Fortinet, Inc.
FORTINET INC (Form: 10-K, Received: 03/01/2017 14:23:45)
Table of Contents

 
 
 
 
 
 
 
 
 
 
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
 
  FORM 10-K  
(Mark One)
x
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2016
or
o
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
  For the transition period from              to             
Commission file number: 001-34511
______________________________________
  FORTINET, INC.
(Exact name of registrant as specified in its charter)
______________________________________

Delaware
77-0560389
(State or other jurisdiction of
incorporation or organization)
(I.R.S. Employer
Identification No.)
899 Kifer Road
Sunnyvale, California
94086
(Address of principal executive offices)
(Zip Code)
(408) 235-7700
(Registrant’s telephone number, including area code)
 
  Securities registered pursuant to Section 12(b) of the Act:  
Common Stock, $0.001 Par Value
 
The NASDAQ Stock Market LLC
 
 
 
(Title of each class)
 
(Name of exchange on which registered)
Securities registered pursuant to Section 12(g) of the Act: None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.    Yes   x     No   o
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.    Yes   o No   x



Table of Contents

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 (“Exchange Act”) during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.    Yes   x     No   o
Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Website, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).    Yes   x   No   o  
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§229.405 of this chapter) is not contained herein, and will not be contained, to the best of the registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.  x
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company. See the definitions of “large accelerated filer,” “accelerated filer” and “smaller reporting company” in Rule 12b-2 of the Exchange Act.  
Large accelerated filer
x
 
 
Accelerated filer
o
Non-accelerated filer
o
(Do not check if smaller reporting company)
 
Smaller reporting company
o
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act).    Yes   o      No   x
The aggregate market value of voting stock held by non-affiliates of the registrant, as of June 30, 2016 , the last business day of the registrant’s most recently completed second quarter, was $3,631,280,546 (based on the closing price for shares of the registrant’s common stock as reported by The NASDAQ Global Select Market on that date). Shares of common stock held by each executive officer, director, and holder of 5% or more of the registrant’s outstanding common stock have been excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not necessarily a conclusive determination for other purposes.
As of February 17, 2017 , there were 175,320,023 shares of the registrant’s common stock outstanding.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant’s definitive Proxy Statement relating to its 2017 Annual Meeting of Stockholders are incorporated by reference into Part III of this Annual Report on Form 10-K where indicated. Such Proxy Statement will be filed with the United States Securities and Exchange Commission (“SEC”) within 120 days after the end of the fiscal year to which this report relates.




FORTINET, INC.
ANNUAL REPORT ON FORM 10-K
For the Year Ended December 31, 2016
Table of Contents
 
 
 
 
 
 
Page
 
 
 
 
Part I
 
 
 
 
Item 1.
Item 1A.
Item 1B.
Item 2.
Item 3.
Item 4.
 
 
 
 
Part II
 
 
 
 
Item 5.
Item 6.
Item 7.
Item 7A.
Item 8.
Item 9.
Item 9A.
Item 9B.
 
 
 
 
Part III
 
 
 
 
Item 10.
Item 11.
Item 12.
Item 13.
Item 14.
 
 
 
 
Part IV
 
 
 
 
Item 15.
 


 


Table of Contents

Part I

ITEM 1.    Business
    
Overview

Fortinet is a global leader and innovator in network security. We provide high performance cybersecurity solutions to a wide variety of enterprises, service providers and government organizations of all sizes across the globe, including a majority of the 2016 Fortune 100. We provide protection against cyberattacks and the technology to take on increasing security performance requirements of the network. We offer a broad range of security products and solutions, providing customers with an integrated network security architecture and a single source of threat intelligence to identify and minimize security gaps.

The cyber threat environment is unprecedented both in terms of volume and sophistication of attacks. As a result, cybersecurity has increased in priority and management complexity for enterprises. The growing presence of the Internet of Things (“IoT”) and the move to the cloud necessitate increased levels of visibility and security orchestration across an expanding ecosystem of networks. Our common operating system, centralized management and open application program interfaces allow many of the solutions in our portfolio, along with those of our partner community, to be combined to create an Internet-based, integrated network security architecture (the “Fortinet Security Fabric”) designed to correlate threat intelligence, identify and respond to sophisticated threats and help protect complex next-generation environments.

The Fortinet Security Fabric provides an intelligent architectural approach to security that enables enterprises to weave together their traditionally discrete security solutions into an integrated whole. This end-to-end designed solution ensures ongoing security efficacy through a single source of threat intelligence, and provides a unified management and orchestration platform designed to minimize complexity and risk. Our patented cybersecurity innovations provide organizations with a broad range of security products and services focused on the edge and segmentation firewall, advanced threat protection (“ATP”), data center security, cloud security, secure access, endpoint and IoT device protection and connected unified threat management (“UTM”).

Our flagship integrated network security solution consists of our FortiGate physical, software and cloud solutions, which are deployable in the business environments of large enterprises, service providers and small and medium-sized businesses, as well as government organizations. These platforms provide a broad array of integrated security and networking functions to help protect data, applications and users from network- and content-level security threats. These functions, which can be integrated in a variety of ways, include firewall, intrusion prevention (“IPS”) anti-malware, application control, virtual private network (“VPN”), web-filtering, vulnerability management, anti-spam, mobile security, wireless controllers, access control and wide area network (“WAN”) acceleration. Our FortiGate appliance platform may be deployed as core firewalls, internal segmentation firewalls, next generation firewalls (“NGFW”), distributed firewalls, virtual firewalls, cloud firewalls, carrier class firewalls, data center firewalls (“DCFW”) and connected UTM systems. For access networks, we offer wireless access points and switch appliances, which integrate secure wireless and wired access capabilities into the FortiGate network security platform.

FortiGate products integrate our high-performance Security Processing Unit (“SPU”), which is specifically designed for the accelerated processing of security and networking functions, and our FortiOS operating system, which provides a foundation for all FortiGate security functions. Our FortiGate, FortiManager, FortiAnalyzer and other related products work to provide deployment flexibility and visibility across physical and virtual networks and private, hybrid and public cloud infrastructure, as well as to endpoint and IoT devices. FortiManager provides customers with centralized management of multiple FortiGates, and FortiAnalyzer provides a single point of network log data collection. FortiSIEM provides organizations with a security intelligence solution covering the extended network from IoT to the cloud, with patented analytics that help manage network security, performance and compliance standards, all delivered through a single view. These products enable customers to implement security policies across large and increasingly distributed networks.

The Fortinet Security Fabric also includes an array of products that further complement our FortiGate products to offer additional protection from security threats across networks. These products include our FortiMail email security, FortiSandbox ATP, FortiWeb web application firewall, FortiDDoS distributed denial of service attack mitigation appliances, FortiDB database security appliances, FortiClient endpoint security software, FortiAP secure wireless access points and FortiSwitch secure switch connectivity products.

Supporting virtual and cloud-based deployments, we offer software licenses for the FortiGate, FortiManager, FortiAnalyzer, FortiWeb, FortiMail and FortiSandbox product lines that can be used in conjunction with Fortinet’s physical and virtual appliances to help ensure the visibility, management and protection of physical and virtualized environments. We also offer on-demand cloud-based versions of FortiGate and FortiWeb.


1

Table of Contents

We complement our cybersecurity portfolio with FortiGuard security subscription and FortiCare technical support services, professional services and training services. Our FortiGuard security subscription uses global threat feeds and dedicated threat analysts to create real-time threat intelligence and security updates to complement and enhance Fortinet products. Our global FortiCare customer support team provides global technical support for all Fortinet products. We also provide a range of professional services to help organizations with the planning, design, implementation and optimization of their security infrastructures and technical training for customers and partners through our Network Security Expert Program.

We typically sell our security solutions to channel partners, who in turn sell to end-customers. We also sell directly to end customers. Our end-customers are from a wide range of industries, including telecommunications, technology, government, financial services, education, retail, manufacturing and healthcare.

During our year ended December 31, 2016 , we generated total revenue of $1.28 billion and net income of $32.2 million . See Part II, Item 8 of this Annual Report on Form 10-K for more information on our consolidated balance sheets as of December 31, 2016 and 2015 and our consolidated statements of operations, comprehensive income, stockholders’ equity, and cash flows for each of the three years ended December 31, 2016, 2015 and 2014.

We were incorporated in Delaware in November 2000. Our principal executive office is located at 899 Kifer Road, Sunnyvale, California 94086 and our telephone number at that location is (408) 235-7700.

Technology and Architecture

Our proprietary SPU hardware architecture, FortiOS operating system and associated security and networking functions combine to form the Fortinet Security Fabric. This approach to security ties together all discrete security solutions into an integrated whole, which enables our products to perform security processing for networks with high throughput requirements across a broad threat landscape.

SPU

Our proprietary SPU consists of Application-Specific Integrated Circuits (“ASICs”) consisting of three main lines of processors: (i) the Content Processor (“SPU CP”), (ii) the Network Processor (“SPU NP”) and (iii) the System-on-a-Chip (“SPU SOC”). Our proprietary ASICs are designed to enhance the security processing capabilities implemented in software by accelerating computationally intensive tasks such as firewall policy enforcement, network address translation, IPS threat detection and encryption. This architecture provides the flexibility of implementing accelerated processing of new threat detection without requiring a new ASIC. The SPU CP is currently included in most of our entry-level and all of our mid-range and high-end FortiGate appliances. The SPU NP is currently included in some of our mid-range and high-end FortiGate appliances, delivering additional accelerated firewall and VPN performance. Entry-level FortiGate products (FortiGate 20 to 100 series) often use the SPU SOC2 or SPU SOC3 to provide the necessary acceleration at this level. Mid-range FortiGate products (FortiGate 200 to 900 series) use a central processing unit (“CPU”) and include the SPU NP and SPU CP hardware acceleration. The high-end FortiGate products (FortiGate 1000 to 7000 series) use multiple CPUs, SPU CPs and SPU NPs.
 
FortiOS

Our proprietary FortiOS operating system provides the foundation for the operation of all FortiGate appliances, whether physical, virtual, private or public cloud or on-demand based, and is at the heart of our Security Fabric implementation. The core kernel functions to the security processing feature sets work together to provide a highly integrated solution. FortiOS provides (i) multiple layers of security, including a hardened kernel layer providing protection for the FortiGate system, (ii) a network security layer providing security for end-customers’ network infrastructures and (iii) application content protection providing security for end-customers’ workstations and applications. FortiOS directs the operations of processors and SPUs and provides system management functions such as command-line, graphical user interfaces, multiple network and security topology views.
 
Key high-level functions and capabilities of FortiOS include:

key enabling for the Fortinet Security Fabric architecture;
helping enable FortiGate appliances to be configured into different security environments such as our Internal Network Firewall, NGFW and DCFW;
configuration of the physical aspects of the appliance such as ports, Wi-Fi and switching;
key network functions such as routing and deployment modes (network routing, transparent, sniffer, etc.);
implementation of security updates delivering ATP, such as IPS, antivirus and application control;

2

Table of Contents

access to cloud-based web and email filtering databases;
direct integration with both cloud and on premises FortiSandbox technology;
security policy objects and enforcement;
data leak prevention and document finger printing; and
real-time reporting and logging.

We make updates to FortiOS available through our FortiCare technical support services. FortiOS also enables advanced, integrated routing and switching, allowing end-customers to deploy FortiGate devices within a wide variety of networks, as well as providing a direct replacement solution option for legacy switching and routing equipment. FortiOS implements a suite of commonly used standards-based routing protocols as well as address translation technologies, allowing the FortiGate appliance to integrate and operate in a wide variety of network environments. Additional features include virtual domain capabilities, traffic queuing and shaping. These features enable administrators to set the appropriate configurations and policies that meet their infrastructure needs. FortiOS also provides capabilities for logging of traffic for forensic analysis purposes which are particularly important for regulatory compliance initiatives like payment card industry data security standard. FortiOS is designed to help control network traffic in order to optimize performance by including functionality such as packet classification, queue disciplines, policy enforcement, congestion management, WAN optimization and caching.

Products

Our core product offerings consist of our FortiGate product family, along with our FortiManager central management, FortiAnalyzer central logging and reporting product families, all of which are typically purchased to complement commercial and enterprise deployments. Our FortiGate physical and software licenses are sold with a set of broad security services. These security services are enabled by FortiGuard which provides extensive threat research and a global cloud network to deliver protection services to each FortiGate appliance.

FortiGate

Our flagship FortiGate physical and software licenses offer a broad set of security and networking functions, including firewall, intrusion prevention, anti-malware, VPN, application control, web filtering, anti-spam and WAN acceleration. All FortiGate models run on our FortiOS operating system. FortiGate platforms can be centrally managed through both embedded web-based and command line interfaces, as well as through FortiManager, which provides central management architecture for thousands of FortiGate physical and software licenses across a range of hypervisor platforms.

By combining multiple network security functions in our purpose-built security platform, the FortiGate appliances provide broad, high quality protection capabilities and deployment flexibility while reducing the operational burden and costs associated with managing multiple point products. With over 30 models in the FortiGate product line, FortiGate is designed to address security requirements for small- to medium-sized businesses, large enterprises, service providers and government organizations worldwide.

Typically, all FortiGate physical appliances include our SPUs to accelerate content and network security features implemented within FortiOS. The significant differences between each model are the performance and scalability targets each model is designed to meet, while the security features and associated services offered are common throughout all models. The FortiGate-20 through -100 series models are designed for perimeter protection for small- to medium-sized businesses. The FortiGate-200 through -900 series models are designed for perimeter deployment in medium-sized to large enterprise networks. The FortiGate-1000 through -7000 series models deliver high performance and scalable network security functionality for perimeter, data center and core deployment in large enterprise and service provider networks.

We also incorporate additional technologies within FortiGate appliances that differentiate our solutions, including data leakage protection, traffic optimization, secure socket layer inspection, threat vulnerability management and wireless controller technology. In addition to these in-built features, we offer a full range of wireless access points and controllers, complementing FortiGate with the flexibility of wireless local area network access.

FortiSandbox

The FortiSandbox technology delivers proactive detection and mitigation with the capability to generate a directly actionable protection capability. Available in both hardware and cloud-based form, the FortiSandbox technology has a dual-layer sandbox complemented by FortiGuard’s anti-malware intelligence. FortiSandbox allows suspicious code to be subject to a set of multi-layer protection techniques culminating in execution within an operating system to allow detailed real-time behavioral analysis to be performed. When malicious code is identified in this way, a signature can be generated locally for distribution across

3

Table of Contents

the Fortinet Security Fabric. Additional insight on the nature of the threat is provided through an intuitive dashboard showing threat information, including system activity, exploit efforts, web traffic and any related subsequent downloads. In addition to integrating within FortiOS, the FortiSandbox can also deliver its detection and local threat intelligence to registered FortiMail, FortiWeb appliances and FortiClient enabled end points.

FortiSIEM

Our FortiSIEM family of products provides a cloud-ready security information and event management (“SIEM”) solution for enterprises and service providers. FortiSIEM unifies analytics that are traditionally monitored discretely, parses the information and then processes it in an event-based analytics engine for handling real-time searches, rules, dashboards and ad-hoc queries. This unification of diverse sources of data enables organizations to create comprehensive dashboards and reports to identify root causes of threats, and take the steps necessary to remediate and prevent them in the future. Our FortiSIEM products are available either through subscription or perpetual licenses. 

Fortinet Management and Analysis Products

Our FortiManager and FortiAnalyzer physical and software products are typically sold in conjunction with most commercial and enterprise deployments.

FortiManager. Our FortiManager family of products provides a central and scalable management solution for our FortiGate products, including software updates, configuration, policy settings and security updates. One FortiManager product is capable of managing thousands of FortiGate units. FortiManager facilitates the coordination of policy-based provisioning, device configuration and operating system revision management, as well as network security monitoring and device control.

FortiAnalyzer. Our FortiAnalyzer family of products provides centralized network logging, analyzing and reporting solutions that securely aggregate content and log data from our FortiGate devices and other Fortinet products as well as third-party devices to enable network logging, analysis and reporting.

Services

FortiGuard Security Subscription Services

Security requirements are dynamic due to the constantly changing nature of threats. Our FortiGuard Labs global threat research team uses automated and manual processes to identify emerging threats, collects threat samples, and replicates, reviews, characterizes and collates attack data. Based on this research, we develop updates for virus signatures, attack definitions, scanning engines and other security solution components to distribute to end-customers. Our FortiGuard security subscription services are designed to allow us to quickly deliver new threat detection capabilities to end-customers worldwide as new threats evolve. End-customers purchase FortiGuard security subscription services in advance, typically with terms of one to three years, to obtain access to regular updates for application control, antivirus, intrusion prevention, web filtering and anti-spam functions for our FortiGate products; antivirus, web filtering and VPN functions for our FortiClient software; antivirus and anti-spam functions for our FortiMail products; vulnerability management for our FortiGate, FortiAnalyzer and FortiMonitor products; database functions for our FortiDB appliance; web functions for our FortiWeb appliances; and ATP for our FortiSandbox on premise and cloud products. We provide FortiGuard security subscription services 24 hours a day, seven days a week.
 
FortiCare Technical Support Services

Our FortiCare services portfolio includes technical support and extended product warranty, as well as advanced services to assist customers with the implementation and maintenance of their security appliances. For our standard technical support, our channel partners may provide first level support to the end-customer, especially for small- and medium-sized end-customers. We also provide all levels of support to our end-customers, as well as second- and third-level support where appropriate. We also provide knowledge management tools and customer self-help portals to help augment our support capabilities in an efficient and scalable manner. We deliver technical support to partners and end-customers 24 hours a day, seven days a week through regional technical support centers located worldwide. In addition to our appliance technical support services, we offer a range of advanced services, including premium support and professional services.

Professional Services

We offer professional services to end-customers including Technical Account Managers (“TAMs”), Resident Engineers (“REs”) and professional service consultants for implementations.

4

Table of Contents


Dedicated support engineers are available to help identify and eliminate issues before problems arise. These TAMs and REs are seasoned professionals with broad and deep experience in the security and networking field. Each TAM and RE acts as a single point of contact and customer advocate within Fortinet, and is focused on building and maintaining a deep understanding of our customers’ businesses and security requirements.

Our professional services consultants help in the design of deployments of our products and work closely with end-customer engineers, managers and other project team members to implement our products according to design, utilizing network analysis tools, attack simulation software and scripts.

Training Services

We offer training services to our end-customers and channel partners through our training department and authorized training partners. We have also implemented a training certification program, Network Security Expert, to help ensure an understanding of our products and services.

Customers

We typically sell our security solutions to channel partners, who in turn sell to end-customers of various sizes and, at times, we also sell directly to end-customers. Our end-customers include small and medium-sized businesses, large enterprises, government organizations, and service providers, across a wide range of industries, including telecommunications, technology, government, financial services, education, retail, manufacturing and healthcare. An end-customer deployment may involve one of our appliances or thousands, depending on our end-customer’s size and security requirements. We also offer access to our products via the cloud through certain cloud providers such as Amazon Web Services and Microsoft Azure. Many of our customers also purchase our FortiGuard security subscription services and FortiCare technical support services. For information regarding our geographic revenue based on billing address, see Note 14 to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K.

One distributor, Exclusive Networks Group (“Exclusive”), which distributed our solutions to a large group of resellers and end-customers, accounted for 15% , 18% and 20% of total revenue during 2014, 2015 and 2016, respectively.

Sales and Marketing

We primarily sell our products and services through a distribution model. We sell to distributors that sell to networking security and enterprise-focused resellers and service providers, who, in turn, sell to our end-customers. In certain cases, we sell directly to government-focused resellers, as well as to large service providers and financial institutions who have large purchasing power and unique customer deployment demands. We work with many technology distributors, including Exclusive, Fine Tec Computer, Ingram Micro Inc. and Arrow Electronics, Inc., and enterprise security-focused resellers including Westcon and Tech Data.

