Fortinet - Earnings Call - Q2 2025

Executive Summary

• Q2 2025 delivered a clean beat: revenue $1.63B (+14% Y/Y) and non-GAAP EPS $0.64 vs S&P Global consensus ~$0.59; billings $1.78B (+15% Y/Y) exceeded company guidance and drove a raise to full‑year billings midpoint by $100M (now $7.40B midpoint).
• Mix and margin: non‑GAAP operating margin of 33.1% (down ~200 bps Y/Y) as Fortinet stepped up sales capacity, absorbed recent M&A costs, and invested in hosted security; total gross margin ran ~81.6% in the quarter, above the guide.
• Demand drivers: strong large‑enterprise momentum (>$1M deals +29%, total value +51%), EMEA led revenue growth (+18%); Unified SASE/SecOps ARR grew +22%/+35% Y/Y with FortiSASE ARR >100% Y/Y and 13% of large enterprise customers now adopting FortiSASE.
• Guidance: Q3 revenue $1.67–$1.73B and non‑GAAP EPS $0.62–$0.64 (midpoints roughly in line with consensus); FY25 revenue held while mix shifts $50M from services to product; FY25 non‑GAAP EPS raised to $2.47–$2.53.
• Strategic adds: expanded FortiCloud with FortiIdentity, FortiDrive, FortiConnect; management reiterated being ~40–50% through the 2026 firewall refresh cycle and emphasized sovereign SASE as a differentiator.

What Went Well and What Went Wrong

What Went Well

• Beat and raise: Billings +15% Y/Y to $1.78B, beating guidance; full‑year billings midpoint raised by $100M on stronger demand. “Our strong second quarter performance…enabled us to beat our billings guidance… and raise our full year billings outlook.” — Ken Xie.
• Enterprise/SASE strength: >$1M deal count +29% and value +51%; FortiSASE ARR >100% Y/Y with 13% penetration in large enterprise; EMEA led revenue growth at +18%.
• Platform momentum and recognition: “We are the industry leader in network security… and recognized leadership in the 2025 Gartner Magic Quadrant for SASE Platforms.” — Ken Xie.

What Went Wrong

• Margin compression: Non‑GAAP operating margin fell to 33.1% (from 35.1% a year ago) on higher sales headcount, M&A cost absorption, and FX; service gross margin down 80 bps on hosted security investments.
• Free cash flow softness Q/Q: FCF fell to $284.1M in Q2 vs $782.8M in Q1 as infrastructure investments rose to ~$168M to support FortiSASE/FortiCloud scale.
• Services growth deceleration and flat SASE ARR Q/Q: Unified SASE ARR was roughly flat sequentially at ~$1.15B as other products churn offset FortiSASE growth; CFO noted service revenue conversion lags billings and emphasized upsell timing.

Transcript

Speaker 4

Hello and welcome to Fortinet's second quarter 2025 earnings conference call. At this time, all participants are in a listen-only mode. After the speaker's presentation, we will conduct a question and answer session. Please be advised that this call is being recorded. I would now like to hand the call over to Aaron Ovadia, Senior Director of Investor Relations. Please go ahead.

Speaker 0

Thank you and good afternoon everyone. I am pleased to welcome everyone to our call to discuss Fortinet's financial results for the second quarter of 2025. Joining me on today's call are Ken Xie, Fortinet's Founder, Chairman and CEO, Christiana Ohlgart, our CFO, and John Whittle, our COO. Ken will begin our call today by providing a high-level perspective on our business. Christiana will then review our financial results for the second quarter of 2025 before providing guidance for the third quarter and updating the full year. We will then open the call for questions during the Q&A session. We ask that you please limit yourself to one question and one follow-up question to allow others to participate.

Before we begin, I'd like to remind everyone that on today's call we will be making forward-looking statements and these forward-looking statements are subject to risks and uncertainties which could cause actual results to differ materially from those projected. Please refer to our SEC filings, in particular the risk factors in our most recent Form 10-K and Form 10-Q for more information. All forward-looking statements reflect our opinions only as of the date of this presentation and we undertake no obligation and specifically disclaim any obligation to update forward-looking statements. Also, all references to financial metrics that we make on today's call are non-GAAP unless stated otherwise. Our GAAP results and GAAP to non-GAAP reconciliations are located in our earnings press release and in the presentation that accompany today's remarks, both of which are posted on our investor relations website.

As a reminder, this is a live call that will be available for replay via webcast on our investor relations website. The prepared remarks will also be posted on the quarterly earnings section of our IR website following today's call. Lastly, all references to growth are on a year-over-year basis unless noted otherwise. I will now turn the call over to Ken.

Speaker 3

Thank you, Aaron, and thank you to everyone for joining our call. We are pleased with our strong second quarter performance, beating both our billings and operating margin guidance. Building on this business momentum, we are reaching a four-year billings outlook. In the second quarter, billings grew by 15% and revenue grew by 14%, and we achieved a strong non-GAAP operating margin of 33%. Our strong top line results were driven by continued momentum among large enterprise customers, with the total value of deals over $1 million increased by more than 50%. This growth reflects the strength and value of our innovation, the recent global demand of our integrated solution, and the impact of a go-to-market investment.

