new products and services; • inability to interoperate effectively with the networks or applications of our prospective end-customers; • inability to protect against new types of attacks or techniques used by hackers; 29 Table of Contents • negative publicity about their performance or effectiveness; • introduction or anticipated introduction of competing products and services by our competitors; • poor business conditions for our end-customers, causing them to delay IT purchases; • changes to the regulatory requirements around security; and • reluctance of customers to purchase products or services incorporating open source software.

A significant natural disaster, such as an earthquake, drought, fire, power outage, flood, viral outbreak or other catastrophic event, could have a material adverse impact on our business, operating results and financial condition.

A significant natural disaster, such as an earthquake, drought, fire, power outage, typhoon, flood, viral outbreak or other catastrophic event, could have a material adverse impact on our business, operating results and financial condition.

Given our typical concentration of sales at the end of each quarter, any disruption in the business of our manufacturers, logistics providers, partners or end-customers that impacts sales at the end of our quarter could have a significant adverse impact on our quarterly results.

Given our typical concentration of sales at the end of each quarter, any disruption in the business of our manufacturers, logistics providers, channel partners or end-customers that impacts sales at the end of our quarter could have a significant adverse impact on our quarterly results.

In addition, certain of our larger competitors have broader product offerings, and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages customers from purchasing our products.

In addition, certain of our larger competitors may have broader product offerings, and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages customers from purchasing our products.

A significant portion of our sales is generated through a limited number of distributors, and substantially all of our revenue is from sales by our channel partners, including distributors and resellers. We depend on our channel partners to generate a significant portion of our sales opportunities and to manage our sales process.

A significant portion of our sales are generated through a limited number of distributors, and substantially all of our revenue is from sales by our channel partners, including distributors and resellers. We depend on our channel partners to generate a significant portion of our sales opportunities and to manage our sales process.

We are subject to various environmental laws and regulations, including laws governing the hazardous material content of our products, laws relating to our real property and future expansion plans and laws concerning the recycling of Electrical and Electronic Equipment.

Despite our efforts and processes to prevent breaches of our internal networks, systems and websites, whether in our owned data centers, cloud providers or colocations, we are still vulnerable to computer viruses, break-ins, phishing attacks, ransomware attacks, attempts to overload our servers with denial-of-service, vulnerabilities in vendor hardware and software that we leverage, advanced persistent threats from sophisticated actors and other cyber-attacks and similar disruptions from unauthorized access to our internal networks, systems or websites, whether in our owned data centers, cloud providers or colocations.

Despite our efforts and processes to prevent breaches of our internal networks, systems and websites, whether in our owned data centers, cloud providers or colocations, we are still vulnerable to computer viruses, break-ins, phishing attacks, ransomware attacks, attempts to overload our servers with denial-of-service, vulnerabilities in vendor hardware and software that we leverage, advanced persistent threats from sophisticated actors and other cyberattacks and similar disruptions from unauthorized access to our internal networks, systems or websites, whether in our owned data centers, cloud providers or colocations.

Foreign Corrupt Practices Act, the United Kingdom Bribery Act 2010, the General Data Protection Regulation (the “GDPR”), the Digital Operational Resilience Act (“DORA”), import and export control laws, trade laws and regulations, tariffs and retaliatory measures, trade barriers and economic sanctions; • other regulatory or contractual limitations on our ability to sell our products in certain foreign markets, and the risks and costs of non-compliance; 21 Table of Contents • heightened risks of unfair or corrupt business practices in certain geographies that could disrupt the sales team through terminations of employment or otherwise, and may adversely impact financial results as compared to those already reported or forecasted and result in restatements of financial statements and irregularities in financial statements; • our ability to effectively implement and maintain adequate internal controls to properly manage our international sales and operations; • political unrest, changes and uncertainty associated with terrorism, hostilities, war or natural disasters; • management communication and integration problems resulting from cultural differences and geographic dispersion; and • changes in tax, tariff, employment and other laws.

Foreign Corrupt Practices Act, the United Kingdom Bribery Act 2010, the General Data Protection Regulation (the “GDPR”), the Digital Operational Resilience Act (“DORA”), the EU Data Act, import and export control laws, trade laws and regulations, tariffs and retaliatory measures, trade barriers and economic sanctions; • other regulatory or contractual limitations on our ability to sell our products in certain foreign markets, and the risks and costs of non-compliance; • heightened risks of unfair or corrupt business practices in certain geographies that could disrupt the sales team through terminations of employment or otherwise, and may adversely impact financial results as compared to those already reported or forecasted and result in restatements of financial statements and irregularities in financial statements; • our ability to effectively implement and maintain adequate internal controls to properly manage our international sales and operations; • political unrest, changes and uncertainty associated with terrorism, hostilities, war or natural disasters; • management communication and integration problems resulting from cultural differences and geographic dispersion; and • changes in tax, tariff, employment and other laws.

Our corporate governance documents include provisions: • authorizing “blank check” preferred stock, which could be issued by the board without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our common stock; • limiting the liability of, and providing indemnification to, our directors and officers; • requiring advance notice of stockholder proposals for business to be conducted at meetings of our stockholders and for nominations of candidates for election to our board of directors; • providing that certain litigation matters may only be brought against us in state or federal courts in the State of Delaware; • controlling the procedures for the conduct and scheduling of board and stockholder meetings; and • providing the board of directors with the express power to postpone previously scheduled annual meetings and to cancel previously scheduled special meetings.

Our corporate governance documents include provisions: • authorizing “blank check” preferred stock, which could be issued by the board without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our common stock; • limiting the liability of, and providing indemnification to, our directors and officers; • requiring advance notice of stockholder proposals for business to be conducted at meetings of our stockholders and for nominations of candidates for election to our board of directors; • providing that certain litigation matters may only be brought against us in state or federal courts in the State of Delaware; 46 Table of Contents • controlling the procedures for the conduct and scheduling of board and stockholder meetings; and • providing the board of directors with the express power to postpone previously scheduled annual meetings and to cancel previously scheduled special meetings.

Because we depend on several third-party manufacturers to build our products, we are susceptible to manufacturing delays that could prevent us from shipping customer orders on time, if at all, and may result in the loss of sales and customers, additional third-party manufacturing cost increases and changes in the geopolitical environment could result in lower gross margins and free cash flow.

Because we depend on several third-party manufacturers to build our products, we are susceptible to manufacturing delays that could prevent us from shipping customer orders on time, if at all, and may result in the loss of sales and customers; additionally third-party manufacturing cost increases and changes in the geopolitical environment could result in lower gross margins and free cash flow.

If we cannot manufacture and ship our products due to, for example, global chip shortages, excessive demand on contract manufacturers capacity, natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, health pandemics and epidemics or manmade events such as civil unrest, labor disruption, cyber events, international trade disputes, international conflicts, terrorism, wars or other foreign conflicts, such as the war in Ukraine or tensions between China and Taiwan, and critical infrastructure attacks, our business and financial results could be materially and adversely impacted.

If we cannot manufacture and ship our products due to, for example, global chip shortages, excessive demand on contract manufacturers capacity, natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, health pandemics and epidemics or manmade events such as civil unrest, labor disruption, tariffs, cyber events, international trade disputes, international conflicts, terrorism, wars or other foreign conflicts, such as the war in Ukraine, tensions between China and Taiwan or conflicts in the Middle East, and critical infrastructure attacks, our business and financial results could be materially and adversely impacted.

Our competitors include companies such as Check Point, Cisco, CrowdStrike, F5 Networks, HPE, Huawei, Juniper, Microsoft, Netskope, Palo Alto Networks, SonicWALL, Sophos, and Zscaler.

Our competitors include companies such as Check Point, Cisco, CrowdStrike, F5 Networks, HPE, Huawei, Microsoft, Netskope, Palo Alto Networks, SonicWALL, Sophos, and Zscaler.

Any manufacturing disruption related to our third-party manufacturers or their component suppliers for any reason, including global chip shortages, natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, health pandemics and epidemics and manmade events such as civil unrest, labor disruption, cyber events, international trade disputes, international conflicts, terrorism, wars or other foreign conflicts, such as the war in Ukraine or tensions between China and Taiwan, and critical infrastructure attacks, could impair our ability to fulfill orders.

Any manufacturing disruption related to our third-party manufacturers or their component suppliers for any reason, including global chip shortages, natural disasters and health emergencies such as earthquakes, fires, power outages, typhoons, floods, health pandemics and epidemics and manmade events such as civil unrest, labor disruption, cyber events, international trade disputes, tariffs, international conflicts, terrorism, wars or other foreign conflicts, such as the war in Ukraine, tensions between China and Taiwan or conflicts in the Middle East, and critical infrastructure attacks, could impair our ability to fulfill orders.

We may experience slowing growth or a decrease in billings, revenue, operating margin and free cash flow for a number of reasons, including a slowdown in pipeline growth or for demand for our products or services generally, a shift in demand from products to services, decrease in services revenue growth, increased competition, execution challenges including sales execution challenges and lack of optimal sales productivity, worldwide or regional economic challenges based on inflation or possible stagflation, a regional recession or a recession in the global economy, changing interest rates, the war in Ukraine, a decrease in the growth of our overall market or softness in demand in certain geographies or industry verticals, such as the service provider industry, changes in our strategic opportunities, execution risks, lower sales productivity and our failure for any reason to continue to capitalize on sales and growth opportunities due to other risks identified in the risk factors described in this periodic report.

We may experience slowing growth or a decrease in billings, revenue, operating margin and free cash flow for a number of reasons, including a slowdown in pipeline growth or for demand for our products or services generally, a shift in demand from products to services, decrease in services revenue growth, increased competition, execution challenges including sales execution challenges and lack of optimal sales productivity, worldwide or regional economic challenges based on inflation or possible stagflation, a regional recession or a recession in the global economy, changing interest rates, as a result of regional conflicts, a decrease in the growth of our overall market or softness in demand in certain geographies or industry verticals, such as the service provider industry, changes in our strategic opportunities, execution risks, lower sales productivity and our failure for any reason to continue to capitalize on sales and growth opportunities due to other risks identified in the risk factors described in this periodic report.

Any modification in these areas, any shift in the enforcement or scope of existing regulations or any change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations and could result in increased costs.

Any modification in these areas, any shift in the enforcement or scope of existing regulations or any change in the countries, administrations, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations and could result in increased costs.

Although our most recent assessment, testing and evaluation resulted in our conclusion that, as of December 31, 2024, our internal controls over financial reporting were effective, we cannot predict the outcome of our testing in 2025 or future periods and there can be no assurance that, in the future, our internal controls over financial reporting will be effective or deemed effective.

Although our most recent assessment, testing and evaluation resulted in our conclusion that, as of December 31, 2025, our internal controls over financial reporting were effective, we cannot predict the outcome of our testing in 2026 or future periods and there can be no assurance that, in the future, our internal controls over financial reporting will be effective or deemed effective.

An actual, possible or perceived security incident or infection of the network of one of our end-customers or a disruption to their operations, regardless of whether the incident is attributable to the failure of our products or services to prevent or detect the security incident or be the cause of such disruption, or any actual or perceived security risk in our supply chain, could adversely affect the market’s perception of our security products and services, cause customers and customer 25 Table of Contents prospects not to buy from us and, in some instances, subject us to potential liability that is not contractually limited.

An actual, possible or perceived security incident or infection of the network of one of our end-customers or a disruption to their operations, regardless of whether the incident is attributable to the failure of our products or services to prevent or detect the security incident or be the cause of such disruption, or any actual or perceived security risk in our supply chain, could adversely affect the market’s perception of our security products and services, cause customers and customer prospects not to buy from us and, in some instances, subject us to potential liability that is not contractually limited.

Efforts to withdraw from or materially modify international trade agreements, or to change corporate tax policy related to international commerce, could adversely affect our financial condition and results of operations as could the continuing uncertainty regarding whether such actions will be taken.

Given the international nature of our operations, efforts to withdraw from or materially modify international trade agreements, or to change corporate tax policy related to international commerce, could adversely affect our financial condition and results of operations as could the continuing uncertainty regarding whether such actions will be taken.

Our ability to grow our revenue depends, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth and on the effectiveness of our sales strategy, sales execution, and sales personnel selling successfully in different contexts, each of which has its own different complexities, approaches and competitive landscapes, such as managing and growing the channel business for sales to small businesses and more actively selling to the end-customer for sales to larger organizations.

Our ability to grow our revenue depends, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth and on the effectiveness of our sales strategy, sales execution, and sales personnel selling successfully in different contexts, each of which has its own different complexities, approaches and competitive landscapes, 24 Table of Contents such as managing and growing the channel business for sales to small businesses and more actively selling to the end-customer for sales to larger organizations.

In addition, these analysts may publish their own financial projections, which may vary widely and may not accurately predict the results we actually achieve, which in turn could cause our share price to decline if our actual results do not match their projections.

In addition, these analysts may publish their own financial projections, which may vary widely and may not accurately predict the results we actually achieve, which in turn could cause our stock price to decline if our actual results do not match their projections.