We support our channel partners with a dedicated team of experienced channel account managers, sales professionals and sales engineers who provide business planning, joint marketing strategy, and pre-sales and operational sales support. Additionally, our sales teams help drive and support large enterprise and service provider sales through a direct touch model. Our sales professionals and engineers typically work closely with our channel partners and directly engage with large end-customers to address their unique security and deployment requirements. To support our broadly dispersed global channel and end-customer base, we have sales professionals in over 80 countries around the world.

Our marketing strategy is focused on building our brand and driving end-customer demand for our security solutions. We use a combination of internal marketing professionals and a network of regional and global channel partners. Our internal marketing organization is responsible for messaging, branding, demand generation, product marketing, channel marketing, event marketing, digital marketing, communications, analyst relations, public relations and sales enablement. We focus our resources on campaigns, programs and activities that can be leveraged by partners worldwide to extend our marketing reach, such as sales tools and collateral, product awards and technical certifications, media engagement, training, regional seminars and conferences, webinars and various other demand-generation activities.

In 2016, we continued to invest in sales and marketing to capture market share, particularly in the enterprise market where enterprise customers tend to have a higher lifetime value, and to further improve our growth. We intend to continue to make investments in our sales resources and infrastructure and marketing strategy, which are critical to support our growth.
 

5

Table of Contents


Manufacturing and Suppliers

We outsource the manufacturing of our security appliance products to a variety of contract manufacturers and original design manufacturers. Our current manufacturing partners include Micro-Star International Co., Wistron Corporation, Flextronics International Ltd, Senao Networks, Inc., Adlink Technology, Inc. and a number of Taiwan-based manufacturers. We submit purchase orders to our contract manufacturers that describe the type and quantities of our products to be manufactured, the delivery date and other delivery terms. Once our products are manufactured, they are sent to either our warehouse in California, or to our logistics partner in Taoyuan City, Taiwan, where accessory packaging and quality-control testing are performed. We believe that outsourcing our manufacturing and a substantial portion of our logistics enables us to focus resources on our core competencies. Our proprietary SPUs, which are the key to the performance of our appliances, are built by contract manufacturers including Faraday Technology Corporation (“Faraday”), Kawasaki Microelectronics America, Inc. (“K-Micro”) and Renesas Electronics Corporation (“Renesas”). These contract manufacturers use foundries operated by either United Microelectronics Corporation (“UMC”) or Taiwan Semiconductor Manufacturing Company Limited (“TSMC”), or their own foundry, such as Renesas’ fab.

The components included in our products are sourced from various suppliers by us or more frequently by our contract manufacturers. Some of the components important to our business, including specific types of CPUs from Intel Corporation (“Intel”), network chips from Broadcom Corporation (“Broadcom”), Marvell Technology Group Ltd. (“Marvell”) and Intel, and solid-state drives (silicon-based storage devices) from Intel, ADATA Technology Co., Ltd. (“ADATA”), OCZ Technology Group, Inc. (“OCZ”), Samsung Electronics Co., Ltd. (“Samsung”), and Western Digital Technologies, Inc. (“Western Digital”), are available from a limited or sole source of supply.

We have no long-term contracts related to the manufacturing of our ASICs or other components that guarantee any capacity or pricing terms.

Research and Development

We focus our research and development efforts on developing new products and systems, and adding new features to existing products and systems. Our development strategy is to identify features, products and systems for both software and hardware that are, or are expected to be, important to our end-customers. Our success in designing, developing, manufacturing and selling new or enhanced products will depend on a variety of factors, including the identification of market demand for new products, product selection, timely implementation of product design and development, product performance, effective manufacturing and assembly processes and sales and marketing.

Intellectual Property

We rely primarily on patent, trademark, copyright and trade secrets laws, confidentiality procedures and contractual provisions to protect our technology. As of December 31, 2016 , we had 358 issued United States (“U.S.”) and foreign patents and 292 pending U.S. and foreign patent applications. We also license software from third parties for inclusion in our products, including open source software and other software available on commercially reasonable terms.

Despite our efforts to protect our rights in our technology, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. We generally enter into confidentiality agreements with our employees, consultants, vendors and customers, and generally limit access to and distribution of our proprietary information. However, we cannot provide assurance that the steps we take will prevent misappropriation of our technology. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the U.S., and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the U.S.

Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patent and other intellectual property rights. Third parties have asserted, are currently asserting and may in the future assert patent, copyright, trademark or other intellectual property rights against us, our channel partners or our end-customers. Successful claims of infringement by a third party could prevent us from distributing certain products or performing certain services or require us to pay substantial damages (including treble damages if we are found to have willfully infringed patents or copyrights), royalties or other fees. Even if third parties may offer a license to their technology, the terms of any offered license may not be acceptable and the failure to obtain a license or the costs associated with any license could cause our business, operating results or financial condition to be materially and adversely affected. We typically indemnify our end-customers, distributors and certain resellers against claims that our products infringe the intellectual property of third parties.



6

Table of Contents


Seasonality

For information regarding seasonality in our sales, see the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Quarterly Results of Operations—Seasonality, Cyclicality and Quarterly Revenue Trends” in Part II, Item 7 of this Annual Report on Form 10-K.

Competition

The markets for our products are extremely competitive and are characterized by rapid technological change. The principal competitive factors in our markets include the following:
 
product performance, features, effectiveness, interoperability and reliability;
our ability to add and integrate new networking and security features and technological expertise;
compliance with industry standards and certifications;
price of products and services and total cost of ownership;
brand recognition;
customer service and support;
sales and distribution capabilities;
size and financial stability of operations; and
breadth of product line.

Among others, our competitors include Check Point Software Technologies Ltd. (“Check Point”), Cisco Systems, Inc. (“Cisco”), F5 Networks, Inc. (“F5 Networks”), FireEye, Inc. (“FireEye”), Intel, Juniper Networks, Inc. (“Juniper”), Palo Alto Networks, Inc. (“Palo Alto Networks”), SonicWALL, Inc. (“SonicWALL”), Sophos Group Plc (“Sophos”) and Symantec Corporation (“Symantec”).

We believe we compete favorably based on our products’ performance, reliability and breadth, our ability to add and integrate new networking and security features and our technological expertise. Several competitors are significantly larger, have greater financial, technical, marketing, distribution, customer support and other resources, are more established than we are and have significantly better brand recognition. Some of these larger competitors have substantially broader product offerings and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages users from purchasing our products. Based in part on these competitive pressures, we may lower prices or attempt to add incremental features and functionality.

Conditions in our markets could change rapidly and significantly as a result of technological advancements or continuing market consolidation. The development and market acceptance of alternative technologies could decrease the demand for our products or render them obsolete. Our competitors may introduce products that are less costly, provide superior performance, market their products better, or achieve greater market acceptance than us. In addition, our larger competitors often have broader product lines and are in a better position to withstand any significant reduction in capital spending by end-customers in these markets, and will therefore not be as susceptible to downturns in a particular market. The above competitive pressures are likely to continue to impact our business. We may not be able to compete successfully in the future, and competition may harm our business.

Employees

As of December 31, 2016 , our total headcount was 4,665 employees and contractors. None of our U.S. employees are represented by a labor union; however, our employees in certain European countries have the right to be represented by external labor organizations if they maintain up-to-date union membership. We have not experienced any work stoppages, and we consider our relations with our employees to be good.

Available Information

Our web site is located at www.fortinet.com, and our investor relations web site is located at http://investor.fortinet.com. The information posted on our website is not incorporated by reference into this Annual Report on Form 10-K. Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Act, are available free of charge on our investor relations web site as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC. You may also access all of our public filings through the SEC’s website at www.sec.gov. Further, a copy of this Annual Report on Form 10-K is located at the

7

Table of Contents

SEC’s Public Reference Room at 100 F Street, NE, Washington, D.C. 20549. Information on the operation of the Public Reference Room can be obtained by calling the SEC at 1-800-SEC-0330.

We webcast our earnings calls and certain events we participate in or host with members of the investment community on our investor relations web site. Additionally, we provide notifications of news or announcements regarding our financial performance, including SEC filings, investor events, press and earnings releases, as part of our investor relations web site. The contents of these web sites are not intended to be incorporated by reference into this report or in any other report or document we file.


8

Table of Contents

ITEM 1A.     Risk Factors

Investing in our common stock involves a high degree of risk. Investors should carefully consider the following risks and all other information contained in this Annual Report on Form 10-K, including our consolidated financial statements and the related notes, before investing in our common stock. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks materialize, our business, financial condition and results of operations could be materially harmed. In that case, the trading price of our common stock could decline substantially, and investors may lose some or all of their investment.

Risks Related to Our Business

Our operating results are likely to vary significantly and be unpredictable.
 
Our operating results have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control or may be difficult to predict, including:
 
the level of demand for our products and services, which may render forecasts inaccurate;
 
the timing of channel partner and end-customer orders and our reliance on a concentration of shipments at the end of each quarter;
 
the timing of shipments, which may depend on many factors such as inventory levels, logistics, shipping delays, our ability to ship new products on schedule and to accurately forecast inventory requirements, and potential delays in the manufacturing process;

inventory management;
 
the mix of products sold, the mix of revenue between products and services and the degree to which products and services are bundled and sold together for a package price;

the purchasing practices and budgeting cycles of our channel partners and end-customers;
 
the effectiveness of our sales organization, generally or in a particular geographic region, and the time it takes for our sales personnel to reach productivity;

seasonal buying patterns of our end-customers;

the timing and level of our investments in sales and marketing, and the impact of such investments on our operating expenses and operating margin, and on the productivity and effectiveness of execution of our sales and marketing teams;
 
the timing of revenue recognition for our sales, which may be affected by both the mix of sales by our “sell-in” versus our “sell-through” channel partners, and the accuracy and timing of point-of-sale reporting by our “sell-through” channel partners, which impacts our ability to recognize revenue;
 
the level of perceived threats to network security, which may fluctuate from period to period;
 
changes in the requirements, market needs or buying practices and patterns of our distributors, resellers or end-customers;
 
changes in the growth rate of the network security markets;
 
the timing and success of new product and service introductions by us or our competitors, or any other change in the competitive landscape of our industry, including consolidation among our competitors, partners, or end-customers;
 
the deferral of orders from distributors, resellers or end-customers in anticipation of new products or product enhancements announced by us or our competitors;

9

Table of Contents

 
increases or decreases in our billings, revenue and expenses caused by fluctuations in foreign currency exchange rates or a strengthening of the U.S. dollar, as a significant portion of our expenses is incurred and paid in currencies other than the U.S. dollar, and such fluctuations may impact the actual prices that our partners and customers are willing to pay for our products and services;

compliance with existing laws and regulations that are applicable to our ability to conduct business with the public sector;

the impact of cloud-based platforms on the timing of our revenue recognition, billings and free cash flow;
 
decisions by potential end-customers to purchase network security solutions from newer technology providers, from larger, more established security vendors or from their primary network equipment vendors;
 
price competition and increased competitiveness in our market;
 
changes in customer renewal rates for our services;
 
changes in the payment terms of services contracts or the length of services contracts sold;

changes in our estimated annual effective tax rates;

changes in circumstances and challenges in business conditions, including decreased demand, which may negatively impact our channel partners’ ability to sell the current inventory they hold and negatively impact their future purchases of products from us;

increased demand for cloud-based services and the uncertainty associated with transitioning to providing such services;

increased expenses, unforeseen liabilities or write-downs and any impact on results of operations from any acquisition consummated;
 
our channel partners having insufficient financial resources to withstand changes and challenges in business conditions;
 
disruptions in our channel or termination of our relationship with important channel partners;
 
insolvency, credit or other difficulties confronting our key suppliers and channel partners, which could affect their ability to purchase or pay for products and services and which could disrupt our supply or distribution chain;

policy changes enacted and uncertainty with respect to immigration laws, trade policy, foreign imports and tax laws related to international commerce;

political, economic and social instability;

general economic conditions, both in domestic and foreign markets;

future accounting pronouncements or changes in our accounting policies, such as changes in the revenue recognition standards or accounting for leases, as well as the significant costs that may be incurred to adopt and comply with these new pronouncements;

possible impairments or acceleration of depreciation of our existing real estate due to our future expansion plans; and

legislative or regulatory changes, such as with respect to privacy, information and cybersecurity, exports, the environment and applicable accounting standards.


10

Table of Contents

Any one of the factors above or the cumulative effect of some of the factors referred to above may result in significant fluctuations in our quarterly financial and other operating results. This variability and unpredictability could result in our failing to meet our internal operating plan or the expectations of securities analysts or investors for any period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our shares could fall substantially and we could
face costly lawsuits, including securities class action suits. In addition, a significant percentage of our operating expenses are fixed in nature over the near term. Accordingly, in the event of revenue shortfalls, we are generally unable to mitigate the negative impact on margins in the short term.

Adverse economic conditions or reduced information technology spending may adversely impact our business.
 
Our business depends on the overall demand for information technology and on the economic health of our current and prospective customers. In addition, the purchase of our products is often discretionary and may involve a significant commitment of capital and other resources. Weak global economic conditions and spending environments, weak economic conditions in certain geographies, or a reduction in information technology spending regardless of macro-economic conditions, could adversely impact our business, financial condition and results of operations in a number of ways, including longer sales cycles, lower prices for our products and services, higher default rates among our channel partners, reduced unit sales and slower or declining growth.

Our billings, revenue and free cash flow growth may slow or may not continue.
 
Billings, revenue and free cash flow growth may slow, or we may experience a decrease in billings, revenue and free cash flow for a number of reasons, including a slowdown in demand for our products or services, a shift in demand from products to services, increased competition, a decrease in the growth of our overall market or softness in demand in certain geographies or industry verticals, such as the service provider industry, and our failure for any reason to continue to capitalize on growth opportunities and due to other risks identified in the risk factors described in this periodic report. Our expenses as a percentage of total revenue may be higher than expected if our revenue is lower than expected and, if our investments in sales and marketing and other functional areas do not result in expected billings and revenue growth, we may experience margin declines and may not be able to sustain profitability in future periods if we fail to increase billings, revenue or deferred revenue, do not appropriately manage our cost structure and free cash flow or encounter unanticipated liabilities. Any failure by us to maintain profitability, maintain our margins and continue our billings, revenue and free cash flow growth could cause the price of our common stock to materially decline.

We rely significantly on revenue from FortiGuard security subscription and FortiCare technical support services which may decline, and because we recognize revenue from FortiGuard security subscription and FortiCare technical support services over the term of the relevant service period, downturns or upturns in sales of FortiGuard security subscription and FortiCare technical support services are not immediately reflected in full in our operating results.

Our FortiGuard security subscription and FortiCare technical support services revenue has historically accounted for a significant percentage of our total revenue. Revenue from the sale of new, or from the renewal of existing, FortiGuard security subscription and FortiCare technical support services contracts may decline and fluctuate as a result of a number of factors, including fluctuations in purchases of FortiGate appliances, changes in the sales mix between products and services, end-customers’ level of satisfaction with our products and services, the prices of our products and services, the prices of products and services offered by our competitors, reductions in our customers’ spending levels and the timing of revenue recognition with respect to these arrangements. If our sales of new, or renewals of existing FortiGuard security subscription and FortiCare technical support services contracts decline, our revenue and revenue growth may decline and our business could suffer. In addition, in the event significant customers require payment terms for FortiGuard security subscription or FortiCare technical support services in arrears or for shorter periods of time than annually, such as monthly or quarterly, this may negatively impact our billings and revenue. Furthermore, we recognize FortiGuard security subscription and FortiCare technical support services revenue monthly over the term of the relevant service period, which is typically from one to three years, and in some instances has been as long as five years. As a result, much of the FortiGuard security subscription and FortiCare technical support services revenue we report each quarter is the recognition of deferred revenue from FortiGuard security subscription and FortiCare technical support services contracts entered into during previous quarters or years. Consequently, a decline in new or renewed FortiGuard security subscription or FortiCare technical support services contracts in any one quarter will not be fully reflected in revenue in that quarter but will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales of new, or renewals of existing, FortiGuard security subscription or FortiCare technical support services is not reflected in full in our statements of operations until future periods. Our FortiGuard security subscription and FortiCare technical support services revenue also makes it difficult for us to rapidly increase our revenue through additional service sales in any period, as revenue from new and renewal support services contracts must be recognized over the applicable service period.

11

Table of Contents

 
We generate a majority of revenue from sales to distributors, resellers and end-customers outside of the U.S., and we are therefore subject to a number of risks associated with international sales and operations.
 
We market and sell our products throughout the world and have established sales offices in many parts of the world. Our international sales have represented a majority of our total revenue in recent periods. Therefore, we are subject to risks associated with having worldwide operations. We are also subject to a number of risks typically associated with international sales and operations, including:
 
economic or political instability in foreign markets;
 
greater difficulty in enforcing contracts, accounts receivable collection and longer collection periods;
 
changes in regulatory requirements;
 
difficulties and costs of staffing and managing foreign operations;
 
the uncertainty of protection for intellectual property rights in some countries;
 
costs of compliance with foreign policies, laws and regulations and the risks and costs of non-compliance with such policies, laws and regulations;

protectionist policies and penalties, and local laws, requirements, policies and perceptions that may adversely impact U.S. headquartered business’ sales in certain countries outside of the U.S.;
 
costs of complying with U.S. or other foreign laws and regulations for foreign operations, including the U.S. Foreign Corrupt Practices Act, the United Kingdom (“UK”) Bribery Act 2010, import and export control laws, tariffs, trade barriers and economic sanctions;
 
other regulatory or contractual limitations on our ability to sell our products in certain foreign markets, and the risks and costs of non-compliance;

heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales or sales-related arrangements that could disrupt the sales team through terminations of employment or otherwise, and may adversely impact financial results as compared to those already reported or forecasted and result in restatements of financial statements and irregularities in financial statements;

our ability to effectively implement and maintain adequate internal controls to properly manage our international sales and operations;

the potential for political unrest, changes and uncertainty, and for terrorism, hostilities, war or natural disasters;

changes in foreign currency exchange rates;
 
management communication and integration problems resulting from cultural differences and geographic dispersion; and

changes in tax, employment and other laws.
 
Product and service sales and employee and contractor matters may be subject to foreign governmental regulations, which vary substantially from country to country. Further, we may be unable to keep up-to-date with changes in government requirements as they change over time. Failure to comply with these regulations could result in adverse effects to our business. In many foreign countries, it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. regulations applicable to us. Although we implemented policies and procedures designed to ensure compliance with these laws and policies, there can be no assurance that all of our employees, contractors, channel partners and agents will comply with these laws and policies. Violations of laws or key control policies by our employees, contractors, channel partners or agents could result in litigation, regulatory action, costs of investigation, delays in revenue recognition, delays in financial reporting, financial reporting misstatements, fines, penalties, or the prohibition of the importation or

12

Table of Contents

exportation of our products and services, any of which could have a material adverse effect on our business and results of operations.

If we are not successful in continuing to execute our strategy to increase our sales to large and medium-sized end-customers, our results of operations may suffer.
 
An important part of our growth strategy is to increase sales of our products to large enterprises and medium-sized businesses, service providers and government organizations. While we have increased sales in recent periods to large and medium-sized enterprises and service providers, our sales volume varies by quarter. We also have experienced less traction selling to certain government organizations and there can be no assurance that we will be successful selling to these customers. Sales to these organizations involve risks that may not be present, or that are present to a lesser extent, with sales to smaller entities. These risks include:
 
increased competition from competitors that traditionally target large enterprises and medium-sized businesses, service providers and government organizations and that may already have purchase commitments from those end-customers;
 
increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements;

unanticipated changes in the capital resources or purchasing behavior of large end-customers, including changes in the volume and frequency of their purchases and changes in the mix of products and services and related payment terms;
 
more stringent support requirements in our support service contracts, including stricter support response times, more complex requirements and increased penalties for any failure to meet support requirements;

longer sales cycles and the associated risk that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products and services; and

longer ramp-up periods for enterprise sales personnel as compared to other sales personnel.
 