Additionally, our recent investment in the fast-growing market of Unified SASE and AI-driven secure operations are continuing to deliver strong return as billings for both grew over 20% for a combined 35% of total billings. Fortinet's strong momentum in SASE has been recognized by industry analysts as we were recently named a leader in the 2025 Gartner Magic Quadrant for SASE platform while also ranking number one in the secure branch network modernization case. We are the only vendor in the report that is also recognized in five different network security Magic Quadrant, which all run off unified FortiOS. We continue to be the only vendor that has developed all core SASE capability in a single operating system, the FortiOS, including Next Gen Firewall, SD-WAN, ZTNA, Secure Web Gateway, CASB, and DLP.

This native integration of Next Gen Firewall, SD-WAN, and SASE has become the new generation SASE firewall, making it easy for customers to adopt and upgrade while reducing capacity and operation cost, enhancing user experience, and ensuring integrated hyper-secure access across both on-premise and cloud environment. Our success in Unified SASE reflects the value customers place in our new generation SASE firewall, beginning with their investment in our industry-leading FortiGate firewall built on a FortiASIC. From there, most large enterprise expanding into a secure SD-WAN capability before advancing to a FortiSASE solution. As a result, 13% of large enterprise customers have purchased FortiSASE, an increase of over 60% year over year. Furthermore, we have invested around $2 billion to build and operate a global owned infrastructure spanning around 5 million square feet across data centers, NOC and SOC, customer support centers, executive briefing centers, and a research and development facility.

This large-scale footprint gives us a competitive advantage in delivering FortiSASE, FortiCloud, and other cloud services. By owning and managing our infrastructure, we ensure better customer experience, better cost efficiency, strong data sovereignty, and high performance and scale. We also leverage our FortiSec technology to provide enhanced security and better management across our SaaS services. Today we announced we are expanding our FortiCloud offering with three new services, the FortiIdentity, FortiDrive, and FortiConnect. These services natively integrate into the Fortinet Security Fabric, providing centralized visibility, consistent policy enforcement, and real-time threat protection across users, devices, applications, data, and AI agents in operational technology (OT) security.

While we are achieving billings growth of over 20%, we were recently named the overall leader in the Westland Advisor IT & OT Network Protection Platform Navigator 2025 report for the third time in a row, earning the highest ranking in both strategic direction and technical capability. We continue to invest in AI, which we began developing more than 15 years ago, and hold over 500 issued and pending AI patents, more than any other competitors. Our latest AI innovations include FortiAI for advanced threat detection, FortiAssist for automating security tasks, and FortiAI Secure AI for protecting AI infrastructure. As a result of our investment and recent innovations, our AI add-on solutions are the fastest growing part of our business. I would like to thank our employees, customers, partners, and suppliers worldwide for their continuous support and hard work. I will now turn the call over to Christiana.

Speaker 2

Thank you Ken, thank you Aaron, and good afternoon everyone. As Ken mentioned, Fortinet's growth and momentum are strong. We beat our billings and operating margin guidance for the second quarter and raised our full year billings outlook. Total billings grew by 15% to $1.78 billion, driven by 21% growth in Unified SASE and 31% growth in SecOps. Unified SASE and SecOps now account for 24% and 11% of total billings, respectively, up 1 point each. Our strong billings growth was driven by continued momentum in expanding into the large enterprise as the number of deals greater than $1 million increased by 29% while their total dollar value grew by 51%. Among our top five verticals, financial services, the vertical with arguably the most sophisticated and discerning security purchasers, led the way with billings growth of over 30%. In addition, we continue to expand our customer base.

Over 6,900 new organizations chose our unified single FortiOS platform to power their cybersecurity strategy. The robust growth in new customers is a clear testament to our strong position in the SMB market, driven by the continued commitment and loyalty of our channel partners. Total RPO grew by 12% to $6.64 billion while current RPO grew by 15% to $3.45 billion. With regards to ARR, Unified SASE increased by 22% to $1.15 billion and SecOps increased by 35% to $463 million. Within Unified SASE, FortiSASE, our SSE solution, delivered strong results with ARR growth of over 100% while the customer base expanded by 65%. Furthermore, adoption momentum has remained strong as 13% of our large enterprise customers have purchased FortiSASE, highlighting our continued expansion of FortiSASE in our customer base. As a reminder, the typical customer journey begins with the purchase of our FortiGate firewall.

From there, customers often expand to our integrated secure SD-WAN solution before adopting our single vendor SASE offering, reflecting the growing convergence of security and networking. Over 50% of our FortiSASE customers also leverage our SD-WAN solution, while 90% of our large enterprise FortiSASE customers began their journey with SD-WAN, reflecting the value of our integrated platform approach and the convergence of security and networking. Total revenue grew by 14% to $1.63 billion, led by EMEA with growth of 18%, while the Americas and APAC both grew 11%. Product revenue increased by 13% to $509 million, benefiting from upgrade buying and strong growth in operational technology. We saw growth in all GEOs as we continue to lead the cybersecurity industry and product revenue. Software license revenue grew at a high teens rate and accounted for a high teens percentage of total product revenue.