For additional information and a further discussion of impacts and risks related to our purchase commitments with our suppliers, refer to Note 12. Commitments and Contingencies in Part II, Item 8 of this Annual Report on Form 10-K.

For additional information and a further discussion of impacts and risks related to our purchase commitments with our suppliers, refer to Note 11. Commitments and Contingencies in Part II, Item 8 of this Annual Report on Form 10-K.

Target customers may view “all-in-one” network security solutions as inferior to security solutions from multiple vendors because of, among other things, their perception that such products of ours provide security functions from only a single vendor and do not allow users to choose “best-of-breed” defenses from among the wide range of dedicated security applications available.

Target customers may view “all-in-one” network security solutions as inferior to security solutions from multiple vendors because of, among other things, their perception that such products of ours provide security functions from only a single vendor and do not 30 Table of Contents allow users to choose “best-of-breed” defenses from among the wide range of dedicated security applications available.

These can negatively impact our business by putting downward pressure on growth if we are unable to achieve the increases in 14 Table of Contents product prices necessary to appropriately offset the additional costs in a manner sufficient to maintain margins. Any of these impacts may materially and adversely affect our business, financial condition, results of operations and liquidity.

These can negatively impact our business by putting downward pressure on growth if we are unable to achieve the increases in product prices necessary to appropriately offset the additional costs in a manner sufficient to maintain margins. Any of these impacts may materially and adversely affect our business, financial condition, results of operations and liquidity.

Also, many of our smaller competitors that specialize in providing protection from a single type of security threat are often able to deliver these specialized security products to the market more quickly than we can. Conditions in our markets could change rapidly and significantly as a result of technological advancements or continuing market consolidation.

Also, many of our smaller competitors that specialize 20 Table of Contents in providing protection from a single type of security threat are often able to deliver these specialized security products to the market more quickly than we can. Conditions in our markets could change rapidly and significantly as a result of technological advancements or continuing market consolidation.

If we are unable to generate sufficient cash flow from operations in the future to service our debt, we may be required, among other things, to seek additional financing in the debt or equity markets, refinance or restructure all or a portion of our indebtedness, sell selected assets or reduce or delay planned capital, operating or investment expenditures.

If we are unable to generate sufficient cash flow from operations in the future to service our debt, we may be required, among other things, to seek additional financing in the debt or equity markets, refinance or restructure all or a portion of our 21 Table of Contents indebtedness, sell selected assets or reduce or delay planned capital, operating or investment expenditures.

Alternatively, insufficient inventory levels may lead to shortages that result in delayed billings and revenue or loss of sales opportunities altogether as potential end-customers turn to competitors’ products that are readily 27 Table of Contents available. For example, we have in the past experienced inventory shortages and excesses due to the variance in demand for certain products from forecasted amounts.

Alternatively, insufficient inventory levels may lead to shortages that result in delayed billings and revenue or loss of sales opportunities altogether as potential end-customers turn to competitors’ products that are readily available. For example, we have in the past experienced inventory shortages and excesses due to the variance in demand for certain products from forecasted amounts.

Our channel partner sales structure could subject us to lawsuits, potential liability and reputational harm if, for 17 Table of Contents example, any of our channel partners misrepresent the functionality of our products or services to end-customers, our service provider customers suffer a cyber event impacting end-users, or our channel partners violate laws or our corporate policies.

Our channel partner sales structure could subject us to lawsuits, potential liability and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products or services to end-customers, our service provider customers suffer a cyber event impacting end-users, or our channel partners violate laws or our corporate policies.

The cost to defend such lawsuits and any settlement payment or adverse result in such lawsuits could have a material adverse effect on our results of operations and financial condition. We rely on the availability of third-party licenses. Many of our products include software or other IP licensed from third parties.

The cost to 38 Table of Contents defend such lawsuits and any settlement payment or adverse result in such lawsuits could have a material adverse effect on our results of operations and financial condition. We rely on the availability of third-party licenses. Many of our products include software or other IP licensed from third parties.

If we are not able to align our sales capacity and market demand, or if the productivity of our sales organization decreases, our operating results and financial condition could be harmed. 23 Table of Contents We periodically implement new sales compensation plans, which may change the method, amount and timing for sales-based compensation for our sales personnel.

If we are not able to align our sales capacity and market demand, or if the productivity of our sales organization decreases, our operating results and financial condition could be harmed. We periodically implement new sales compensation plans, which may change the method, amount and timing for sales-based compensation for our sales personnel.

If we are required to change third-party manufacturers, our ability to meet our scheduled product deliveries to our customers would be adversely affected, which could cause the loss of sales and existing or potential customers, delayed revenue or an increase in our costs, which could adversely affect our gross margins.

If we are required to change third-party manufacturers, our ability to meet our scheduled product deliveries to our customers would be adversely affected, which could 31 Table of Contents cause the loss of sales and existing or potential customers, delayed revenue or an increase in our costs, which could adversely affect our gross margins.

In addition, computer hackers and others who try to attack networks employ increasingly 28 Table of Contents sophisticated techniques to gain access to and attack systems and networks. The technology in our products is especially complex because of the requirements to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance.

In addition, computer hackers and others who try to attack networks employ increasingly sophisticated techniques to gain access to and attack systems and networks. The technology in our products is especially complex because of the requirements to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance.

We 33 Table of Contents maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover any claim asserted against us, if at all, and in some instances may subject us to potential liability that is not contractually limited.

We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover any claim asserted against us, if at all, and in some instances may subject us to potential liability that is not contractually limited.

AI presents new risks and challenges that may affect our business. We have made, and expect to continue to make investments to integrate AI and machine learning technology into our solutions, as evidenced by our acquisition of Lacework. AI presents risks, challenges, and potentially unintended consequences that could impact our ability to effectively use of AI successfully in our business.

AI presents new risks and challenges that may affect our business. We have made, and expect to continue to make investments to integrate AI and ML technology into our solutions, as evidenced by our acquisition of Lacework. AI presents risks, challenges, and potentially unintended consequences that could impact our ability to effectively use AI successfully in our business.

In addition, in the event significant customers require payment terms for 18 Table of Contents FortiGuard and other security subscriptions and FortiCare technical support services in arrears or for shorter periods of time than annually, such as monthly or quarterly, this may negatively impact our billings and revenue.

In addition, in the event significant customers require payment terms for FortiGuard and other security subscriptions and FortiCare technical support services in arrears or for shorter periods of time than annually, such as monthly or quarterly, this may negatively impact our billings and revenue.

Any change in export or import regulations, economic sanctions or related legislation, shift 39 Table of Contents in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations.

Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations.

Many organizations have invested substantial personnel and financial resources to design and operate their networks and have 29 Table of Contents established deep relationships with other providers of networking products, which may make them reluctant to add new components to their networks, particularly from other vendors such as us.

Many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking products, which may make them reluctant to add new components to their networks, particularly from other vendors such as us.

As a result, any failure by us to maintain profitability and margins and continue our billings, revenue and free cash flow growth could cause the price of our common stock to materially decline. Our real estate investments, including construction, acquisition or leasing of new data centers, data center expansions or office buildings, could involve significant risks to our business.

As a result, any failure by us to maintain profitability and margins and continue our billings, revenue and free cash flow growth could cause the price of our common stock to materially decline. 16 Table of Contents Our real estate investments, including construction, acquisition, development or leasing of new data centers, data center expansions or office buildings, could involve significant risks to our business.

These projects expose us to risks which could have an adverse effect on our results of operations and financial condition. The 15 Table of Contents current global supply chain and inflation issues have exacerbated many of these construction risks and created additional risks for our business.

These projects expose us to risks which could have an adverse effect on our results of operations and financial condition. The current global supply chain and inflation issues have exacerbated many of these construction risks and created additional risks for our business.

Our channel partners may also market, sell and support products and services that are competitive with ours, and may devote more resources to the marketing, sales and support of such products, or may decide to cease selling our products and services altogether in favor of a competitor’s products and services.

Our channel partners may also market, sell and support products and services that are competitive with ours, and may devote more resources to the marketing, sales and support of such products, or may decide to cease selling our products and services 18 Table of Contents altogether in favor of a competitor’s products and services.

Our AI-related initiatives may result in new or enhanced governmental or regulatory scrutiny, including regarding the use of AI in our solutions and the marketing of products using AI, litigation, customer reporting or documentation requirements, ethical or social concerns, or other complications.

Our AI-related initiatives may result in new or enhanced governmental or regulatory 36 Table of Contents scrutiny, including regarding the use of AI in our solutions and the marketing of products using AI, litigation, customer reporting or documentation requirements, ethical or social concerns, or other complications.

The loss of the services or the 16 Table of Contents distraction of our senior management for any reason could adversely affect our business, financial condition and results of operations. We rely on third-party channel partners for substantially all of our revenue.

The loss of the services or the distraction of our senior management for any reason could adversely affect our business, financial condition and results of operations. We rely on third-party channel partners for substantially all of our revenue.

Future changes in growth or fluctuations in cash flow may also negatively impact our ability to pay for these projects or free cash flow. Additionally, inaccuracies in our projected capital expenditures could negatively impact our business, operating results and financial condition. 34 Table of Contents We may experience difficulties maintaining and expanding our internal business management systems.

Future changes in growth or fluctuations in cash flow may also negatively impact our ability to pay for these projects or free cash flow. Additionally, inaccuracies in our projected capital expenditures could negatively impact our business, operating results and financial condition. We may experience difficulties maintaining and expanding our internal business management systems.

Additionally, we may be subject to other legal regimes throughout the world governing data handling, protection and privacy. For example, in June 2018, California passed the CCPA, which provides new data privacy rights for consumers and 38 Table of Contents new operational requirements for companies and became effective on January 1, 2020.

Additionally, we may be subject to other legal regimes throughout the world governing data handling, protection and privacy. For example, in June 2018, California passed the CCPA, which provides new data privacy rights for consumers and new operational requirements for companies and became effective on January 1, 2020.

This could harm our relationships with our channel partners 31 Table of Contents and end-customers and could cause delays in shipment of our products and adversely affect our results of operations. In addition, increased component costs could result in lower gross margins.

This could harm our relationships with our channel partners and end-customers and could cause delays in shipment of our products and adversely affect our results of operations. In addition, increased component costs could result in lower gross margins.

If one of these analysts were to publish inaccurate negative information about us or our business, our stock price could decline. Moreover, if securities analysts publish inaccurate positive information, stockholders could buy our stock and the stock price may later decline.

If one of these analysts were to publish inaccurate negative information about us or 45 Table of Contents our business, our stock price could decline. Moreover, if securities analysts publish inaccurate positive information, stockholders could buy our stock and the stock price may later decline.

We have incurred indebtedness and may incur other debt in the future, which may adversely affect our financial condition and future financial results. As of December 31, 2024, we had an aggregate of $994.3 million of indebtedness outstanding under our Senior Notes. Under the agreements governing our indebtedness, we are permitted to incur additional debt.

We have incurred indebtedness and may incur other debt in the future, which may adversely affect our financial condition and future financial results. As of December 31, 2025, we had an aggregate of $996.3 million of indebtedness outstanding under our Senior Notes. Under the agreements governing our indebtedness, we are permitted to incur additional debt.

If we stop hedging against any of these risks or if our attempts to hedge against these currency exposures are not successful, our financial condition and results of operations could be adversely affected.

If we stop hedging against any of these risks or if our attempts to 43 Table of Contents hedge against these currency exposures are not successful, our financial condition and results of operations could be adversely affected.

The conflicts in the Middle East highlights potential risks associated with geopolitical instability in the region, including disruption to shipping routes, longer lead times for components and products, increased insurance costs for vessels passing through conflict zones, potential increased costs for shipping and products, and potential delays and interruptions in the supply chain.

Conflicts in the Middle East highlights potential risks associated with geopolitical instability in the region, including disruption to shipping routes, longer lead times for components and products, increased insurance costs for vessels passing through conflict zones, 28 Table of Contents potential increased costs for shipping and products, and potential delays and interruptions in the supply chain.

However, there remains a possibility that our business could be negatively impacted by restrictions on transfers of GDPR-regulated personal data (including transfers made by our customers) to other areas we operate. In addition, it is possible that the updates to U.S. law may ultimately be deemed insufficient in a court case similar to the one that invalidated Privacy Shield.

However, there remains a possibility that our business could be negatively impacted by restrictions on transfers of GDPR-regulated personal data (including transfers made by our customers) to other areas we operate. In addition, it is possible that the Framework may ultimately be deemed insufficient in a court case similar to the one that invalidated Privacy Shield.

Some of our existing and potential competitors enjoy competitive advantages such as: • greater name recognition and/or longer operating histories; • larger sales and marketing budgets and resources; • broader distribution and established relationships with distribution partners and end-customers; • access to larger customer bases; • greater customer support resources; • greater expertise in certain single point solutions; • greater resources to make acquisitions; • stronger U.S. government relationships; • lower labor and development costs; and • substantially greater financial, technical and other resources.

