Fortinet, Inc. Q2 FY2025 Earnings Call

Hello, and welcome to Fortinet Second Quarter 2025 Earnings Conference Call. Please be advised that this call is being recorded. I would now like to hand the call over to Aaron Ovadia, Senior Director of Investor Relations. Please go ahead.

Thank you, and good afternoon, everyone. I am pleased to welcome everyone to our call to discuss Fortinet's financial results for the second quarter of 2025. Joining me on today's call are Ken Xie, Fortinet's Founder, Chairman and CEO; Christiane Ohlgart, our CFO; and John Whittle, our COO. Ken will begin our call today by providing a high-level perspective on our business, Christiane will then review our financial results for the second quarter of 2025, before providing guidance for the third quarter and updating the full year. We will then open the call for questions. Before we begin, I'd like to remind everyone that on today's call, we will be making forward-looking statements, and these forward-looking statements are subject to risks and uncertainties, which could cause actual results to differ materially from those projected. Please refer to our SEC filings, in particular, the Risk Factors in our most recent Form 10-K and Form 10-Q for more information. All forward-looking statements reflect our opinions only as of the date of this presentation, and we undertake no obligation and specifically disclaim any obligation to update forward-looking statements. Also, all references to financial metrics that we make on today's call are non-GAAP unless stated otherwise. Our GAAP results and GAAP to non-GAAP reconciliations are located in our earnings press release and in the presentation that accompanies today's remarks, both of which are posted on our Investor Relations website. As a reminder, this is a live call that will be available for replay via webcast on our Investor Relations website. The prepared remarks will also be posted on the quarterly earnings section of our IR website following today's call. Lastly, all references to growth are on a year-over-year basis unless noted otherwise. I will now turn the call over to Ken.

Thank you, Aaron, and thank you to everyone for joining our call. We are pleased with our strong second quarter performance, beating both our billing and operating margin guidance. Building on this business momentum, we are reaching our full year billing outlook. In the second quarter, billing grew by 15% and revenue grew by 14%, and we achieved a strong non-GAAP operating margin of 33%. Our strong top line results were driven by continued momentum among large enterprise customers with the total value of deals over $1 million increased by more than 50%. This growth reflects the strength and value of our innovation, the recent global demand for our integrated solution, and the impact of go-to-market investment. Additionally, our recent investment in the fast-growing market of unified SASE and AI-driven secure operations are continuing to deliver strong returns as billing for both grew over 20% to a combined 35% of total billings. Fortinet's strong momentum in SASE has been recognized by industry analysts as we were recently named a leader in the 2025 Gartner Magic Quadrant for SASE platform, while also ranking #1 in a Secure Branch Network Monetization case. We are the only vendor in the report that is also recognized in 5 different network security Magic Quadrants, which all run on a unified FortiOS. We continue to be the only vendor that has developed all core SASE capabilities in a single operating system, the FortiOS, including New-Gen Firewall, SD-WAN, ZTNA, Secure Web Gateway, CASB, and DLP. This native integration of Nex-Gen Firewall, SD-WAN, and SASE has become the new generation SASE firewall, making it easy for customers to adopt and upgrade while reducing capacity and operational costs, enhancing user experience, and ensuring integrated hybrid secure access across both on-premises and cloud environments. Our success in Unified SASE reflects the value customers place in our new generation SASE firewall, beginning with their investment in our industry-leading FortiGate firewall built on our FortiASIC from their most large enterprise expanding into a secure SD-WAN capability before advancing to a FortiSASE solution. As a result, 13% of large enterprise customers have purchased FortiSASE, an increase of over 60% year-over-year. Furthermore, we have invested around $2 billion to build and operate a global infrastructure, spending around 5 million square feet across data centers, NOC and SOCs customer supporting centers, executive briefing centers, and the research and development facility. This large-scale footprint gives us a competitive advantage in delivering FortiSASE, FortiCloud, and other cloud services. By owning and managing our infrastructure, we ensure better customer experience, better cost efficiency, strong data sovereignty, and high performance and scale. We also leveraged our Fortistack technology to provide enhanced security and better management across our SaaS services. Today, we announced that we are expanding our FortiCloud offering with 3 new services: FortiIdentity, FortiDrive, and FortiConnect. These services natively integrate into the Fortinet Security Fabric providing centralized visibility, consistent policy enforcement, and real-time threat protection across users, devices, applications, data, and AI agents. In OT security, while we are achieving billing growth of over 20%, we have recently been named the overall leader in the Westland Advisor IT and OT Network Protection Platform Navigator 2025 report. For the third time in a row, earning the highest ranking in both strategic direction and technical capability. We continue to invest in AI, which we began developing more than 15 years ago and hold over 500 issued and pending AI patents more than any other competitors. Our latest innovation, including FortiAI-Protect for advanced threat detection, FortiAI-Assist for automating security tasks, and FortiAI-SecureAI for protecting AI infrastructure are notable. As a result of our investment and recent innovations, our AI add-on solutions are the fastest growing part of our business. I would like to thank our employees, customers, partners, and suppliers worldwide for their continuous support and hard work. I will now turn the call over to Christiane.

