This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
Fortinet, Inc.
4/29/2021
Ladies and gentlemen, thank you for standing by, and welcome to the Fortune at Q1 2021 earnings announcement call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask a question during the session, you will need to press star then 1 on your telephone. Please be advised that today's conference is being recorded. If you require any further assistance, please press star then 0. I would now like to hand the conference over to your speaker for today. Peter Salkowski, Vice President, Investor Relations. You may begin, sir.
Thank you, Tawanda. Good afternoon, everyone. This is Peter Salkowski, Vice President, Investor Relations at Fortinet. I am pleased to welcome everyone to our call to discuss Fortinet's financial results for the first quarter of 2021. Speakers on today's call are Ken Zee, Fortinet's founder, chairman, and CEO, and Keith Jensen, our Chief Financial Officer. This is a live call that will be available for replay via webcast on our Investor Relations website. Ken will begin our call today by providing a high-level perspective on our business. Keith will then review our financial and operating results for the first quarter before providing guidance for the second quarter and updating the full year. We'll then open the call for questions. During the Q&A session, we ask that you please keep your questions brief and limit yourself to one question to allow others to participate. Before we begin, I'd like to remind everyone that on today's call, we will be making forward-looking statements, and these forward-looking statements are subject to risks and uncertainties, which could cause actual results to differ materially from those projected. Please refer to our SEC filings, in particular the risk factors in our most recent Form 10-K and Form 10-Q for more information. All forward-looking statements reflect our opinions only as of the date of this presentation and we undertake no obligation and specifically disclaim any obligation to update forward-looking statements. Also, all references to financial metrics that we make on today's call are non-GAAP unless stated otherwise. Our GAAP results and GAAP to non-GAAP reconciliations are located in the earnings press release and in the presentation that accompanied today's remarks both of which are posted on the investor relations website. Lastly, all references to growth are on a year-over-year basis unless noted otherwise. I'll now turn the call over to Ken.
Thank you, Peter, and thank you to everyone for joining today's call to review our first quarter 2021 result. We are very pleased with our strong first quarter performance. Building increased 27 percent to $851 million, driven by solid execution across a broad and integrated product and services. Secure SD-WAN contribute 14% to first quarter building. Total revenue growth 23% to $710 million, with product revenue growth of 25%, the highest quarterly product revenue growth in the last five years. With strong business momentum and good visibility, we remain focused on growth. In the first quarter, we released 40 OSM.0, which offered the industry's first OS level with tight integration of a broad security and network functions, including SASE, SD-WAN, Zero Trust Network Access, CASB, and 5G capability. Today, we are now the 40-Gate 7121F, the world's farthest next-generation firewall and the only firewall with hyperscale 400-Gate interface. The 7121F enables 5G mobile network operators to secure multiple edges within their infrastructure and enable MSPs to build up scalable security offerings. Powered by a new MP7 security process unit, the 7121X delivers security computing of 2X to 19X greater than competitive solutions. We continue to see momentum and adoption of our SD-WAN, CIC, and Zero Trust Network Access solution among the world's largest service providers. Today, we announced British Telecom, a new managed secure SD-WAN service powered by Fortinet. In March, Fortinet and AT&T announced the availability of a new managed safety solution for enterprise customers. Increasingly, organizations are consolidating towards a holistic platform approach, delivering integrated and automated security that cover on-premise network, endpoint, and cloud secure edge. The 49 Security Fabric is a cybersecurity platform organically built on a broad and a good set of networking and security technology designed to seamlessly operate together. The high profile of security incidents that occurred over the past few months, along with the pandemic, has elevated the need for a broad platform that can secure and enterprise our entire infrastructure across multiple edges in a zero-trust environment. We expect companies to increase the percentage of IT spending used for security in an effort to address their cybersecurity needs. Our security-driven networking approach is a key growth driver. Additionally, we expect that our significant organic product growth will lead Before turning the call over to Keith, I would like to thank our employees, customers, partners worldwide for their continued support and hard work.