Some of our existing and potential competitors’ competitive advantages include: • greater name recognition and/or longer operating histories; • larger sales and marketing budgets and resources; • broader distribution and established relationships with distribution partners and end-customers; • access to larger customer bases; • greater customer support resources; • greater expertise in certain single point solutions; • greater resources to make acquisitions; • stronger U.S. government relationships; • lower labor and development costs; and • substantially greater financial, technical and other resources.

Additionally, if actual demand does not directly match with our demand forecasts, due to our purchase order commitments, we in some instances have been required to and may in the future be required to accept or pay for components and finished goods.

Additionally, if actual demand does not directly match with 32 Table of Contents our demand forecasts, due to our purchase order commitments, we in some instances have been required to and may in the future be required to accept or pay for components and finished goods.

Many large end-customers, and service provider or government organization end-customers, require higher levels of support than smaller end-customers because of their more complex deployments and more demanding environments and business models.

Many large end-customers, and service provider or government organization end-customers, require higher levels of support than smaller end-customers because of their more complex 34 Table of Contents deployments and more demanding environments and business models.

Under these rules, we are required to obtain sourcing data 30 Table of Contents from suppliers, perform supply chain due diligence, and file annually with the SEC a specialized disclosure report on Form SD covering the prior calendar year.

Under these rules, we are required to obtain sourcing data from suppliers, perform supply chain due diligence, and file annually with the SEC a specialized disclosure report on Form SD covering the prior calendar year.

Further, customers may choose not to apply patches in a timely manner for business or operational reasons, or may neglect to upgrade at all and may run unpatched or unsupported devices against our guidance and industry best practice.

Weak global and regional economic conditions and spending environments, based on a downturn in the economy, a possible recession and the effects of ongoing or increased inflation or possible stagflation in certain geographies, tariffs or other trade disruptions, changing interest rates, geopolitical instability and uncertainty, a reduction in information technology spending regardless of macroeconomic conditions, the effects of epidemics and pandemics and the impact of the war in Ukraine could have a material adverse impacts on our financial condition and results of operations and our business, including resulting in longer sales cycles, lower prices for our products and services, increased component costs, higher default rates among our channel partners, reduced unit sales, lower prices and slower or declining growth.

Weak global and regional economic conditions and spending environments, based on a downturn in the economy, a possible recession and the effects of ongoing or increased inflation or possible stagflation in certain geographies, tariffs or other trade disruptions, changing interest rates, geopolitical instability and uncertainty, a reduction in information technology spending regardless of macroeconomic conditions, the effects of epidemics and pandemics and the impact of the war in Ukraine, tensions between China and Taiwan or conflicts in the Middle East could have a material adverse impacts on our financial condition and results of operations and our business, including resulting in longer sales cycles, lower prices for our products and services, increased component costs, higher default rates among our channel partners, reduced 15 Table of Contents unit sales, lower prices and slower or declining growth.

Additionally, a small number of distributors represents a large percentage of our revenue and accounts receivable, and one distributor accounted for 31% of our total net accounts receivable as of December 31, 2024.

Additionally, a small number of distributors represents a large percentage of our revenue and accounts receivable, and one distributor accounted for 32% of our total net accounts receivable as of December 31, 2025.

Selling our solutions to governments, both within the U.S and internationally, whether directly or through channel partners, also subjects us to certain regulatory and contractual requirements, government permit and clearance requirements and other risks.

As a result of the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”), the Securities and Exchange Commission (the “SEC”) adopted disclosure requirements for public companies whose products contain conflict minerals that are necessary to the functionality or production of such products.

As a result of the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”), the SEC adopted disclosure requirements for public companies whose products contain conflict minerals that are necessary to the functionality or production of such products.

Any person or entity 44 Table of Contents purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to this provision.

Any person or entity purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to this provision.

Furthermore, in the event that we communicate certain initiatives and goals regarding ESG matters, we could fail, or be perceived to fail, in our achievement of such initiatives or goals, or we could be criticized for the scope, target and timelines of such initiatives or goals.

Furthermore, in the event that we communicate certain initiatives and goals regarding corporate responsibility and sustainability matters, we could fail, or be perceived to fail, in our achievement of such initiatives or goals, or we could be criticized for the scope, target and timelines of such initiatives or goals.

Any earthquake in the Bay Area or Burnaby, or flooding in Burnaby, could materially negatively impact our ability to provide products and services, 45 Table of Contents such as FortiCare support and FortiGuard subscription services and could otherwise materially negatively impact our business.

Any earthquake in the Bay Area or Burnaby, or flooding in Burnaby, could materially negatively impact our ability to provide products and services, such as FortiCare support and FortiGuard subscription services and could otherwise materially negatively impact our business.

We may have difficulty incorporating acquired technologies, IP or products with our existing 37 Table of Contents product lines, integrating reporting systems and procedures, and maintaining uniform standards, controls, development practices, procedures and policies.

We may have difficulty incorporating acquired technologies, IP or products with our existing product lines, integrating reporting systems and procedures, and maintaining uniform standards, controls, development practices, procedures and policies.

While we do not currently expect these tariffs to have a significant effect on our raw material and product import costs, if the United States expands increased tariffs, or retaliatory trade measures are taken by other countries in response to the tariffs, the cost of our products could increase, our operations could be disrupted or we could be required to raise our prices, which may result in the loss of customers and harm to our reputation and operating performance.

While we do not currently expect tariffs to have a significant effect on our raw material and product import costs, if the United States expands increased tariffs, changes in customs or tariffs classifications or modifications to tariff exemptions or if retaliatory trade measures are taken by other countries in response to the U.S. tariffs, the cost of our products could increase, our operations could be disrupted or we could be required to raise our prices, which may result in the loss of customers and harm to our reputation and operating performance.

In addition, regional instability, international disputes, wars, such as the war in Ukraine and any expansion thereof, and other acts of aggression, civil and political unrest, labor disruptions, rebellions, acts of terrorism and other geo-political unrest could cause disruptions in our business or the business of our manufacturers, suppliers, logistics providers, partners or end-customers, or of the economy as a whole.

In addition, regional instability, international disputes, wars, such as the war in Ukraine, tensions between China and Taiwan or conflicts in the Middle East and any expansion thereof, and other acts of aggression, civil and political unrest, labor disruptions, rebellions, acts of terrorism and other geo-political unrest could cause disruptions in our business or the business of our manufacturers, suppliers, logistics providers, partners or end-customers, or of the economy as a whole.

Our billings and revenue for any quarter could fall below our expectations or those of securities analysts and investors, resulting in a decline in our stock price, if expected orders at the end of any quarter are delayed or deals are lost for any reason or our ability to fulfill orders at the end of any quarter is hindered for any reason, including, among others: • the failure of anticipated purchase orders to materialize; • our logistics partners’ failure or inability to ship products prior to quarter-end to fulfill purchase orders received near the end of the quarter; • disruption in manufacturing or shipping based on power outages, system failures, labor disputes or constraints, excessive demand, natural disasters, geopolitical matters or widespread public health problems including pandemics and epidemics; • our failure to accurately forecast our inventory requirements and to appropriately manage inventory to meet demand; • our inability to release new products on schedule; • any failure of our systems related to order review and processing; and • any delays in shipments due to trade compliance requirements, labor disputes or logistics changes at shipping ports, airline strikes, severe weather or otherwise.

In addition, our competitors may bundle products and services competitive with ours with other products and services. Customers may accept these bundled 19 Table of Contents products and services rather than separately purchasing our products and services.

In addition, our competitors may bundle products and services competitive with ours with other products and services. Customers may accept these bundled products and services rather than separately purchasing our products and services.

Sales to these organizations involve risks that may not be present, or that are present to a lesser extent, with sales to smaller entities.

Sales to these 23 Table of Contents organizations involve risks that may not be present, or that are present to a lesser extent, with sales to smaller entities.

Six distributor customers who purchase directly from us accounted for 69% and 70% of our total net accounts receivable in the aggregate as of December 31, 2024 and 2023, respectively. See Note 16.

Six distributor customers who purchase directly from us accounted for 67% and 69% of our total net accounts receivable in the aggregate as of December 31, 2025 and 2024, respectively. See Note 15.

We are also subject to a number of risks typically associated with international sales and operations, including: • disruption in the supply chain or in manufacturing or shipping, or decreases in demand by channel partners or end-customers, including any such disruption or decreases caused by factors outside of our control such as natural disasters and health emergencies, including earthquakes, droughts, fires, power outages, typhoons, floods, pandemics or epidemics and manmade events such as civil unrest, labor disruption, international trade disputes, international conflicts, terrorism, wars or other foreign conflicts, such as the war in Ukraine or tensions between China and Taiwan, and critical infrastructure attacks; • fluctuations in foreign currency exchange rates or a strengthening of the U.S. dollar, as a significant portion of our expenses is incurred and paid in currencies other than the U.S. dollar, and the impact such fluctuations may have on the actual prices that our partners and customers are willing to pay for our products and services; • political instability, changes in trade agreements and conflicts such as the war in Ukraine, tensions between China and Taiwan and any expansions thereof, could adversely affect our business and financial performance; • economic instability in foreign markets, such as any economic instability caused by economic downturns or recessions, could adversely affect our business and financial performance; • greater difficulty in enforcing contracts and accounts receivable collection, including longer collection periods; • longer sales processes for larger deals; • changes in regulatory requirements; • difficulties and costs of staffing and managing foreign operations; • the uncertainty of protection for IP rights in some countries; • costs of compliance with foreign policies, laws and regulations and the risks and costs of non-compliance with such policies, laws and regulations; • protectionist policies and penalties, and local laws, requirements, policies and perceptions that may adversely impact a U.S.-headquartered business’s sales in certain countries outside of the United States; • costs of complying with, and the risks, reputational damage and other costs of non-compliance with, U.S. or other foreign laws and regulations for foreign operations, including the U.S.

We are also subject to a number of risks typically associated with international sales and operations, including: • disruption in the supply chain or in manufacturing or shipping, or decreases in demand by channel partners or end-customers, including any such disruption or decreases caused by factors outside of our control such as international trade disputes or tariffs, labor or supply chain disruptions, inflation and other cost increases, international conflicts, terrorism, wars, such as the war in Ukraine, tensions between China and Taiwan, conflicts in the Middle East, critical infrastructure attacks, natural disasters, health emergencies, epidemics and pandemics, power outages and civil unrest; • fluctuations in foreign currency exchange rates or a weakening of the U.S. dollar, as a significant portion of our expenses are incurred and paid in currencies other than the U.S. dollar, and such fluctuations may negatively affect our financial condition and results of operations; • political instability, changes in trade agreements, tariffs and conflicts such as the war in Ukraine, tensions between China and Taiwan, conflicts in the Middle East and any expansions thereof, could adversely affect our business and financial performance; • economic instability in foreign markets, such as any economic instability caused by economic downturns or recessions, could adversely affect our business and financial performance; • greater difficulty in enforcing contracts and accounts receivable collection, including longer collection periods; • longer sales processes for larger deals; • changes in regulatory requirements; • difficulties and costs of staffing and managing foreign operations; • the uncertainty of protection for IP rights in some countries; 22 Table of Contents • costs of compliance with foreign policies, laws and regulations and the risks and costs of non-compliance with such policies, laws and regulations; • protectionist policies and penalties, and local laws, requirements, policies and perceptions that may adversely impact a U.S.-headquartered business’s sales in certain countries outside of the United States; • costs of complying with, and the risks, reputational damage and other costs of non-compliance with, U.S. or other foreign laws and regulations for foreign operations, including the U.S.

For example, government organizations may have contractual or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future results of operations.

The rules and regulations applicable to sales to government organizations may also negatively impact sales to other organizations. For example, government organizations may have contractual or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future results of operations.

Economic uncertainty in various global markets caused by political instability and conflict, such as the war in Ukraine has resulted, and may continue to result in weakened demand for our products and services and difficulty in forecasting our financial results and managing inventory levels.

Economic uncertainty in various global markets caused by political instability and conflict, such as the war in Ukraine, tensions between China and Taiwan or conflicts in the Middle East has resulted, and may continue to result in weakened demand for our products and services and difficulty in forecasting our financial results and managing inventory levels.

From time to time, we experience turnover in our management-level personnel. For example, in February 2025, our Chief Financial Officer, Keith Jensen, announced his upcoming retirement after 11 years at Fortinet. None of our key employees has an employment agreement for a specific term, and any of our employees may terminate their employment at any time.

From time to time, we experience turnover in our management-level personnel. For example, in May 2025, our former Chief Financial Officer, Keith Jensen, retired after 11 years at Fortinet. None of our key employees have an employment agreement for a specific term, and any of our employees may terminate their employment at any time.

For example, AI technologies, including generative AI, may create content that appears correct but is factually inaccurate (hallucinations) or flawed, or contains copyrighted or other protected material, and if our customers or others use this flawed content to their detriment, we may be exposed to brand or reputational harm, competitive harm, or legal liability.