Large enterprises and medium-sized businesses, service providers and government organizations often undertake a significant evaluation process that results in a lengthy sales cycle, in some cases longer than 12 months. Although we have a channel sales model, our sales representatives typically engage in direct interaction with end-customers, along with our distributors and resellers, in connection with sales to large and medium-sized end-customers. We may spend substantial time, effort and money in our sales efforts without being successful in producing any sales. In addition, product purchases by large enterprises and medium-sized businesses, service providers and government organizations are frequently subject to budget constraints, multiple approvals and unplanned administrative, processing and other delays. Furthermore, service providers represent our largest industry vertical and consolidation or changes in buying behavior by larger customers within this industry could negatively impact our business. Large enterprises and medium-sized businesses, service providers and government organizations typically have longer implementation cycles, require greater product functionality and scalability, expect a broader range of services, including design services, demand that vendors take on a larger share of risks, require acceptance provisions that can lead to a delay in revenue recognition, and expect greater payment flexibility from vendors. In addition, large enterprises and medium-sized businesses, service providers and government organizations may require that our products and services be sold differently from how we offer our products and services, which could negatively impact our operating results. Our large enterprise and service provider customers may also become more deliberate in their purchases as they plan their next-generation network security architecture, leading them to take more time in making purchasing decisions or to purchase based only on their immediate needs. All these factors can add further risk to business conducted with these customers. In addition, if sales expected from a large and medium-sized end-customer for a particular quarter are not realized in that quarter or at all, our business, operating results and financial condition could be materially and adversely affected.

Managing inventory of our products and product components is complex. Insufficient inventory may result in lost sales opportunities or delayed revenue, while excess inventory may harm our gross margins.

Managing our inventory is complex. Our channel partners may increase orders during periods of product shortages, cancel orders or not place orders commensurate with our expectations if their inventory is too high, return products or take advantage of price protection (if any is available to the particular partner) or delay orders in anticipation of new products, and accurately forecasting inventory requirements and demand can be challenging. Our channel partners also may adjust their

13

Table of Contents

orders in response to the supply of our products and the products of our competitors that are available to them and in response to seasonal fluctuations in end-customer demand. Furthermore, if the time required to manufacture or ship certain products increases for any reason, inventory shortfalls could result. Management of our inventory is further complicated by the significant number of different products and models that we sell.
 
In addition, for those channel partners that have rights of return, inventory held by such channel partners affects our results of operations. Our inventory management systems and related supply chain visibility tools may be inadequate to enable us to effectively manage inventory. Inventory management remains an area of focus as we balance the need to maintain inventory levels that are sufficient to ensure competitive lead times against the risk of inventory obsolescence because of rapidly changing technology and customer requirements, or excess inventory levels. If we ultimately determine that we have excess inventory, we may have to reduce our prices and write-down inventory, which in turn could result in lower gross margins. Alternatively, insufficient inventory levels may lead to shortages that result in delayed revenue or loss of sales opportunities altogether as potential end-customers turn to competitors’ products that are readily available. For example, we have in the past experienced inventory shortages and excesses due to the variance in demand for certain products from forecasted amounts. If we are unable to effectively manage our inventory and that of our channel partners, our results of operations could be adversely affected.

We are dependent on the continued services and performance of our senior management, the loss of any of whom could adversely affect our business, operating results and financial condition.
 
Our future performance depends on the continued services and continuing contributions of our senior management to execute on our business plan, and to identify and pursue new opportunities and product innovations. The loss of services of members of senior management, particularly Ken Xie, our Co-Founder, Chairman and Chief Executive Officer, and Michael Xie, our Co-Founder, President and Chief Technology Officer, and any of our senior sales leaders or functional area leaders, could significantly delay or prevent the achievement of our development and strategic objectives. The loss of the services, or distraction, of our senior management for any reason could adversely affect our business, financial condition and results of operations.

If we are unable to hire, retain and motivate qualified personnel, our business will suffer.
 
Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. The loss of the services of any of our key personnel, the inability to attract or retain qualified personnel, or delays in hiring required personnel, particularly in engineering, sales and marketing, may seriously harm our business, financial condition and results of operations. From time to time, we experience turnover in our management-level personnel. None of our key employees has an employment agreement for a specific term, and any of our employees may terminate their employment at any time. Our ability to continue to attract and retain highly skilled personnel will be critical to our future success. Competition for highly-skilled personnel is frequently intense, especially for qualified employees in network security and especially in the locations where we have a substantial presence and need for highly-skilled personnel, such as the San Francisco Bay Area and Vancouver, Canada. We may not be successful in attracting, assimilating or retaining qualified personnel to fulfill our current or future needs. Also, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited or divulged proprietary or other confidential information. Changes in immigration laws, including changes to the rules regarding H1-B visas, may also harm our ability to attract personnel from other countries.

If we do not increase the effectiveness of our sales organization in some regions, we may have difficulty adding new end-customers or increasing sales to our existing end-customers and our business may be adversely affected.

Although we have a channel sales model, members of our sales organization often engage in direct interaction with our prospective end-customers. Therefore, we continue to be substantially dependent on our sales organization to obtain new end-customers and sell additional products and services to our existing end-customers. There is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to grow our revenue depends, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth and on the effectiveness of those personnel. New hires require substantial training and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. For example, we realigned our sales organization in early 2016 and it has taken more time than we expected to ramp up the productivity of our realigned sales organization, which negatively impacted our revenue growth in the third quarter of 2016 in some regions. Furthermore, hiring sales personnel in new countries requires additional setup and upfront costs that we may not recover if the sales personnel fail to achieve full productivity. If our new sales employees do not become fully productive on the timelines that we have projected, our revenue will not increase at anticipated levels and our ability to achieve long term

14

Table of Contents

projections may be negatively impacted. If we are unable to hire and train sufficient numbers of effective sales personnel, or the sales personnel are not successful in obtaining new end-customers or increasing sales to our existing customer base, our business, operating results and prospects will be adversely affected.

The sales prices of our products and services may decrease, which may reduce our gross profits and adversely impact our financial results and the trading price of our common stock.
 
The sales prices for our products and services may decline for a variety of reasons, including competitive pricing pressures, discounts or promotional programs we offer, a change in our mix of products and services and anticipation of the introduction of new products and services. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse product offerings may reduce the price of products and services that compete with ours in order to promote the sale of other products or services or may bundle them with other products or services. Additionally, although we price our products and services worldwide in U.S. dollars, currency fluctuations in certain countries and regions have in the past, and may in the future, negatively impact actual prices that partners and customers are willing to pay in those countries and regions. Furthermore, we anticipate that the sales prices and gross profits for our products or services will decrease over product life cycles. We cannot ensure that we will be successful in developing and introducing new offerings with enhanced functionality on a timely basis, or that our product and service offerings, if introduced, will enable us to maintain our prices and gross profits at levels that will allow us to maintain profitability.
 
Reliance on a concentration of shipments at the end of the quarter could cause our billings and revenue to fall below expected levels.
 
As a result of customer-buying patterns and the efforts of our sales force and channel partners to meet or exceed quarterly quotas, we have historically received a substantial portion of each quarter’s sales orders and generated a substantial portion of each quarter’s billings and revenue during the last two weeks of the quarter. For example, in 2016, the portion of billings during the last two weeks of the quarter was 37%, and, on average over the past eight quarters, our billings during the last two weeks accounted for 35% of aggregate billings for each quarter. If expected orders at the end of any quarter are delayed for any reason, including the failure of anticipated purchase orders to materialize, our logistics partners’ inability to ship products prior to quarter-end to fulfill purchase orders received near the end of the quarter, our failure to accurately forecast our inventory requirements and to appropriately manage inventory to meet demand, our inability to release new products on schedule, any failure of our systems related to order review and processing, any delays in shipments due to trade compliance requirements, labor disputes or logistics changes at shipping ports or otherwise, our billings and revenue for that quarter could fall below our expectations or those of securities analysts and investors, resulting in a decline in our stock price.

Unless we continue to develop better market awareness of our company and our products, and to improve lead generation and sales enablement, our revenue may not continue to grow.

Increased market awareness of our capabilities and products and increased lead generation are essential to our continued growth and our success in all of our markets, particularly for the large enterprise, service provider and government organization market. We have historically had relatively low spending on marketing activities. While we have increased our investments in sales and marketing, it is not clear that these investments will continue to result in increased revenue. If our investments in additional sales personnel or if our marketing programs are not successful in continuing to create market awareness of our company and products and increased lead generation, or if we experience turnover and disruption in our sales and marketing teams, we will not be able to achieve sustained growth, and our business, financial condition and results of operations will be adversely affected.

We rely on third-party channel partners to generate substantially all of our revenue. If our partners fail to perform, our ability to sell our products and services will be limited, and if we fail to optimize our channel partner model going forward, our operating results will be harmed.
 
A significant portion of our sales is generated through a limited number of distributors, and substantially all of our revenue is generated through sales by our channel partners, including distributors and resellers. We depend upon our channel partners to generate a significant portion of our sales opportunities and manage the sales process. To the extent our channel partners are unsuccessful in selling our products, or we are unable to enter into arrangements with and retain a sufficient number of high-quality channel partners in each of the regions in which we sell products, and if we are unable to keep them motivated to sell our products, our ability to sell our products and operating results will be harmed. The termination of our relationship with any significant channel partner may adversely impact our sales and operating results. 

15

Table of Contents


We provide sales channel partners with specific programs to assist them in selling our products and incentivize them to sell our products, but there can be no assurance that these programs will be effective. In addition, our channel partners may be unsuccessful in marketing, selling and supporting our products and services and may purchase more inventory than they can sell. Our channel partners generally do not have minimum purchase requirements. Some of our channel partners may have insufficient financial resources to withstand changes and challenges in business conditions. In addition, if our channel partners’ financial condition or operations weaken it could negatively impact their ability to sell our product and services. Our channel partners may also market, sell and support products and services that are competitive with ours, and may devote more resources to the marketing, sales and support of such products. They may also have incentives to promote our competitors’ products to the detriment of our own, or they may cease selling our products altogether. We cannot ensure that we will retain these channel partners or that we will be able to secure additional or replacement partners or that existing channel partners will continue to perform. The loss of one or more of our significant channel partners or the failure to obtain and ship a number of large orders each quarter through them could harm our operating results. During 2014, 2015 and 2016, Exclusive, which distributed our solutions to a large group of resellers and end-customers, accounted for 15% , 18% and 20% of our total revenue, respectively. In addition, any new sales channel partner will require extensive training and may take several months or more to achieve productivity. Our channel partner sales structure could subject us to lawsuits, potential liability and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products or services to end-customers or our channel partners violate laws or our corporate policies. We depend on our global channel partners to comply with applicable legal and regulatory requirements. To the extent that they fail to do so, that could have a material adverse effect on our business, operating results and financial condition. If we fail to optimize our channel partner model or fail to manage existing sales channels, our business will be seriously harmed.

Actual, possible or perceived defects or vulnerabilities in our products or services, the failure of our products or services to prevent a virus or security breach, or misuse of our products could harm our reputation and divert resources.
 
Because our products and services are complex, they have contained and may contain defects or errors that are not detected until after their commercial release and deployment by our customers. Defects or vulnerabilities may impede or block network traffic, cause our products or services to be vulnerable to electronic break-ins or cause them to fail to help secure networks. Different customers deploy and use our products in different ways, and certain deployments and usages may subject our products to adverse conditions that may negatively impact the effectiveness and useful lifetime of our products. We cannot ensure that our products will prevent all security threats. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques. In addition, defects or errors in our FortiGuard security subscription updates or our FortiGate appliances could result in a failure of our FortiGuard security subscription services to effectively update end-customers’ FortiGate appliances and thereby leave customers vulnerable to attacks. Furthermore, our solutions may also fail to detect or prevent viruses, worms or similar threats due to a number of reasons such as the evolving nature of such threats and the continual emergence of new threats that we may fail to add to our FortiGuard databases in time to protect our end-customers’ networks. Our FortiGuard or FortiCare data centers and networks may also experience technical failures and downtime, and may fail to distribute appropriate updates, or fail to meet the increased requirements of our customer base. Any such technical failure, downtime or failures in general may temporarily or permanently expose our end-customers’ networks, leaving their networks unprotected against the latest security threats.
 
An actual, possible or perceived security breach or infection of the network of one of our end-customers, regardless of whether the breach is attributable to the failure of our products or services to prevent the security breach, could adversely affect the market’s perception of our security products and services and, in some instances, subject us to potential liability that is not contractually limited. We may not be able to correct any security flaws or vulnerabilities promptly, or at all. Our products may also be misused by end-customers or third parties who obtain access to our products. For example, our products could be used to censor private access to certain information on the Internet. Such use of our products for censorship could result in negative press coverage and negatively affect our reputation, even if we take reasonable measures to prevent any improper shipment of our products or if our products are provided by an unauthorized third-party. Any actual, possible or perceived defects, errors or vulnerabilities in our products, or misuse of our products, could result in:
 
expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate or work around errors or defects or to address and eliminate vulnerabilities;
 
loss of existing or potential end-customers or channel partners;
 
delayed or lost revenue;
 

16

Table of Contents

delay or failure to attain market acceptance;
 
negative publicity and harm to our reputation; and
 
litigation, regulatory inquiries or investigations that may be costly and harm our reputation and, in some instances, subject us to potential liability that is not contractually limited.
 
Our business and operations have experienced growth, and if we do not appropriately manage any future growth, including through the expansion of our real estate holdings, or are unable to improve our systems and processes, our operating results will be negatively affected.
 
Our business has grown over the last several years. We rely heavily on information technology and accounting systems to help manage critical functions such as order processing, revenue recognition, financial forecasts, inventory and supply chain management and trade compliance reviews. Certain of these systems were developed by us for our internal use and as such may have a higher risk of failure or not receive the same level of support as systems purchased from and supported by external technology companies. In addition, we have been slow to adopt and implement certain automated functions, which could have a negative impact on our business. For example, a large part of our order processing relies on manual data entry of customer purchase orders received through email and, to a lesser extent, through electronic data interchange from our customers. Combined with the fact that we may receive a large amount of our orders in the last few weeks of any given quarter, a significant interruption in our email service or other systems could result in delayed order fulfillment and decreased billings and revenue for that quarter.

To manage any future growth effectively, we must continue to improve and expand our information technology and financial, operating and administrative systems and controls, and continue to manage headcount, capital and processes in an efficient manner. We may not be able to successfully implement requisite improvements to these systems, controls and processes, such as system capacity, access and change management controls, in a timely or efficient manner. Our failure to improve our systems and processes, or their failure to operate in the intended manner, whether as a result of the significant growth of our business or otherwise, may result in our inability to manage the growth of our business and to accurately forecast our revenue, expenses and earnings, or to prevent certain losses. Moreover, the failure of our systems and processes could undermine our ability to provide accurate, timely and reliable reports on our financial and operating results and could impact the effectiveness of our internal control over financial reporting. In addition, our systems and processes may not prevent or detect all errors, omissions or fraud. Our productivity and the quality of our products and services may also be adversely affected if we do not integrate and train our new employees quickly and effectively. Any future growth would add complexity to our organization and require effective coordination throughout our organization. Failure to manage any future growth effectively could result in increased costs and harm our results of operations.

Further, it may be necessary to expand our real estate holdings to meet our projected growing need for office space. We recently approved plans to purchase office buildings in Vancouver and Ottawa, Canada, and we are considering plans to significantly expand our headquarters in Sunnyvale, California. These plans will require significant capital expenditure over the next several years and involve certain risks, including impairment charges and acceleration of depreciation, changes in future business strategy that may decrease the need for expansion (such as a decrease in headcount) and, with respect to our potential expansion plans in California, risks related to construction. Future changes in growth or fluctuations in cash flow may also negatively impact our ability to pay for these projects. Additionally, inaccuracies in our projected capital expenditures could negatively impact our business, operating results and financial condition.
 
We may experience difficulties maintaining and expanding our new enterprise resource planning (“ERP”) system.
 
We recently implemented a new ERP system. The ERP system is critical to our ability to provide important information to our management, obtain and deliver products, provide services and customer support, send invoices and track payments, fulfill contractual obligations, accurately maintain books and records, provide accurate, timely and reliable reports on our financial and operating results and otherwise operate our business. ERP system implementations also require transformation of business and financial processes in order to reap the benefits of the ERP system; any such transformation involves risks inherent in the conversion to a new computer system, including potential disruption to our normal operations. The implementation and maintenance of the new ERP system has required, and will continue to require, the investment of significant financial and human resources. In addition, we may choose to upgrade or expand the functionality of our ERP system, leading to additional costs. We may also discover deficiencies in our design or implementation or maintenance of the new ERP system that could adversely affect our ability to process orders, ship products, provide services and customer support, send invoices and track payments, fulfill contractual obligations, accurately maintain books and records, provide accurate,

17

Table of Contents

timely and reliable reports on our financial and operating results, or otherwise operate our business. Additionally, if the system does not operate as intended, the effectiveness of our internal control over financial reporting could be adversely affected or our ability to assess it adequately could be delayed.

If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below expectations of securities analysts and investors, resulting in a decline in our stock price.
 
The preparation of financial statements in conformity with generally accepted accounting principles requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in this Annual Report on Form 10-K, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of securities analysts and investors, resulting in a decline in our stock price. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition and sales return reserves, stock-based compensation expense, valuation of inventory, investments, accounting for business combination, goodwill and other long-lived assets, restructuring, accounting for income taxes, and litigation and settlement costs.

We offer retroactive price protection to certain of our major distributors, and if we fail to balance their inventory with end-customer demand for our products, our allowance for price protection may be inadequate, which could adversely affect our results of operations.

We provide certain of our major distributors with price protection rights for inventories of our products held by them. If we reduce the list price of our products, certain distributors receive refunds or credits from us that reduce the price of such products held in their inventory based upon the new list price. Future credits for price protection will depend on the percentage of our price reductions for the products in inventory and our ability to manage the levels of our major distributors’ inventories. If future price protection adjustments are higher than expected, our future results of operations could be materially and adversely affected.
 
Because we depend on several third-party manufacturers to build our products, we are susceptible to manufacturing delays that could prevent us from shipping customer orders on time, if at all, and may result in the loss of sales and customers, and third-party manufacturing cost increases could result in lower gross margins.

We outsource the manufacturing of our security appliance products to contract manufacturing partners and original design manufacturing partners including Faraday, K-Micro and Renesas. Our reliance on our third-party manufacturers in Asia and elsewhere reduces our control over the manufacturing process, exposing us to risks, including reduced control over quality assurance and product costs, supply and timing. Any manufacturing disruption by our third-party manufacturers could impair our ability to fulfill orders. If we are unable to manage our relationships with these third-party manufacturers effectively, or if these third-party manufacturers experience delays, increased manufacturing lead-times, disruptions, capacity constraints or quality control problems in their manufacturing operations, or fail to meet our future requirements for timely delivery, our ability to ship products to our customers could be impaired and our business would be seriously harmed.
 
These manufacturers fulfill our supply requirements on the basis of individual purchase orders. We have no long-term contracts or arrangements with certain of our third-party manufacturers that guarantee capacity, the continuation of particular payment terms or the extension of credit limits. Accordingly, they are not obligated to continue to fulfill our supply requirements, and the prices we are charged for manufacturing services could be increased on short notice. If we are required to change third-party manufacturers, our ability to meet our scheduled product deliveries to our customers would be adversely affected, which could cause the loss of sales and existing or potential customers, delayed revenue or an increase in our costs, which could adversely affect our gross margins. Our individual product lines are generally manufactured by only one manufacturing partner. Any production or shipping interruptions for any reason, such as a natural disaster, epidemic, capacity shortages, quality problems, or strike or other labor disruption at one of our manufacturing partners or locations or at shipping ports or locations, would severely affect sales of our product lines manufactured by that manufacturing partner. Furthermore, manufacturing cost increases for any reason could result in lower gross margins.
 