Thank you, Ken. And to add to your comment, we should note that buildings growth, product revenue growth, and total revenue growth were each at five-year highs. Okay, let's start the more detailed Q1 discussion with revenue. Total revenue of $710 million was up 23%. driven by industry-leading product revenue growth of 25%. Product revenue growth was broad-based across geographies, security fabric products, and use cases, illustrating the market acceptance of our integrated single-platform security strategy, customer demand for security across our entire infrastructure, and the diversity of our customer base. Product revenue growth was over 30% for both infrastructure and cloud fabric products, and all three geographic regions increased 20% or more. Demand for security fabric products was strong across all form factors, hardware, software, and virtual machines. The growth we experienced for product revenue was not the result of a few large deals, low backlog, or higher channel partner inventory levels. The product revenue growth also enables increases in services billings and future services revenue. In the first quarter, service revenue of $470 million was up 22%. Support and related services revenue increased 23% to $214 million. Security subscription services revenue increased 21% to $255 million, benefiting from outsized growth from our cloud provider and SaaS security offerings. Moving to the mix of FortiGate and non-FortiGate platform revenue, The FortiGate segment of the fabric platform saw revenue increase 17%, driven by demand for entry-level and high-end FortiGate products. High-end includes 10 new NP7-powered FortiGates that were introduced in the past year, which includes today's announcement of the 7120F. These new products now represent approximately 20% of high-end FortiGate shipments. Our ASIC-driven FortiGates give customers five to ten times more computing power than firewalls that run on common CPUs. The advanced computing power creates not only speed, but also the capacity to continue to add functionality to our operating system, driving our price for performance advantage. The non-FortiGate segment saw revenue grow over 40%, and now accounts for 31% of total revenue, up four percentage points. The integrated security fabric solutions consist of a complete range of form factors and delivery methods, including physical and virtual appliances, cloud, SaaS, and perpetual software, as well as hosted and non-hosted solutions. Together, they provide a range of security solutions and form factors, enabling integrated protection for hybrid environments and the expanding digital attack surface from the data center to the endpoint to the cloud. Given the strong first quarter performance, excuse me, revenue performance, we believe our non-FortiGate platform is now on a pace to be a $1 billion business this year, representing an acceleration of this milestone. Let's turn to revenue by geographies. Summer is on slide five. Revenue in the Asia-Pacific area increased 26%, and media revenue increased 25%, and the Americas posted revenue growth of 20%. As I mentioned earlier, all three regions experienced product revenue growth of 20% or more. Moving to billings, the first quarter billings were $851 million, up 27%. We saw strong growth in both the FortiGate and non-FortiGate segments of the security fabric platform. The FortiGate segment delivered billings growth of 20%, accounting for 70% of total billings. As shown on slide 6, entry-level FortiGates posted very strong billings growth in the quarter. The non-FortiGate segment accounted for 30% of total billings and delivered billings growth of 50%. driving a four-point year-over-year mix shift to non-FortiGate. Taken together, these data points highlight the market acceptance of our single integrated security platform strategy. In terms of building growth by GOs, APAC outperformed all GOs, followed by Europe and the Americas. In the Americas, Canada had a very strong quarter, and Latin America rebounded from the pandemic-induced slowdown posted buildings growth in the mid-20% range. Moving to buildings by customer segments, the small enterprise segment posted solid growth across all geos. This segment is driven by new customer acquisitions, customer security fabric expansions, solid execution by our channel partners, and the large diverse makeup of this international customer segment. At the same time, we saw strong growth in our larger deals. The number of deals over $1 million grew 74% to 66 deals in the first quarter. The pipeline for deals over $1 million looks good for the remainder of the year. As Ken noted, secure SD-WAN billings were 14% of total billings. SD-WAN is a key functionality in an integrated SASE solution. Moving to worldwide billings by industry verticals, with another strong international performance, the worldwide government sector topped all verticals at 19% of total billings and was up 60%. Service providers and MSSPs accounted for 16% of total billings. The rebound for education accelerated, with buildings' growth of 50%. Retail turned in a solid quarter, with buildings' growth of 21%. A strong and consistent buildings and revenue performance over the past several years is testament to our geographic and customer diversity, the growing success of the single integrated security platform strategies, And our ASIC advantage, which enables a shared operating system across the security fabric platform, drives our price or performance advantage, increase the capacity to add features and functions while maintaining price points. Moving back to the income statement, as shown on slide four, total gross margin improved 10 basis points to 78.9%. Product gross margin improved 120 basis points to 62.6%, benefiting from lower direct product costs. The increase in product gross margin offsets the drag on total gross margins from the revenue mix shift driven by the strong product revenue growth and a gross margin FX headwind of