Exhibit 1.01 to Form SD
Fortinet, Inc.
Conflict Minerals
Report
For the Reporting Period January 1, 2023 to December 31, 2023
This Conflict Minerals Report (CMR) has been prepared by Fortinet, Inc. (herein referred to, alternatively, as Fortinet,
we and our). This CMR for the reporting period January 1, 2023 to December 31, 2023 is presented to comply with the final conflict minerals implementing rules (Final Rules) promulgated by the Securities
and Exchange Commission (SEC), as modified by SEC guidance issued on April 29, 2014 and the SEC order issued on May 2, 2014. The Final Rules were adopted by the SEC to implement reporting and disclosure requirements related to
conflict minerals as directed by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 as codified in Section 13(p) of the Securities Exchange Act of 1934. The Final Rules impose certain reporting obligations on SEC registrants
whose manufactured products contain conflict minerals that are necessary to the functionality or production of their products. Conflict minerals are currently defined by the SEC as cassiterite, columbite-tantalite (coltan), gold,
wolframite, or their derivatives, which the SEC has currently limited to tin, tantalum and tungsten.
To comply with the Final Rules, we conducted due
diligence on the origin, source and chain of custody of the conflict minerals that were necessary to the functionality or production of the products that we manufactured or contracted to manufacture to attempt to ascertain whether these conflict
minerals originated in the Democratic Republic of the Congo or an adjoining country (collectively, Covered Countries) and financed or benefited armed groups (as defined in Section 1, Item 1.01(d)(2) of Form SD) in any of these
countries.
Pursuant to SEC guidance issued April 29, 2014 and the SEC order issued May 2, 2014, Fortinet is not required to describe any of its
products as DRC conflict free (as defined in Section 1, Item 1.01(d)(4) of Form SD), DRC conflict undeterminable (as defined in Section 1, Item 1.01(d)(5) of Form SD) or having not been found to be DRC
conflict free, and therefore makes no conclusion in this regard in the report presented herein. Furthermore, given that Fortinet has not voluntarily elected to describe any of its products as DRC conflict free, an independent
private sector audit of the report presented herein has not been conducted.
I. Company Overview
Fortinet is a global leader in cybersecurity solutions provided to a wide variety of organizations, including enterprises, communications and security service
providers, government organizations and small businesses. Fortinets cybersecurity solutions are designed to provide broad visibility and segmentation of the digital attack surface through our integrated Fortinet Security Fabric cybersecurity
mesh platform, which features automated protection, detection and response along with consolidated visibility across both Fortinet developed solutions and a broad ecosystem of third-party solutions and technologies.
II. Product Overview
Fortinets product offerings consist
of a core software platform, FortiOS which is delivered through appliances (FortiGate), virtual machines (FortiGate VM) and the cloud. FortiGate uses proprietary ASIC technology to accelerate performance. FortiGuard threat intelligence provides
services to the core platform.
The core platform can be extended into a security fabric which includes various additional offerings.
III. Supply Chain Overview
Fortinet outsources the manufacture
of its security hardware appliance products to a variety of contract manufacturers and original design manufacturers. Fortinet submits purchase orders to its contract manufacturers that describe the type and quantities of products to be
manufactured, the delivery date and other delivery terms. Fortinets proprietary FortiASICs, which are incorporated in certain of Fortinets hardware appliance products, are fabricated by contract manufacturers. The components included in
Fortinets products are sourced from various suppliers by Fortinet or more frequently by Fortinets contract manufacturers. Some of the components important to Fortinets business, including specific types of central processing units,
network chips, and solid-state drives (silicon-based storage devices), are available from a limited or sole source of supply. For purposes of this CMR, references to our products refer to our manufactured hardware products, and
references to our suppliers refer to our product suppliers.