Service revenue grew by 14% to $1.12 billion. Service billings grew by 17%, our highest growth rate in the past six quarters, reflecting many enterprise agreement renewals as our loyal customers continue to invest in our solutions and benefit from our strong track record of innovation. Now I'd like to highlight some seven-figure deals that demonstrate how customers are adopting Fortinet, consolidating networking and security, and expanding their overall footprint with Fortinet. First, an educational institution in APAC purchased solutions across all three of our pillars, including FortiSASE for 3,000 users. This customer chose Fortinet over the competition for our simplified, flexible, and consistent security enforcement, enabling secure access to both on-premises and cloud applications while delivering a seamless user experience. By leveraging Fortinet and FortiSASE, the school achieves superior performance, reduced total cost of ownership, and simplified operations through our integrated security platform.

Next, in an expansion and displacement deal, a leading retailer with 1,700 locations significantly increased their investment in Fortinet, purchasing solutions across all three pillars, including FortiAPs, FortiSwitches, and FortiAIOps. Already a FortiGate customer with firewalls deployed at every location, the retailer selected FortiAPs for all sites and FortiSwitches for 600 locations, with the remainder planned for early 2026. This customer chose Fortinet for our integrated FortiOS operating system, which enables seamless convergence of networking and security. As part of the deployment, they adopted FortiAIOps to proactively manage their access points and switches, leveraging our AI-driven capabilities to improve operational efficiency. In another large deal, a top U.S. school district expanded its footprint with the purchase of FortiGates, FortiSwitches, and FortiAPs as part of a 350-plus site refresh, displacing multiple vendors.

Already utilizing solutions across all three of our pillars, including FortiSASE, the district continues to invest in Fortinet to drive deeper network segmentation, stronger security outcomes, and greater infrastructure resiliency. Due to their continued consolidation on Fortinet products, they are realizing significant operational benefits including simplified guest access, accelerated deployments, and more efficient upgrade cycles, all managed through our unified FortiOS platform. Lastly, a technology company upgraded a portion of their high-end firewalls as a result of the upcoming 2026 end of service deadline and expanded their deployment with additional FortiGate appliances in the data center. They selected Fortinet for our FortiOS operating system, which enables streamlined operations while delivering a lower total cost of ownership.

Turning to margins and cash flow, total gross margin increased by 10 basis points to 81.6% and exceeded the high end of the guidance range by 60 basis points due to strong execution and cost control. Product gross margin of 67.8% increased by 180 basis points as inventory-related charges normalized. Service gross margin of 87.8% was down by 80 basis points due to increased investments associated with the expansion of our hosted security solutions. Operating margin of 33.1% decreased by 200 basis points while being 60 basis points above the high end of our guidance range. The year-over-year decline reflects increased investments in sales headcount, the absorption of costs from recent acquisitions, and foreign exchange headwinds stemming from a weaker U.S. Dollar as most of our operating expenses are denominated in foreign currencies. Free cash flow was $284 million and adjusted free cash flow was $428 million, up $104 million.

Cash generation in the first half of the year was very strong with adjusted free cash flow reaching $1.27 billion, representing a margin of 40% year to date. Infrastructure investments were $168 million, up $145 million. As we continue to build out our infrastructure footprint to support FortiSASE for the cloud and other services, we repurchased approximately 4.6 million shares of our common stock for an aggregate cost of $401 million in the second quarter. The remaining share buyback authorization as of today is approximately $1.6 billion. Before moving on to guidance, I'd like to provide an update on our firewall refresh cycle and the broader macroeconomic environment. During our analyst day last November, we shared that approximately 650,000 firewall units will reach end of service by the end of 2026, followed by another cohort of 350,000 low-end units in 2027.

While the 2027 cohort is less significant than the 2026 cohort in terms of product revenue due to its lower price point, firewall upgrade discussions offer valuable opportunities to engage with both our customers and channel partners, allowing us to showcase our ongoing innovation in FortiOS. By upgrading to our new generation SASE firewalls, customers gain enhanced security capabilities and benefit from our unified platform approach. We estimate that we are approximately 40% to 50% of the way through the 2026 upgrade cycle at the end of the second quarter based on the remaining active units and service contracts, and we expect continued upgrade activity for the remaining devices over the next six quarters. Our focus and open communication regarding the refresh allow us and our channel partners to have conversations with our customers around both the upgrade and the customer's overall security strategy, benefiting us longer term.

Despite ongoing uncertainty surrounding tariffs and the global economic outlook, we have not experienced a negative impact on our business. The cybersecurity market and the demand for our solutions remain strong and resilient. Now moving on to guidance. As a reminder, our third quarter and full year outlooks, which are summarized on slides 17 and 18, are subject to the disclaimers regarding forward-looking information that Aaron Ovadia provided at the beginning of the call. For the third quarter, we expect billings in the range of $1.76 billion to $1.84 billion, which at the midpoint represents growth of 14%. Revenue in the range of $1.67 billion to $1.73 billion, which at the midpoint represented growth of 13%. Non-GAAP gross margins of 80% to 81%, non-GAAP operating margin of 32.5% to 33.5%, non-GAAP earnings per share of $0.62 to $0.64, which assumes a share count between 772 million and 776 million.