Thank you, Ken. Thank you, Aaron, and good afternoon, everyone. As Ken mentioned, Fortinet's growth and momentum are strong. We beat our billings and operating margin guidance for the second quarter and raised our full-year billings outlook. Total billings grew by 15% to $1.78 billion, driven by 21% growth in Unified SASE and 31% growth in SecOps. Unified SASE and SecOps now account for 24% and 11% of total billings, respectively, up 1 point each. Our strong billings growth was driven by continued momentum in expanding into the large enterprise as the number of deals greater than $1 million increased by 29%, while their total dollar value grew by 51%. Among our top 5 verticals, financial services, the vertical with arguably the most sophisticated and discerning security purchases led the way with billings growth of over 30%. In addition, we continue to expand our customer base. Over 6,900 new organizations chose our unified single FortiOS platform to power their cybersecurity strategy. The robust growth in new customers is a clear testament to our strong position in the SMB market, driven by the continued commitment and loyalty of our channel partners. Total RPO grew by 12% to $6.64 billion, while current RPO grew by 15% to $3.45 billion. With regards to ARR, Unified SASE increased by 22% to $1.15 billion and SecOps increased by 35% to $463 million. Within Unified SASE, FortiSASE, our SSE solution delivered strong results with ARR growth of over 100%, while the customer base expanded by 65%. Furthermore, adoption momentum has remained strong as 13% of our large enterprise customers have purchased FortiSASE, highlighting our continued expansion of FortiSASE in our customer base. As a reminder, the typical customer journey begins with the purchase of our FortiGate firewall. From there, customers often expand to our integrated secure SD-WAN solution before adopting our single vendor SASE offering, reflecting the growing convergence of security and networking. Over 50% of our FortiSASE customers also leverage our SD-WAN solution, while 90% of our large enterprise FortiSASE customers began their journey with SD-WAN, reflecting the value of our integrated platform approach and the convergence of security and networking. Total revenue grew by 14% to $1.63 billion, led by EMEA with growth of 18%, while the Americas and APAC both grew 11%. Product revenue increased by 13% to $509 million, benefiting from upgrade buying and strong growth in operational technology. We saw growth in all geographies as we continue to lead the cybersecurity industry in product revenue. Software license revenue grew at a high teens rate and accounted for a high teens percentage of total product revenue. Service revenue grew by 14% to $1.12 billion. Service billings grew by 17%, our highest growth rate in the past 6 quarters, reflecting many enterprise agreement renewals as our loyal customers continue to invest in our solutions and benefit from our strong track record of innovation. Now I'd like to highlight some 7-figure deals that demonstrate how customers are adopting FortiSASE, consolidating networking and security and expanding their overall footprint with Fortinet. First, an educational institution in APAC purchased solutions across all 3 of our pillars, including FortiSASE for 3,000 users. This customer chose Fortinet over the competition for our simplified, flexible, and consistent security enforcement, enabling secure access to both on-premises and cloud applications while delivering a seamless user experience. By leveraging FortiOS and FortiSASE, the school achieves superior performance, reduced total cost of ownership, and simplified operations through our integrated security platform. Next, in an expansion and displacement deal, a leading retailer with 1,700 locations significantly increased the investment in Fortinet purchasing solutions across all 3 pillars, including 40 APs, 40 switches, and 40 AIOps. Already a FortiGate customer with firewalls deployed at every location, the retailer selected APs for all sites and FortiSwitches for 600 locations, with the remainder planned for early 2026. This customer chose Fortinet for our integrated FortiOS operating system which enables seamless convergence of networking and security. As part of the deployment, they adopted FortiAIOps to proactively manage their access points and switches, leveraging our AI-driven capabilities to improve operational efficiency. In another large deal, a top U.S. school district expanded its footprint with the purchase of FortiGates, FortiSwitches, and FortiAPs as part of a 350-plus site refresh, displacing multiple vendors. Already utilizing solutions across all 3 of our pillars, including FortiSASE, the district continues to invest in Fortinet to drive deeper network segmentation, stronger security outcomes, and greater infrastructure resiliency. Due to their continued consolidation on Fortinet products, they are realizing significant operational benefits, including simplified guest access, accelerated deployments, and more efficient upgrade cycles, all managed through our Unified FortiOS platform. Lastly, a technology company upgraded a portion of the high-end firewalls as a result of the upcoming 2026 end-of-support deadline and expanded their deployment with additional FortiGate appliances in the data center. They