Our proprietary SPU, which is the key to the performance of our appliances, is fabricated by contract manufacturers in foundries operated by UMC and TSMC on a purchase order basis, and UMC and TSMC do not guarantee any capacity and

18

Table of Contents

could reject orders or could try to increase pricing. Accordingly, the foundries are not obligated to continue to fulfill our supply requirements, and due to the long lead time that a new foundry would require, we could suffer temporary or long term inventory shortages of our SPU as well as increased costs. Our suppliers may also prioritize orders by other companies that order higher volumes or more profitable products. If any of these manufacturers materially delays its supply of ASICs or specific product models to us, or requires us to find an alternate supplier and we are not able to do so on a timely and reasonable basis, or if these foundries materially increase their prices for fabrication of our ASICs, our business would be harmed.
 
In addition, our reliance on third-party manufacturers and foundries limits our control over environmental regulatory requirements such as the hazardous substance content of our products and therefore our ability to ensure compliance with the Restriction of Hazardous Substances Directive (“RoHS”) adopted in the European Union (the “EU”) and other similar laws. It also exposes us to the risk that certain minerals and metals, known as “conflict minerals,” that are contained in our products have originated in the Democratic Republic of the Congo or an adjoining country. As a result of the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”), the SEC adopted disclosure requirements for public companies whose products contain conflict minerals that are necessary to the functionality or production of such products. Under these rules, we are required to obtain sourcing data from suppliers, perform supply chain due diligence, and file annually with the SEC a specialized disclosure report on Form SD covering the prior calendar year. We have incurred and expect to incur additional costs to comply with the rules, including costs related to the determination of the origin, source and chain of custody of the conflict minerals used in our products and the adoption of conflict minerals-related governance policies, processes and controls.  Moreover, the implementation of these compliance measures could adversely affect the sourcing, availability and pricing of materials used in the manufacture of our products to the extent that there may be only a limited number of suppliers that are able to meet our sourcing requirements. There can be no assurance that we will be able to obtain such materials in sufficient quantities or at competitive prices. We may also encounter customers who require that all of the components of our products be certified as conflict-free. If we are not able to meet customer requirements, such customers may choose to not purchase our products, which could impact our sales and the value of portions of our inventory.

Because some of the key components in our products come from limited sources of supply, we are susceptible to supply shortages, long lead times for components, and supply changes, each of which could disrupt or delay our scheduled product deliveries to our customers, result in inventory shortage, or loss of sales and customers, or increase component costs resulting in lower gross margins.
 
We and our contract manufacturers currently purchase several key parts and components used in the manufacture of our products from limited sources of supply. We are therefore subject to the risk of shortages and long lead times in the supply of these components and the risk that component suppliers discontinue or modify components used in our products. We have in the past experienced, and are currently experiencing, shortages and long lead times for certain components. Certain of our limited source components for particular appliances and suppliers of those components include: specific types of CPUs from Intel, network chips from Broadcom, Marvell and Intel, and memory devices from Intel, ADATA, OCZ, Samsung and Western Digital. The introduction by component suppliers of new versions of their products, particularly if not anticipated by us or our contract manufacturers, could require us to expend significant resources to incorporate these new components into our products. In addition, if these suppliers were to discontinue production of a necessary part or component, we would be required to expend significant resources and time in locating and integrating replacement parts or components from another vendor. Qualifying additional suppliers for limited source parts or components can be time-consuming and expensive.
 
Our manufacturing partners have experienced long lead times for the purchase of components incorporated into our products. Lead times for components may be adversely impacted by factors outside of our control, such as natural disasters and other factors. Our reliance on a limited number of suppliers involves several additional risks, including:

a potential inability to obtain an adequate supply of required parts or components when required;

financial or other difficulties faced by our suppliers;
 
infringement or misappropriation of our intellectual property;
 
price increases;
 
failure of a component to meet environmental or other regulatory requirements;
 
failure to meet delivery obligations in a timely fashion; and
 

19

Table of Contents

failure in component quality.
 
The occurrence of any of these events would be disruptive to us and could seriously harm our business. Any interruption or delay in the supply of any of these parts or components, or the inability to obtain these parts or components from alternate sources at acceptable prices and within a reasonable amount of time, would harm our ability to meet our scheduled product deliveries to our distributors, resellers and end-customers. This could harm our relationships with our channel partners and end-customers and could cause delays in shipment of our products and adversely affect our results of operations. In addition, increased component costs could result in lower gross margins.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.
 
A significant portion of our operating expenses are incurred outside the U.S. These expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro and Canadian dollar and, to a lesser extent, the British Pound. Additionally, fluctuations in the exchange rate of the Canadian dollar may negatively impact our real estate purchase and development plans in Vancouver and Ottawa. While we are not currently engaged in material hedging activities, we have been hedging currency exposures relating to certain balance sheet accounts through the use of forward exchange contracts. If we stop hedging against any of these risks or if our attempts to hedge against these currency exposures are not successful, our financial condition and results of operations could be adversely affected. In addition, our sales contracts are primarily denominated in U.S. dollars and therefore, while substantially all of our revenue is not subject to foreign currency risk, it does not serve as a hedge to our foreign currency-denominated operating expenses. In addition, a strengthening of the U.S. dollar may increase the real cost of our products to our customers outside of the U.S., which may also adversely affect our financial condition and results of operations. 

Failure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose end-customers in the public sector or negatively impact our ability to contract with the public sector.

Our business is subject to regulation by various federal, state, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, product labelling, environmental laws, consumer protection laws, anti-bribery laws, import and export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than in the U.S. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages and civil and criminal penalties or injunctions. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, operating results and financial condition could be adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business, operating results and financial condition.

Selling our solutions to the U.S. government, whether directly or through channel partners, also subjects us to certain regulatory and contractual requirements. Failure to comply with these requirements by either us or our channel partners could subject us to investigations, fines, other penalties and damages, which could have an adverse effect on our business, operating results, financial condition and prospects. As an example, the U.S. Department of Justice (“DOJ”), on its own behalf or on behalf of the General Services Administration (“GSA”), as well as individuals, has in the past pursued claims against, reached financial settlements with or otherwise obtained damages from companies that sell electronic equipment and from IT vendors under the False Claims Act and other statutes related to pricing, discount practices and compliance with laws related to sales to the federal government, such as the Trade Agreements Act. The DOJ continues to actively pursue such claims. Violations of certain regulatory and contractual requirements could also result in us being suspended or debarred from future government contracting. Any of these outcomes could have an adverse effect on our revenue, operating results, financial condition and prospects.

These laws and regulations impose added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, termination of contracts, loss of exclusive rights in our intellectual property and temporary suspension or permanent debarment from government contracting. Any such damages, penalties, disruptions or limitations in our ability to do business with the public sector could have an adverse effect on our business and operating results.


20

Table of Contents

We are subject to governmental export and import controls that could subject us to liability or restrictions on sales, and could impair our ability to compete in international markets.
 
Because we incorporate encryption technology into our products, certain of our products are subject to U.S. export controls and may be exported outside the U.S. only with the required export license or through an export license exception, and may be prohibited altogether from export to certain countries. If we were to fail to comply with U.S. export laws, U.S. Customs regulations and import regulations, U.S. economic sanctions and other countries’ import and export laws, we could be subject to substantial civil and criminal penalties, including fines for the company and incarceration for responsible employees and managers, and the possible loss of export or import privileges. In addition, if our channel partners fail to obtain appropriate import, export or re-export licenses or permits (for example, for stocking orders placed by our partners), we may also be adversely affected through reputational harm and penalties and we may not be able to provide support related to appliances shipped pursuant to such orders. Obtaining the necessary export license for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities.
 
Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries, governments and persons. Even though we take precautions to prevent our product from being shipped to U.S. sanctions targets, our products could be shipped to those targets by our channel partners, despite such precautions. Any such shipment could have negative consequences including government investigations and penalties and reputational harm. In addition, various countries regulate the import of certain encryption technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products in international markets, prevent our customers with international operations from deploying our products globally or, in some cases, prevent the export or import of our products to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.
 
Efforts to withdraw from or materially modify NAFTA or other international trade agreements, to change tax provisions related to global manufacturing and sales or to impose new tariffs, economic sanctions or related legislation, any of which could our adversely affect our financial condition and results of operations.

Our business benefits from free trade agreements, such as the North American Free Trade Agreement (“NAFTA”), and we also rely on various U.S. corporate tax provisions related to international commerce, as we develop, market and sell our products and services globally. Efforts to withdraw from or materially modify NAFTA or other international trade agreements, or to change corporate tax policy related to international commerce, could adversely affect our financial condition and results of operations as could the continuing uncertainty regarding whether such actions will be taken. Moreover, efforts to implement changes related to export or import regulations (including the imposition of new border taxes or tariffs on foreign imports), economic sanctions or related policies. Any modification in these areas, any shift in the enforcement or scope of existing regulations or any change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations and could result in increased costs. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.

If we fail to comply with environmental requirements, our business, financial condition, operating results and reputation could be adversely affected.
 
We are subject to various environmental laws and regulations, including laws governing the hazardous material content of our products, laws relating to our real property and future expansion plans and laws concerning the recycling of electrical and electronic equipment. The laws and regulations to which we are subject include the EU RoHS and the EU Waste Electrical and Electronic Equipment Directive (“WEEE Directive”), as well as the implementing legislation of the EU member states. Similar laws and regulations have been passed or are pending in China, South Korea, Norway and Japan and may be enacted in other regions, including in the U.S., and we are, or may in the future be, subject to these laws and regulations.
 

21

Table of Contents

The EU RoHS and the similar laws of other jurisdictions ban the use of certain hazardous materials such as lead, mercury and cadmium in the manufacture of electrical equipment, including our products. We have incurred costs to comply with these laws, including research and development costs, costs associated with assuring the supply of compliant components and costs associated with writing off noncompliant inventory. We expect to continue to incur costs related to environmental laws and regulations in the future. With respect to the EU RoHS, we and our competitors rely on an exemption for lead in network infrastructure equipment. It is possible this exemption will be revoked in the near future. If this exemption is revoked, if there are other changes to these laws (or their interpretation) or if new similar laws are passed in other jurisdictions, we may be required to reengineer our products to use components compatible with these regulations. This reengineering and component substitution could result in additional costs to us or disrupt our operations or logistics.
 
The EU has also adopted the WEEE Directive, which requires electronic goods producers to be responsible for the collection, recycling and treatment of such products. Although currently our EU international channel partners are responsible for the requirements of this directive as the importer of record in most of the European countries in which we sell our products, changes in interpretation of the regulations may cause us to incur costs or have additional regulatory requirements in the future to meet in order to comply with this directive, or with any similar laws adopted in other jurisdictions.
 
Our failure to comply with these and future environmental rules and regulations could result in reduced sales of our products, increased costs, substantial product inventory write-offs, reputational damage, penalties and other sanctions.
 
A portion of our revenue is generated by sales to government organizations, which are subject to a number of challenges and risks.
 
Sales to U.S. and foreign federal, state and local governmental agency end-customers have accounted for a portion of our revenue in past periods, and we may in the future increase sales to government organizations. Sales to government organizations are subject to a number of risks. Selling to government organizations can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense, with long sales cycles and without any assurance of winning a sale.

Government demand, sales and payment for our products and services may be negatively impacted by numerous factors and requirements unique to selling to government agencies, such as:

public sector budgetary cycles;

funding authorizations and requirements unique to government agencies, with funding or purchasing reductions or delays adversely affecting public sector demand for our products;

geopolitical matters; and

rules and regulations applicable to certain government sales, including General Services Administration regulations.

The rules and regulations applicable to sales to government organizations may also negatively impact sales to other organizations. To date, we have had limited traction in sales to U.S. federal government agencies, and any future sales to government organizations is uncertain. Government organizations may have contractual or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future results of operations. For example, if the distributor receives a significant portion of its revenue from sales to such government organization, the financial health of the distributor could be substantially harmed, which could negatively affect our future sales to such distributor. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our products and services, a reduction of revenue or fines or civil or criminal liability if the audit uncovers improper or illegal activities. Any such penalties could adversely impact our results of operations in a material way. Finally, purchases by the U.S. government may require certain products to be manufactured in the U.S. and other high cost manufacturing locations, and we may not manufacture all products in locations that meet the requirements of the U.S. government.
 
False detection of vulnerabilities, viruses or security breaches or false identification of spam or spyware could adversely affect our business.
 
Our antivirus and our intrusion prevention services may falsely detect viruses or other threats that do not actually exist. This risk is heightened by the inclusion of a “heuristics” feature in our products, which attempts to identify viruses and

22

Table of Contents

other threats not based on any known signatures but based on characteristics or anomalies that may indicate that a particular item is a threat. When our end-customers enable the heuristics feature in our products, the risk of falsely identifying viruses and other threats significantly increases. These false positives, while typical in the industry, may impair the perceived reliability of our products and may therefore adversely impact market acceptance of our products. Also, our anti-spam and anti-malware services may falsely identify emails or programs as unwanted spam or potentially unwanted programs, or alternatively fail to properly identify unwanted emails or programs, particularly as spam emails or spyware are often designed to circumvent anti-spam or spyware products. Parties whose emails or programs are blocked by our products may seek redress against us for labeling them as spammers or spyware, or for interfering with their business. In addition, false identification of emails or programs as unwanted spam or potentially unwanted programs may reduce the adoption of our products. If our system restricts important files or applications based on falsely identifying them as malware or some other item that should be restricted, this could adversely affect end-customers’ systems and cause material system failures. In addition, our threat researchers periodically identify vulnerabilities in various third-party products, and, if these identifications are perceived to be incorrect or are in fact incorrect, this could harm our business. Any such false identification or perceived false identification of important files, applications or vulnerabilities could result in negative publicity, loss of end-customers and sales, increased costs to remedy any problem and costly litigation.
 
If our internal network system or our website is compromised, public perception of our products and services will be harmed, we may become subject to liability, and our business, operating results and stock price may be adversely impacted.

Our success depends on the market’s confidence in our ability to provide effective network security protection. Despite our efforts and processes to prevent breaches of our internal network system and website, we are still vulnerable to computer viruses, break-ins, phishing attacks, attempts to overload our servers with denial-of-service and other cyber-attacks and similar disruptions from unauthorized access to our internal network system or our website. Our security measures may also be breached due to employee error, malfeasance or otherwise, and third parties may attempt to fraudulently induce our employees to transfer funds or disclose information in order to gain access to our network and confidential information. We cannot guarantee that the measures we have taken to protect our network and website will provide absolute security. Moreover, because we provide network security products, we may be a more attractive target for attacks by computer hackers. Although we have not yet experienced significant damages from unauthorized access by a third party of our internal network or website, an actual or perceived breach of network security occurs in our internal systems or website could adversely affect the market perception of our products and services and investor confidence in our company. Any breach of our network system or website could impair our ability to operate our business, including our ability to provide FortiGuard security subscription and FortiCare technical support services to our end-customers, lead to interruptions or system slowdowns, cause loss of critical data, or lead to the unauthorized disclosure or use of confidential, proprietary or sensitive information. We could also be subject to liability and litigation and reputational harm and our channel partners and end-customers may be harmed, lose confidence in us and decrease or cease using our products and services. Any breach of our internal network system or our website could have an adverse effect on our business, operating results and stock price.
 
Our ability to sell our products is dependent on the quality of our technical support services, and our failure to offer high quality technical support services would have a material adverse effect on our sales and results of operations.
 
Once our products are deployed within our end-customers’ networks, our end-customers depend on our technical support services, as well as the support of our channel partners and other third parties, to resolve any issues relating to our products. If we, our channel partners or other third parties do not effectively assist our customers in deploying our products, succeed in helping our customers quickly resolve post-deployment issues and provide effective ongoing support, our ability to sell additional products and services to existing customers would be adversely affected and our reputation with potential customers could be damaged. Many large end-customers, service provider and government organization end-customers require higher levels of support than smaller end-customers because of their more complex deployments. If we, our channel partners or other third parties fail to meet the requirements of our larger end-customers, it may be more difficult to execute on our strategy to increase our penetration with large enterprises, service providers and government organizations. As a result, our failure to maintain high quality support services would have a material adverse effect on our business, financial condition and results of operations.

We could be subject to changes in our tax rates, the adoption of new U.S. or international tax legislation, or exposure to additional tax liabilities.

We are subject to taxes in the U.S. and numerous foreign jurisdictions, where a number of our subsidiaries are organized. Our provision for income taxes is subject to volatility and could be adversely affected by several factors, many of which are outside of our control, including:
 

23

Table of Contents

earnings being lower than anticipated in countries that have lower tax rates and higher than anticipated in countries that have higher tax rates;

the mix of earnings in countries with differing statutory tax rates or withholding taxes;
 
changes in the valuation of our deferred tax assets and liabilities;
 
transfer pricing adjustments;
 
an increase in non-deductible expenses for tax purposes, including certain stock-based compensation expense, write-offs of acquired in-process research and development, and impairment of goodwill;

tax costs related to intercompany realignments;
 
tax assessments resulting from income tax audits or any related tax interest or penalties that could significantly affect our provision for income taxes for the period in which the settlement takes place;
 
a change in our decision to indefinitely reinvest foreign earnings;
 
changes in accounting principles;

court decisions, tax rulings and interpretations of tax laws, and regulations by international, federal or local governmental authorities; or
 
changes in tax laws and regulations, including possible changes in the U.S. to the taxation of earnings of our foreign subsidiaries, the deductibility of expenses attributable to foreign income or the foreign tax credit rules, or changes to the U.S. income tax rate, which would necessitate a revaluation of our deferred tax assets and liabilities.
 
Significant judgment is required to determine the recognition and measurement attribute prescribed in the Financial Accounting Standards Board standard. In addition, the standard applies to all income tax positions, including the potential recovery of previously paid taxes, which, if settled unfavorably, could adversely impact our provision for income taxes or additional paid-in capital. Further, as a result of certain of our ongoing employment and capital investment actions and commitments, our income in certain foreign countries is subject to reduced tax rates and, in some cases, is wholly exempt from tax. Our failure to meet these commitments could adversely impact our provision for income taxes. In addition, we are subject to the examination of our income tax returns by the Internal Revenue Service (“IRS”) and other tax authorities. Tax authorities in France are currently examining the inter-company relationship between Fortinet, Inc., Fortinet France and Fortinet Singapore. We are in the early stages of this inquiry and as of yet no official audit has been opened. We regularly assess the likelihood of adverse outcomes resulting from such examinations to determine the adequacy of our provision for income taxes.

Although we currently do not have a valuation allowance, we may in the future be required to establish one. We will continue to assess the need for a valuation allowance on the deferred tax asset by evaluating both positive and negative evidence that may exist.

Forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between our forecasted and actual tax rates.
 
Forecasts of our income tax position and effective tax rate are complex, subject to uncertainty and periodic updates because our income tax position for each year combines the effects of a mix of profits earned and losses incurred by us in various tax jurisdictions with a broad range of income tax rates, as well as changes in the valuation of deferred tax assets and liabilities, the impact of various accounting rules and changes to these rules and tax laws, the results of examinations by various tax authorities, and the impact of any acquisition, business combination or other reorganization or financing transaction. To forecast our global tax rate, we estimate our pre-tax profits and losses by jurisdiction and forecast our tax expense by jurisdiction. If the mix of profits and losses, our ability to use tax credits or effective tax rates in a given jurisdiction differs from our estimate, our actual tax rate could be materially different than forecasted, which could have a material impact on our results of business, financial condition and results of operations. Additionally, our actual tax rate may be subject to further uncertainty due to potential changes in U.S. and foreign tax rules.
 