Infrastructure investments of $110 million to $130 million, a non-GAAP tax rate of 18%, cash taxes of $60 million to $90 million. As a result of our strong results in the first half of the year, we are pleased to have raised the midpoint of our full year billings guidance by $100 million. We maintained our total revenue guidance while adjusting the revenue mix by shifting $50 million from service to product revenue. Despite this shift towards product revenue for the full year, we maintained our gross margin range and slightly increased our operating margin guidance midpoint. We continue to remain on track to achieve the Rule of 45 in 2025 for the sixth consecutive year. For the full year we expect billings in the range of $7.325 billion to $7.475 billion, which at the midpoint represents growth of 13%.

Revenue in the range of $6.675 billion to $6.825 billion, which at the midpoint represents growth of 13%. Service revenue in the range of $4.55 billion to $4.65 billion, which at the midpoint represents growth of 14%. Non-GAAP gross margin of 79% to 81%, non-GAAP operating margin of 32% to 33.5%, non-GAAP earnings per share of $2.47 to $2.53, which assumes a share count of between 773 million and 777 million. Infrastructure investments of $380 million to $430 million, a non-GAAP tax rate of 18%, and cash taxes of between $400 million to $450 million, which is $125 million lower than our prior expectation, primarily due to new tax law changes. I now hand the call back over to Aaron to begin the Q and A session.

Speaker 0

Thank you, Christiana. As a reminder, during the Q&A session, we ask that you please limit yourself to one question and one follow-up question to allow others to participate. Operator, please open the line for questions.

Speaker 4

Thank you. If you would like to ask a question, please click on the raised hand button at the bottom of your screen. When it is your turn, you will hear your name called and receive a message on your screen notifying you that you may unmute yourself. We will allow a moment for the queue to form. Our first question will come from Shaul Eyal from TD Cowen. You may now unmute and ask your question.

All right, thank you very much. Good afternoon, Tim. Congrats on the improved outlook for the year channel. Christiane, one of the questions we are constantly receiving from investors is whether sales of FortiSASE potentially cannibalize the core appliance business. It would appear we're currently seeing tailwinds across both these segments. Can you help us maybe reconcile these views?

Speaker 3

Yeah, I think probably we do see customers expanding beyond the traditional firewall, but also traditional firewall is still the important control point for all this traffic, especially within the enterprise, within the data center. On the other side, some supporting whether work from home or traveling or some other branch office, that's also kind of a certain SASE and especially certain like OT, LT use case. We see way beyond the traditional network security there, so we don't see SASE replacing the firewall, we just see it's keeping enhancing. That's what we call the SASE firewall. It's really the firewall itself needs to keep adding new function like from 25 years ago when we started Fortinet, the new generation firewall added like application control, like intrusion prevention, antivirus in the traditional file VPN.

Now the traditional firewall will also need additional like SASE function together with some other edge device like FortiAP, FortiSwitch, and also endpoint device and also the cloud deployment. That's formed the whole protection infrastructure which is ready to give much better security for the enterprise user.

Speaker 2

Let me add to what Ken just said. In our win loss analysis, we see very little reason codes for customers moving to the cloud and not continuing to buy. I think it's an expansion, it's not a replacement sale.

Speaker 5

To your point, we see both markets growing, and if you look at the market share, they're very fragmented markets on the firewall side. We can grow both by the market growing on the firewall side and expanding our market share by taking business from other competitors.

Understood. Christiane, thank you so much for the color. About where we stand in the refresh cycle, maybe a little bit of a long term view. Kind of already touching on the fiscal 2027 cohort of products that will be refreshed. Are there any specificities associated with those family of products as we think about the 2027 which is coming to a renewal or a refresh?

Speaker 2

Yeah, I think I've shared that in previous meetings. Potentially the 2027 cohort is the low end of the low end. It's not unit wise, it's significant product revenue wise, it's not as significant. That's why we included the message in my remarks. It's significant because we can talk to a lot of customers about where the security is going, and that's where it provides a lot of upsell potential for us.

Got it. Thank you so much.

Speaker 4

Our next question comes from Brian Essex with JP Morgan. Please go ahead.

Great. Good afternoon. Thank you for taking the question. Maybe Christiana, I was wondering if you could tell us what are some of the maybe unpack the services guidance a little bit. It's great to see the upside in the quarter, particularly with regard to product billings and services strength this quarter. How should we, I guess what can we take away from the services guide and what's embedded in the guidance for the year given the strength that you're seeing this quarter.

Speaker 2

The services billings to revenue conversion takes a little bit longer. Right. That's what we are seeing based on the remaining waterfall. We are pleased with our current RPO growth. For the rest of the year, we decided to be prudent, take the midpoint down. We believe that we are confident that the product revenue is going to be stronger for the rest of the year based on the pipeline.

Speaker 3

Yeah. Also, probably last quarter is the first time in the last few years the product revenue growth starting faster. Now it's more like four years ago, like 2020, 2021. That time the product revenue grow very fast, and then that gave us a kind of benefit in the last few years. The service revenue still maintain pretty healthy level. Even the product revenue going down in the last one to two years. Now we see the product revenue starting accelerating, which will be the leading indicator for the future service revenue, which we also feel seen starting turnaround, especially at both the product revenue and also the service revenue starting kind of instead of keeping dropping, probably will be starting to gain up.

Now, do you have the split FortiGuard, FortiCare, and is this a component of like if you, if you have a refresh, you know, obviously they, you know, are. Is it that customers aren't completely replacing their subscription revenue? In other words, they're just extending their subscription revenue with maybe less upside to that revenue line item? You know what I mean? You have a new boss, but the same attached revenue.