selected Fortinet for our FortiOS operating system which enables streamlined operations while delivering a lower total cost of ownership. Turning to margins and cash flow, total gross margin increased by 10 basis points to 81.6% and exceeded the high end of the guidance range by 60 basis points due to strong execution and cost control. Product gross margin of 67.8% increased by 180 basis points as inventory-related charges normalized. Service gross margin of 87.8% was down by 80 basis points due to increased investments associated with the expansion of our hosted security solutions. Operating margin of 33.1% decreased by 200 basis points while being 60 basis points above the high end of our guidance range. The year-over-year decline reflects increased investments in sales headcount, the absorption of costs from recent acquisitions, and foreign exchange headwinds stemming from a weaker U.S. dollar, as most of our operating expenses are denominated in foreign currencies. Free cash flow was $284 million and adjusted free cash flow was $428 million, up $104 million. Cash generation in the first half of the year was very strong with adjusted free cash flow reaching $1.27 billion, representing a margin of 40% year-to-date. Infrastructure investments were $168 million, up $145 million as we continue to build out our infrastructure footprint to support FortiSASE, FortiCloud, and other services. We repurchased approximately 4.6 million shares of our common stock for an aggregate cost of $401 million in the second quarter. The remaining share buyback authorization as of today is approximately $1.6 billion. Before moving on to guidance, I'd like to provide an update on our firewall upgrade cycle and the broader macro environment. During our Analyst Day last November, we shared that approximately 650,000 firewall units will reach end of service by the end of 2026, followed by another cohort of 350,000 low-end units in '27. While the 2027 cohort is less significant than the 2026 cohort in terms of product revenue due to its lower price point, firewall upgrade discussions offer valuable opportunities to engage with both our customers and channel partners, allowing us to showcase our ongoing innovation in FortiOS. By upgrading to our new generation SASE firewalls, customers gain enhanced security capabilities and benefit from our unified platform approach. We estimate that we are approximately 40% to 50% of the way through the 2026 upgrade cycle at the end of the second quarter based on the remaining active units and service contracts, and we expect continued upgrade activity for the remaining devices over the next 6 quarters. Our focus and open communication regarding the refresh allow us and our channel partners to have conversations with our customers around both the upgrade and the customers' overall security strategy, benefiting us longer-term. Despite ongoing uncertainty surrounding tariffs and the global economic outlook, we have not experienced a negative impact on our business. The cybersecurity market and the demand for our solutions remains strong and resilient. Now moving on to guidance. As a reminder, our third quarter and full-year outlooks, which are summarized on Slide 17 and 18 are subject to the disclaimers regarding forward-looking information that Aaron provided at the beginning of the call. For the third quarter, we expect billings in the range of USD 1.76 billion to USD 1.84 billion, which at the midpoint represents growth of 14%. Revenue in the range of USD 1.67 billion to USD 1.73 billion, which at the midpoint represents growth of 13%. Non-GAAP gross margins of 80% to 81%, non-GAAP operating margin of 32.5% to 33.5%. Non-GAAP earnings per share of $0.62 to $0.64, which assumes a share count between 772 million and 776 million. Infrastructure investments of $110 million to $130 million. A non-GAAP tax rate of 18%, cash taxes of $60 million to $90 million. As a result of our strong results in the first half of the year, we are pleased to have raised the midpoint of our full-year billings guidance by $100 million. We maintained our total revenue guidance while adjusting the revenue mix by shifting $50 million from service to product revenue. Despite the shift towards product revenue for the full year, we maintained our gross margin range and slightly increased our operating margin guidance midpoint. We continue to remain on track to achieve the Rule of 45 in 2025 for the sixth consecutive year. For the full year, we expect billings in the range of USD 7.325 billion to USD 7.475 billion, which at the midpoint represents growth of 13%. Revenue in the range of USD 6.675 billion to USD 6.825 billion, which at the midpoint represents growth of 13.3%. Service revenue is expected to be in the range of $4.55 billion to $4.65 billion, which at the midpoint represents growth of 14%. Non-GAAP gross margin of 79% to 81%, non-GAAP operating margin of 32% to 33.5%. Non-GAAP earnings per share of $2.47 to $2.53 which assumes a share count of between 773 million and 777 million. Infrastructure investments of $380 million to $430 million. A non-GAAP tax rate of 18% and cash taxes of between $400 million to $450 million, which is $125 million lower than our prior expectation, primarily due to new tax law changes. I now hand the call back over to Aaron to begin the Q&A session.