24

Table of Contents

As a multinational corporation, we conduct our business in many countries and are subject to taxation in many jurisdictions. The taxation of our business is subject to the application of multiple and sometimes conflicting tax laws and regulations, as well as multinational tax conventions. Our effective tax rate is highly dependent upon the geographic distribution of our worldwide earnings or losses, the tax regulations and tax holidays in each geographic region, the availability of tax credits and carryforwards, and the effectiveness of our tax planning strategies. The application of tax laws and regulations is subject to legal and factual interpretation, judgment and uncertainty. Tax laws themselves are subject to change as a result of changes in fiscal policy, changes in legislation, and the evolution of regulations and court rulings. Consequently, taxing authorities may impose tax assessments or judgments against us that could materially impact our tax liability and/or our effective income tax rate.

The Organisation for Economic Co-operation and Development (the “OECD”), an international association comprised of 34 countries, including the U.S., has been working on a Base Erosion and Profit Sharing Project. As part of this project, the OECD issued in 2015, and is expected to continue to issue, guidelines and proposals that may change various aspects of the existing framework under which our tax obligations are determined in many of the countries in which we do business. Due to our extensive international business activities, any changes in the taxation of such activities could increase our tax obligations in many countries and may increase our worldwide effective tax rate.
 
In addition, we are subject to examination of our income tax returns by the IRS and other tax authorities. If tax authorities challenge the relative mix of U.S. and international income, our future effective income tax rates could be adversely affected. While we regularly assess the likelihood of adverse outcomes from such examinations and the adequacy of our provision for income taxes, there can be no assurance that such provision is sufficient and that a determination by a tax authority will not have an adverse effect on our business, financial condition and results of operations.

Our inability to acquire and integrate other businesses, products or technologies could seriously harm our competitive position.
 
In order to remain competitive, we may seek to acquire additional businesses, products, or technologies and intellectual property, such as patents. For example, we closed our acquisitions of Meru and AccelOps in the third quarter of 2015 and the second quarter of 2016, respectively. For any past acquisition or possible future acquisition, we may not be successful in negotiating the terms of the acquisition, financing the acquisition, or effectively integrating the acquired business, product, technology or intellectual property and sales force into our existing business and operations. We may have difficulty incorporating acquired technologies, intellectual property or products with our existing product lines, integrating reporting systems and procedures, and maintaining uniform standards, controls, procedures and policies. For example, we may experience difficulties integrating an acquired company’s ERP system, sales and support processes and systems, and other processes and systems with our current systems and processes. Our due diligence may fail to identify all of the problems, liabilities or other shortcomings or challenges of an acquired business, product or technology, including issues with intellectual property, product quality or product architecture, regulatory compliance practices, revenue recognition or other accounting practices or employee or customer issues, and we may not accurately forecast the financial impact of an acquisition. In addition, any acquisitions we are able to complete may be dilutive to revenue growth and earnings and may not result in any synergies or other benefits we had expected to achieve, which could result in impairment charges that could be substantial. We may have to pay cash, incur debt, or issue equity securities to pay for any acquisition, each of which could affect our financial condition or the value of our capital stock and could result in dilution to our stockholders. Acquisitions during a quarter may result in increased operating expenses and adversely affect our results of operations for that period or future periods compared to the results that we have previously forecasted or achieved. Further, completing a potential acquisition and integrating acquired businesses, products, technologies or intellectual property could significantly divert management time and resources.

Our business is subject to the risks of warranty claims, product returns, product liability and product defects.
 
Our products are very complex and, despite testing prior to their release, have contained and may contain undetected defects or errors, especially when first introduced or when new versions are released. Product errors have affected the performance of our products and could delay the development or release of new products or new versions of products, adversely affect our reputation and our end-customers’ willingness to buy products from us, and adversely affect market acceptance or perception of our products. Any such errors or delays in releasing new products or new versions of products or allegations of unsatisfactory performance could cause us to lose revenue or market share, increase our service costs, cause us to incur substantial costs in redesigning the products, cause us to lose significant end-customers, subject us to liability for damages and divert our resources from other tasks, any one of which could materially and adversely affect our business, results of operations and financial condition. Our products must successfully interoperate with products from other vendors. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. The occurrence of hardware and software errors, whether or not caused by our products, could delay or reduce market acceptance of our products,

25

Table of Contents

and have an adverse effect on our business and financial performance, and any necessary revisions may cause us to incur significant expenses. The occurrence of any such problems could harm our business, financial condition and results of operations.
 
Although we generally have limitation of liability provisions in our standard terms and conditions of sale, they may not fully or effectively protect us from claims as a result of federal, state or local laws or ordinances or unfavorable judicial decisions in the U.S. or other countries, and in some circumstances we may be required to indemnify a customer in full, without a limitation on liability, for certain liabilities, including potential liabilities that are not contractually limited. The sale and support of our products also entail the risk of product liability claims. We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not cover such claim at all or may not adequately cover any claim asserted against us, and in some instances may subject us to potential liability that is not contractually limited. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and divert management’s time and other resources.
 
Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by manmade problems such as civil unrest, labor disruption, and terrorism.

A significant natural disaster, such as an earthquake, fire, power outage, flood, or other catastrophic event could have a material adverse impact on our business, operating results and financial condition. Our corporate headquarters are located in the San Francisco Bay Area, a region known for seismic activity, and our research and development and data office center in Vancouver, Canada is subject to the risk of flooding and is also in a region known for seismic activity. In addition, natural disasters could affect our manufacturing vendors, suppliers or logistics providers’ ability to perform services, such as obtaining product components and manufacturing products, or assisting with shipments, on a timely basis, as well as our customers’ ability to order from us and our employees’ ability to perform their duties. In the event our or our service providers’ information technology systems or manufacturing or logistics abilities are hindered by any of the events discussed above, shipments could be delayed, resulting in our missing financial targets, such as revenue and shipment targets, for a particular quarter. In addition, regional instability, civil unrest, labor disruptions, acts of terrorism and other geo-political unrest could cause disruptions in our business or the business of our manufacturers, logistics providers, partners or end-customers, or of the economy as a whole. Given our typical concentration of sales at the end of each quarter, any disruption in the business of our manufacturers, logistics providers, partners or end-customers that impacts sales at the end of our quarter could have a significant adverse impact on our quarterly results. To the extent that any of the above results in delays or cancellations of customer orders, or in the delay of the manufacture, deployment or shipment of our products, our business, financial condition and results of operations would be adversely affected.

Risks Related to Our Industry

The network security market is rapidly evolving and the complex technology incorporated in our products makes them difficult to develop. If we do not accurately predict, prepare for and respond promptly to technological and market developments and changing end-customer needs, our competitive position and prospects will be harmed.
 
The network security market is expected to continue to evolve rapidly. Moreover, many of our end-customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex enterprise networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. In addition, computer hackers and others who try to attack networks employ increasingly sophisticated techniques to gain access to and attack systems and networks. The technology in our products is especially complex because it needs to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance. Additionally, some of our new products and enhancements may require us to develop new hardware architectures and ASICs that involve complex, expensive and time consuming research and development processes. Although the market expects rapid introduction of new products or product enhancements to respond to new threats, the development of these products is difficult and the timetable for commercial release and availability is uncertain and there can be long time periods between releases and availability of new products. We have in the past and may in the future experience unanticipated delays in the availability of new products and services and fail to meet previously announced timetables for such availability. If we do not quickly respond to the rapidly changing and rigorous needs of our end-customers by developing and releasing and making available on a timely basis new products and services or enhancements that can respond adequately to new security threats, our competitive position and business prospects will be harmed.

Moreover, business models based on software-as-a-service (“SaaS”) and infrastructure-as-a-service (“Iaas”), both of which are hosted or cloud-based services, have become increasingly in-demand by our end-customers and adopted by other providers, including our competitors. While part of our platform is cloud-based, most of our platform is currently deployed on

26

Table of Contents

premise, and therefore, if customers demand that our platform be provided through a SaaS or IaaS business model, we would be required to make additional investments in our infrastructure and personnel to be able to more fully provide our platform through a SaaS or IaaS model in order to maintain the competitiveness of our platform. Such investments may involve expanding our data centers, servers and networks, and increasing our technical operations and engineering teams. These risks are compounded by the uncertainty concerning the future viability of SaaS and IaaS business models and the future demand for such models by customers. Additionally, if we are unable to meet the demand to provide our services through a SaaS or IaaS model, we may lose customers to competitors.

Our uniform resource locator (“URL”) database for our web filtering service may fail to keep pace with the rapid growth of URLs and may not categorize websites in accordance with our end-customers expectations.
 
The success of our web filtering service depends on the breadth and accuracy of our URL database. Although our URL database currently catalogs millions of unique URLs, it contains only a portion of the URLs for all of the websites that are available on the Internet. In addition, the total number of URLs and software applications is growing rapidly, and we expect this rapid growth to continue in the future. Accordingly, we must identify and categorize content for our security risk categories at an extremely rapid rate. Our database and technologies may not be able to keep pace with the growth in the number of websites, especially the growing amount of content utilizing foreign languages and the increasing sophistication of malicious code and the delivery mechanisms associated with spyware, phishing and other hazards associated with the Internet. Further, the ongoing evolution of the Internet and computing environments will require us to continually improve the functionality, features and reliability of our web filtering function. Any failure of our databases to keep pace with the rapid growth and technological change of the Internet could impair the market acceptance of our products, which in turn could harm our business, financial condition and results of operations.
 
In addition, our web filtering service may not be successful in accurately categorizing Internet and application content to meet our end-customers’ expectations. We rely upon a combination of automated filtering technology and human review to categorize websites and software applications in our proprietary databases. Our end-customers may not agree with our determinations that particular URLs should be included or not included in specific categories of our databases. In addition, it is possible that our filtering processes may place material that is objectionable or that presents a security risk in categories that are generally unrestricted by our customers’ Internet and computer access policies, which could result in such material not being blocked from the network. Conversely, we may miscategorize websites such that access is denied to websites containing information that is important or valuable to our customers. Any miscategorization could result in customer dissatisfaction and harm our reputation. Any failure to effectively categorize and filter websites according to our end-customers’ and channel partners’ expectations could impair the growth of our business.

If our new products and product enhancements do not achieve sufficient market acceptance, our results of operations and competitive position will suffer.
 
We spend substantial amounts of time and money to research and develop new products and enhanced versions of our existing products in order to incorporate additional features, improved functionality or other enhancements in order to meet our customers’ rapidly evolving demands for network security in our highly competitive industry. When we develop a new product or an enhanced version of an existing product, we typically incur expenses and expend resources upfront to market, promote and sell the new offering. Therefore, when we develop and introduce new or enhanced products, they must achieve high levels of market acceptance in order to justify the amount of our investment in developing and bringing them to market.
 
Our new products or product enhancements could fail to attain sufficient market acceptance for many reasons, including:
 
delays in releasing our new products or enhancements to the market;
 
failure to accurately predict market demand in terms of product functionality and to supply products that meet this demand in a timely fashion;
 
failure of our sales force and partners to focus on selling new products;
 
inability to interoperate effectively with the networks or applications of our prospective end-customers;
 
inability to protect against new types of attacks or techniques used by hackers;
 
actual or perceived defects, vulnerabilities, errors or failures;

27

Table of Contents

 
negative publicity about their performance or effectiveness;
 
introduction or anticipated introduction of competing products by our competitors;
 
poor business conditions for our end-customers, causing them to delay IT purchases;
 
changes to the regulatory requirements around security; and
 
reluctance of customers to purchase products incorporating open source software.
 
If our new products or enhancements do not achieve adequate acceptance in the market, our competitive position will be impaired, our revenue will be diminished and the effect on our operating results may be particularly acute because of the significant research, development, marketing, sales and other expenses we incurred in connection with the new product or enhancement.
  
Demand for our products may be limited by market perception that individual products from one vendor that provide multiple layers of security protection in one product are inferior to point solution network security solutions from multiple vendors.
 
Sales of many of our products depend on increased demand for incorporating broad security functionality in one appliance. If the market for these products fails to grow as we anticipate, our business will be seriously harmed. Target customers may view “all-in-one” network security solutions as inferior to security solutions from multiple vendors because of, among other things, their perception that such products of ours provide security functions from only a single vendor and do not allow users to choose “best-of-breed” defenses from among the wide range of dedicated security applications available. Target customers might also perceive that, by combining multiple security functions into a single platform, our solutions create a “single point of failure” in their networks, which means that an error, vulnerability or failure of our product may place the entire network at risk. In addition, the market perception that “all-in-one” solutions may be suitable only for small- and medium-sized businesses because such solution lacks the performance capabilities and functionality of other solutions may harm our sales to large enterprise, service provider and government organization end-customers. If the foregoing concerns and perceptions become prevalent, even if there is no factual basis for these concerns and perceptions, or if other issues arise with our market in general, demand for multi-security functionality products could be severely limited, which would limit our growth and harm our business, financial condition and results of operations. Further, a successful and publicized targeted attack against us, exposing a “single point of failure,” could significantly increase these concerns and perceptions and may harm our business and results of operations.
 
We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position.
 
The market for network security products is intensely competitive, and we expect competition to intensify in the future. Our competitors include companies such as Check Point, Cisco, F5 Networks, FireEye, Intel, Juniper, Palo Alto Networks, SonicWALL, Sophos and Symantec.
 
Many of our existing and potential competitors enjoy substantial competitive advantages such as:
 
greater name recognition and longer operating histories;
 
larger sales and marketing budgets and resources;
 
broader distribution and established relationships with distribution partners and end-customers;
 
access to larger customer bases;
 
greater customer support resources;
 
greater resources to make acquisitions;
 
lower labor and development costs; and
 

28

Table of Contents

substantially greater financial, technical and other resources.
 
In addition, some of our larger competitors have substantially broader product offerings, and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages customers from purchasing our products. These larger competitors often have broader product lines and market focus, and are in a better position to withstand any significant reduction in capital spending by end-customers in these markets. Therefore, these competitors will not be as susceptible to downturns in a particular market. Also, many of our smaller competitors that specialize in providing protection from a single type of network security threat are often able to deliver these specialized network security products to the market more quickly than we can. Some of our smaller competitors are using third-party chips designed to accelerate performance. Conditions in our markets could change rapidly and significantly as a result of technological advancements or continuing market consolidation. Our competitors and potential competitors may also be able to develop products or services that are equal or superior to ours, achieve greater market acceptance of their products and services, and increase sales by utilizing different distribution channels than we do. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. In addition, current or potential competitors may be acquired by third parties with greater available resources, and new competitors may arise pursuant to acquisitions of network security companies or divisions. As a result of such acquisitions, competition in our market may continue to increase and our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisition or other opportunities more readily, or develop and expand their product and service offerings more quickly than we do. In addition, our competitors may bundle products and services competitive with ours with other products and services. Customers may accept these bundled products and services rather than separately purchasing our products and services. Due to budget constraints or economic downturns, organizations may be more willing to incrementally add solutions to their existing network security infrastructure from competitors than to replace it with our solutions. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer customer orders, reduced revenue and gross margins and loss of market share.
 
If functionality similar to that offered by our products is incorporated into existing network infrastructure products, organizations may decide against adding our appliances to their network, which would have an adverse effect on our business.
 
Large, well-established providers of networking equipment such as Cisco, F5 Networks and Juniper offer, and may continue to introduce, network security features that compete with our products, either in standalone security products or as additional features in their network infrastructure products. The inclusion of, or the announcement of an intent to include, functionality perceived to be similar to that offered by our security solutions in networking products that are already generally accepted as necessary components of network architecture may have an adverse effect on our ability to market and sell our products. Furthermore, even if the functionality offered by network infrastructure providers is more limited than our products, a significant number of customers may elect to accept such limited functionality in lieu of adding appliances from an additional vendor such as us. Many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking products, which may make them reluctant to add new components to their networks, particularly from other vendors such as us. In addition, an organization’s existing vendors or new vendors with a broad product offering may be able to offer concessions that we are not able to match because we currently offer only network security products and have fewer resources than many of our competitors. If organizations are reluctant to add additional network infrastructure from new vendors or otherwise decide to work with their existing vendors, our business, financial condition and results of operations will be adversely affected.

Risks Related to Intellectual Property

Our proprietary rights may be difficult to enforce, which could enable others to copy or use aspects of our products without compensating us.
 
We rely primarily on patent, trademark, copyright and trade secrets laws and confidentiality procedures and contractual provisions to protect our technology. Valid patents may not issue from our pending applications, and the claims eventually allowed on any patents may not be sufficiently broad to protect our technology or products. Any issued patents may be challenged, invalidated or circumvented, and any rights granted under these patents may not actually provide adequate defensive protection or competitive advantages to us. Patent applications in the U.S. are typically not published until at least 18 months after filing, or, in some cases, not at all, and publications of discoveries in industry-related literature lag behind actual discoveries. We cannot be certain that we were the first to make the inventions claimed in our pending patent applications or that we were the first to file for patent protection. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a

29

Table of Contents

timely manner. In addition, recent changes to the patent laws in the U.S. may bring into question the validity of certain software patents and may make it more difficult and costly to prosecute patent applications. As a result, we may not be able to obtain adequate patent protection or effectively enforce our issued patents.
 
Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. We generally enter into confidentiality or license agreements with our employees, consultants, vendors and customers, and generally limit access to and distribution of our proprietary information. However, we cannot guarantee that the steps taken by us will prevent misappropriation of our technology. Policing unauthorized use of our technology or products is difficult. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the U.S., and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the U.S. From time to time, legal action by us may be necessary to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results and financial condition. If we are unable to protect our proprietary rights (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.

Our products contain third-party open source software components, and failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products.
 
Our products contain software modules licensed to us by third-party authors under “open source” licenses, including the GNU Public License, the GNU Lesser Public License, the BSD License, the Apache License the MIT X License and the Mozilla Public License. From time to time, there have been claims against companies that distribute or use open source software in their products and services, asserting that open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming infringement of intellectual property rights in what we believe to be licensed open source software. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Some open source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of product sales for us.
 
Although we monitor our use of open source software to avoid subjecting our products to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products. In this event, we could be required to seek licenses from third parties to continue offering our products, to make our proprietary code generally available in source code form, to re-engineer our products or to discontinue the sale of our products if re-engineering could not be accomplished on a timely basis, any of which requirements could adversely affect our business, operating results and financial condition.
 
Claims by others that we infringe their proprietary technology or other litigation matters could harm our business.
 
Patent and other intellectual property disputes are common in the network security industry. Third parties are currently asserting, have asserted and may in the future assert claims of infringement of intellectual property rights against us. They have also asserted such claims against our end-customers or channel partners whom we may indemnify against claims that our products infringe the intellectual property rights of third parties. As the number of products and competitors in our market increases and overlaps occur, infringement claims may increase. Any claim of infringement by a third-party, even those without merit, could cause us to incur substantial costs defending against the claim and could distract our management from our business. In addition, litigation may involve patent holding companies, non-practicing entities or other adverse patent owners who have no relevant product revenue and against whom our own patents may therefore provide little or no deterrence or protection.
 
Although third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, financial condition and results of operations to be materially and adversely affected. In addition, some licenses may be non-exclusive and, therefore, our competitors may have access to the same technology licensed to us.
 

30

Table of Contents

Alternatively, we may be required to develop non-infringing technology, which could require significant time, effort and expense, and may ultimately not be successful. Furthermore, a successful claimant could secure a judgment or we may agree to a settlement that prevents us from distributing certain products or performing certain services or that requires us to pay substantial damages (including treble damages if we are found to have willfully infringed such claimant’s patents or copyrights), royalties or other fees. Any of these events could seriously harm our business, financial condition and results of operations.