Speaker 2

Correct. That's part of it. I think there's part of it that the devices that they're using to replace, they may use a higher box, but they can consolidate one to two boxes. It's different components that factor into the service revenue attached to the boxes. This is where it's so critical for us to upsell not only SASE, but all our other revenue streams that benefit the customer.

Got it. That's super helpful. Thank you so much.

Based on the customer journeys, you can see the customer journeys work, right? The upsell is working. It's just not necessarily at the same point in time when they buy a firewall.

Got it. Understood.

Speaker 4

Next question comes from Tal Leani with Bank of America. Please go ahead.

Here we go. Now I unmuted myself. Can you hear me?

Speaker 3

Yep, that's good.

Okay. Sorry. The SASE, the profile of SASE customers, what is it? Are these displacements of existing vendors? Let's say a customer has Zscaler, Palo Alto and you're displacing them. Do they purchase at the end of a contract that they had before with someone else or are these completely greenfields? They didn't have anything before, now they're having. I'm just trying to understand where you have success with your SASE. What is kind of the profile of the deployment, the types of deployments you're seeing. Thanks.

Both from our current customer base, a lot of them, they do see the new operating system give them the SASE capability, both the software and hardware. That's where they started to enable the SASE. You can see the slides four in the presentation. That's how we did in the SE1 a few years ago. Now the SASE become the fast growing part of the business. There especially come from the current installation base. We also see quite a few very successful cases replacing competitor. Because we offer all these kind of integrated SASE solution and some of our partners, especially service provider, also like this kind of single OS solution, so starting called a SASE firewall. Basically, just like how next gen firewall starting replacing the traditional firewall, this SASE firewall starting replacing not just next gen firewall but also the SASE.

A lot of customers, they view SASE just like a few years ago, like sandbox like 20 years ago. Intrusion prevention starting from separate solution. Now they want to have an integrated solution with whatever the network security infrastructure technology they have. Once the integrated solution in place, the single solution starting kind of lost the edge and also starting kind of a huge disadvantage for actual management cost, for all the actual cost basically. We see a lot of customers love the genuine love all this SASE firewall solution with all the integrated solution together. We see both the current customer base and a lot of other customer from competitor quickly adopt this new solution. This is the fast growing part of our business right now.

You said in the past that 95% of the customers are existing firewall customers. Is it still the case?

Speaker 2

Pretty much, yeah.

Speaker 3

Over 90% come from the current customer base. We do see some other customer which using our competitor's solution also change into our solution.

Speaker 2

Now.

If I can squeeze in one more, if not, we can move on. I want to ask about the margins. You said in the past that you want to invest. What is the margin outlook, and where is the balance between investments and margin offside?

Speaker 3

Yeah, we like to play the long term game, same just like the SASE as we did in the firewall market, which we're the only one building ASIC chip. For SASE, we also invest in the infrastructure, which has much better cost advantage, also more secure compared to leverage some other third party. That's where we do believe if a long term SASE kind of own infrastructure that can handle 70% of traffic, then 30% in certain locations still using third party, that will be the best cost model. Even in the first few years, many more investment, but long term both customer or partner and ourselves will benefit. That's where we do believe we have very healthy margin, and this model, long term game, will also benefit both ourselves and our customer both short term and long term.

Thank you.

Speaker 4

Our next question comes from Gabriella Borges with Goldman Sachs. Please go ahead. Hi, good afternoon. Thank you Ken and Christiana. I wanted to follow up on your prepared remarks that we are 40% to 50% through the 2026 refresh cohort. What I wanted to understand is how to think about your growth rate through cycles because if I compare your billings growth, what you're guiding to this year, it's about similar to what you guided to and what you achieved in 2023. 2025 is a really big or larger than normal refresh cohort. I want to better understand why are we not seeing more upside in the numbers this year from the refresh cohort and the comment earlier on potentially consolidating down boxes. Is it possible that perhaps customers have excess capacity in their networks from a 2021 Covid-type elevated throughput environment? Would love to get your thoughts.

Speaker 2

Thank you, Gabriela, good points. I think we need to look at it by FortiGate model and the large firewalls that are end of support. We have a really good reporting and handle on because we know where they are. These are always with enterprise customers. Right. We have a good handle on the lower end of the firewalls where it's with enterprise customers in retail or other scenarios, OT scenarios where it's harder for us to predict, and we can only track registration rates. Similar is in the lower end, and there could be some excess capacity from prior years that has been replaced or that is replacing some of the EOS models. We are comfortable with our guidance, but yeah, the expectations by the street might have been a little bit higher, but we said we are outperforming the market and it was baked in.

Speaker 3

Right.

Speaker 2

We have been consistent in our messaging here.

Speaker 3

Yeah.

Speaker 2

Also.

Speaker 3

The refresh upgrade of the product go out the next year is the product you've been like 12 to 15 years after we introduced the product, it's not a product like four or five years ago when the supply chain issue happened. If you compare to like 10, 12, 15 years ago, the business size probably like current size, probably 5 times, maybe even 10 times larger. That's where the upgrade refresh, we do see it's very different than the supply chain issue a few years ago, it's a much older product. After we introduce a new product, they usually have to sell in maybe like seven, eight years, and then after we stop selling, we still supporting five additional years for the service after five additional years of shipping. We do support service, then the customer reach to the end of a service.