Thank you, Christiane. Operator, please open the line for questions.

Operator instructions. Our first question will come from Shaul Eyal from TD Cowen.

Congrats on the improved outlook for the year. Ken, Christiane, one of the questions we are constantly receiving from investors is whether sales of FortiSASE potentially cannibalize the core appliance business, but it would appear we are currently seeing tailwinds across both segments. Can you help us maybe reconcile these views?

Yes, I think probably, we do see customers expanding beyond the traditional firewall. But also, the traditional firewall is still the important control point for all this traffic, especially within the enterprise and the data center. On the other side, some supporting for whether work from home or traveling, or some other branch offices, that's also kind of a certain SASE and especially certain OT/IoT use cases, we see a way beyond the traditional network security there. So we don't see SASE replacing the firewall. We just see it as enhancing it. That's what we call the SASE firewall. It's really the firewall itself that needs to keep adding new functions like from 25 years ago when we started Fortinet; the new generation of firewall added application control, intrusion prevention, and antivirus in the traditional VPN. Now the traditional firewall also needs additional SASE functions together with some other edge devices like FortiAP, FortiSwitch and also endpoint devices and the cloud deployment. So that's from the whole protection infrastructure, which really gives much better security for the enterprise user.

Let me add to what Ken just said. In our win-loss analysis, we see very little reason for customers moving to the cloud and not continuing to buy. So I think it's an expansion. It's not a replacement sale.

And to your point, we see both markets growing. If you look at the market share, they're very fragmented markets on the firewall side. Therefore, we can grow both by the market growing on the firewall side and expanding our market share by taking business from other competitors.

Understood. And Christiane, thank you so much for the color about where we stand in a refresh cycle. Maybe a little bit of a long-term view of kind of already touching on the fiscal '27 cohort of products that will be refreshed. Are there any specificities associated with those family of products as we think about the 2027, which is coming to a renewal or a refresh?

Yes, I believe I've mentioned this in earlier discussions. The 2027 cohort represents the lower range of our offerings. While it's not significant in terms of units, its product revenue impact is also limited. However, the reason I highlighted this is that it allows us to engage with numerous customers regarding the direction of security. This creates substantial upsell opportunities for us.

Our next question comes from Brian Essex with JPMorgan.

Christiane, could you share some insights on the untapped services guidance? It's encouraging to see the growth this quarter, especially in product billings and service strength. What should we take away from the services guidance, and what are the expectations for the year based on the strong performance this quarter?

So the services billings to revenue conversion takes a little bit longer, right? And that's what we are seeing based on the remaining waterfall. We are pleased with our current RPO growth. But for the rest of the year, we decided to be prudent, take the midpoint down, but we believe that we are confident that the product revenue is going to be stronger for the rest of the year based on the pipeline.

Yes. Also probably last quarter, it's the first time in the last few years that the product revenue growth is starting faster now. It's more like 4 years ago, like 2021. Not in the product revenue growth; we are very fast, and then that gave us kind of benefit in the last few years. The service revenue still maintains a pretty healthy level, even the product revenue going down in the last 1 to 2 years. Now we see the product revenue accelerating, which will be the leading indicator for the future service revenue which we also view since starting turnaround; especially in both the product revenue and also the service revenue starting kind of instead of keeping dropping gradually, probably will be starting picking up.

Do you have the split between FortiGuard and FortiCare? Is this part of a refresh? Are customers not fully replacing their subscription revenue, but instead extending it with potentially less growth in that revenue line item? It appears that they are acquiring a new box while maintaining the same attached revenue.

Correct. That's part of it. The devices they are using to replace may have a higher box, but they can consolidate one to two boxes. Various components influence the service revenue tied to the boxes, making it essential for us to upsell not only SASE but also all our other revenue streams that benefit the customer. Based on the customer journeys, they are effective. The upsell is working; however, it doesn't necessarily happen at the same time as when they purchase a firewall.