For example, AI technologies, including generative AI, may create content that appears correct but is factually inaccurate (hallucinations) or flawed, or contains copyrighted or other protected material, and if our customers or others use this flawed content to their detriment, or use our AI solutions outside of their intended use cases with an adverse impact to their operations, we may be exposed to brand or reputational harm, competitive harm, or legal liability.

We may not be able to successfully implement requisite improvements to these systems, controls and processes, such as system capacity, access, security and change management controls, in a timely or efficient manner.

We must also continue to manage headcount, capital and processes in an efficient manner. We may not be able to successfully implement requisite improvements to these systems, controls and processes, such as system capacity, access, security and change management controls, in a timely or efficient manner.

… 125 more changes not shown on this page.

Item 1C. Cybersecurity

Cybersecurity — threats and controls disclosure

5 edited+2 added−0 removed27 unchanged

2024 filing

2025 filing

Biggest changeInformation Security: We implement organizational, administrative and technical measures based on commercially reasonable procedures using: (i) industry standard information security measures prescribed for use by NIST; (ii) security measures aligned with the ISO/IEC 27000 series of standards, (iii) Sarbanes-Oxley and SSAE 18/ISAE 3402; (iv) privacy regulations such as the GDPR and the CCPA; (v) business continuity management measures aligned with the ISO/IEC 22301 standard; and (vi) other generally recognized industry standards, in each case, designed to safeguard the confidentiality, integrity, and availability of our infrastructure and data and the resiliency of our operations. 47 Table of Contents Technical Safeguards: We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence.

The results of such assessments, audits and reviews are reported to the Cybersecurity Committee and our board of directors and to our management, and we adjust its cybersecurity policies, standards, processes and practices as necessary based on the information provided by these assessments, audits and reviews . Insurance: We maintain information security risk insurance coverage. 48 Table of Contents

However, due to the importance of cybersecurity to our company, in July 2024, our board of directors formed Cybersecurity Committee of our board of directors (the “Cybersecurity 46 Table of Contents Committee”), which is solely dedicated to cybersecurity risk management.

However, due to the importance of cybersecurity to our company, in July 2024, our board of directors formed Cybersecurity Committee of our board of directors (the “Cybersecurity Committee”), which is solely dedicated to cybersecurity risk management.

Carl Windsor, has over 25 years of experience in various technology and cybersecurity leadership positions, including over 18 years at our company driving product security and strategy and reports to the board Cybersecurity Committee.

Carl Windsor, has over 26 years of experience in various technology and cybersecurity leadership positions, including over 19 years at our company driving product security and strategy and reports to the board Cybersecurity Committee.

The CISO’s leadership team members are all seasoned information security professionals, covering a wide range of security disciplines, who have worked at some of the largest well-known brand names and are experts in their fields. Our CISO monitors, and participates in, our various cybersecurity policies and procedures, and our cybersecurity team regularly updates our CISO on the current status.

Added

Our CISO 49 Table of Contents monitors, and participates in, our various cybersecurity policies and procedures, and our cybersecurity team regularly updates our CISO on the current status.

Added

Technical Safeguards: We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence.

Item 2. Properties

Properties — owned and leased real estate

3 edited+0 added−2 removed2 unchanged

2024 filing

2025 filing

Biggest changeAlong with our corporate headquarters, as of December 31, 2024, we operated the following facilities: Location Owned Square Footage Description of Use Union City, California 770,000 Warehousing, operations, and PoP Burnaby, Calgary and Ottawa, Canada 680,000 Data center, PoP, support functions and research and development Atlanta, Georgia 226,000 Sales and support functions and PoP Plano & Frisco, Texas 130,000 Office space and data center Torija, Spain 120,000 Data center Chicago, Illinois 114,000 Office space and PoP Sunrise, Florida 100,000 Office space Sunnyvale, California 97,000 Development Valbonne, France 70,000 Sales and support functions and PoP McMahons Point, Australia 40,000 Office space and PoP New York, New York 40,000 Sales and support functions and PoP We maintain additional leased offices throughout the world, predominantly used as sales and support offices and PoPs, and leased data center spaces throughout the world operated under colocation arrangements.

Biggest changeAs of December 31, 2025, we operated the facilities in the following geographies (square feet in thousands): Location Approximate Owned Square Footage Description of Use United States 2,400 Corporate headquarters, data centers, research and development, warehousing and operations, sales and support functions, and PoP Canada 1,000 Data center and office space, sales and support, research and development functions, and PoP EMEA 910 Data center and office space, warehousing and operations, sales and support functions, and PoP Asia Pacific (“APAC”) 40 Office space and PoP Total 4,350 We maintain additional leased offices throughout the world, predominantly used as sales and support offices and PoP, and leased data center spaces throughout the world operated under colocation arrangements.

However, we expect to incur additional operating expenses and capital expenditures in connection with such new or expanded facilities. For information regarding the geographical location of our property and equipment, refer to Note 16 of our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K.

However, we expect to incur additional operating expenses and capital expenditures in connection with such new or expanded facilities. For information regarding the geographical location of our property and equipment, refer to Note 15. of our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K.

ITEM 2. Properties Our corporate headquarters is located in Sunnyvale, California, and comprises approximately 395,000 square feet of building space on 21 acres of land and includes space for future development of PoPs.

ITEM 2. Properties Our corporate headquarters is located in Sunnyvale, California, and comprises approximately 395,000 square feet of building space on 21 acres of land .

Removed

In January 2024, we purchased an additional 480,000 square feet of building space in Santa Clara, California, which is located in close proximity to our corporate headquarters and includes space for future development of a data center. Refer to Note 17.

Removed

Subsequent Events, in Part II, Item 8 of this Annual Report on Form-10K for the February 2025 signing of a definitive agreement subject to regulatory approval for an additional 540,000 square feet of building space in Frankfurt, Germany.

Item 3. Legal Proceedings

Legal Proceedings — active lawsuits and investigations

1 edited+0 added−0 removed2 unchanged

2024 filing

2025 filing

Biggest changeThere can be no assurance that existing or future legal proceedings arising in the ordinary course of business or otherwise will not have a material adverse effect on our business, consolidated financial position, results of operations or cash flows. Refer to Note 12.

Item 5. Market for Registrant's Common Equity

Market for Common Equity — stock, dividends, buybacks

7 edited+2 added−2 removed5 unchanged

2024 filing

2025 filing

Biggest changeCOMPARISON OF CUMULATIVE TOTAL RETURN* Among Fortinet, Inc., the S&P 500 Index and the NASDAQ Computer Index December 2019 * December 2020 December 2021 December 2022 December 2023 December 2024 Fortinet, Inc. $ 100 $ 139 $ 337 $ 229 $ 274 $ 442 S&P 500 Index $ 100 $ 116 $ 148 $ 119 $ 148 $ 182 NASDAQ Computer $ 100 $ 150 $ 207 $ 133 $ 221 $ 301 * Assumes that $100 was invested on December 31, 2019 in stock or index, including reinvestment of dividends.

Biggest changeCOMPARISON OF CUMULATIVE TOTAL RETURN* Among Fortinet, Inc., the S&P 500 Index and the NASDAQ Computer Index December 2020 * December 2021 December 2022 December 2023 December 2024 December 2025 Fortinet, Inc. $ 100 $ 242 $ 165 $ 197 $ 318 $ 267 S&P 500 Index $ 100 $ 127 $ 102 $ 127 $ 157 $ 182 NASDAQ Computer $ 100 $ 138 $ 89 $ 147 $ 201 $ 258 * Assumes that $100 was invested on December 31, 2020 in stock or index, including reinvestment of dividends.

Stock Performance Graph This performance graph shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934 ( the “Exchange Act”), or incorporated by reference into any filing of Fortinet under the Securities Act of 1933, as amended (the “Securities Act”), or the Exchange Act, except as shall be expressly set forth by specific reference in such filing. 50 Table of Contents The following graph compares the cumulative five-year total return for our common stock, the Standard & Poor’s 500 Stock Index (the “S&P 500 Index”) and the NASDAQ Computer Index.

Stock Performance Graph This performance graph shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934 ( the “Exchange Act”), or incorporated by reference into any filing of Fortinet under the Securities Act of 1933, as amended (the “Securities Act”), or the Exchange Act, except as shall be expressly set forth by specific reference in such filing. 52 Table of Contents The following graph compares the cumulative five-year total return for our common stock, the Standard & Poor’s 500 Stock Index (the “S&P 500 Index”) and the NASDAQ Computer Index.

Securities Authorized for Issuance Under Equity Compensation Plans Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2024 Annual Meeting of Stockholders to be filed with the Securities and Exchange Commission (the “SEC”) within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.

Securities Authorized for Issuance Under Equity Compensation Plans Information responsive to this item is incorporated herein by reference to our definitive proxy statement with respect to our 2025 Annual Meeting of Stockholders to be filed with the Securities and Exchange Commission (the “SEC”) within 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K.

ITEM 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Common Stock Our common stock is traded on The Nasdaq Global Select Market under the symbol “FTNT.” Holders of Record As of February 18, 2025, there were 50 holders of record of our common stock.

ITEM 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Common Stock Our common stock is traded on The Nasdaq Global Select Market under the symbol “FTNT.” Holders of Record As of February 20, 2026, there were 51 holders of record of our common stock.

From 2016 through 2023, our board of directors approved increases to our Repurchase Program by various amounts and extended the term to February 29, 2024.

From 2016 through 2024, our board of directors approved increases to our Repurchase Program by various amounts and extended the term to February 28, 2026.

Under the Repurchase Program, share repurchases may be made by us from time to time in privately negotiated transactions or in open market transactions. The Repurchase Program does not require us to purchase a minimum number of shares, and may be 51 Table of Contents suspended, modified or discontinued at any time without prior notice.

Under the Repurchase Program, we may repurchase common stock from time to time in privately negotiated transactions or in open market transactions. The Repurchase Program does not require us to purchase a minimum number of shares, and may be suspended, modified or discontinued at any time without prior notice.

In October 2024, our board of directors approved a $1.0 billion increase in the authorized stock repurchase amount under the Repurchase Program and extended the term of the Repurchase Program to February 28, 2026, bringing the aggregate amount authorized to be repurchased to $8.25 billion of our outstanding common stock through February 28, 2026.

In August 2025, our board of directors approved a $1.0 billion increase in the authorized stock repurchase amount under the Repurchase Program and extended the term of the Repurchase Program to February 28, 2027, bringing the aggregate amount authorized for repurchases to $9.25 billion of our outstanding common stock through February 28, 2027.

Removed

In January 2024, our board of directors approved a $500.0 million increase in the authorized stock repurchase amount under the Repurchase Program, bringing the aggregate amount authorized to be repurchased to $7.25 billion of our outstanding common stock. In February 2024, our board of directors approved an extension of the Repurchase Program to February 28, 2025.

Added

Since its inception through December 31, 2025, we have repurchased 267.3 million shares of our common stock under the Repurchase Program for an aggregate purchase price of $8.51 billion. 53 Table of Contents The following table provides information with respect to the shares of common stock we repurchased under the Repurchase Program during the three months ended December 31, 2025 (in millions, except average price paid per share amounts): Period Total Number of Shares Purchased Average Price Paid per Share Total Number of Shares Purchased as Part of Publicly Announced Plan or Program Approximate Dollar Value of Shares that May Yet Be Purchased Under the Plans or Programs October 1 - October 31, 2025 — $ — — $ 795.9 November 1 - November 30, 2025 0.7 $ 78.46 0.7 $ 738.6 December 1 - December 31, 2025 — $ — — $ 738.6 Total 0.7 $ — 0.7 In January 2026, our board of directors approved a $1.0 billion increase in the authorized stock repurchase amount under the Repurchase Program, bringing the aggregate amount authorized to be repurchased to $10.25 billion of our outstanding common stock through February 28, 2027.

Removed

Since its inception, we have repurchased 238.6 million shares of our common stock under the Repurchase Program for an aggregate purchase price of $6.22 billion. There were no repurchases of common stock during the three months ended December 31, 2024. As of December 31, 2024, approximately $2.03 billion remained available for future share repurchases under the Repurchase Program.