From time to time we are subject to lawsuits claiming patent infringement. We are also subject to other litigation in addition to patent infringement claims, such as employment-related litigation and disputes, as well as general commercial litigation, and could become subject to other forms of litigation and disputes, including stockholder litigation. If we are unsuccessful in defending any such claims, our operating results and financial condition and results may be materially and adversely affected. For example, we may be required to pay substantial damages and could be prevented from selling certain of our products. Litigation, with or without merit, could negatively impact our business, reputation and sales in a material fashion.

We have several ongoing patent lawsuits, several non-practicing entity patent holding companies have sent us letters proposing that we license certain of their patents and organizations have sent letters demanding that we provide indemnification for patent claims. Given this and the proliferation of lawsuits in our industry and other similar industries by both non-practicing entities and operating entities, we expect that we will be sued for patent infringement in the future, regardless of the merits of any such lawsuits. The cost to defend such lawsuits and any adverse result in such lawsuits could have a material adverse effect on our results of operations and financial condition.

We rely on the availability of third-party licenses.
 
Many of our products include software or other intellectual property licensed from third parties. It may be necessary in the future to renew licenses relating to various aspects of these products or to seek new licenses for existing or new products. There can be no assurance that the necessary licenses would be available on acceptable terms, if at all. The inability to obtain certain licenses or other rights or to obtain such licenses or rights on favorable terms, or the need to engage in litigation regarding these matters, could result in delays in product releases until equivalent technology can be identified, licensed or developed, if at all, and integrated into our products and may have a material adverse effect on our business, operating results, and financial condition. Moreover, the inclusion in our products of software or other intellectual property licensed from third parties on a nonexclusive basis could limit our ability to differentiate our products from those of our competitors.

Risks Related to Ownership of our Common Stock

As a public company, we are subject to compliance initiatives that will require substantial time from our management and result in significantly increased costs that may adversely affect our operating results and financial condition.
 
The Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley”), Dodd-Frank and other rules implemented by the SEC and The NASDAQ Stock Market impose various requirements on public companies, including requiring changes in corporate governance practices. These requirements, as well as proposed corporate governance laws and regulations under consideration, may further increase our compliance costs. If compliance with these various legal and regulatory requirements diverts our management’s attention from other business concerns, it could have a material adverse effect on our business, financial condition and results of operations. Sarbanes-Oxley requires, among other things, that we assess the effectiveness of our internal control over financial reporting annually, and of our disclosure controls and procedures quarterly. Although our most recent assessment, testing and evaluation resulted in our conclusion that as of December 31, 2016, our internal controls over financial reporting were effective, we cannot predict the outcome of our testing in 2017 or future periods. We may incur additional expenses and commitment of management’s time in connection with further evaluations, both of which could materially increase our operating expenses and accordingly reduce our operating results.
 
Changes in financial accounting standards may cause adverse unexpected fluctuations and affect our reported results of operations.
 
A change in accounting standards or practices, and varying interpretations of existing or new accounting pronouncements, such as changes to standards related to revenue recognition (which are effective for us beginning on January 1, 2018) and accounting for leases, as well as the significant costs that may be incurred to adopt and to comply with these new pronouncements, could have a significant effect on our reported financial results or the way we conduct our business. If we do not ensure that our systems and processes are aligned with the new standards, we could encounter difficulties generating quarterly and annual financial statements in a timely manner, which would have an adverse effect on our business and our ability to meet our reporting obligations.

31

Table of Contents

If securities or industry analysts stop publishing research or publish inaccurate or unfavorable research about our business, our stock price and trading volume could decline.
 
The trading market for our common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. If we do not maintain adequate research coverage or if one or more of the analysts who cover us downgrades our stock or publishes inaccurate or unfavorable research about our business, our stock price could decline. If one or more of these analysts ceases coverage of our company or fails to publish reports on us regularly, demand for our stock could decrease, which could cause our stock price and trading volume to decline.
 
The trading price of our common stock may be volatile.
 
The market price of our common stock may be subject to wide fluctuations in response to, among other things, the risk factors described in this periodic report, news about us and our financial results, news about our competitors and their results, and other factors such as rumors or fluctuations in the valuation of companies perceived by investors to be comparable to us, or announcements regarding any stock repurchase programs and the timing and amount of shares we purchase under such programs. For example, during 2016, the closing price of our common stock ranged from $23.83 to $37.17 per share.

 Furthermore, the stock markets have experienced price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. These fluctuations often have been unrelated or disproportionate to the operating performance of those companies. These broad market and industry fluctuations, as well as general economic, political and market conditions, such as recessions, interest rate changes or international currency fluctuations, may negatively affect the market price of our common stock.
 
In the past, many companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation. We may be the target of this type of litigation in the future. Securities litigation against us could result in substantial costs and divert our management’s attention from other business concerns, which could seriously harm our business.

Anti-takeover provisions contained in our certificate of incorporation and bylaws, as well as provisions of Delaware law, could impair a takeover attempt.
 
Our certificate of incorporation, bylaws and Delaware law contain provisions that could have the effect of rendering more difficult, delaying or preventing an acquisition deemed undesirable by our board of directors. Our corporate governance documents include provisions:
 
providing for a classified board of directors whose members serve staggered three-year terms;
 
authorizing “blank check” preferred stock, which could be issued by the board without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our common stock;
 
limiting the liability of, and providing indemnification to, our directors and officers;
 
limiting the ability of our stockholders to call and bring business before special meetings;
 
requiring advance notice of stockholder proposals for business to be conducted at meetings of our stockholders and for nominations of candidates for election to our board of directors;

providing that certain litigation matters may only be brought against us in state or federal courts in the State of Delaware;
 
controlling the procedures for the conduct and scheduling of board and stockholder meetings; and
 
providing the board of directors with the express power to postpone previously scheduled annual meetings and to cancel previously scheduled special meetings.
 
These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management.
 

32

Table of Contents

As a Delaware corporation, we are also subject to provisions of Delaware law, including Section 203 of the Delaware General Corporation law, which prevents some stockholders holding more than 15% of our outstanding common stock from engaging in certain business combinations without approval of the holders of a substantial majority of all of our outstanding common stock.
 
Any provision of our certificate of incorporation or bylaws or Delaware law that has the effect of delaying or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our common stock, and could also affect the price that some investors are willing to pay for our common stock.
ITEM 1B.     Unresolved Staff Comments

Not applicable.

ITEM 2.     Properties

Our corporate headquarters is located in Sunnyvale, California and comprises approximately 164,000 square feet of office and building space. Along with our corporate headquarters, as of December 31, 2016, we also owned approximately 200,000 square feet in Union City, California used as a distribution facility; approximately 94,000 square feet of land and buildings adjacent to our corporate headquarters intended to support growth in our business operations; and approximately 64,000 square feet of office and building space in Sophia, France and Ottawa, Canada predominantly used as sales and/or support offices and for research and development work.
In addition, in January 2017, we purchased 10,000 square feet of land and building adjacent to our corporate headquarters. We have also made real estate purchases that are currently in escrow and purchases that are signed but not yet in escrow totaling 350,000 square feet intended to support growth in our business operations.
We also lease approximately 132,000 square feet of space in Vancouver, Canada under lease agreements that expire in 2020 to support our research and development and operations. We maintain additional offices throughout the U.S. and various international locations, including Japan, France, India, China, the UK, Mexico and Germany. We believe that our existing properties are sufficient and suitable to meet our current needs. We intend to expand our facilities or add new facilities as we add employees and enter new geographic markets, and we believe that suitable additional or alternative space will be available as needed to accommodate ongoing operations and any such growth. However, we expect to incur additional operating expenses and capital expenditures in connection with such new or expanded facilities.

For information regarding the geographical location of our property and equipment, see Note 14 to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K.

ITEM 3.     Legal Proceedings

We are subject to various claims, complaints and legal actions that arise from time to time in the normal course of business. We believe that the possibility that any of the current pending claims, complaints or legal proceedings will result in a material loss is remote. There can be no assurance that existing or future legal proceedings arising in the ordinary course of business or otherwise will not have a material adverse effect on our business, consolidated financial position, results of operations or cash flows.

In October 2016, we received a letter from the United States Attorney's Office for the Northern District of California requesting information relating to our compliance with the Trade Agreements Act. This inquiry is ongoing and we are fully cooperating with this inquiry. 

ITEM 4.     Mine Safety Disclosure

Not applicable.


33

Table of Contents

Part II

ITEM 5.
Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

Our common stock is traded on The NASDAQ Global Select Market under the symbol “FTNT.” The following table sets forth, for the time periods indicated, the high and low closing sales price of our common stock, as reported on the NASDAQ Global Select Market.
 
2016
 
2015
 
High
 
Low
 
High
 
Low
Fourth Quarter
$
36.94

 
$
28.61

 
$
44.19

 
$
30.42

Third Quarter
$
37.17

 
$
31.57

 
$
48.83

 
$
39.97

Second Quarter
$
34.78

 
$
28.79

 
$
43.74

 
$
33.72

First Quarter
$
30.63

 
$
23.83

 
$
35.48

 
$
29.22


Holders of Record

As of February 17, 2017 , there were 62 holders of record of our common stock. A substantially greater number of holders of our common stock are “street name” or beneficial holders, whose shares are held by banks, brokers and other financial institutions.

Dividends

We have never declared or paid cash dividends on our capital stock. We do not anticipate paying any cash dividends in the foreseeable future. Any future determination to declare cash dividends will be made at the discretion of our board of directors and will depend on our financial condition, operating results, capital requirements, general business conditions and other factors that our board of directors may deem relevant.

Stock Performance Graph

This performance graph shall not be deemed “filed” for purposes of Section 18 of the Exchange Act, or incorporated by reference into any filing of Fortinet under the Securities Act of 1933, as amended (the “Securities Act ), or the Exchange Act, except as shall be expressly set forth by specific reference in such filing.

The following graph compares the cumulative five-year total return for our common stock, the NASDAQ Composite Index and the NASDAQ Computer Index. Such returns are based on historical results and are not intended to suggest future performance. Data for the NASDAQ Composite Index and the NASDAQ Computer Index assume reinvestment of dividends. We have never declared or paid cash dividends on our capital stock, nor do we anticipate paying any such cash dividends in the foreseeable future.



34

Table of Contents

COMPARISON OF CUMULATIVE TOTAL RETURN*
Among Fortinet, Inc., The NASDAQ Composite Index and
The NASDAQ Computer Index
FTNT10K2016STOCKGRAPHJ.JPG
 
 
December 2011 *
 
December 2012
 
December 2013
 
December 2014
 
December 2015
 
December 2016
Fortinet, Inc.
 
$
100

 
$
96

 
$
88

 
$
140

 
$
143

 
$
138

NASDAQ Composite
 
$
100

 
$
116

 
$
160

 
$
182

 
$
192

 
$
207

NASDAQ Computer
 
$
100

 
$
112

 
$
148

 
$
178

 
$
189

 
$
212


________________
* Assumes that $100 was invested on December 31, 2011 in stock or index, including reinvestment of dividends. Stockholder returns over the indicated period should not be considered indicative of future stockholder returns.
 
Sales of Unregistered Securities

None.

Purchases of Equity Securities by the Issuer and Affiliated Purchasers

Share Repurchase Program

In January 2016, our board of directors approved a new Share Repurchase Program (the “2016 Repurchase Program”), which authorizes the repurchase of up to $200.0 million of our outstanding common stock through December 31, 2017. In October 2016, our board of directors authorized the purchase of an additional $100.0 million of shares of our common stock under the 2016 Repurchase Program, increasing our current authorization to $300.0 million through December 31, 2017. Under the 2016 Repurchase Program, share repurchases may be made by us from time to time in privately negotiated transactions or in open market transactions. The 2016 Repurchase Program does not require us to purchase a minimum number of shares, and may be suspended, modified or discontinued at any time without prior notice.






35

Table of Contents

The following table provides information with respect to the shares of common stock we repurchased during the three months ended December 31, 2016 (in thousands, except share and per share amounts):
Period
 
Total Number of Shares Purchased
 
Average Price Paid per Share
 
Total Number of Shares Purchased as Part of Publicly Announced Plan or Program
 
Approximate Dollar Value of Shares that May Yet Be Purchased Under the Plans or Programs
October 1 - October 31, 2016
 
578,044

 
$
31.92

 
578,044

 
$
206,548

November 1 - November 30, 2016
 
205,455

 
$
31.87

 
205,455

 
$
200,000

December 1 - December 31, 2016
 
375,048

 
$
28.87

 
375,048

 
$
189,172


ITEM 6.     Selected Financial Data

The following selected consolidated financial data set forth below was derived from our historical audited consolidated financial statements and should be read in conjunction with the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and “Financial Statements and Supplementary Data,” and other financial data included elsewhere in this Annual Report on Form 10-K. Our historical results of operations are not indicative of our future results of operations.

 
Year Ended December 31,
 
2016
 
2015
 
2014
 
2013
 
2012
 
(in thousands, except per share amounts)
Consolidated Statement of Operations Data:
 
 
 
 
 
 
 
 
 
Total revenue
$
1,275,443

 
$
1,009,268

 
$
770,364

 
$
615,297

 
$
533,639

Operating income
$
42,944

 
$
14,877

 
$
59,324

 
$
72,090

 
$
100,475

Net income
$
32,187

 
$
7,987

 
$
25,343

 
$
44,273

 
$
66,836

Net income per share   :
 
 
 
 
 
 
 
 
 
Basic
$
0.19

 
$
0.05

 
$
0.15

 
$
0.27

 
$
0.42

Diluted
$
0.18

 
$
0.05

 
$
0.15

 
$
0.26

 
$
0.40

Weighted-average shares outstanding:
 
 
 
 
 
 
 
 
 
Basic
172,621

 
170,385

 
163,831

 
162,435

 
158,074

Diluted
176,338

 
176,141

 
169,289

 
168,183

 
166,329


 
As of December 31,
2016
 
2015
 
2014
 
2013
 
2012
(in thousands)
Consolidated Balance Sheet Data:
 
 
 
 
 
 
 
 
 
Cash, cash equivalents and investments
$
1,310,508

 
$
1,164,310

 
$
991,744

 
$
843,045

 
$
739,586

Total assets
$
2,139,941

 
$
1,790,510

 
$
1,424,774

 
$
1,168,464

 
$
975,497

Total stockholders’ equity
$
837,681

 
$
755,377

 
$
675,966

 
$
585,760

 
$
510,934



36

Table of Contents

ITEM 7.     Management’s Discussion and Analysis of Financial Condition and Results of Operations

In addition to historical information, this Annual Report on Form 10-K contains forward-looking statements within the meaning of Section 27A of the Securities Act and Section 21E of the Exchange Act. These statements include, among other things, statements concerning our expectations regarding:

continued growth and market share gains;

variability in sales in certain product categories from year to year and between quarters;

expected impact of sales of certain products and services;

the impact of macro-economic and geopolitical factors on our international sales;

the proportion of our revenue that consists of our product and service revenue, and the mix of billings between products and services, and the duration of service contracts;
 
the impact of our product innovation strategy;

drivers of long-term growth and operating leverage, such as increased functionality and value in our standalone and bundled security subscription and support service offerings;

growing our sales to enterprise, service provider and government organizations, the impact of sales to these organizations on our long-term growth, expansion and operating results, and the effectiveness of our internal sales organization;

trends in revenue, costs of revenue and gross margin;
 
trends in our operating expenses, including sales and marketing expense, research and development expense, general and administrative expense, and expectations regarding these expenses as a percentage of revenue;

continued investments in research and development;

managing our continued investments in sales and marketing, and the impact of those investments;

expectations regarding uncertain tax benefits and our effective tax rate;

expectations regarding spending related to real estate and other capital expenditures;

competition in our markets;

integration of acquired companies and technologies and expectations related to acquisitions;

success and expansion of our recently implemented ERP system;

our intentions regarding repatriation of cash, cash equivalents and investments held by our international subsidiaries and the sufficiency of our existing cash, cash equivalents and investments to meet our cash needs for at least the next 12 months;

other statements regarding our future operations, financial condition and prospects and business strategies; and

adoption of new accounting standards, including those related to revenue recognition and accounting for leases.

These forward-looking statements are subject to certain risks and uncertainties that could cause our actual results to differ materially from those reflected in the forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those discussed in this Annual Report on Form 10-K and, in particular, the risks

37

Table of Contents

discussed under the heading “Risk Factors” in Part I, Item 1A of this Annual Report on Form 10-K and those discussed in other documents we file with the SEC. We undertake no obligation to revise or publicly release the results of any revision to these forward-looking statements. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements.

Business Overview

We provide high performance cybersecurity solutions to a wide variety of enterprises, service providers and government organizations of all sizes across the globe, including a majority of the 2016 Fortune 100. Our cybersecurity solutions are designed to provide broad, rapid protection against dynamic and sophisticated security threats, while simplifying the IT and security infrastructure of our end-customers.

The evolving cyber threat environment is unprecedented both in terms of volume and sophistication of attacks. As a result, cybersecurity has increased both in priority and in management complexity for organizations of all sizes, especially enterprises. In addition, the growth of IoT devices and the decision by organizations to increasingly move computing and infrastructure resources to the cloud necessitate increased visibility and security orchestration across a widely distributed ecosystem of networks. Our common operating system, centralized management and open application program interfaces allow many of the solutions in our portfolio, as well as those of our partner community, to be combined to create an integrated security architecture. The Fortinet Security Fabric is designed to address sophisticated threats and next-generation environments, including IoT and the cloud. The Fortinet Security Fabric connects our products, services and ecosystem partner solutions to help provide visibility and protection at all points in the network, from endpoint to data center to the cloud, regardless of whether deployed in physical, virtual or hybrid cloud environments or on endpoint devices. The Fortinet Security Fabric delivers integrated scalability, access control, awareness, security, traffic segmentation, centralized management and orchestration. The Fortinet Security Fabric is built around an open framework to ensure interoperability and synchronization of intelligence and response, and does so across the distributed network security infrastructure, including both from the cloud and for the cloud. At the core of the Fortinet Security Fabric are our FortiGate physical and software licenses, which ship with a broad set of security services, including firewall, VPN, anti-malware, anti-spam, application control, intrusion prevention, access control, web filtering, traffic and device segmentation and ATP. Many of these security services are tuned and updated by our FortiGuard Labs team, which provides threat research and a global cloud network of data collection and intelligence resources to deliver subscription-based services to FortiGate appliances and software products.

Enterprise customers select the form and deployment method that best meet their specific security requirements, such as a high-speed DCFW at the network core, a NGFW at the edge, an internal segmentation firewall (“ISFW”) between network zones, a distributed enterprise firewall at branch sites or software and hardware-based solutions designed for virtualized and cloud environments. Many smaller businesses also tend to deploy UTM devices. We derive a substantial majority of product sales from our FortiGate appliances, which range from the FortiGate-20 to -100 series, designed for small businesses, FortiGate-200 to -900 series for medium-sized businesses, to the FortiGate-1000 to -7000 series for large enterprises and service providers. Our network security platform also includes our FortiGuard security subscription services, which end-customers can subscribe to in order to obtain access to dynamic updates to application control, anti-virus, intrusion prevention, web filtering, and anti-spam functionality. End-customers may also purchase FortiManager and FortiAnalyzer products in conjunction with a FortiGate deployment to provide enterprise-class centralized management, analysis and reporting capabilities. FortiSIEM provides organizations with a solution for analyzing and managing network security, performance and compliance standards across our and other vendors’ products. Finally, end-customers may purchase FortiCare technical support services for our products and FortiCare professional services to assist in the design, implementation and maintenance of their networks.

We complement our core FortiGate product line with other appliances and software licenses that offer additional protection from security threats to other critical areas of the enterprise. These products include our FortiMail email security, FortiSandbox ATP, FortiWeb web application firewall, FortiDDoS, and FortiDB database security appliances, as well as our FortiClient endpoint security software, FortiAP secure wireless access points and FortiSwitch secure switch connectivity products.