Next question comes from Tal Liani with Bank of America.

Now I have unmuted myself, can you hear me?

Yes, that's great.

What is the profile of SASE customers? Are they displacing existing vendors like Zscaler or Palo Alto? Do they purchase at the end of an existing contract, or are they completely new customers who didn't have anything before? I'm trying to understand where you've had success with SASE and the types of deployments you're seeing.

Both. Many of our existing customers have noticed that the new operating system provides them with SASE capabilities in both software and hardware. This is how they begin to enable SASE. You can refer to Slide 4 in the presentation for a comparison to how we approached SD-WAN a few years ago. Now, SASE is rapidly becoming a significant part of our business, particularly from our current installation base. We are also observing several successful instances where we are replacing competitors because we provide integrated SASE solutions, which appeal to many of our partners, especially service providers, who prefer a single operating system solution. We are beginning to refer to SASE as a firewall, similar to how next-gen firewalls began to replace traditional firewalls. The SASE firewall is not only replacing next-gen firewalls but also traditional SASE. Many customers perceive SASE similarly to how they viewed sandboxes years ago, or intrusion prevention systems two decades back, seeking integrated solutions rather than separate ones. Once integrated solutions are implemented, single solutions start to lose their competitive advantage and often lead to higher management costs. We notice that many customers favor the SASE firewall solution when combined with the integrated approach. Thus, both our current customer base and numerous clients from competitors are quickly adopting this new solution, which is the fastest-growing segment of our business at the moment.

You said in the past that 95% of the customers are existing firewall customers; is still the case?

Pretty much, yes.

Yes, over 90% come from the current customer base, but we do see some other customers which are using our competitors' solutions also changing to our solution now.

Got it. If I can squeeze in one more. If not, we can move on. But I want to ask about the margins. You said in the past that you want to invest. What is the margin outlook? And where is the balance between investments and margin upside?

We prefer to adopt a long-term perspective, similar to our approach in the firewall market where we are unique in producing our own ASIC chips. For SASE, we are also investing in our infrastructure, which provides a significant cost advantage and greater security than relying on third-party providers. We believe that if our infrastructure manages 70% of the traffic with the remaining 30% depending on third parties in certain areas, this will create the most cost-effective model. Although initial investments may be higher in the early years, in the long run, this will benefit both our customers and partners, leading to healthy margins. This long-term strategy will ultimately be advantageous for both us and our customers, in both the short and long term.

Our next question comes from Gabriela Borges with Goldman Sachs.

Ken and Christiane, I wanted to follow up on your prepared remarks that we are 40% to 50% through the 2026 refresh cohort. What I wanted to understand is how to think about your growth rate through cycles? Because if I can pay a billings growth what you're guiding to this year, it's about similar to what you guided to and what you achieved in 2023? The 2025 is a really big or larger than normal refresh cohort. So I want to better understand why are we not seeing more upside in the numbers this year from the refresh cohort? And the comment earlier on potentially consolidating down boxes. Is it possible that perhaps customers have excess capacity in their networks from a 2021 COVID-type elevated throughput environment? Would love to hear your thoughts.

Gabriela, good points. I think we need to look at it by FortiGate model. And the large firewalls that are end of support. We have a really good reporting and handle on because we know where they are. These are always with enterprise customers, right? We have a good handle on the lower end of the firewalls where it's with enterprise customers in retail or other scenarios, OT scenarios, where it's harder for us to predict. We can only track registration rates and similar is in the lower end. There could be some excess capacity from prior years that has been replaced or is replacing some of the EOS models. We are comfortable with our guidance. But yes, the expectations by the Street might have been a little bit higher, but we said we are outperforming the market, and it was baked in, right? So we've been consistent in our messaging here.

Yes. The product refresh is scheduled for next year, as the products have been around for 12 to 15 years since their initial introduction. This isn't a situation like the supply chain issues we faced 4 or 5 years ago. When comparing now to 10, 12, or 15 years ago, the current business size is likely 5 to 10 times larger. Therefore, the upcoming upgrade is quite different from the previous supply chain problems. This is a much older product. Typically, after we launch a new product, its average selling duration is about 7 to 8 years. Following that, we stop selling it but continue to offer support for an additional 5 years. After those 5 years, while we cease shipping, we still provide service until the customer reaches the end of service. This cycle usually averages around 12 to 15 years post-launch. That’s the context we’re using to assist customers with upgrades. Even with our large product range, the business size we see today is reflective of what it was 12 to 15 years ago.