Added

As of February 24, 2026, approximately $1.27 billion remained available for future share repurchases. ITEM 6. [Reserved] 54 Table of Contents

Item 7. Management's Discussion & Analysis

Management's Discussion & Analysis (MD&A) — revenue / margin commentary

129 edited+34 added−27 removed48 unchanged

2024 filing

2025 filing

Biggest changeYear Ended December 31, 2024 2023 2022 (in millions) Consolidated Statements of Income Data: Revenue: Product $ 1,908.7 $ 1,927.3 $ 1,780.5 Service 4,047.1 3,377.5 2,636.9 Total revenue 5,955.8 5,304.8 4,417.4 Cost of revenue: Product 652.0 763.6 691.3 Service 505.6 473.6 393.6 Total cost of revenue 1,157.6 1,237.2 1,084.9 Gross profit: Product 1,256.7 1,163.7 1,089.2 Service 3,541.5 2,903.9 2,243.3 Total gross profit 4,798.2 4,067.6 3,332.5 Operating expenses: Research and development 716.8 613.8 512.4 Sales and marketing 2,044.8 2,006.0 1,686.1 General and administrative 237.8 211.3 169.0 Gain on intellectual property matter (4.6) (4.6) (4.6) Total operating expenses 2,994.8 2,826.5 2,362.9 Operating income 1,803.4 1,241.1 969.6 Interest income 155.2 119.7 17.4 Interest expense (20.0) (21.0) (18.0) Gain on bargain purchase 106.3 — — Other income (expense)—net 13.6 (6.1) (13.5) Income before income taxes and loss from equity method investments 2,058.5 1,333.7 955.5 Provision for income taxes 283.9 143.8 30.8 Loss from equity method investments (29.4) (42.1) (68.1) Net income including non-controlling interests 1,745.2 1,147.8 856.6 Less: net loss attributable to non-controlling interests, net of tax — — (0.7) Net income attributable to Fortinet, Inc. $ 1,745.2 $ 1,147.8 $ 857.3 64 Table of Contents Year Ended December 31, 2024 2023 2022 (as percentage of revenue) Revenue: Product 32 % 36 % 40 % Service 68 64 60 Total revenue 100 100 100 Cost of revenue: Product 11 14 16 Service 8 9 9 Total cost of revenue 19 23 25 Gross margin: Product 66 60 61 Service 88 86 85 Total gross margin 81 77 75 Operating expenses: Research and development 12 12 12 Sales and marketing 34 38 38 General and administrative 4 4 4 Gain on intellectual property matter — — — Total operating expenses 50 53 53 Operating margin 30 23 22 Interest income 3 2 — Interest expense — — — Gain on bargain purchase 2 — — Other income (expense)—net — — — Income before income taxes and loss from equity method investments 35 25 22 Provision for income taxes 5 3 1 Loss from equity method investments — (1) (2) Net income including non-controlling interests 29 22 19 Less: net loss attributable to non-controlling interests, net of tax — — — Net income attributable to Fortinet, Inc. 29 % 22 % 19 % Percentages have been rounded for presentation purposes and may differ from unrounded results.

Biggest changeYear Ended December 31, 2025 2024 2023 (in millions) Consolidated Statements of Income Data: Revenue: Product $ 2,218.4 $ 1,908.7 $ 1,927.3 Service 4,581.2 4,047.1 3,377.5 Total revenue 6,799.6 5,955.8 5,304.8 Cost of revenue: Product 725.4 652.0 763.6 Service 603.5 505.6 473.6 Total cost of revenue 1,328.9 1,157.6 1,237.2 Gross profit: Product 1,493.0 1,256.7 1,163.7 Service 3,977.7 3,541.5 2,903.9 Total gross profit 5,470.7 4,798.2 4,067.6 Operating expenses: Research and development 815.5 716.8 613.8 Sales and marketing 2,347.5 2,044.8 2,006.0 General and administrative 233.4 237.8 211.3 Gain on intellectual property matters (10.4) (4.6) (4.6) Total operating expenses 3,386.0 2,994.8 2,826.5 Operating income 2,084.7 1,803.4 1,241.1 Interest income 162.3 155.2 119.7 Interest expense (20.1) (20.0) (21.0) Other income (expense)—net 55.3 119.9 (6.1) Income before income taxes and loss from equity method investments 2,282.2 2,058.5 1,333.7 Provision for income taxes 439.1 283.9 143.8 Gain (Loss) from equity method investments 10.3 (29.4) (42.1) Net income $ 1,853.4 $ 1,745.2 $ 1,147.8 66 Table of Contents Year Ended December 31, 2025 2024 2023 (as percentage of revenue) Revenue: Product 33 % 32 % 36 % Service 67 68 64 Total revenue 100 100 100 Cost of revenue: Product 11 11 14 Service 9 8 9 Total cost of revenue 20 19 23 Gross margin: Product 67 66 60 Service 87 88 86 Total gross margin 80 81 77 Operating expenses: Research and development 12 12 12 Sales and marketing 35 34 38 General and administrative 3 4 4 Gain on intellectual property matter — — — Total operating expenses 50 50 53 Operating margin 31 30 23 Interest income 2 3 2 Interest expense — — — Other income (expense)—net 1 2 — Income before income taxes and loss from equity method investments 34 35 25 Provision for income taxes 6 5 3 Gain (Loss) from equity method investments — — (1) Net income 27 % 29 % 22 % Percentages have been rounded for presentation purposes and may differ from unrounded results.

Our service revenue growth rate depends significantly on the growth of our customer base, the expansion of our service bundle offerings, the mix of our product revenue, pricing actions, the expansion and introduction of new service offerings, the attach rate of service contracts to new product sales, and the renewal of service contracts by our existing customers.

Our service revenue growth rate depends significantly on the growth of our customer base, the expansion of our service bundle offerings, the mix of our product sales, pricing actions, the expansion and introduction of new service offerings, the attach rate of service contracts to new product sales, and the renewal of service contracts by our existing customers.

During the normal course of business, in order to manage manufacturing lead times and help ensure adequate component supply, we enter into agreements with contract manufacturers and suppliers that allow them to procure inventory based upon criteria as defined by us or establish the parameters defining our requirements.

During the normal course of business, in order to manage manufacturing lead times and help ensure adequate component supply, we enter into agreements with contract manufacturers and suppliers that allow them to procure inventory based upon criteria as defined by us or that establish the parameters defining our requirements.

At the core is FortiAnalyzer, which serves as the central SOC platform with its unified data lake that provides: built-in SIEM, SOAR, XDR and threat intelligence, enabling centralized visibility, analytics and automation with complete control. FortiSIEM delivers security information and event management for more advanced SOC requirements, while FortiSOAR enables automated orchestration and playbook-driven response.

Our effective tax rate differs from the U.S. statutory rate primarily due to foreign income subject to different tax rates than in the U.S., federal research and development tax credit, state income taxes, withholding taxes, excess tax benefits related to stock-based compensation expense and the tax impacts of the foreign-derived intangible income (“FDII”) deduction. Loss from equity method investments.

Financing Activities The changes in cash flows from financing activities primarily relate to repurchase and retirement of common stock, and taxes paid related to net share settlement of equity awards, net of proceeds from the issuance of common stock under our Amended and Restated 2009 Equity Incentive Plan (the “2009 EIP”).

Financing Activities The changes in cash flows from financing activities primarily relate to repurchase and retirement of common stock, and taxes paid related to net share settlement of equity awards, net of proceeds from the issuance of common stock under the Amended and Restated 2009 Equity Incentive Plan (the “2009 EIP”).

We expect proceeds from the exercise of stock options in future years to continue to be impacted by the increased mix of restricted stock units and performance stock units versus stock options granted to our employees and to vary based on our share price.

The excess of the purchase price over the fair values of these identifiable assets and liabilities is recorded as goodwill. The excess of the fair values of the net assets acquired over the net purchase consideration is recorded as a gain on bargain purchase within other income, net on the consolidated statements of income.

During 2024, 2023 and 2022, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities that would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes. Operating Activities Cash generated by operating activities is our primary source of liquidity.

During 2025, 2024 and 2023, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities that would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes. Operating Activities Cash generated by operating activities is our primary source of liquidity.

We have elected to account for the tax effect of the Global Intangible Low-Taxed Income (“GILTI”) as a current period expense. 63 Table of Contents Results of Operations The following tables set forth our results of operations for the periods presented and as a percentage of our total revenue for those periods.

We have elected to account for the tax effect of the Global Intangible Low-Taxed Income (“GILTI”) as a current period expense. 65 Table of Contents Results of Operations The following tables set forth our results of operations for the periods presented and as a percentage of our total revenue for those periods.

As of December 31, 2024, our end-customers were located in over 100 countries and included enterprises across a wide variety of market verticals, including financial services, retail, healthcare and operational technology market verticals, communication and security service providers, and government organizations.

As of December 31, 2025, our end-customers were located in over 100 countries and included enterprises across a wide variety of market verticals, including financial services, retail, healthcare and operational technology market verticals, communication and security service providers, and government organizations.

Personnel costs are the most significant component of operating expenses and consist primarily of salaries, benefits, bonuses, sales commissions and stock-based compensation. We expect personnel costs to continue to increase in absolute dollars as we expand our workforce. • Research and development . Research and development expense consists primarily of personnel costs.

Historically, our interest-bearing investments include corporate debt securities, certificates of deposit and term deposits, commercial paper, money market funds, U.S. government and agency securities and municipal bonds. Interest expense. Interest expense consists of interest expense due to the senior notes and other miscellaneous interest expense. Other income (expense) — net .

Historically, our interest-bearing investments include corporate debt securities, certificates of deposit and term deposits, commercial paper, money market funds and U.S. government and agency securities. Interest expense. Interest expense consists of interest expense due to the senior notes and other miscellaneous interest expense. Other income (expense) — net .

We accrue for a loss contingency if a loss is probable and the amount of the loss can be reasonably estimated. These accruals are generally based on a range of possible outcomes that require significant judgement. Estimates can change as individual claims develop.

We accrue for a loss contingency if a loss is probable and the amount of the loss can be reasonably estimated. These accruals are generally based on a range of possible outcomes that require significant judgment. Estimates can change as individual claims develop.

This solution set also includes FortiEDR, FortiXDR, FortiNDR, FortiSandbox, FortiDeceptor, FortiDLP and FortiRecon, helping organizations achieve defense in depth, ensuring attackers face multiple layers of detection and mitigation across endpoints, networks, and applications. To bolster their security posture, organizations contending with staff shortages can tap into FortiGuard services, including SOCaaS, MDR, Security Posture Assessment and Incident Response.

This solution set also includes FortiEndpoint, FortiNDR, FortiSandbox, FortiDeceptor, FortiDLP and FortiRecon, helping organizations achieve defense in depth, ensuring attackers face multiple layers of detection and mitigation across endpoints, networks, and applications. To bolster their security posture, organizations contending with staff shortages can tap into FortiGuard services, including SOCaaS, MDR, Security Posture Assessment and Incident Response.

The extent of the impact of economic conditions on our operational and financial performance will depend on ongoing developments, including those discussed above and others identified in Part I, Item 1A “Risk Factors” in this Form 10-K.

The extent of the impact of such conditions on our operational and financial performance will depend on ongoing developments, including those discussed above and others identified in Part I, Item 1A “Risk Factors” in this Form 10-K.

These statements include, among other things, statements concerning our expectations regarding: • continued growth and market share gains; • variability in sales in certain product and service categories from year to year and between quarters; • expected impact of sales from certain products and services; • increasing or decreasing inflation or stagflation, and changing interest rates in many geographies and changes in currency exchange rates and currency regulations; • competition in our markets; • macroeconomic, geopolitical factors and other disruption on our manufacturing or sales, including the transition in administrations, tariffs or other trade disruptions, public health issues, wars, natural disasters and economic growth; • government regulation, tariffs and other policies; • drivers of long-term growth and operating leverage, such as pricing of our products and services, sales productivity, pipeline and capacity, functionality, value and technology improvements in our service offerings; • growing our solution sales through channel partners to businesses, service providers and government organizations, our ability to execute these sales and the complexity of providing solutions to all segments (including the increased competition and unpredictability of timing associated with sales to larger enterprises), the impact of sales to these organizations on our long-term growth, expansion and operating results, and the effectiveness of our sales organization; • our ability to successfully anticipate market changes, including those related to cloud-based solutions and to sell, support and meet service level agreements related to cloud-based solutions; • growth expectations for the secure networking market; • supply chain constraints, component availability and other factors affecting our manufacturing capacity, delivery, cost and inventory management; • forecasts of future demand and targeted inventory levels, including changing market drivers and demands; • the effect of backlog from current or prior quarters, including its effect on growth of in-quarter billings and revenue; • our ability to hire properly qualified and effective sales, support and engineering employees; • risks and expectations related to acquisitions and equity interests in private and public companies, including integration issues related to go-to-market plans, product plans, employees of such companies, controls and processes and the acquired technology, and risks of negative impact by such acquisitions and equity investments on our financial results; • trends in revenue, cost of revenue and gross margin, including expectations regarding product revenue, service revenue and inventory related charges; • trends in our operating expense, including sales and marketing expense, research and development expense, general and administrative expense, and expectations regarding these expenses; 53 Table of Contents • expected impact of plans and strategy for the acceleration of our data center footprint and our points of presence deployment; • expectations that our operating expense will increase year over year in absolute dollars during 2025; • expectations that proceeds from the exercise of stock options in future years will be adversely impacted by the increased mix of restricted stock units and performance stock units versus stock options granted or a decline in our stock price; • uncertain tax benefits and our effective domestic and global tax rates, the impact of interpretations of or changes to tax law, and the timing of tax payments; • expectations regarding spending related to real estate assets, acquisitions and development, including data centers and points of presence, office building and warehouse investments, as well as other capital expenditures and to the impact on free cash flow and expenses; • estimates of a range of 2025 spending on capital expenditures; • expansions and other changes to our real property holdings and development; • expected outcomes and liabilities in litigation; • our intentions regarding share repurchases and the sufficiency of our existing cash, cash equivalents and investments to meet our cash needs, including our debt servicing requirements, for at least the next 12 months; • other statements regarding our future operations, financial condition and prospects and business strategies; and • adoption and impact of new accounting standards.

