The one million Fortinet devices that will reach end-of-service over the next two years make for a great opportunity to talk about next-generation threats and opportunities, the firewall company said again this week.

But financial analysts didn't like what they heard, and nor did the market.

Since November, Fortinet has told investors that customers with old devices represent an opportunity.

"Firewall upgrade discussions offer valuable opportunities to engage with both our customers and channel partners," said CEO Ken Xie on Wednesday. "By upgrading to our new generation SASE firewalls, customers gain enhanced security capabilities and benefit from our unified platform approach."

Shortly after Fortinet announced strong half-year results, its share price dropped by nearly a fifth in out-of-hours trading. Several investment managers downgraded the stock, citing the outlook for upgrades.

AI growth

That was despite Fortinet saying it had grown enterprise deals, measured as those worth more than $1 million, by nearly a third in the quarter. Fortinet also headlined a 22% increase in recurring revenue on SASE, and said it expected demand driven by everything from agentic AI to upgrades on equipment it sold during the surge in Covid-era WFH.

AI add-ons, for threat detection, securing infrastructure, and automating security tasks, were a fast growing part of its business, said Fortinet.

See also: Fortinet CEO boasts it was voted the “most trusted” cybersecurity firm. Don't die laughing

But money managers zoomed in on the devices for which support will be dropped by the end of 2027.

Morgan Stanley said there had been a "reset of expectations" on the firewall refresh; KeyBanc said it was worried upgrade revenues would not be as high as previously expected; and Piper Sandler said it was no longer confident in coming quarters.

Lower value in end-of-life

There are 650,000 firewall units that will be outdated by 2026, and another 350,000 that will reach end-of-life in 2027, Fortinet said, some as old as 15 years. 

The 2027 cohort is of lower value units, said Xie.

For the first time on Wednesday, Fortinet said it estimated it is about halfway through the upgrade cycle for 2026 – which makes the majority that remains non-enterprise, or at least lower-value customers.

Fortinet did not discuss how upgrade conversations have been impacted by its CVSS 9.8 authentication bypass vulnerability – or the half-dozen other vulnerabilities in its systems detected in the last year.

It did highlight what it said was sustained recognition in the enterprise space from third parties.

The link has been copied!