I would also say we have additional incremental TAM to address going forward with SASE and SecOps, where those are becoming meaningful parts of our business. So if you look at historical results, they were more focused on the firewall, but those are becoming real growth drivers for us.

Christiane, maybe as a follow-up. The commentary last quarter on hesitancy in the sales force and in some of the sales force conversations. I think today you said macro didn't have an impact on the business. So maybe just reconcile those 2 data points. Are you still seeing hesitancy, is the hesitancy gone?

I would say that we've seen that we are resilient despite macroeconomic uncertainty. The pipeline for the rest of the year and the sales confidence is good. So that's where we are confident to raise our billings guidance.

Our next question comes from Rob Owens with Piper Sandler.

I would love for you to expand a little bit on the OT opportunity because I don't think I recall anything from your prepared remarks. Just in terms of what you're seeing there, both either increased competition? Or is this opportunity also playing into the refresh cycle?

Yes, that's in my comment there. The OT is growing over 20%, continuing to be one of the fastest-growing areas for us. We are the overall leader in the Westland and the OT/IoT security report. That's where we see huge potential, and OT needs to have a special product, even special software to handle. We invest in this area for like more than 10 years. We don't see many other competitors investing as we have so early and broadly in OT security. We do believe this is a strong growing area going forward.

And when you break down that over 20%, is that consistent internationally with domestically? Can you give you a view across the various theaters?

I think it's pretty consistent.

Yes, we are performing well in operational technology overall. EMEA has consistently led us in this area, which aligns with the robust revenue growth we see there. Regarding the upgrade cycle, it is indeed a factor. We have several Rocket devices included in the 2026 group that are benefiting from this. Additionally, our expansion and the thought leadership we have demonstrated in operational technology, emphasizing its importance for security, have significantly contributed to our success.

Our next question comes from Junaid Siddiqui from Truist.

Just had a question. Ken, your SASE business continues to show a lot of momentum. Could you talk about how your sovereign SASE solution is tracking? How is it different from what your competitors are doing in that space? How important do you believe this is as a differentiator in enhancing your competitive advantage in SASE?

Yes, that's a great question. Thanks a lot. That's also kind of my thinking in early days. I do believe SASE long term, the service provider carrier will play a more important role, just like how they did like 15, 20 years ago in network security, but somehow, they're moving kind of slow in the last few years. That's the reason we started to launch our own SASE almost 2 years ago. But we do work with a lot of carrier service providers. They do start to launch their own kind of SASE service now, leveraging both their infrastructure and their close relations with local customers. So we do believe that will be the long-term trend because a lot of customers, if not most, are concerned about who will process their data and where the data is being secured and processed. That's where leveraging the local service provider kind of Sovereign SASE solution comes into play. That's why service providers, especially telecom service providers, love it a lot. Even they're a little bit slow on adopting all these SASE solutions there, but I do see the very strong demand for Sovereign SASE. That's one of the key advantages we have because we can have all the SASE functions in the same OS, which they can deploy locally, whether in their own infrastructure or sometimes in the customer's premises. So that's a huge advantage compared to some other SASE players. We do see that momentum starting to accelerate now, including the telecom area starting to also grow probably above average now. That's a strong area. I do believe probably in the next few years in the SASE market, Sovereign SASE can take almost half the market share compared to this global cloud-based SASE. So that's a long-term direction.

Our next question comes from Patrick Colville with Scotiabank.

Terrific. I guess, Ken and Christiane, I just want to circle back to the firewall upgrade comments. I mean very helpful disclosure that we're 40% to 50% through the 2026 upgrade cycle and that the 2027 end-of-life cycle is kind of lower throughput devices. I guess the question we're getting from investors in our inbox over the last half an hour is what should we be excited about beyond this upgrade cycle? What is going to continue momentum when these tailwinds, which are clearly benefiting numbers now and you guys are executing very well in a tough environment? But if we look beyond 2026 upgrade and '27 upgrade, what can continue this kind of rocket share momentum?

Yes, I believe the excitement will be the new SASE firewall. So it's very different than the traditional next-gen firewall. The customers do need new functions and also address the new infrastructure security need. So that's the huge opportunity and not just additional product but also additional services on top of that, giving them a securely whole infrastructure. So that's we're starting to train the sales force, train the partner, and also customer for this new SASE firewall solution, which provides them better security and also much better total cost of ownership.