Sales of complementary products and software licenses have outpaced our overall growth in recent quarters. Our strong technology advantages also position us to effectively deliver security to the cloud and for the cloud. Sales of our cloud related products and services across public, private and hybrid cloud environments continue to grow faster than other part of our business.




38

Table of Contents


Financial Highlights

We recorded total revenue of $1.28 billion in 2016 , an increase of 26% compared to 2015 . Product revenue was $548.1 million in 2016, an increase of 15% compared to 2015 . Service revenue was $727.3 million in 2016 , an increase of 37% compared to 2015 .

Cash, cash equivalents and investments were $1.31 billion as of December 31, 2016 , an increase of $146.2 million , or 13% , from December 31, 2015 .

Deferred revenue was $1.04 billion as of December 31, 2016 , an increase of $244.0 million , or 31% , from December 31, 2015 .

We generated cash flows from operating activities of $345.7 million in 2016 , an increase of $63.2 million , or 22% , compared to 2015 .

We repurchased 3.9 million shares of common stock under our previously-announced Share Repurchase Program for an aggregate purchase price of $110.8 million in 2016.

Revenue grew in 2016 as our strategy of investing in sales and marketing enabled us to continue to gain market share and customers. Our sales increased in 2016, primarily due to the strength in sales of our enterprise service bundles and the Fortinet Security Fabric. We are also starting to see a shift from product revenues to higher-margin, recurring service revenues. On a geographic basis, revenue continues to be diversified globally, which remains a key strength of our business.
 
The percentage of our FortiGate related billings from mid-range products increased from 25% in 2015 to 28% in 2016 and the entry-level products remained at 34% in 2016, consistent with billings in 2015. The percentage of our FortiGate related billings from high-end products decreased from 41% in 2015 to 38% in 2016. The sale of non-FortiGate products also grew significantly, such as growth in our FortiSandbox ATP products. We also saw more deals that included multiple Fortinet products in physical, virtual and cloud environments.

In 2016 , operating expenses increased by $187.0 million , or 26% , as compared to 2015 . The increase was primarily driven by our investments made to expand our sales coverage, grow our marketing capabilities, develop new products and scale our customer support. We also continue to invest in research and development to strengthen our technology leadership position. We believe that continued product innovation has strengthened our technology and resulted in market share gains. In addition, we incurred expenses from business design and reengineering related to the implementation of a new ERP system. Headcount increased by 16% to 4,665 employees and contractors as of December 31, 2016, up from 4,018 as of December 31, 2015.

Business Model

Our sales strategy is based on a distribution model whereby we primarily sell our products, software licenses and services directly to distributors which sell to resellers and service providers, which, in turn, sell to our end-customers. In certain cases, we sell directly to government-focused resellers, large service providers and major systems integrators, which have significant purchasing power and unique customer deployment requirements. We also offer our products through Amazon Web Services and Microsoft Azure. While the revenue from such sales are still relatively insignificant, they are rapidly increasing and are aligned with the networking trends of our customers and the industry as a whole.

Typically, FortiGuard security subscription services and FortiCare technical support services are purchased along with our physical products and software licenses, most frequently as part of a bundle offering that includes hardware and services functionality. We generally invoice at the time of our sale for the total price of the products and security and technical support services, and the invoice is payable within 30 to 90 days. We also invoice certain software licenses and services on a monthly basis.

We generally recognize product revenue up front and ratably recognize revenue for the sale of new, and the renewal of existing, FortiGuard security subscription and FortiCare technical support services contracts. We recognize revenue for certain software licenses up front as product revenue and, to a lesser extent, recognize other software licenses over the term of the agreement as services revenue. We recognize the security and support revenue over the service period, which is typically one to three years, but can be as long as five years. Sales of new and renewal services are a source of recurring revenue and increase our deferred revenue balance, which contributes significantly to our positive cash flow from operations.


39

Table of Contents


Key Metrics

We monitor a number of financial and liquidity metrics, including the key financial metrics set forth below, in order to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts, and assess operational efficiencies. The following table summarizes revenue, deferred revenue, billings (non-GAAP), cash, cash equivalents and investments, net cash provided by operating activities, and free cash flow (non-GAAP). We discuss revenue below under “—Components of Operating Results,” and we discuss our cash, cash equivalents, and investments, and net cash provided by operating activities below under “—Liquidity and Capital Resources.” Deferred revenue, billings (non-GAAP), and free cash flow (non-GAAP) are discussed immediately below the following table.

 
Year Ended or As of December 31,
 
2016
 
2015
 
2014
 
(in thousands)
Revenue
$
1,275,443

 
$
1,009,268

 
$
770,364

Deferred revenue
$
1,035,349

 
$
791,303

 
$
558,757

Billings (non-GAAP)
$
1,515,089

 
$
1,232,014

 
$
896,493

Cash, cash equivalents and investments
$
1,310,508

 
$
1,164,310

 
$
991,744

Net cash provided by operating activities
$
345,708

 
$
282,547

 
$
196,582

Free cash flow (non-GAAP)
$
278,526

 
$
245,189

 
$
164,385

    
Deferred revenue. Our deferred revenue consists of amounts that have been invoiced but that have not yet been recognized as revenue. The majority of our deferred revenue balance consists of the unrecognized portion of service revenue from FortiGuard security subscription and FortiCare technical support service contracts, which is recognized as revenue ratably over the contractual service period. We monitor our deferred revenue balance, growth and the mix of short-term and long-term deferred revenue because it represents a significant portion of revenue to be recognized in future periods. Deferred revenue was $1.04 billion as of December 31, 2016 , an increase of $244.0 million , or 31% , from December 31, 2015 .

Billings (Non-GAAP). We define billings as revenue recognized in accordance with GAAP plus the change in deferred revenue from the beginning to the end of the period less any deferred revenue balances acquired from business combination(s) during the period. We consider billings to be a useful metric for management and investors because billings drive future revenue, which is an important indicator of the health and viability of our business. There are a number of limitations related to the use of billings instead of GAAP revenue. First, billings include amounts that have not yet been recognized as revenue and are impacted by the term of security and support agreements. Second, we may calculate billings in a manner that is different from peer companies that report similar financial measures. Management accounts for these limitations by providing specific information regarding GAAP revenue and evaluating billings together with GAAP revenue. Total billings were $1.52 billion for 2016, an increase of 23% compared to $1.23 billion in 2015.

A reconciliation of billings to revenue, the most directly comparable financial measure calculated and presented in accordance with GAAP, is provided below:

 
Year Ended December 31,
2016
 
2015
 
2014
(in thousands)
Billings:
 
 
 
 
 
Revenue
$
1,275,443

 
$
1,009,268

 
$
770,364

Add change in deferred revenue
244,046

 
232,546

 
126,129

Less deferred revenue balance acquired in business combination
(4,400
)
 
(9,800
)
 

Total billings (Non-GAAP)
$
1,515,089

 
$
1,232,014

 
$
896,493


Free cash flow (Non-GAAP). We define free cash flow as net cash provided by operating activities minus capital expenditures such as purchases of real estate and other property and equipment. We consider free cash flow to be a liquidity measure that provides useful information to management and investors about the amount of cash generated by the business that, after capital expenditures, can be used for strategic opportunities, including investing in our business, making strategic

40

Table of Contents

acquisitions, repurchasing outstanding common stock and strengthening the balance sheet. Analysis of free cash flow facilitates management’s comparison of our operating results to those of our peer companies. A limitation of using free cash flow rather than the GAAP measure of net cash provided by operating activities as a means for evaluating liquidity is that free cash flow does not represent the total increase or decrease in the cash, cash equivalents and investments balance for the period because it excludes cash provided by or used for other investing and financing activities. Management accounts for this limitation by providing information about our capital expenditures and other investing and financing activities on the face of the cash flow statement and under “—Liquidity and Capital Resources.” A reconciliation of free cash flow to net cash provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with GAAP, is provided below:

 
Year Ended December 31,
2016
 
2015
 
2014
(in thousands)
Free Cash Flow:
 
 
 
 
 
Net cash provided by operating activities
$
345,708

 
$
282,547

 
$
196,582

Less purchases of property and equipment
(67,182
)
 
(37,358
)
 
(32,197
)
Free cash flow (Non-GAAP)
$
278,526

 
$
245,189

 
$
164,385


Components of Operating Results

Revenue

We generate the majority of our revenue from sales of our products, software licenses and amortization of amounts included in deferred revenue related to previous sales of FortiGuard security subscription and FortiCare technical support services. Revenue is recognized when persuasive evidence of an arrangement exists, delivery has occurred or services have been rendered, the sales price is fixed or determinable and collectability is reasonably assured.

Our total revenue is comprised of the following:
 
Product revenue . Product revenue is primarily generated from sales of our appliances. The substantial majority of our product revenue has been generated by our FortiGate line of appliances, and we do not expect this to change in the foreseeable future. Product revenue also includes revenue derived from sales of software. As a percentage of total revenue, we expect that our product revenue may vary from quarter-to-quarter based on seasonal and cyclical factors, as discussed below under “—Quarterly Results of Operations”, and we expect the trend to continue in 2017.


Service revenue . Service revenue is generated primarily from FortiGuard security subscription services related to application control, antivirus, intrusion prevention, web filtering, anti-spam, ATP and vulnerability management updates, and from FortiCare technical support services for software updates, maintenance releases and patches, Internet access to technical content, telephone and Internet access to technical support personnel and hardware support. We recognize revenue from FortiGuard security subscription and FortiCare technical support services over the contractual service period. Our typical contractual support and subscription term is one to three years. We also generate a small portion of our revenue from professional services and training services, for which we recognize revenue as the services are provided, and cloud-based services, for which we recognize revenue as the subscription service is delivered over the term, which is typically one year, or on a monthly usage basis. We are also starting to see a shift from product revenues to higher-margin, recurring service revenues, which reflects our ongoing success in driving sales of low-end and high-end service bundles, as well as increases in certain software sales and time based service models. Our service revenue growth rate depends significantly on the growth of our customer base, the expansion of our service bundle offerings, the expansion and introduction of new service offerings and the renewal of service contracts by our existing customers.

Our total cost of revenue is comprised of the following:

Cost of product revenue . A substantial majority of the cost of product revenue consists of third-party contract manufacturers' costs, as well as other costs of materials used in production. Our cost of product revenue also includes supplies, shipping costs, personnel costs associated with logistics and quality control, facility-related

41

Table of Contents

costs, excess and obsolete inventory costs, warranty costs, and amortization and impairment of intangible assets, if applicable. Personnel costs include salaries, benefits and bonuses, as well as stock-based compensation.

Cost of service revenue . Cost of service revenue is primarily comprised of salaries, benefits and bonuses, as well as stock-based compensation. Cost of service revenue also includes supplies and facility-related costs.

Gross margin . Gross profit as a percentage of revenue, or gross margin, has been and will continue to be affected by a variety of factors, including the average sales price of our products, any excess inventory write-offs, product costs, the mix of products sold and the mix of revenue between products, software licenses and services. Service revenue and software licenses have had a positive effect on our total gross margin given the higher gross margins compared to product gross margins. During 2016 , product gross margin was positively impacted by higher sales of software products, as well as inventory management and warehouse efficiencies. Service gross margins remained relatively comparable in 2016 compared to 2015. We believe our overall gross margin will remain at a relatively comparable level in 2017.

  Operating expenses . Our operating expenses consist of research and development, sales and marketing, general and administrative expenses, and restructuring charges. Personnel costs are the most significant component of operating expenses and consist primarily of salaries, benefits, bonuses, stock-based compensation, and sales commissions, as applicable. We expect personnel costs to continue to increase in absolute dollars as we expand our workforce.

Research and development . Research and development expense consists primarily of personnel costs. Additional research and development expenses include ASIC and system prototypes and certification-related expenses, depreciation of capital equipment and facility-related expenses. The majority of our research and development is focused on both software development and the ongoing development of our hardware platform. We record all research and development expenses as incurred. Our research and development teams are primarily located in Canada and the U.S.

Sales and marketing . Sales and marketing expense is the largest component of our operating expenses and primarily consists of personnel costs. Additional sales and marketing expenses include promotional lead generation and other marketing expenses, travel, depreciation of capital equipment and facility-related expenses. We intend to hire additional personnel focused on sales and marketing and expand our sales and marketing efforts worldwide in order to capture additional market share in the high-return enterprise market, where customers tend to provide a higher lifetime value.

General and administrative . General and administrative expense consists of personnel costs, as well as professional fees, depreciation of capital equipment and software, facility-related expenses, expenses associated with the ERP system implementation and business acquisition costs. General and administrative personnel include our executive, finance, human resources, information technology and legal organizations. Our professional fees principally consist of outside legal, auditing, accounting, tax, information technology and other consulting costs.

Restructuring charges . Restructuring charges relate to alignment activities performed in connection with the Meru and AccelOps acquisitions to reduce our cost structure and improve operational efficiencies, resulting in workforce reductions, contract terminations and other charges.

Interest income. Interest income consists of income earned on our cash, cash equivalents and investments. We have historically invested our cash in corporate debt securities, commercial paper, U.S. government and agency securities, municipal bonds, money market funds and certificates of deposit.

Other expense net . Other expense—net consists primarily of foreign exchange gains and losses relate to foreign currency exchange remeasurement.

Provision for income taxes. We are subject to tax in the U.S., as well as other tax jurisdictions or countries in which we conduct business. Earnings from our non-U.S. activities are subject to income taxes in the local country which are generally lower than U.S. tax rates, and may be subject to U.S. income taxes. Our effective tax rate differs from the U.S. statutory rate primarily due to foreign income subject to different tax rates than the U.S., research and development tax credits, withholding taxes and nondeductible stock-based compensation expense.


42

Table of Contents

The income tax provision for 2016 was comprised of domestic income taxes, foreign income taxes and foreign withholding taxes. Our effective tax rate approximates the U.S. federal statutory tax rates plus the impact of state taxes, excess tax benefits related to stock-based compensation expense, research and development tax credits, foreign withholding tax, nondeductible stock-based compensation expense, and foreign income subject to lower tax rates than income earned in the U.S.

Critical Accounting Policies and Estimates

Our discussion and analysis of our financial condition and results of operations are based upon our financial statements, which have been prepared in accordance with GAAP. These principles require us to make estimates and judgments that affect the reported amounts of assets, liabilities, revenue, cost of revenue and expenses, and related disclosures. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances. To the extent that there are material differences between these estimates and our actual results, our future financial statements will be affected.

We believe that, of the significant accounting policies described in Note 1 to our consolidated financial statements included in Part II, Item 8 of this Annual Report on Form 10-K, the following accounting policies involve a greater degree of judgment and complexity. Accordingly, we believe these are the most critical to fully understand and evaluate our financial condition and results of operations.

Revenue Recognition

We derive the majority of our revenue from sales of our hardware, software, FortiGuard security subscription and FortiCare technical support services, and other services through our channel partners and a direct sales force.

Revenue is recognized when all of the following criteria have been met:
 
Persuasive evidence of an arrangement exists. Binding contracts or purchase orders are generally used to determine the existence of an arrangement.
 
Delivery has occurred or services have been rendered. Product delivery occurs when we fulfill an order and title and risk of loss has been transferred. Software license delivery occurs upon electronic transfer of the license key to the customer. Service revenue is deferred and recognized ratably over the contractual service period, which is typically from one to three years and, to a lesser extent, up to five years, and is generally recognized upon delivery or completion of service.
 
Sales price is fixed or determinable. We assess whether the sales price is fixed or determinable based on the payment terms associated with the transaction and when the sales price is deemed final.

Collectability is reasonably assured . We assess collectability based primarily on creditworthiness as determined by credit checks, analysis, and payment history.

We recognize product revenue for sales to distributors that have no general right of return and direct sales to end-customers upon shipment, based on general revenue recognition accounting guidance once all other revenue recognition criteria have been met. Certain distributors are granted stock rotation rights, limited rights of return and rebates for sales of our products. The arrangement fee for this group of distributors is not typically fixed or determinable when products are shipped and revenue is therefore deferred and recognized upon sell-through. For sales that include end-customer acceptance criteria, revenue is recognized upon acceptance. We recognize software license revenue upon delivery. Historically, software license revenue has not been material.

 Substantially all of our products have been sold in combination with services, which consist of security subscriptions and technical support services. Security services provide access to our antivirus, intrusion prevention, web filtering, and anti-spam functionality. Support services include rights to unspecified software upgrades, maintenance releases and patches, telephone and Internet access to technical support personnel, and hardware support.

Service revenue consists of sales from our FortiGuard security subscription and FortiCare technical support services, professional and training services and other services that include software as a service (“SaaS”) and infrastructure as a service (“IaaS”), both of which are hosted or cloud-based services. We recognize revenue from these arrangements as the subscription service is delivered over the term, which is typically one year, or on a monthly usage basis.  To date, SaaS and IaaS revenues have not represented a significant percentage of our total revenue.

43

Table of Contents


We reduce revenue for estimates of sales returns and allowances and record reductions to revenue for rebates and estimated commitments related to price protection and other customer incentive programs. Additionally, in limited circumstances, we may permit end-customers, distributors and resellers to return our products, subject to varying limitations, for a refund within a reasonably short period from the date of purchase. We estimate and record reserves for sales incentives and sales returns based on historical experience.

Our sales arrangements typically contain multiple elements, such as hardware, security subscription, technical support services and other services. The majority of our hardware appliance products contain our operating system software that together function to deliver the essential functionality of the product. Our products and services generally qualify as separate units of accounting. We allocate revenue to each unit of accounting based on an estimated selling price using vendor-specific objective evidence (“VSOE”) of selling price, if it exists, or third-party evidence (“TPE”) of selling price. If neither VSOE nor TPE of selling price exists for a deliverable, we use our best estimate of selling price (“BESP”) for that deliverable. Revenue allocated to each element is then recognized when the basic revenue recognition criteria are met for each element.
     
For our hardware appliances, we use BESP as our selling price estimate. For our support and other services, we generally use VSOE as our selling price estimate. We determine VSOE of fair value for elements of an arrangement based on the historical pricing and discounting practices for those services when sold separately. In establishing VSOE, we require that a substantial majority of the selling prices for a service fall within a reasonably narrow pricing range, generally evidenced by a substantial majority of such historical stand-alone transactions falling within a reasonably narrow range as a percentage of list price. When we are unable to establish a selling price using VSOE for our support and other services, we use BESP in our allocation of arrangement consideration. We determine BESP for a product or service by considering multiple historical factors including, but not limited to, cost of products, gross margin objectives, pricing practices, geographies, customer classes and distribution channels that fall within a reasonably narrow range as a percentage of list price.

For multiple-element arrangements where software deliverables are included, revenue is allocated to the non-software deliverables and to the software deliverables as a group using the relative estimated selling prices of each of the deliverables in the arrangement based on the estimated selling price hierarchy. The amount allocated to the software deliverables is then allocated to each software deliverable using the residual method when VSOE of fair value exists. If evidence of VSOE of fair value of one or more undelivered elements does not exist, all software allocated revenue is deferred and recognized when delivery of those elements occurs or when fair value can be established. When the undelivered element for which we do not have VSOE of fair value is support, revenue for the entire arrangement is recognized ratably over the support period. The same residual method and VSOE of fair value principles apply for our multiple element arrangements that contain only software elements.

We currently are evaluating the impact of the new standard related to revenue recognition, and we may incur significant costs to adopt and to comply with this new pronouncement. See Note 1 to our consolidated financial statements in Part II, Item 8 of this Annual Report on Form 10-K for further discussion.