That's usually probably average maybe like 12 to 15 years after the product being introduced. That's the things we kind of try to help in customer to upgrade. Like I said, even we have a large number of product, but that's due to the size of the business we have like 12, 15 years ago.

Speaker 5

I would also say we have additional incremental addressable market to address going forward with SASE and SecOps, where those are becoming meaningful parts of our business. If you look at historical results, they were more focused on the firewall, but those are becoming real growth drivers for us.

Speaker 4

Thank you for the call, Christiane. Maybe as the follow up, your commentary last quarter on hesitancy in the Salesforce and in some of the Salesforce conversations, I think today you said macro didn't have an impact on the business. Maybe just reconcile those two data points. Are you still seeing hesitancy? Is the hesitancy gone? Thank you.

Speaker 2

I would say we've seen that we are resilient despite macroeconomic uncertainty, and the pipeline for the rest of the year and the sales confidence is good. That's where we are confident to raise our billings guidance.

Speaker 4

Thank you for the thoughts. Our next question comes from Rob Owens with Piper Sandler. Please go ahead.

Great. Thank you for taking my question. Love for you to expand a little bit on the operational technology (OT) opportunity because I don't think I recall anything from your prepared remarks. Just in terms of what you're seeing there, both either increased competition or is this opportunity also playing into the refresh cycle? Thanks.

Speaker 3

Yeah, that's in my comment there. The OT growing over 20% continues to be one of the fast growing areas for us, and also we are the only leader in the Westland, the OT/IT security report. That's where we see huge potential, and OT needs to have a special product, even special software to handle. We invest in this area for like more than 10 years. We don't see much other competitor invest as we are so early, so broadly in OT security. We do see, we do believe this is strong, it's a strong growing area going forward.

When you break down that over 20%, is that consistent internationally with domestically? Can you give me a view across the various theaters?

I think it's pretty consistent.

Speaker 2

Yeah. We are strong in OT across the board. EMEA has always been leading in OT for us. It's aligned with the strong revenue growth that we see in EMEA as well. You also, I think, asked whether it plays into the upgrade cycle. It does. We have a number of rugged devices that are part of the 2026 cohort benefiting from that. We just see expansion and also the thought leadership that we've always had in OT, and bringing this to the forefront of our customer as an important security area I think has helped us a lot.

Thank you.

Speaker 4

Our next question comes from Junaid Siddiqui from Truist. Please go ahead.

Great. Thank you for taking my question. Just had a question. Can your SASE business, you know, continues to show a lot of momentum. Could you just talk about how your sovereign SASE solution is tracking and now how that's different from some of, from what your competitors are doing in that space, and you know how important of a differentiator you think that is in furthering your competitive moat in SASE.

Speaker 3

Yeah, that's a great question. I like that a lot. That's also kind of my thinking in early days. I do believe SASE long term, the service provider carrier will play a more important role just like how they did 15, 20 years ago in network security. Somehow they're moving kind of slow in the last few years. That's the reason we started to launch our own SASE almost two years ago. We do work with a lot of carrier service providers. They are starting to launch their own kind of SASE service now, leveraging both their infrastructure and their close relation with local customers there. We do believe that will be the long term trend because a lot of customers, if not most, do have concerns about who will process their data and where the data is being securely processed.

That's where leveraging the local service provider, kind of sovereign SASE solution, comes in. All the service providers, especially telecom service providers, love it a lot. Even though they're a little bit slow on adopting all these SASE solutions, I do see they are very strong in supporting the sovereign SASE. That's one of the key advantages we have because we can have all the SASE functions in the same OS, which they can deploy locally, whether in their own infrastructure or sometimes also on the customer premises. That's a huge advantage compared to some other SASE players. We do see that momentum starting to accelerate now. That includes the telecom area, which is also starting to go back to grow probably above average now.

That's a strong area I do believe probably in the next few years in the SASE market, the sovereign SASE probably can be taking almost half the market share compared to this global cloud-based SASE. I still believe long term, that's the long term direction. Even though short term there's some kind of changing back and forth, long term sovereign SASE I do believe will be the long term solution.

Great, thank you.

Thank you.

Speaker 4

Our next question comes from Patrick Colville with Scotiabank. Please go ahead.

Terrific. Thank you for taking my question. I guess Ken and Christiana, I just want to circle back to the firewall upgrade comments. I mean, very helpful disclosure that we're 40% to 50% through the 2026 upgrade cycle and that the 2027 end of life cycle is kind of lower throughput devices. I guess the question we're getting from investors in our inbox over the last half an hour is what should we be excited about beyond this upgrade cycle? What is going to continue momentum when these tailwinds, which are clearly benefiting numbers now and you guys are executing very well in a tough environment. If we look beyond the 2026 upgrade and 2027 upgrade, what can continue this rocket ship momentum?

Speaker 3

Yeah, I believe the excitement will be the new SASE firewall. It's very different than the traditional next gen firewall. The customers do need a new function and also address the new infrastructure security need. That's the huge opportunity, and not just additional product but also additional services on top of that give them kind of a secured whole infrastructure. We're starting to train the salesforce, train the partner and also customer for this new SASE firewall solution, which is where it gave them better security and also kind of much better total cost of ownership also.