These statements include, among other things, statements concerning our expectations regarding: • continued growth and market share gains; • variability in sales in certain product and service categories from year to year and between quarters; • expected impact of sales from certain products and services; • increasing or decreasing inflation or stagflation, and changing interest rates in many geographies and changes in currency exchange rates and currency regulations; • competition in our markets; • macroeconomic, geopolitical factors and other disruption on our manufacturing or sales, including tariffs or other trade disruptions, public health issues, wars, natural disasters and economic growth; • government regulation and other policies; • drivers of long-term growth and operating leverage, such as pricing of our products and services, sales productivity, pipeline and capacity, functionality, value and technology improvements in our product and service offerings; • growing our solution sales through channel partners to businesses, service providers and government organizations, our ability to execute these sales and the complexity of providing solutions to all segments (including the increased competition and unpredictability of timing associated with sales to larger enterprises), the impact of sales to these organizations on our long-term growth, expansion and operating results, and the effectiveness of our sales organization; • our ability to successfully anticipate market changes, including those related to cloud-based and AI solutions and to sell, support and meet service level agreements related to cloud-based solutions; • growth expectations for the secure networking market; • supply chain constraints, component availability and other factors affecting our manufacturing capacity, delivery, cost and inventory management; • forecasts of future demand and targeted inventory levels, including changing market drivers and demands; • the effect of backlog from current or prior quarters, including its effect on growth of in-quarter billings and revenue; • our ability to hire properly qualified and effective sales, support and engineering employees; • risks and expectations related to acquisitions and equity interests in private and public companies, including integration issues related to go-to-market plans, product plans, employees of such companies, controls and processes and the acquired technology, and risks of negative impact by such acquisitions and equity investments on our financial results; • trends in revenue, cost of revenue and gross margin, including product revenue, service revenue and inventory related charges; • trends in our operating expenses, including sales and marketing expenses, research and development expenses, general and administrative expenses; 55 Table of Contents • expected impact of plans and strategy for the acceleration of our data center footprint and our PoP deployment; • our gross margins and operating expenses for 2026; • expectations that proceeds from the exercise of stock options in future years will be adversely impacted by the increased mix of restricted stock units and performance stock units versus stock options granted or a decline in our stock price; • uncertain tax benefits and our effective domestic and global tax rates, the impact of interpretations of or changes to tax law, and the timing of tax payments; • spending related to real estate assets, acquisitions and development, including data centers and points of presence, office building and warehouse investments, as well as other capital expenditures and to the impact on free cash flow and expenses; • estimates of a range of 2026 spending on capital expenditures; • expansions, development, improvements, operating, subleasing and other real property holdings activities; • expected outcomes and liabilities in litigation; • our intentions regarding share repurchases and the sufficiency of our existing cash, cash equivalents and investments to meet our cash needs, including our debt servicing requirements, for at least the next 12 months; • other statements regarding our future operations, financial condition and prospects and business strategies; and • adoption and impact of new accounting standards.

In addition, it is important to note that other companies, including companies in our industry, may not use free cash flow, may calculate free cash flow in a different manner than we do or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of free cash flow as a comparative measure.

In addition, it is important to note that other companies, including companies in our industry, may not use free cash flow, may calculate free cash flow in a different manner than we do or may use other financial measures to evaluate their 61 Table of Contents performance, all of which could reduce the usefulness of free cash flow as a comparative measure.

Product revenue is primarily generated from sales of our physical and virtual machine appliances. The majority of our product revenue continues to be generated by our secure networking product lines. Product revenue also includes revenue from sales of unified SASE and SecOps software technologies.

Global technical support is offered 24x7 with flexible add-ons, including enhanced SLAs and priority hardware replacement through in-country and local depots. Organizations have the flexibility to procure different levels of service for different devices based on their availability needs. We offer three per-device support options tailored to the needs of our enterprise customers: FortiCare Elite, FortiCare Premium and FortiCare Essential.

Global technical support is offered 24x7 with flexible add-ons, including enhanced SLAs and priority hardware replacement through in-country and local depots. Organizations have the flexibility to procure different levels of service for different solutions based on their availability needs. We offer three support options tailored to the needs of our enterprise customers: FortiCare Elite, FortiCare Premium and FortiCare Essential.

We intend to hire additional personnel focused on sales and marketing and expand our sales and marketing efforts worldwide in order to capture market share. • General and administrative . General and administrative expense consists of personnel costs, as well as professional fees, depreciation of property and equipment and internal-use software and facility-related expenses.

We intend to hire additional personnel focused on sales and marketing and expand our sales and marketing efforts worldwide in order to capture market share. • General and administrative . General and administrative expenses consist of personnel costs, as well as professional fees, depreciation of property and equipment and internal-use software and facility-related expenses.

We determine revenue recognition through the following steps: • identification of a contract or contracts with a customer; • identification of the performance obligations in a contract, including evaluation of performance obligations as to being distinct goods or services in a contract; • determination of a transaction price; 61 Table of Contents • allocation of a transaction price to the performance obligations in a contract; and • recognition of revenue when, or as, we satisfy a performance obligation.

We determine revenue recognition through the following steps: • identification of a contract or contracts with a customer; • identification of the performance obligations in a contract, including evaluation of performance obligations as to being distinct goods or services in a contract; • determination of a transaction price; • allocation of a transaction price to the performance obligations in a contract; and • recognition of revenue when, or as, we satisfy a performance obligation.

FortiGuard Labs is our cybersecurity threat intelligence and research organization comprised of experienced threat hunters, researchers, analysts, engineers and data scientists who develop and utilize ML and AI technologies to provide timely protection updates and actionable threat intelligence for the benefit of our customers.

The portfolio consists of FortiGuard application security services, content security services, device security services, NOC/SOC security services and web security services. FortiCare Technical Support Service is a per-device technical support service, which provides customers access to experts to ensure efficient and effective operations and maintenance of their Fortinet capabilities.

The portfolio consists of FortiGuard application security services, content security services, device security services, NOC/SOC security services and web security services. FortiCare Technical Support Service is a technical support service, which provides customers access to experts to ensure efficient and effective operations and maintenance of their Fortinet solution.

Our Secure Connectivity solution includes FortiSwitch secure ethernet switches, FortiAP wireless local area network access points and FortiExtender 5G connectivity gateways and NAC for securing IoT devices. • Unified Secure Access Service Edge (SASE) —As applications move to the cloud and hybrid workforce is now the norm, enabling secure access for users with zero trust framework becomes important.

We define billings as revenue recognized in accordance with generally accepted accounting principles in the United States (“GAAP”) plus the change in deferred revenue from the beginning to the end of the period less any deferred revenue balances acquired from business combination(s) during the period.

In general, deferred tax assets 62 Table of Contents represent future tax benefits to be received when certain expenses previously recognized in our consolidated statements of income become deductible expenses under applicable income tax laws, or loss or credit carryforwards are utilized.

In general, deferred tax assets represent future tax benefits to be received when certain expenses previously recognized in our consolidated statements of income become deductible expenses under applicable income tax laws, or loss or credit carryforwards are utilized.

Other income (expense)—net consists primarily of foreign exchange gains and losses related to foreign currency remeasurement, gains or losses due to the changes in fair value of our marketable equity securities, realized gains and losses of available-for-sale investments, net rental income from real estate, as well as the gain on the sale or the impairment of investments in privately held companies without readily determinable fair values, which are not accounted for under the equity method.

Other income (expense)—net consists primarily of gains on bargain purchases, foreign exchange gains and losses related to foreign currency remeasurement, gains or losses due to the changes in fair value of our marketable equity securities, realized gains and losses of available-for-sale investments, net rental income from real estate, as well as the gains or losses on the sale or the impairments of investments in privately held companies without readily determinable fair values, which are not accounted for under the equity method.

The increase was primarily due to the recognition of revenue from our growing deferred revenue balance related to FortiGuard and other security subscriptions delivered to on-premise and cloud-based environments and growth in SaaS solutions, including unified SASE and SecOps. Of the service revenue recognized in 2024, 70% was included in the deferred revenue balance as of December 31, 2023.

The increase was primarily due to the recognition of revenue from our growing deferred revenue balance related to FortiGuard and other security subscriptions delivered to on-premise and cloud-based environments and growth in SaaS solutions, including unified SASE and SecOps. Of the service revenue recognized in 2025, 71% was included in the deferred revenue balance as of December 31, 2024.

We believe free cash flow to be a liquidity measure that provides useful information to management and investors about the amount of cash generated by the business that, after capital expenditures, can be used for strategic opportunities, including repurchasing outstanding common stock, investing in our business, making strategic acquisitions and strengthening the balance sheet.

We believe free cash flow to be a liquidity measure that provides useful information to management and investors about the amount of cash generated by the business that, after capital expenditures and net of proceeds from IP matters, can be used for strategic opportunities, including repurchasing outstanding common stock, investing in our business, making strategic acquisitions and strengthening the balance sheet.

Additional sales and marketing expenses include product marketing, public relations, field marketing and events and channel marketing programs (e.g., partner cooperative marketing arrangements), as well as travel, depreciation of property and equipment and facility-related 60 Table of Contents expenses.

The provision for income taxes for 2024 w as comprised primarily of a $454.6 million tax expense related to U.S. federal and state income taxes, other foreign income taxes, foreign withholding taxes and unrecognized tax benefits.

The provision for income taxes for 2024 was comprised primarily of a $454.6 million tax expense related to U.S. federal and state income taxes, other foreign income taxes, foreign withholding taxes and unrecognized tax benefits.

Worsening economic conditions, including inflation, changing interest rates, tariffs and other trade disruptions, slower growth, any recession, fluctuations in foreign exchange rates and other changes in economic conditions, may result in decreased sales productivity and 57 Table of Contents growth and adversely affect our results of operations and financial performance.

Worsening economic conditions, including tariffs, inflation, changing interest rates and other trade disruptions, slower growth, any recession, fluctuations in foreign exchange rates and other changes in economic conditions, may result in decreased sales productivity, lower growth and adversely affect our results of operations and financial performance.

We have seen certain impacts on our business, results of operations, financial condition, cash flows, liquidity and capital and financial resources such as longer sales cycles, delayed purchases and increased commitments with certain suppliers and increased inventory and inventory purchase commitment reserves.

We have seen, and could continue to see, certain impacts on our business, results of operations, financial condition, cash flows, liquidity and capital and financial resources such as longer sales cycles, delayed purchases and increased commitments with certain suppliers and increased inventory and inventory purchase commitment reserves.

We expect to continue to increase our data centers, PoPs, office and warehouse capacity to support growth and the expansion of existing services or introduction of new services. As we purchase new properties, we will work to incorporate these properties into the environmental goals we have established.

We expect to continue to increase our data center, PoP, office and warehouse capacity to support growth and the expansion of existing services or introduction of new services. As we purchase new properties, we will work to incorporate these properties into the environmental goals we have established.

Additional increases in billings may depend on a number of factors, including demand for and availability of our products and services, competition, pricing actions, market or industry changes, macroeconomic events such as rising inflation and changing interest rates, economic strength, supply chain capacity and disruptions, tariffs and other trade restrictions, international conflicts, including the war in Ukraine, an increase in installment billing, and our ability to execute.

Additional increases in billings may depend on a number of factors, including demand for and availability of our products and services, competition, pricing actions, market or industry changes, macroeconomic events such as rising inflation and changing interest rates, economic strength, supply chain capacity and disruptions, tariffs and other trade restrictions, international conflicts, including the war in Ukraine, tensions between China and Taiwan or conflicts in the Middle East, an increase in installment billings, and our ability to execute.

Loss from equity method investments consists of our proportionate share of the investees’ net loss, the amortization of any basis differences, as well as any other-than-temporary impairment (“OTTI”) when events or circumstances suggest that the carrying amount of the investment may be impaired.

Gain (loss) from equity method investments consists of gain related to our acquisition of the investee, our proportionate share of the investees’ net loss, the amortization of any basis differences, as well as any other-than-temporary impairment (“OTTI”) when events or circumstances suggest that the carrying amount of the investment may be impaired.

We are one of the few vendors to deliver consistent convergence and AI-powered security across Secure SD-WAN and SSE to enable a single-vendor SASE framework with a cloud-centric architecture powered by FortiOS. Our global and scalable cloud network includes over 190 PoPs to deliver a seamless secure access experience.

Given the dynamic nature of these circumstances, the full impact of worsening economic conditions on our business and operations, results of operations, financial condition, cash flows, liquidity and capital and financial resources cannot be reasonably estimated at this time.