about 25 basis points. Operating margin for the first quarter increased 210 basis points to 24.5%, benefiting from the strong revenue performance in the quarter. The benefit from lower travel and marketing program expenses of approximately 100 basis points It was more than offset by an operating margin headwind from foreign exchange of about 150 basis points. To end the quarter, we ended the quarter with a total headcount of 8,615, an increase of 16%. Moving to the statement of cash flow, summarized on slides 7 and 8. Free cash flow for the first quarter came in at $264 million, up $22 million from the first quarter of 2020. despite a $24.5 million year-over-year increase in CapEx spending. The end of the year with total cash and investments of 3.1 billion, an increase of 1.5 billion. The increase includes the proceeds from our $1 billion investment grade debt issuance during the first quarter. The issuance followed our inaugural strong BBB credit ratings. Throughout the pandemic, we have leveraged the strength of our balance sheet as a competitive advantage to support our partners and customers as they experienced geospecific economic challenges. As a result, day sales outstanding increased seven days to 81 days, in line with our expectations and reflecting our earlier decision to provide geographically targeted extended payment terms. Compared to the fourth quarter of 2020, DSOs in the first quarter of 2021 decreased six days as we saw early progress towards returning to pre-pandemic payment terms. Inventory returns declined to 2.1 times from 2.5 times, reflecting efforts we took to mitigate supply chain risk, including increasing our inventory levels starting earlier in 2020. We expect extended payment terms and higher inventory balances to be in effect as we move through 2021. Capital expenditures for the first quarter were $52 million, including $38 million related to construction and other real estate activity. We expect to begin moving employees in the new Sunnyvale campus building in the middle of the year, although the timing will depend on local pandemic protocols and employee safety considerations. We estimate capital expenditures for the second quarter between $30 and $40 million, and for all of 2021 to between $150 and $170 million. The average contract term in the first quarter was approximately 27 months, up less than two months from the first quarter of 2020, and down approximately one month from the fourth quarter of 2020. Secure SD-WAN accounted for 15 deals over $1 million, versus four in the first quarter of 2020, and contributed to the increase in average contract term. As we look forward, our goal remains to balance growth and profitability. And given the growth opportunities we highlighted during the March Analyst Day, and as confirmed in our first quarter results, we have tilted our bias towards growth for at least the next several quarters. The opportunities we see are supported by a strong pipeline, increased sales capacity, and our development efforts, which include the MP7 chip and our new 40OS 7.0 operating system that was recently released. Now I'd like to review our outlook for the second quarter guidance, summarized on slide nine, which is subject to disclaimers regarding forward-looking information that Peter provided at the beginning of the call. For the second quarter, We expect billings in the range of $860 to $880 million, revenue in the range of $733 million to $747 million, non-GAAP gross margin of 78.5% to 79.5%, non-GAAP operating margin of 24.5% to 25.5%, which includes an expected 100 to 150 basis point headwind from foreign exchange, non-GAAP earnings per share of 83 to 88 cents, which assumes a share count of between $168 and $170 million. We expect a non-GAAP tax rate of 21%. Before raising our 2021 guidance, I'd like to congratulate every member of the Fortinet team for the truly outstanding start to 2021. With that, for 2021, we expect buildings in the range of $3 billion, $685 million, to $3 billion, $745 million, which at the midpoint represents growth of approximately 20%. Revenue in the range of $3,080,000,000 to $3,130,000,000, which at the midpoint represents growth of approximately 20%. Total service revenue in the range of $2,020,000,000 to $2,050,000,000, which represents growth of approximately 21% and implies product revenue growth of approximately 17%. Non-GAAP gross margin of 78% to 80%. Non-GAAP operating margin of 25% to 27%. When backing out the 2020 T&E benefit, the midpoint of the guidance represents a 50 to 100 basis point increase in 2021 operating margin, despite an expected headwind from foreign exchange. Non-GAAP earnings per share of $3.65 to $3.80, which assumes a share count between 170 and 172 million, and about $0.07 per share impact from the debt issuance. We expect our non-GAAP tax rate to be 21%. We expect cash taxes to be approximately $80 million. And along with Ken, I'd like to thank our partners, our customers, and the Fortinet team for all their support and hard work during these difficult and unique times. And now I'll hand the call back over to Peter to begin the Q&A.
Thank you, Keith. As a reminder, during the Q&A session, we ask that you please limit yourself to one question to allow others to participate. We've got an entirely large queue today, so I'd like to get through everybody at least once. Talanda, please open the floor for questions.
Thank you. Ladies and gentlemen, as a reminder to ask the question, you will need to press star then one on your telephone. To withdraw your question, press the pound key. Our first question comes from the line of Rob Owens with Piper Sandler. Your line is open.
Great, and thank you for taking my question. A lot of other verticals in the media seeing issues with chip shortages and some supply chain issues. Is that starting to sneak into the security market relative to firewall appliance shipments? And can you talk a little bit about your potential exposure? Thanks.