Speaker 2

Let me add to that. I think when we talk about the refresh cycle, we're only talking about the forced refresh due to end of support. As Gabriela pointed out, there's the COVID cycle as well. That's not end of support yet, but it's going to be five, six, seven years old in a year or two. With security and with the additional functionalities that are part of the firewall and also the additional network requirements that you have with running ChatGPT, AI, you name it, we believe there are going to be enough tailwinds for us to continue to grow.

Speaker 5

Yeah, I think to Ken's point, cloud services that's growing really, really fast and we view that as largely an incremental additional total addressable market for us. Like Ken said, it's what we have in SASE right now and you can layer on additional cloud services over time. That should be high growth. We really like our model of the common operating system between firewall, SASE, SD-WAN, and we think that firewall market will continue to grow naturally as well and we'll take market share there too. We've got all these other additional growth drivers in terms of SASE and SecOps, which are new TAM and really becoming meaningful to our business and our high growth.

Speaker 3

Yeah, I feel we probably a little bit over discussed about this refresh upgrade because this device has been there like 12 to 15 years ago. That time our size probably 1/5 or 1/10 of our current size. Even all this product being kind of refreshed or upgrade within like one or two years, still not much business impact. A few of the more important things, really, we leverage this opportunity to introduce customer with a new FortiOS, new hardware, upsell, cross-sell. To measure the % of some old device being there like 12, 15 years ago, probably much less important than helping customer to upgrade to the new security infrastructure. Also, the business impact for the old device also much smaller % than the total business we have today.

Okay, very, very helpful. I guess, I mean Ken, you've been a thought leader in security for many, many years. When we think about agentic AI security, I guess how are you thinking about that domain and Fortinet's position as a vendor that can help in agentic AI security?

Yeah, I do believe like keeping things for probably 10 years whether the generative AI or the device security suddenly get more and more important than some of the people human security which people access right now. The device, even the agent, probably already like a 10x more than the people access all this information Internet, all the data there. That's where we invest in this area for more than 10 years and has multiple angle to address the AI security including generative AI, including all this OT IoT device security so that we feel will be huge market potential but also kind of need to address this instead of like bow down. Some of the old solutions need to be integrated together.

For example, whether adjacent AI, you want to check the identity or you want to check the access control, they need to be part of the infrastructure just like a part of the firewall, part of endpoint, part of the edge device instead of a separate solution. Once this solution be integrated together, customer will have a better management and also better secure infrastructure to address all this generative AI or smarter IT IoT device security there. That's where the integrated solution address the whole infrastructure will be much better than like a separate solution which bow down some of the current solutions. We do believe this long term integrated solution will be the key to address this generative AI the same as like IT or IoT solution security there.

Speaker 4

Our next question comes from Saket Kalia with Barclays. Please go ahead.

Okay, great. Hey guys, thanks for taking my questions here. Christiane, maybe for you, 40 to 50% through the upgrade cycle, can you just talk about sort of what that cadence is going to look like this year? I mean I think that intra quarter we were talking about sort of a 20% type of number or maybe the real question is where do we end? 25% in terms of the percentage of that cohort that we're through.

Speaker 2

Good question. If you look at our updated guidance, you see that we believe there's strength in product for the rest of the year. Where we exactly end is hard to say because of course it's not only upgrade refresh product that we are planning to sell, but I think we will get through those cycles faster than we expect.

Got it. That makes sense. Maybe the follow up is I think you're hearing the question just about what's the growth going to look like here after the upgrade cycle. Of course you know it's FortiSASE, it's SecOps. I'm trying to think if we've talked about this before but have you, can we touch on sort of what percentage of the services revenue kind of comes from those two businesses versus attached subscription? Because just to the earlier point, that's really that mix shift that has to happen. Any color that you could sort of give on where we are in that kind of mix shift within services.

Mix shift between FortiCare and security subscriptions.

Maybe more specifically attached sort of subscriptions and maintenance versus FortiSASE and SecOps. You know, maybe firewall versus non-firewall in more lay terms.

The non-attached subscriptions are growing faster for sure.

Got it.

Speaker 3

Yeah. On the attached part, the service also starting to have a more high percentage because we offer more service, whether the SD-WAN, SASE, definitely there's more service, more function behind. That's also starting at a higher percentage compared to the hardware. That's both sides. There's some additional service like we launched the FortiCloud service, the FortiIdentity, FortiDrive, FortiConnect. That's a new service attached. There's also attached service which has a more higher ratio or percentage compared to the hardware side of it.

Very helpful, thank you.

Thank you.

Speaker 4

Our next question comes from Srinik Kathari with Baird. Please go ahead.

Hey, can you guys hear me? All right, so just a quick question. On the go to market, you guys have been pushing towards platform adoption and multi product. Can you talk a little bit about how the channel incentives are moving towards achieving your internal targets? I mean in terms of the rewarding models that are favoring platform cross-sell or pure volume. Can you just give us an update on what's been most effective in driving that? Where are the areas where you're still working on? Yeah, I would really appreciate that. Yeah.