Stock-Based Compensation

Employee Stock Options. We estimate the fair value of employee stock options awarded to our employees using the Black-Scholes-Merton (“Black-Scholes”) pricing model. For all employee stock options, we recognize expense over the requisite service period using the straight-line method. Our option pricing model requires the input of subjective assumptions, including the expected stock price volatility, expected term, risk-free interest rates and expected dividend yield of our common stock. The assumptions used in our option pricing model represent management’s best estimates. These estimates involve inherent uncertainties and the application of management’s judgment. A 10% change in any of these assumptions would not have a significant impact on our stock-based compensation expense.

Employee Stock Purchase Plan. We estimate the fair value of the rights to acquire stock under our employee stock purchase plan (“ESPP”) using the Black-Scholes pricing model and we recognize expense over the requisite service period using the straight-line method. The pricing model requires the input of the fair value of our common stock and assumptions, including the expected term of the award, expected volatility of the price of our common stock, risk-free interest rates and expected dividend yield of our common stock. Our ESPP provides for consecutive six-month offering periods and we use our own historical volatility data in the valuation of ESPP shares. A 10% change in any of these assumptions would not have a significant impact on our stock-based compensation expense.



44

Table of Contents

Valuation of Inventory

Inventory is recorded at the lower of cost (using the first-in, first-out method) or market, after we give appropriate consideration to obsolescence and inventory in excess of anticipated future demand. In assessing the ultimate recoverability of inventory, we make estimates regarding future customer demand, the timing of new product introductions, economic trends and market conditions. If the actual product demand is significantly lower than forecasted, we could be required to record additional inventory write-downs which would be charged to cost of product revenue. Any write-downs could have an adverse impact on our gross margins and profitability.

Business Combinations

We include the results of operations of the businesses that we acquire as of the respective dates of acquisition. We allocate the fair value of the purchase price of our business acquisitions to the tangible assets acquired, liabilities assumed, and intangible assets acquired, based on their estimated fair values. The excess of the purchase price over the fair values of these identifiable assets and liabilities is recorded as goodwill. We often continue to gather additional information throughout the measurement period, and if we make changes to the amounts recorded, such charges are recorded in the period in which they are identified.

Restructuring

Our restructuring expenses consist of severance and other one-time benefits, contract terminations and other expenses. Liabilities for costs associated with a restructuring activity are measured at fair value. One-time termination benefits are expensed at the date we notify the employee, unless the employee must provide future service, in which case the benefits are expensed ratably over the future service period. A liability for terminating a contract before the end of its term, which termination is usually done by giving written notice to the counterparty within the notification period specified by the contract or by otherwise negotiating a termination with the counterparty, is recognized at fair value on the notification date. A liability for costs that will continue to be incurred under a contract for its remaining term without economic benefit to the entity is recognized at the cease-use date. Other costs primarily consist of asset write-offs, which are expensed when incurred.

We continually evaluate the adequacy of the remaining liabilities under our restructuring initiatives. Although we believe that these estimates accurately reflect the costs of our restructuring plan, actual results may differ and thereby require us to record an additional provision or reverse a portion of such a provision.

Accounting for Income Taxes

We record income taxes using the asset and liability method, which requires the recognition of deferred tax assets and liabilities for the expected future tax consequences of events that have been recognized in our financial statements or tax returns. In addition, deferred tax assets are recorded for the future benefit of utilizing net operating losses and research and development credit carryforwards. Deferred tax assets and liabilities are measured using the currently enacted tax rates that apply to taxable income in effect for the years in which those tax assets and liabilities are expected to be realized or settled. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.

We recognize tax benefits from an uncertain tax position only if it is more likely than not, based on the technical merits of the position that the tax position will be sustained on examination by the taxing authorities. The tax benefits recognized in the financial statements from such positions are then measured based on the largest benefit that has a greater than 50% likelihood of being realized upon ultimate settlement.

As part of the process of preparing our consolidated financial statements, we are required to estimate our taxes in each of the jurisdictions in which we operate. We estimate actual current tax exposure together with assessing temporary differences resulting from differing treatment of items, such as accruals and allowances not currently deductible for tax purposes. These differences result in deferred tax assets, which are included in our consolidated balance sheets. In general, deferred tax assets represent future tax benefits to be received when certain expenses previously recognized in our consolidated statements of operations become deductible expenses under applicable income tax laws, or loss or credit carryforwards are utilized.

In assessing the realizability of deferred tax assets, management considers whether it is more likely than not that some portion or all of the deferred tax assets will be realized. The ultimate realization of deferred tax assets is dependent upon the generation of future taxable income during the periods in which those temporary differences become deductible. We continue to assess the need for a valuation allowance on the deferred tax assets by evaluating both positive and negative evidence that may

45

Table of Contents

exist. Any adjustment to the net deferred tax asset valuation allowance would be recorded in the consolidated statements of operations for the period that the adjustment is determined to be required.

We make estimates and judgments about our future taxable income that are based on assumptions that are consistent with our plans and estimates. Should the actual amounts differ from our estimates, the amount of our tax expense and liabilities could be materially impacted.

Results of Operations

The following tables set forth our results of operations for the periods presented and as a percentage of our total revenue for those periods. The period-to-period comparison of financial results is not necessarily indicative of financial results to be achieved in future periods.

 
Year Ended December 31,
 
2016
 
2015
 
2014
 
(in thousands)
Consolidated Statement of Operations Data:
 
 
 
 
 
Revenue:
 
 
 
 
 
Product
$
548,110

 
$
476,782

 
$
360,558

Service
727,333

 
532,486

 
409,806

Total revenue
1,275,443

 
1,009,268

 
770,364

Cost of revenue:
 
 
 
 
 
Product
208,984

 
190,398

 
151,300

Service
128,853

 
96,379

 
79,709

Total cost of revenue
337,837

 
286,777

 
231,009

Gross profit:
 
 
 
 
 
Product
339,126

 
286,384

 
209,258

Service
598,480

 
436,107

 
330,097

Total gross profit
937,606

 
722,491

 
539,355

Operating expenses:
 
 
 
 
 
Research and development
183,084

 
158,129

 
122,880

Sales and marketing
626,501

 
470,371

 
315,804

General and administrative
81,080

 
71,514

 
41,347

Restructuring charges
3,997

 
7,600

 

Total operating expenses
894,662

 
707,614

 
480,031

Operating income
42,944

 
14,877

 
59,324

Interest income
7,303

 
5,295

 
5,393

Other expense—net
(7,099
)
 
(3,167
)
 
(3,168
)
Income before income taxes
43,148

 
17,005

 
61,549

Provision for income taxes
10,961

 
9,018

 
36,206

Net income
$
32,187

 
$
7,987

 
$
25,343




46


 
Year Ended December 31,
2016
 
2015
 
2014
(as percentage of total revenue)
Revenue:
 
 
 
 
 
Product
43
 %
 
47
 %
 
47
 %
Service
57

 
53

 
53

Total revenue
100

 
100

 
100

Cost of revenue:
 
 
 
 
 
Product
16

 
19

 
20

Service
10

 
10

 
10

Total cost of revenue
26

 
28

 
30

Gross profit:
 
 
 
 
 
Product
62

 
60

 
58

Service
82

 
82

 
81

Total gross margin
74

 
72

 
70

Operating expenses:
 
 
 
 
 
Research and development
14

 
16

 
16

Sales and marketing
49

 
47

 
41

General and administrative
6

 
7

 
5

Restructuring charges
0.3

 
1

 

Total operating expenses
70

 
70

 
62

Operating margin
3

 
1

 
8

Interest income
1

 
1

 
1

Other expense—net
(1
)
 

 

Income before income taxes
3

 
2

 
8

Provision for income taxes
1

 
1

 
5

Net income
3
 %
 
1
 %
 
3
 %

2016 and 2015

Revenue

 
Year Ended December 31,
 
 
 
 
2016
 
2015
 
 
 
 
Amount
 
% of
Revenue
 
Amount
 
% of
Revenue
 
Change
 
% Change
(in thousands, except percentages)
Revenue:
 
 
 
 
 
 
 
 
 
 
 
Product
$
548,110

 
43
%
 
$
476,782

 
47
%
 
$
71,328

 
15
%
Service
727,333

 
57

 
532,486

 
53

 
194,847

 
37

Total revenue
$
1,275,443

 
100
%
 
$
1,009,268

 
100
%
 
$
266,175

 
26
%
Revenue by geography:
 
 
 
 
 
 
 
 
 
 
 
Americas
$
536,706

 
42
%
 
$
435,282

 
43
%
 
$
101,424

 
23
%
Europe, Middle East and Africa (“EMEA”)
477,393

 
37

 
366,018

 
36

 
111,375

 
30

Asia Pacific (“APAC”)
261,344

 
21

 
207,968

 
21

 
53,376

 
26

Total revenue
$
1,275,443

 
100
%
 
$
1,009,268

 
100
%
 
$
266,175

 
26
%

Total revenue increased by $266.2 million , or 26% , in 2016 compared to 2015 . We continued to experience global diversification of revenue in 2016. Revenue from all our regions grew, with EMEA contributing the largest portion of our revenue growth both on an absolute dollar and on a percentage basis. Product revenue increased by $71.3 million , or 15% , in

47


2016 compared to 2015 . The increase in product revenue was primarily driven by greater sales volume in our FortiGate product family across all product categories and in particular for our high-end and mid-range products for large enterprise customers. Sales of non-FortiGate products, such as FortiSandbox, also grew significantly. Service revenue increased by $194.8 million , or 37% , in 2016 compared to 2015 . The increase in service revenue was primarily due to the recognition of revenue from our growing deferred revenue balance consisting of FortiGuard security subscription and FortiCare technical support contracts sold to a larger customer base, as well as the renewals of similar contracts sold in earlier periods. We are also starting to see a shift from product revenues t o higher-margin, recurring service revenues, which reflect our ongoing success in driving sales of low-end and high-end service bundles.

Cost of revenue and gross margin
 
 
Year Ended December 31,
 
 
 
 
2016
 
2015
 
Change
 
% Change
(in thousands, except percentages)
Cost of revenue:
 
 
 
 
 
 
 
Product
$
208,984

 
$
190,398

 
$
18,586

 
10
%
Service
128,853

 
96,379

 
32,474

 
34

Total cost of revenue
$
337,837

 
$
286,777

 
$
51,060

 
18
%
Gross margin:
 
 
 
 
 
 
 
Product
61.9
%
 
60.1
%
 
1.8
%
 
 
Service
82.3

 
81.9

 
0.4

 
 
Total gross margin
73.5
%
 
71.6
%
 
1.9
%
 
 

Total gross margin increased by 1.9 percentage points in 2016 compared to 2015 , as both product and service gross margins increased. Product gross margin increased by 1.8 percentage points in 2016 compared to 2015 . Product gross margin was positively impacted by higher sales of software products such as certain of our virtualized security solutions and by lower warranty related costs, and was partially offset by higher inventory reserves.

Service gross margin increased during 2016 as compared to 2015, as we scaled efficiencies resulting from an increased mix on higher-margin service revenue. Cost of service revenue increased by $32.5 million , and was comprised primarily of personnel costs.

Operating expenses
 
 
Year Ended December 31,
 
Change
 
% Change
2016
 
2015
 
Amount
 
% of
Revenue
 
Amount
 
% of
Revenue
 
(in thousands, except percentages)
Operating expenses:
 
 
 
 
 
 
 
 
 
 
 
Research and development
$
183,084

 
14
%
 
$
158,129

 
16
%
 
$
24,955

 
16
 %
Sales and marketing
626,501

 
49

 
470,371

 
47

 
156,130

 
33

General and administrative
81,080

 
6

 
71,514

 
7

 
9,566

 
13

Restructuring charges
3,997

 
0.3

 
7,600

 
1

 
(3,603
)
 
(47
)
Total operating expenses
$
894,662

 
70
%
 
$
707,614

 
70
%
 
$
187,048

 
26
 %

Research and development

Research and development expense increased by $25.0 million , or 16% , in 2016 compared to 2015 , primarily due to an increase of $19.0 million in personnel costs as a result of increased headcount to support the development of new products and continued enhancements of our existing products. Depreciation and other occupancy-related costs increased by $6.6 million. We intend to continue to invest in our research and development organization, but expect research and development expense as a percentage of total revenue to remain at a relatively comparable level in 2017.


48


Sales and marketing

Sales and marketing expense increased by $156.1 million , or 33% , in 2016 compared to 2015 , primarily due to an increase of $122.3 million in personnel costs as we continued to increase our sales and marketing headcount in order to drive continued market share gains globally. In addition, depreciation expense and other occupancy-related expense increased by $14.0 million, and travel and entertainment expense increased by $8.1 million. Marketing-related expense increased by $7.6 million as we invested significantly in marketing programs to capture market share, particularly in the large enterprise market, including costs related to trade shows and lead generation. As a percentage of total revenue, sales and marketing expense increased as we accelerated the investment in our sales force and marketing programs to drive future growth. We intend to continue to make investments in our sales resources and infrastructure and marketing strategy, which are critical to support growth, but expect sales and marketing expense as a percentage of total revenue to decline in 2017.

General and administrative

General and administrative expense increased by $9.6 million , or 13% , in 2016 compared to 2015 . Personnel costs increased by $9.6 million as we continued to increase headcount in order to support our expanding business and ERP implementation. During 2016, we expensed $7.8 million of third-party costs relating to the implementation and maintenance of the ERP system implementation compared to $5.4 million in 2015. These increases were partially offset by lower professional fees of $6.7 million in 2016. As a percentage of total revenue, we expect general and administrative expense to increase compared to 2016 as we continue to expand our ERP capabilities and implement the new revenue recognition standard.
 
Restructuring

Restructuring expenses of $4.0 million in 2016 primarily relate to our restructuring activities to improve operating efficiencies due to the acquisition of AccelOps and certain other activities. Restructuring charges of $7.6 million during 2015 relate to restructuring activities in connection with the Meru acquisition. See Note 9 to the consolidated financial statements for additional details, including the types of expenses incurred and cash payments made. See also the “Liquidity and Capital Resources” section of this Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

Interest income and other expense net
 
 
Year Ended December 31,
 
 
 
 
2016
 
2015
 
Change
 
% Change
(in thousands, except percentages)
Interest income
$
7,303

 
$
5,295

 
$
2,008

 
38
%
Other expense—net
(7,099
)
 
(3,167
)
 
(3,932
)
 
124


Interest income increased in 2016 as compared to 2015, primarily due to interest earned on invested balances of cash, cash equivalents and investments. Interest income varies depending on our average investment balances during the period, types and mix of investments, and market interest rates. The increase in other expense—net in 2016 as compared to 2015 was the result of higher foreign currency exchange losses.

Provision for income taxes
 
 
Year Ended December 31,
 
Change
 
% Change
2016
 
2015
 
(in thousands, except percentages)
Provision for income taxes
$
10,961

 
$
9,018

 
$
1,943

 
22
%
Effective tax rate (%)
25
%
 
53
%
 
(28
)%
 

 
Our effective tax rate was 25% for 2016 , compared with an effective tax rate of 53% for 2015 . The provision for income taxes for 2016 was comprised primarily of U.S. federal and state taxes, other foreign income taxes, foreign withholding taxes, an increase in tax reserves, as well as transfer pricing allocations that impact jurisdictional income taxed at various tax rates. The decrease in the effective tax rate in 2016 was primarily due to the recognition of excess tax benefits for income tax provision from the adoption of ASU 2016-09. In 2016, due to the early adoption of ASU 2016-09, approximately $10.8 million

49


of excess tax benefits were recognized in the income tax provision. In 2015, there were no excess tax benefits included in the income tax provision.

It is our policy to classify accrued interest and penalties related to unrecognized tax benefits in the provision for income taxes. As of December 31, 2016, we had accrued $9.5 million for estimated interest related to uncertain tax provisions compared to an accrual of $5.5 million as of December 31, 2015.

Within the next twelve months, we do not believe there will be a decrease in uncertain tax benefits that could significantly impact our effective tax rate.

2015 and 2014

Revenue
 
 
Year Ended December 31,
 
Change
 
% Change
2015
 
2014
 
Amount
 
% of
Revenue
 
Amount
 
% of
Revenue
 
(in thousands, except percentages)
Revenue:
 
 
 
 
 
 
 
 
 
 
 
Product
$
476,782

 
47
%
 
$
360,558

 
47
%
 
$
116,224

 
32
%
Service
532,486

 
53

 
409,806

 
53

 
122,680

 
30

Total revenue
$
1,009,268

 
100
%
 
$
770,364

 
100
%
 
$
238,904

 
31
%
Revenue by geography:
 
 
 
 
 
 
 
 
 
 
 
Americas
$
435,282

 
43
%
 
$
324,659

 
42
%
 
$
110,623

 
34
%
EMEA
366,018

 
36

 
270,537

 
35

 
95,481

 
35

APAC
207,968

 
21

 
175,168

 
23

 
32,800

 
19

Total revenue
$
1,009,268

 
100
%
 
$
770,364

 
100
%
 
$
238,904

 
31
%

Total revenue increased by $238.9 million, or 31%, in 2015 compared to 2014. Total revenue in 2015 of $1.01 billion included Meru’s revenue from July 8, 2015 to December 31, 2015 of $28.1 million, or 3% of total revenue.  Excluding Meru’s revenue, our revenue was $981.2 million, an increase of 27% compared to the same period last year. We continued to experience global diversification of revenue in 2015. The Americas region contributed the largest portion of our revenue growth on an absolute dollar basis and all three regions showed growth on a percentage basis. Product revenue increased by $116.2 million, or 32%, in 2015 compared to 2014. The increase in product revenue was primarily driven by greater sales volume in our FortiGate product family across all product categories, particularly in our high-end products for large enterprise customers. Service revenue increased by $122.7 million, or 30%, in 2015 compared to 2014. The increase in service revenue was primarily due to the recognition of revenue from our growing deferred revenue balance consisting of FortiGuard security subscription and FortiCare technical support contracts sold to a larger customer base, as well as the renewals of similar contracts sold in earlier periods.


50


Cost of revenue and gross margin
 
 
Year Ended December 31,
 
Change
 
% Change
2015
 
2014
 
(in thousands, except percentages)
Cost of revenue:
 
 
 
 
 
 
 
Product
$
190,398

 
$
151,300

 
$
39,098

 
26
%
Service
96,379

 
79,709

 
16,670

 
21

Total cost of revenue
$
286,777

 
$
231,009

 
$
55,768

 
24
%
Gross margin (%):
 
 
 
 
 
 
 
Product
60.1
%
 
58.0
%
 
2.1
%
 
 
Service
81.9

 
80.5

 
1.4

 
 
Total gross margin
71.6
%
 
70.0
%
 
1.6
%
 
 
 
Total gross margin increased by 1.6 percentage points in 2015 compared to 2014, as both product and service gross margins increased. Product gross margin increased by 2.1 percentage points in 2015 compared to 2014, primarily due to a greater mix of high-end FortiGate product sales compared to the same period last year, such as our FortiGate-5000 series. In addition, product gross margin was positively impacted by higher sales of software products such as certain of our virtualized security solutions, as well as by inventory management efficiencies.

Service gross margin increased during 2015 as compared to 2014, as we scaled efficiencies resulting from our ability to charge more for our FortiGuard security subscription and FortiCare technical support offerings. Cost of service revenue increased by $16.7 million primarily due to an $11.6 million increase in personnel costs related to headcount increases.
 
Operating expenses
 
 
Year Ended December 31,
 
Change
 
% Change
2015
 
2014
 
Amount
 
% of
Revenue
 
Amount
 
% of
Revenue
 
(in thousands, except percentages)
Operating expenses:
 
 
 
 
 
 
 
 
 
 
 
Research and development
$
158,129

 
16
%
 
$
122,880

 
16
%
 
$
35,249

 
29
%
Sales and marketing
470,371

 
47

 
315,804

 
41

 
154,567

 
49

General and administrative
71,514