And let me add to that. I think when we talk about the refresh cycle, we are only talking about the first refresh due to end of support. But as Gabriela pointed out, there's the COVID cycle as well that is not end of support yet, but is going to be 5, 6, 7 years out in a year or 2. So that with security and with the additional functionalities that are part of the firewall and also the additional network requirements that you have with running ChatGPT, AI, you name it, we believe there will be enough tailwinds for us to continue to grow.

Yes. I think to Ken's point, cloud services, that's growing really, really fast, and we view that as largely an incremental additional total addressable market for us. Like Ken said, it's what we have in SASE right now, and you can layer on additional cloud services over time. So that should be high growth. We really like our model of the common operating system between firewall, SASE, SD-WAN. We think the firewall market will continue to grow naturally as well, and we'll take market share there, too. We've got all these other additional growth drivers in terms of SASE and SecOps, which are new TAM and really becoming meaningful to our business and our high growth.

Yes. We may have discussed this refresh upgrade a bit too much since this device has been around for 12 to 15 years. At that time, our size was probably one-fifth or one-tenth of what it is now. Even with products being refreshed or upgraded every one to two years, the business impact has been minimal. What’s more important is that we take the opportunity to introduce customers to a new FortiOS and new hardware, allowing for upselling and cross-selling. The percentage of old devices that have been in use for 12 to 15 years is likely much less important than helping customers upgrade to the latest security infrastructure. The business impact of the old device also represents a much smaller percentage of our total business today.

Okay. Okay. Very helpful. And I guess, Ken, you've been a thought leader in security for many, many years. When we think about agentic AI security, I guess how are you thinking about that domain and Fortinet's position as a vendor that can help in agentic AI security?

Yes, I do believe, like I have been saying this for probably 10 years, whether the agentic AI or the device security starting to get more and more important than some human security, which people access. Right now, the device, even the agent probably already like 10x more than the people accessing all this information, Internet, and all the data there. So that's where we invest in this area for more than 10 years and have multiple angles to address the AI security, including agentic AI, including all these OT/IoT device security. That's where we feel there will be a huge market potential, but also kind of need to address this instead of bolt-on some of the old need to be integrated together. So, for example, whether agentic AI you want to check the identity or you want to check the access control, they need to be part of the infrastructure just like a part of the firewall, part of endpoint, part of the edge device instead of a separate solution. Once this solution is integrated together, customers have better management and also a better secure infrastructure to address all these agentic AIs, or smarter IT/IoT device security. That’s where the integrated solution addressing the whole infrastructure will be much better than a separate solution which bolts on some of the current solutions.

Our next question comes from Saket Kalia with Barclays.

Christiane, can you discuss what the upgrade cycle will look like this year, now that we are 40% to 50% through it? Earlier, we mentioned a number around 20% for intra-quarter. The main question is, what will the percentage be by the end of '25 for that cohort?

Good question. If you look at our updated guidance, you see that we believe there is strength in product for the rest of the year. Where we exactly end is hard to say because it's not only upgrade refresh products that we are planning to sell. But I think we will get through those cycles faster than we expect.

Got it. That makes sense. The follow-up question pertains to what growth might look like following the upgrade cycle. We're discussing FortiSASE and SecOps. Can we go over what percentage of the services revenue comes from those two areas compared to attached subscriptions? This mix shift is important, so any insights on where we stand in that transition within services would be helpful.

Mix shift between FortiCare and security subscriptions?

Yes. Well, maybe more specifically, attached sort of subscriptions and maintenance versus FortiSASE and SecOps. So maybe firewall versus non-firewall in more late terms?

The non-attached subscriptions are growing faster, for sure.

Yes. Also on the attached part, the service is also starting to have a higher percentage because we offer more service whether the SD-WAN, SASE definitely there's more service, more functions behind. So that's also starting at a higher percentage compared with the hardware. So that's both sides. There are some additional services like we launched the 3 FortiCloud services: FortiIdentity, FortiDrive, and FortiConnect. Those are new services on attached but there's also attached services which have a higher ratio percentage compared with the hardware side of it.

Our next question comes from Shrenik Kothari with Baird.

Can you guys hear me? All right. So just a quick question on the go-to-market. You guys have been pushing towards platform adoption and multiproduct. Can you talk a little bit about how the channel incentives are moving towards achieving your internal targets? I mean in terms of the rewarding models that are favoring platform cross-sell or pure volume. Can you just give us an update on what's been most effective in driving that? Where are the areas where you're still working on? Yes, I would really appreciate that.