Well, I think the chip shortages, this is Keith, Rob. I think the chip shortage that you point out can touch a lot of different industries. I think one thing about Fortinet, in addition to having different form factors, is these inventory balances that we carry. You know, at two times inventory turns, you're looking at basically six months of inventory that we're carrying on our balance sheet. I do expect that the supply chain issues will be something, particularly as it relates to chips, that will be a constant conversation point throughout 2021 and into 2022. But I think in terms of when we sit down and talk about our expectations for the year, I think we have a pretty good understanding of how to work that in.
Thanks, Keith.
Thank you. Our next question comes from the line of Brian Axis. with Goldman Sachs. Your line is open.
Great. Thank you, and thank you very much for taking the question. You know, Ken, I was just wondering, you know, Dylan's commentary, worldwide government up 60%, some really nice, you know, acceleration there. And then MSSP and service providers still 16% in total. Maybe if you can talk about, obviously we know what the secular drivers in MSSP are. How durable is that, you know, maybe the factors that are driving that acceleration in government spend? And then maybe talk a little bit about, particularly on the service provider side, it doesn't seem as though we're seeing an acceleration from 5G and IoT yet. You know, who are the buyers there? How do you anticipate that that segment will play out through the rest of the year as you look, you know, as you look to work your way through the remainder of the year?
Yeah, the carrier and a lot of service provider starting kind of reshaping their their weather security network offer, whether with 5G, SD-WAN, all the SASE, and also supporting work from home, kind of seeing the early stage, I put it this way. So that's where we're working more closely with all the service providers, like the BT we announced today, the AT&T we announced last month, and pretty much all the service providers to support in all this shifting of the business model. And I'd say it's still early stage, but we do involve a lot of testing And at the same time, I do believe eventually the service provider business will go back up to the number one. It tends to be like a high 20, like back four, five years ago. But it's because it's a new kind of shifting, so they do have a some work to do and also some big investments we see going forward. So we're working together with them to keep growing these business right now.
Got it. Very helpful. Thank you. Thank you.
Thank you. Our next question comes from the line of Jonathan Ho with William Blair. Your line is open.
Good afternoon. Congratulations on the strong quarter. I just wanted to get a better sense of what you're seeing in terms of demand for the SASE and vTNA-oriented products. And have you seen that pipeline sort of continue to rise, especially as we look at sort of replacements for the traditional VPN connections and other sort of more legacy technologies? Thank you.
It's a new, fast-growing market, but also they probably replaced some of the traditional approach, but some other traditional approach also expands inside campus, inside enterprise, inside the data center. So it goes through the internal segmentation. We do believe, like we said a few years ago, it's the best position probably for the service provider carrier. So we tend to be more working with them, partner with them, and also offer kind of more tight integrated solution, like we said in the 40OS 7.0 is really integrated into OS level inside of some different vendor using different box or even kind of a different infrastructure to do that. So that's actually working much better with the weather service provider with the customer directly. So that's where we do see there's some fast-growing going forward, but it's just part of the whole infrastructure solution will not replace the traditional approach, but also the whole thing is secure. It's more dynamic space. There's a new thing come up, and also the that also not goes away. So that's what we try to address is a new chain at the same time, keeping at hand the traditional solution and to supporting the customer in all different vertical different regions. Thank you.
Thank you. Our next question comes from the line of Ben Bolin with Cleveland Research. Your line is open.
Good evening, Ken, Keter. Keith, Peter, thanks for taking the question. I was hoping you could talk a little bit about how you see customer discussions changing or evolving as they contemplate and start to return to their offices and to work. And then I'm also hoping you could touch on how you view the growth opportunity over time from completely new customers versus wallet share expansion with your existing customers. Thanks.
The customer defense view of security is starting to become more and more important, but also they need to cover much broad infrastructure and all edges instead of the traditional secure, whatever the border or the data in and out of the company. So that's more device, more user, more infrastructure need to be covered. So it's not a simple refresh. It's really changing to the whole infrastructure approach. and also working together with traditionally like different vendor cover whether networking or endpoint or some other part of security. Now they're looking for some consolidation and they prefer vendor have a multiple cover of a different part of infrastructure working together. So that you can see that the February approach we did a few years ago started doing quite well and almost pretty much every quarter doubled the growth compared to the the traditional network security. But on the network security, we also see very healthy growth. And it's really not just expanding beyond the traditional border security approach, but also because the ASIC advantage, which increased the secure computing power five to ten times compared to the other vendor software load on the traditional CPU. So that's able to add more function and also kind of increase the performance, lower the cost, and also a lower power consumption, more green. So that's actually making this, like, the product growth, like we said, keeping us, keeping doing better and better. And we do see this whole infrastructure approach will keep going for the next probably a few quarter, even to a few years. and the consolidation will keep going within the industry.