Given the dynamic nature of these circumstances, the full impact of worsening economic, geopolitical and supply chain developments on our business and operations, results of operations, financial condition, cash flows, liquidity and capital and financial resources cannot be reasonably estimated at this time.

A reconciliation of revenue, the most directly comparable financial measure calculated and presented in accordance with GAAP, to billings is provided below: Year Ended December 31, 2024 2023 2022 (in millions) Billings: Revenue $ 5,955.8 $ 5,304.8 $ 4,417.4 Add: Change in deferred revenue 625.9 1,094.7 1,187.4 Less: Deferred revenue balance acquired in business combinations (49.2) — (10.8) Total billings (non-GAAP) $ 6,532.5 $ 6,399.5 $ 5,594.0 Free cash flow (non-GAAP).

A reconciliation of revenue, the most directly comparable financial measure calculated and presented in accordance with GAAP, to billings is provided below: Year Ended December 31, 2025 2024 2023 (in millions) Billings: Revenue $ 6,799.6 $ 5,955.8 $ 5,304.8 Add: Change in deferred revenue 754.9 625.9 1,094.7 Less: Deferred revenue balance acquired in business combinations (0.8) (49.2) — Total billings (non-GAAP) $ 7,553.7 $ 6,532.5 $ 6,399.5 Free cash flow (non-GAAP).

As of December 31, 2024, approximately two-thirds of our engineers worked on software development while the remainder worked on hardware development. • Sales and marketing . Sales and marketing expense is the largest component of our operating expenses and primarily consists of personnel costs.

As of December 31, 2025, approximately two-thirds of our engineers worked on software development while the remainder worked on hardware development. • Sales and marketing . Sales and marketing expenses are the largest component of our operating expenses and primarily consists of personnel costs.

In the long term, our ability to support our requirements and plans for cash, including our working capital and capital expenditure requirements will depend on many factors, including our growth rate; the timing and amount of our share repurchases and debt retirement; the expansion of sales and marketing activities, pricing actions, the introduction of new and enhanced products and services offerings; the continuing market acceptance of our products; the timing and extent of spending to support development efforts; our investments in purchasing, developing or leasing real estate; cash paid for taxes and macroeconomic impacts such as rising inflation and changing interest rates; and the war in Ukraine.

In the long term, our ability to support our requirements and plans for cash, including our working capital and capital expenditure requirements will depend on many factors, including our growth rate, the timing and amount of our share repurchases and debt retirement, the expansion of sales and marketing activities, pricing actions, the introduction of new and enhanced products and services offerings, the continuing market acceptance of our products, the timing and extent of spending to support development efforts, our investments in purchasing, developing or leasing real estate, cash paid for taxes and macroeconomic impacts such as rising inflation and changing interest rates, changes in tariffs and other trade restrictions, impacts of international conflicts, including the war in Ukraine, tensions between China and Taiwan or conflicts in the Middle East.

Management accounts for this limitation by providing information about our capital expenditures and other investing and financing activities on the consolidated statements of cash flows and under “—Liquidity and Capital Resources” and by presenting cash flows from investing and financing activities in our reconciliation of free cash flow.

Management accounts for this limitation by providing information about our proceeds from IP matters, our capital expenditures and other investing and financing activities on the consolidated statements of cash flows and under “Liquidity and Capital Resources” and by presenting cash flows from investing and financing activities in our reconciliation of free cash flow.

Our competitive differentiation lies in our core technologies, which together provide performance, security, flexibility and integration across diverse environments. • FortiOS —Our unified operating system enables the convergence of networking and AI-powered security to enforce consistent policies across all form factors and edges.

It is primarily comprised of net income, as adjusted for non-cash items and changes in operating assets and liabilities. Non-cash adjustments consist primarily of amortization of deferred contract costs, stock-based compensation and depreciation and amortization. Changes in operating assets and liabilities consist primarily of changes in deferred revenue, deferred contract costs, accrued liabilities, deferred tax assets, inventory and accounts receivable—net.

The Fortinet Unified SASE solution includes a single-vendor SASE solution that includes firewall, SD-WAN, secure web gateway, cloud access services broker, DLP and zero trust network access to deliver flexible secure access for all users.

The Fortinet Unified SASE solution includes a single-vendor SASE solution that includes firewall, SD-WAN, secure web gateway, cloud access services broker, DLP, DEM, RBI and ZTNA to deliver flexible secure access for all users.

A limitation of using free cash flow rather than the GAAP measures of cash provided by or used in operating activities, investing activities, and financing activities is that free cash flow does not represent the total increase or decrease in the cash and cash equivalents balance for the period because it excludes investing activities other than capital expenditures and cash flows from financing activities.

A limitation of using free cash flow rather than the GAAP measures of cash provided by or used in operating activities, investing activities, and financing activities is that free cash flow does not represent the total increase or decrease in the cash and cash equivalents balance for the period because it excludes cash flows from significant non-recurring items, such as proceeds from IP matters, investing activities other than capital expenditures and cash flows from financing activities.

Worsening economic conditions may have a material negative impact on our results in future periods and may negatively impact our billings, revenue and costs, and may decrease growth and profitability.

Worsening economic, geopolitical and supply chain developments may have a material negative impact on our results in future periods and may negatively impact our billings, revenue and costs, and may decrease growth and profitability.

Generally, service revenue and software licenses have higher gross margins compared to hardware products. Overall gross margin in 2025 will be impacted by service and product revenue mix and their respective gross margins. Operating expenses . Our operating expenses consist of research and development, sales and marketing and general and administrative expenses.

Generally, service revenue and software licenses have higher gross margins compared to hardware products. Overall gross margin is impacted by service and product revenue mix and their respective gross margins. 62 Table of Contents Operating expenses . Our operating expenses consist of research and development, sales and marketing and general and administrative expenses.

As of December 31, 2024, our cash, cash equivalents and short-term and long-term investments of $4.07 billion were invested primarily in deposit accounts, commercial paper, corporate debt securities, U.S. government and agency securities, certificates of deposit and term deposits and money market funds.

As of December 31, 2025, our cash, cash equivalents and short-term and long-term investments of $3.92 billion were invested primarily in deposit accounts, commercial paper, corporate debt securities, U.S. government and agency securities, certificates of deposit and term deposits, money market funds and marketable equity securities.

As of December 31, 2024, approximately 79%, 7%, 5%, 3% and 3% of our research and development teams were located in North America, India, Israel, Japan and Taiwan, respectively. We do not own research and development team located in China.

As of December 31, 2025, approximately 78%, 7%, 5%, 3% and 3% of our research and development teams were located in North America, India, Israel, Japan and Taiwan, respectively. We do not have research and development teams located in China.

As of December 31, 2024, we had $101.2 million in other contractual commitments having a remaining term in excess of one year that are non-cancelable.

As of December 31, 2025, we had $118.3 million in other contractual commitments having a remaining term in excess of one year that are non-cancelable.

The provision was partially offset by excess tax benefits of $45.3 million from stock-based compensation expense, a tax benefit of $111.5 million from the FDII deduction, and a tax benefit of $13.9 million from federal research and development tax credits.

The provision was partially offset by excess tax benefits of $60.9 million from stock-based compensation expense, a tax benefit of $84.3 million from the FDII deduction, and a tax benefit of $15.4 million from federal research and development tax credits.

As the foundation of the Fortinet Security Fabric, FortiOS empowers organizations to unify management and analytics for comprehensive network visibility and control at scale.

As the foundational engine of the Fortinet Security Fabric, FortiOS empowers organizations to unify management and analytics, providing network visibility and control at scale.

Business Model We typically sell our security solutions to distributors that sell to networking security focused resellers and to certain service providers and managed security service providers, who, in turn, sell to end-customers or use our products and services to provide hosted solutions to other enterprises.

Business Model We typically sell our security solutions to distributors that sell to networking security focused resellers and to certain service providers and MSSPs, who, in turn, sell to end-customers or use our products and services to provide hosted solutions to other enterprises. At times, we also sell directly to enterprise customers, service providers, systems integrators and large enterprises.

The increase was primarily due to the recognition of service revenue from our growing deferred revenue balance related to FortiGuard and other security subscriptions delivered to on-premise and cloud-based environments and strength in unified SASE and SecOps. We expect our service revenue to continue to grow in 2026. Our billings were diversified on a geographic basis.

A reconciliation of net cash provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with GAAP, to free cash flow is provided below: Year Ended December 31, 2024 2023 2022 (in millions) Free Cash Flow: Net cash provided by operating activities $ 2,258.1 $ 1,935.5 $ 1,730.6 Less: Purchases of property and equipment (378.9) (204.1) (281.2) Free cash flow (non-GAAP) $ 1,879.2 $ 1,731.4 $ 1,449.4 Net cash provided by (used in) investing activities $ (727.4) $ (649.3) $ 763.9 Net cash used in financing activities $ (50.1) $ (1,570.4) $ (2,130.3) 59 Table of Contents Components of Operating Results Revenue.

A reconciliation of net cash provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with GAAP, to free cash flow is provided below: Year Ended December 31, 2025 2024 2023 (in millions) Free Cash Flow: Net cash provided by operating activities $ 2,590.6 $ 2,258.1 $ 1,935.5 Less: Purchases of property and equipment (364.8) (378.9) (204.1) Less: Proceeds from intellectual property matter (14.0) — — Free cash flow (non-GAAP) $ 2,211.8 $ 1,879.2 $ 1,731.4 Net cash used in investing activities $ (599.1) $ (727.4) $ (649.3) Net cash used in financing activities $ (2,371.5) $ (50.1) $ (1,570.4) Components of Operating Results Revenue.

Operating income as a percentage of revenue increased to 30.3% in 2024 compared to 23.4% in 2023.

Operating income as a percentage of revenue increased to 30.7% in 2025 compared to 30.3% in 2024.

During 2024, cash used in financing activities was $50.1 million, primarily driven by $37.8 million used to pay tax withholding, net of proceeds from the issuance of common stock. 71 Table of Contents Recent Accounting Pronouncements Refer to Note 1 of the notes to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K for a full description of recently adopted accounting pronouncements.

During 2025, cash used in financing activities was $2.37 billion, driven by $2.29 billion used to repurchase shares of our common stock and $81.6 million used to pay tax withholding related to net share settlement of equity awards, net of proceeds from the issuance of common stock. 73 Table of Contents Recent Accounting Pronouncements Refer to Note 1. of the notes to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K for a full description of recently adopted accounting pronouncements.

Operating expenses as a percentage of revenue decreased approximately 3.0 percentage points in 2024 compared to 2023, mainly because our revenue growth outpaced personnel costs. Headcount increased 4% to 14,138 employees as of December 31, 2024, up from 13,568 as of December 31, 2023.

Operating expenses as a percentage of revenue decreased 0.5 percentage points in 2025 compared to 2024, mainly because our revenue growth outpaced our personnel costs growth. Headcount increased 7% to 15,109 employees as of December 31, 2025, up from 14,138 as of December 31, 2024.

We consider billings to be a useful metric for management and investors because billings drive current and future revenue, which is an important indicator of the health and viability of our business and cash flows. There are a number of limitations related to the use of billings instead of GAAP revenue.

We consider billings to be a useful metric for management and investors because billings drive current and future revenue as well as cash flows. There are a number of limitations related to the use of billings instead of GAAP revenue.

In 2024, we repurchased less than 0.1 million shares of common stock under the Repurchase Program for an aggregate purchase price of $0.6 million. As of December 31, 2024, approximately $2.03 billion remained available for future share repurchases under the Repurchase Program.

In 2025, we repurchased 28.7 million shares of common stock under the Repurchase Program for an aggregate purchase price of $2.29 billion. As of December 31, 2025, approximately $738.6 million remained available for future share repurchases under the Repurchase Program.

In 2024, seven countries represented approximately 50% of our billings and the remaining approximately 50% were from over 100 countries that each individually contributed less than 3% of our billings.

In 2025, seven countries represented approximately 50% of our billings and the remaining approximately 50% in the aggregate were from over 100 countries that each individually contributed less than 3% of our billings. Total gross margin remained comparatively flat in 2025 compared to 2024 .

These competitive differentiators allow us to provide CIOs, CISOs, CTOs, and their organizations with an integrated AI-driven cybersecurity platform with over 50 products across three solution pillars. • Secure Networking —Our Secure Networking solutions focus on the convergence of networking and security via FortiOS, our networking and security operating system that is the foundation of our Fortinet Security Fabric platform and supports over 30 functions that can be delivered via a physical, virtual, cloud or SaaS solution.

These competitive differentiators provide networking and security professionals with a cyber security platform comprised of over 50 products across three solution pillars: • Secure Networking —Our Secure Networking solutions focus on the convergence of networking and security via FortiOS, our networking and security operating system that is the foundation of our Fortinet Security Fabric platform and supports a broad range of functions that can be delivered via a physical, virtual, cloud or SaaS solutions.