Yes, traditionally, we are a company that focuses more on channels. However, in recent years, we've started to invest in direct marketing and direct sales, particularly with larger enterprises. The significant growth we are experiencing in big deals and enterprise sales, at rates around 40% to 50%, stems from our direct engagement approach and the promotion of integrated solutions, which involve selling multiple products together rather than just one. This approach requires training for both our sales team and our partners on how to effectively sell these integrated solutions, which include offerings like SASE, SD-WAN, and SecureOP. Additionally, this is linked to our AI initiatives, which we believe are an increasingly important part of our business. Even though we've only launched these products a few years ago, our AI-based SecureOP and offerings like FortiAI-Assist and FortiAI-Protect show promising benefits to customers, highlighting the value of our AI-driven operational center. Therefore, we see the combination of integrated solutions with AI-enabled SecureOP as a rapidly growing segment of our business.

And to answer your question on the channel incentives, they are exactly aligned around multiproduct. So we make sure that the channel introduces new products and for that, they get higher back-end rebates.

Our next question comes from Eric Heath with KeyBanc.

Can you hear me?

Yes, all good.

Great. Just come back to the comments on the refresh cycle one more time, and sorry for belaboring this point. But if I'm understanding this correctly, you've done well in excess of $100 million in refresh activity in the past 2 or 3 quarters, which would suggest product revenue, excluding this refresh benefit has been flat to negative in the last couple of quarters. So can you just help me understand why the underlying firewall demand isn't stronger?

I wouldn't characterize it as negative; it's ongoing and refreshing. However, since it represents a small part of our overall business, we provided additional billing guidance for the remainder of the year on top of our overachievement in the first and second quarters. We're optimistic about the market and the performance of our solution. We're not relying heavily on the refresh, as it's a minor percentage of our business. Our focus is on encouraging customers to upgrade, particularly to the new SASE firewall. The numbers we provide can sometimes be confusing, but our intent is to assist customers and partners in transitioning to the new SASE firewall without it having a significant negative impact on our business, especially since the older product has been in service for 12 to 15 years and comprises a small part of our total business.

Our last question comes from Andrew Nowinski with Wells Fargo.

I'm still a bit unclear about why services revenue growth is slowing down significantly over the last four quarters and looking ahead. Could you provide some insights into what is really causing this deceleration? Additionally, your Unified SASE seems to have a lot of momentum right now, so why would it remain flat sequentially in Q2? It appeared to be about $1.15 billion in Q2, which is the same figure you presented in your Q1 slide deck. I'm curious if you could explain why it would be flat sequentially, even though it increased year-over-year.

Go ahead, Christiane.

To address your second question first, sequentially, it's flat due to a number of products that have not shown growth or have only increased slightly, while Unified SASE has been performing well and is offsetting that impact. Regarding service revenue growth, we experienced significant deferred revenues from the COVID period that have now been recognized over the last couple of years, contributing to that growth. Currently, product and service revenue are aligning more closely with our billing growth. Therefore, we need to accelerate our growth, and we are planning to do so to enhance both revenue streams.

Yes, the service revenue in the service line has seen significant growth over the past few years. A few years ago, product revenue was growing by 30% to 40%, and in some quarters, even close to 50%. This growth drove the service revenue, as the average service term unit lasts about 29 to 30 months, which needs to be recognized over that 2.5 to 3-year period. Additionally, referring back to Slide #4, the SSE part of SASE is growing very strongly, especially with Unified SASE that includes SD-WAN. We already have good penetration in the enterprise sector, and customers are now starting to quickly adopt SASE beyond just SD-WAN. Therefore, growth remains robust. We believe we are the leading firewall and SD-WAN provider, and we anticipate being the top SASE provider in the coming years. We have a significant advantage in SASE due to our single OS and the ease of upgrading for our existing customer base, a benefit that other SASE players lack. Our infrastructure also provides us with a cost advantage, so these three advantages position us to be the leading SASE player in the near future.

This concludes our Q&A session. I will now hand it back to Aaron Ovadia for closing remarks.

Thank you. I'd like to thank everyone for joining today's call. We will be attending investor conferences hosted by Deutsche Bank, Citi, and Goldman Sachs during the third quarter. The fireside chat webcast link will be posted on the Events and Presentations section of our Investor Relations website. If you have any follow-up questions, please feel free to contact me. Have a great rest of your day.