Speaker 3

Traditionally, we are a more channel-focused company. Now, in the last few years, we mostly started to invest in direct marketing, direct sales, especially all these big enterprise. You can see whether the bigger deal and the big enterprise sales grow rather strong, like 40, 50%. That's all come from all this direct touch approach and also integrated solutions selling platform, like a multiple product instead of single product. That's also needed to train the sales, need to train a partner how to sell this multiple solution, multiple product together into an integrated solution there, including whether the SASE, SD-WAN, including the secure arc. That's also kind of leading to the AI part of story, which we believe is a fast-growing part of our business there.

Even we only introduced for a few years, but that's AI kind of based secure op and also like a secure AI infrastructure to the FortiAI Assist, FortiAI Protect as well. The customers see the benefit of this AI-driven operation, SOC, mark operation center there. That's what we do see. It's kind of integrated solution with all this AI bold kind of secure up that's become a fast-growing part of business right now.

Speaker 2

To answer your question on the channel incentives, they are exactly aligned around multi-product. We make sure that the channel introduces new products and that for that they get higher backend rebates.

Speaker 4

Our next question comes from Eric Heath with KeyBank. Please go ahead.

Hi, good afternoon. Can you hear me? Yep, yep. Great, thank you.

Speaker 2

Just.

Just to come back to the comments and the refresh cycle one more time, if I'm understanding this correctly, you've done well in excess of $100 million in refresh activity in the past 2 to 3 quarters, which would suggest product revenue excluding this refresh benefit has been flat to negative in the last couple quarters. Can you just help me understand why the underlying firewall demand isn't stronger?

Speaker 3

I would not say will be negative. It's continue to refresh, but because it's such a small percentage of the overall business, that's the reason we gave additional, like a billings guidance for the rest of the year on top of what we already overachieved in Q1, Q2. That's just keeping, we believe, see whether the market and also solutions is much better. We're not too much counting on the refresh. It's a very small percentage. We're just using the wheel to calculate, whether you internally or incentive the channel to helping customer to upgrade, and especially for the new SASE firewall. That's where we kind of, we do gave a much more number measurement, sometime could be a little bit confusing.

I do believe it's the way we try to help in the customer partner to upgrade to the new SASE firewall instead of have a too big business impact. Like I said, the end of a service, that's the product been there 12, 15 years ago. It's a pretty small percentage of a total business.

Speaker 4

Our last question comes from Andrew Nowinski with Wells Fargo. Please go ahead.

Okay, thank you for squeezing me in.

Speaker 2

I'm wondering, I'm still a little bit unclear on why service revenue growth is decelerating so much. Looking back over the last call, it.

4/4, and then also going forward, I'm wondering if you could just provide.

Any color around what's really driving that deceleration and then, you know, related.

To that, why is your Unified SASE bit has so much momentum right now? Why would that be flat sequentially in Q2? Because it looked like it was about $1.15 billion in Q2 and the same.

Thing that you had in your slide deck in Q1. I was just wondering if you could comment on that.

You know, I know on a year.

Over year basis was up.

Sequentially, why would it be flat? Thank you.

Yeah, go ahead. On sequential, to answer your second question, for sequentially it's flat because there are a number of products. Some of them have not been growing or churning a little bit, while Unified SASE, while SSE, has been growing nicely and is offsetting that. That's part of this. On the service revenue growth, I think that what you are seeing is that we had significant deferred revenues that were sold during the COVID period, and they have. We've recognized service revenue over the last couple of years, benefiting from that growth. Now the product revenue and the service revenue are aligning more with our billings growth. We need to grow faster, and we are planning to grow faster to drive both revenue streams up.

Speaker 3

Yeah, the service revenue, yeah the service revenue if you're looking like three, four years ago the product revenue grow like 30, 40, some quarter, maybe even close to 50% that drive the service revenue because service turn yearly average may be like 30 months, 29, 30 months. That needs to be recognized during that two and a half, three year period. On the other side, I keep referring back to the presentation number four slash number four, which is really the SAC part of SASE growing very strong because Unified SASE also including SD-WAN. You can see SD-WAN, we already have a pretty good penetration within enterprise. That's where customers most starting to adopt beyond SD-WAN, starting quickly adopt SASE now. That's where the growth still very strong. We do believe we are the number one firewall, number one SD-WAN.

We do believe we will end up with SASE within the next few years because we do believe we have a huge advantage on the SASE as in the single OS and also can very easily for the current customer base to upgrade to the SASE, which not other SASE players has this huge customer base and also our own infrastructure give us cost advantage. All these three advantages of a SASE, none of our competitors has. That's why we do believe we will be the number one SASE player in the next few years.

Okay.

Speaker 5

I'd say we focus on the value to the customer, and we've got 800,000 customers, and that path to value from firewall to SD-WAN to SASE with the integrated single operating system approach is really pretty straightforward. We see huge opportunities both there and with new sales of SASE, and that'll be a real growth driver for us.

Speaker 4

This concludes our Q&A session. I will now hand it back to Aaron Ovadia for closing remarks.

Speaker 2

Thank you.

Speaker 0

I'd like to thank everyone for joining today's call. We will be attending investor conferences hosted by Deutsche Bank, Citi, and Goldman Sachs during the third quarter. The Fireside Chat webcast links will be posted on the Events and Presentation section of our investor relations website. If you have any follow up questions, please feel free to contact me. Have a great rest of your day.