Provision for income taxes Year Ended December 31, Change % Change 2024 2023 (in millions, except percentages) Provision for income taxes $ 283.9 $ 143.8 $ 140.1 97 % Effective tax rate (%) 14 % 11 % Our provision for income taxes for 2024 reflects an effective tax rate of 14%, compared to an effective tax rate of 11% for 2023.

Provision for income taxes Year Ended December 31, Change % Change 2025 2024 (in millions, except percentages) Provision for income taxes $ 439.1 $ 283.9 $ 155.2 55 % Effective tax rate (%) 19 % 14 % Our provision for income taxes for 2025 reflects an effective tax rate of 19%, compared to an effective tax rate of 14% for 2024.

Cost of service revenue is primarily comprised of personnel costs, replacement cost, data center infrastructure, software and delivery costs, colocation and cloud provider fees, facility-related costs and amortization of intangible assets. Gross margin .

Cost of service revenue is primarily comprised of personnel costs, replacement and repair costs, cloud services costs from owned data centers, colocation providers and cloud service providers, infrastructure depreciation and related operating costs, software and delivery costs, facility-related costs and amortization of intangible assets. Gross margin .

We believe that, of the significant accounting policies described in Note 1 to our consolidated financial statements included in Part II, Item 8 of this Annual Report on Form 10-K, the following accounting policies involve a greater degree of judgment and complexity.

To the extent that there are material differences between these estimates and our actual results, our future financial statements will be affected. 63 Table of Contents We believe that, of the significant accounting policies described in Note 1 to our consolidated financial statements included in Part II, Item 8 of this Annual Report on Form 10-K, the following accounting policies involve a greater degree of judgment and complexity.

We continued to experience diversification of revenue geographically, and across customer and industry verticals. Revenue from all regions grew, with EMEA contributing the largest portion of the increase on an absolute dollar basis and on a percentage basis. Product revenue remained comparatively flat in 2024 compared to 2023 .

Total revenue increased $843.8 million, or 14%, in 2025 compared to 2024. We continued to experience geographically diversified revenue, as well as diversification across customer and industry verticals. Revenue from all regions grew, with EMEA contributing the largest portion of the increase on an absolute dollar basis and on a percentage basis.

Operating expenses Year Ended December 31, Change % Change 2024 2023 Amount % of Revenue Amount % of Revenue (in millions, except percentages) Operating expenses: Research and development $ 716.8 12 % $ 613.8 12 % $ 103.0 17 % Sales and marketing 2,044.8 34 2,006.0 38 38.8 2 General and administrative 237.8 4 211.3 4 26.5 13 Gain on intellectual property matter (4.6) — (4.6) — — — Total operating expenses $ 2,994.8 50 % $ 2,826.5 53 % $ 168.3 6 % Research and development Research and development expense increased $103.0 million, or 17%, in 2024 compared to 2023, primarily due to an increase o f $81.8 million in personnel-related costs as a result of increased headcount and compensation rates to support the development of new products and continued enhancements to our existing products.

Operating expenses Year Ended December 31, Change % Change 2025 2024 Amount % of Revenue Amount % of Revenue (in millions, except percentages) Operating expenses: Research and development $ 815.5 12 % $ 716.8 12 % $ 98.7 14 % Sales and marketing 2,347.5 35 2,044.8 34 302.7 15 General and administrative 233.4 3 237.8 4 (4.4) (2) Gain on intellectual property matters (10.4) — (4.6) — (5.8) 126 Total operating expenses $ 3,386.0 50 % $ 2,994.8 50 % $ 391.2 13 % Research and development Research and development expenses increased $98.7 million, or 14%, in 2025 compared to 2024, primarily due to an increase o f $71.8 million in personnel-related costs as a result of increased headcount and compensation rates to support the development of new products and continued enhancements to our existing products and the impact of the recent acquisitions.

First, billings include amounts that have not yet been recognized as revenue and are impacted by the term of security and support agreements. Second, we may calculate billings in a manner that is different from peer companies that report similar financial measures.

First, billings are impacted by the term of security subscription and support agreements and do not provide an indication as to the timing of revenue being recognized from these service contracts. Second, we may calculate billings in a manner that is different from peer companies that report similar financial measures.

The increase in our operating margin primarily benefits from 3.9 percentage points increase in gross margin and 3.5 percentage points decrease in sales and marketing expense as a percentage of revenue, partially offset by 0.5 percentage points increase in research and development expense as percentage of revenue.

The increase in our operating margin primarily benefits from 0.6 percentage points decrease in general and administrative expenses as a percentage of revenue, partially offset by 0.2 percentage points increase in sales and marketing expenses as a percentage of revenue and 0.1 percentage points decrease in gross margin.

Our end-customers are located in over 100 countries and include small, medium and large enterprises and government organizations across a wide range of industries, including financial services, government, healthcare, manufacturing, retail, technology and telecommunications.

We also sell our software licenses and cloud delivered services via different cloud service provider platforms, both directly and through our channel partners. Our end-customers are located in over 100 countries and include small, medium and large enterprises and government organizations across a wide range of industries, including financial services, government, healthcare, manufacturing, retail, technology and telecommunications.

Liquidity and Capital Resources As of December 31, 2024 2023 2022 (in millions) Cash and cash equivalents $ 2,875.9 $ 1,397.9 $ 1,682.9 Short-term and long-term investments 1,126.4 1,021.5 548.1 Marketable equity securities 64.2 21.0 25.5 Total cash, cash equivalents, investments and marketable equity securities $ 4,066.5 $ 2,440.4 $ 2,256.5 Working capital $ 1,910.8 $ 709.3 $ 732.0 Year Ended December 31, 2024 2023 2022 (in millions) Net cash provided by operating activities $ 2,258.1 $ 1,935.5 $ 1,730.6 Net cash provided by (used in) investing activities (727.4) (649.3) 763.9 Net cash used in financing activities (50.1) (1,570.4) (2,130.3) Effect of exchange rate changes on cash and cash equivalents (2.6) (0.8) (0.4) Net increase (decrease) in cash and cash equivalents $ 1,478.0 $ (285.0) $ 363.8 Liquidity and capital resources are primarily impacted by our operating activities, as well as real estate purchases, other capital expenditures, and business acquisitions, payment of taxes in connection with the net settlement of equity awards and proceeds from the issuance of common stock and investment grade debt and repurchases of our common stock. 69 Table of Contents In recent years, we have received significant capital resources from our billings to customers, issuance of investment grade debt and, to some extent, from the exercise of stock options by our employees.

Liquidity and Capital Resources As of December 31, 2025 2024 2023 (in millions) Cash and cash equivalents $ 2,495.3 $ 2,875.9 $ 1,397.9 Short-term investments 1,087.2 1,190.6 1,042.5 Long-term investments 339.7 — — Total cash, cash equivalents and investments $ 3,922.2 $ 4,066.5 $ 2,440.4 Working capital $ 866.2 $ 1,910.8 $ 709.3 Year Ended December 31, 2025 2024 2023 (in millions) Net cash provided by operating activities $ 2,590.6 $ 2,258.1 $ 1,935.5 Net cash used in investing activities (599.1) (727.4) (649.3) Net cash used in financing activities (2,371.5) (50.1) (1,570.4) Effect of exchange rate changes on cash and cash equivalents (0.6) (2.6) (0.8) Net increase (decrease) in cash and cash equivalents $ (380.6) $ 1,478.0 $ (285.0) 71 Table of Contents Liquidity and capital resources are primarily impacted by our operating activities, as well as repurchases of our common stock, real estate purchases and other capital expenditures, investment grade debt balance, payments of taxes in connection with the net settlement of equity awards, proceeds from the issuance of common stock and business combinations.

In addition, we purchase components of our inventory from certain suppliers and use several independent contract manufacturers to provide manufacturing services for our products.

We estimate 2026 capital expenditures to be between approximately $350 million and $450 million. We purchase components of our inventory from certain suppliers and use several independent contract manufacturers to provide manufacturing services for our products.

An end-customer deployment may involve as few as one or as many as thousands of secure networking, unified SASE and security operations technology products or users, depending on the end-customer’s size and security requirements. Our customers purchase our hardware products, software licenses, SaaS subscriptions and cloud-delivered solutions, including our FortiGuard security subscriptions and FortiCare technical support services.

The FortiCare Elite service aims to provide a 15-minute response time for key product families. In addition to FortiCare device level services, Advanced Support service options are available per account. These services are available for regional account support in three options: Core, Pro and Pro Plus, and can be globalized at the Pro and Pro Plus levels.

The FortiCare Elite service aims to provide a 15-minute response time for key product families. In addition to FortiCare solution based services, Advanced Support service options are available per account.

We expect our service gross margin to decrease for full year 2025 compared to full year 2024, as we expand our data center footprint and colocation and cloud hosting capacity to support the growth in our unified SASE and SecOps offerings.

Our service gross margin is expected to remain relatively consistent, for full year 2026 compared to full year 2025, despite continued expansion of our data center footprint and colocation and cloud hosting capacity to support the growth in our unified SASE and SecOps offerings.

We define free cash flow as net cash provided by operating activities minus purchases of property and equipment.

We define free cash flow as net cash provided by operating activities minus purchases of property and equipment and excluding any significant non-recurring items, such as proceeds from IP matters.

… 110 more changes not shown on this page.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Market Risk — interest-rate, FX, commodity exposure

7 edited+0 added−1 removed6 unchanged

2024 filing

2025 filing

Biggest changeForeign Currency Exchange Risk Our sales contracts are primarily denominated in U.S. dollars and therefore substantially all of our revenue is not subject to foreign currency translation risk.

Biggest changeA 10% decrease in interest rates would have resulted in a decrease of $16.2 million, $15.5 million and $12.0 million in our interest income for 2025, 2024, and 2023, respectively. Foreign Currency Exchange Risk Our sales contracts are primarily denominated in U.S. dollars and therefore substantially all of our revenue is not subject to foreign currency translation risk.

The rate of inflation, however, affects our cost of revenue and expenses, such as those for employee compensation, which may not be readily recoverable in the price of products and services offered by us. 72 Table of Contents

For foreign currency exchange rate risk, a 10% increase or decrease of foreign currency exchange rates against the U.S. dollar with all other variables held constant would have resulted in a $14.2 million change in the value of our foreign currency cash balances as of December 31, 2024.

For foreign currency exchange rate risk, a 10% increase or decrease of foreign currency exchange rates against the U.S. dollar with all other variables held constant would have resulted in a $17.2 million change in the value of our foreign currency cash balances as of December 31, 2025.

We record changes in the fair value of forward exchange contracts related to balance sheet accounts in other income (expense)—net in the consolidated statements of income. We recognized an expense of $16.9 million in 2024 due to foreign currency transaction losses.

We record changes in the fair value of forward exchange contracts related to balance sheet accounts in other income (expense)—net in the consolidated statements of income. We recognized an expense of $4.9 million in 2025 due to foreign currency transaction losses.

To minimize this risk, we maintain our portfolio of cash, cash equivalents, investments and marketable equity securities in a variety of securities, including commercial paper, corporate debt securities, U.S. government and agency securities, certificates of deposit and term deposits, money market funds, municipal bonds and marketable equity securities.

To minimize this risk, we maintain our portfolio of cash, cash equivalents, investments and marketable equity securities in a variety of securities, including commercial paper, corporate debt securities, U.S. government and agency securities, certificates of deposit and term deposits, money market funds and marketable equity securities. The risk associated with fluctuating interest rates is limited to our investment portfolio.

Some of the securities we invest in are subject to market risk. This means that a change in prevailing interest rates may cause the principal amount of the investment to fluctuate.

The primary objectives of our investment activities are to preserve principal, provide liquidity and maximize income without significantly increasing risk. Some of the securities we invest in are subject to market risk. This means that a change in prevailing interest rates may cause the principal amount of the investment to fluctuate.

ITEM 7A. Quantitative and Qualitative Disclosures about Market Risk Investment and Interest Rate Fluctuation Risk We are exposed to interest rate risks related to our investment portfolio and outstanding debt. The primary objectives of our investment activities are to preserve principal, provide liquidity and maximize income without significantly increasing risk.

ITEM 7A. Quantitative and Qualitative Disclosures about Market Risk Investment and Interest Rate Fluctuation Risk We are exposed to interest rate risks primarily related to our investment portfolio and the outstanding debt, as changes in prevailing interest rates may affect the fair value of investments and the cost of future financing activities.

Removed

The risk associated with fluctuating interest rates is limited to our investment portfolio. A 10% decrease in interest rates would have resulted in a decrease of $15.5 million in our interest income in 2024, and would have resulted in an insignificant decrease in our interest income in 2023 and 2022.

Top changes in Fortinet's 2025 10-K

Item 1. Business

Item 1A. Risk Factors

Item 1C. Cybersecurity

Item 2. Properties

Item 3. Legal Proceedings

Item 5. Market for Registrant's Common Equity

Item 7. Management's Discussion & Analysis

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Other FTNT 10-K year-over-year comparisons