Yeah, Ben, just to continue on with Ken's comments, I think the headline that he's talked about previously is that back-to-work really, the combination of back-to-work and many companies being in a hybrid model, that the attack surface now seems to be permanently expanded for many, many companies. In terms of growth and how we see it with new logos and expansion opportunities, We easily add several thousand new customers every quarter. But if you look at the mix of billings, the mix of billings is going to come from our installed base of customers, if you will. And I think the simple model to look at is from that initial sale of perhaps a firewall or something else, there's two different ways to expand. One is finding more and more use cases inside organizations for firewalls and increasing the displacement opportunities. And then the second is, and this is where Ken was going, is the expansion opportunity with those non-FortiGate fabric products. And what we're seeing there with that mix shift from FortiGates to non-FortiGates and now being 30% of our business or 31% of our business, I think it's taking as one, affirmation of the strategy, and two, you're seeing it in the numbers. Thank you.
Thank you. Our next question comes from the line of Tal Laney with Bank of America. Your line is open.
Hi, guys. I'm going to take you to the basics with my question. Last year was strong and there was some concern that the firewall market is being driven by COVID-related demand just because of work from home. And the question is whether you expect any slowdown of demand related to the anniversary of the trends last year. And the second question is your non-FortiGate grew extremely strong again. If you can take us through the basics, what are the products that are growing there? Just what are the trends and what do you bring to the market? Thanks.
I can take the first part. Maybe Keith's got the second part. I don't see any slowdown even for the FortiGate side. We're keeping gaining market share, like I said, because there's a fundamental, like, technology architecture difference, which with the fact that 10 times the computing power compared to our competitor, we can easily add a function performance. And even for work from home, it's more like one single 4G bus can replace, like, three, four different bots from an operating side, security side, like, all these parts, and also, like, managed home Wi-Fi and the traffic there. So that's also a lot of companies also starting to do this kind of expand the branch to the home, call the home branch or whatever, to meet working standard, like a better networking, reliability, security to the home environment. So that's also needed as a solution. That's also one of the reasons we see some of the low onset and keeping grow pretty fast. work from home actually help in driving some of these . But also going forward, whether the service providers are moderate, I have to say most enterprises are not even kind of changing much of the infrastructure to adopt this more work from home yet, and they are still in the early stage. So we do see there's a big potential going forward.
Yeah, that's all. Well, it's a little tough for me to look back at the second quarter of last year and where the buildings growth was and the product revenue growth and think that I was getting, I didn't feel like I was getting a tailwind from VPN or something like that in the second quarter of last year. That said, I think we're very pleased with how the year continued to play out and the growth numbers that we've provided. I don't know that early on in the stages of work from home, but that was something that necessarily Fortinet participated in to the same level that maybe some of the other firewall vendors did. And in the second part of your question, You'll be glad to know that Ken and Peter and I sit down every quarter and look at the non-FortiGate products and try and find the one that's really distinguishing itself. And we keep coming to the same conclusion each quarter. It's a rising tide that's lifting all boats. It's not that any one product is really standing out more so than the other, you know, over an extended period of time.
Yeah, the key is refuse. Yeah, it's really because most of the product we develop internally from day one. It's making integrate operate together. So that's probably the key number one reason customers want to buy it is they try to consolidate, make it easy to manage. It's different than some other company. When they acquire some product or company from outside, it takes a long time and more difficult to integrate. So we have internally developed from day one. We make it working together.
Right. So my question was much more basic. What are the key products that are driving up the growth of non-forti-gate? So we know it's one of... SD-WAN. What else?
SD-WAN actually is a part of FortiGate. So we don't call SD-WAN as a non-FortiGate, but we have like 20, 30 different products touching all parts of the infrastructure. And like Keith said, it's difficult to point out which one is really, yeah, it's pretty, pretty, like Keith said, the tie with the whole thing.
at it. Thank you.
Thank you. Our next question comes from the line of Sterling Artie with J.P. Morgan. Your line is open.
Yeah, thanks. Hi, guys. I wonder if you could help me better understand the disproportionate improvement that you saw internationally, especially in EMEA relative to the improvement you saw in the U.S.?
I think similar like we come in the last couple quarter is a photo that the pandemic, once things start to get improving, they also try to think about how to go back to work on some other investing infrastructure since we'll be starting to grow. So that's where like APEC and Miracle are a little bit faster, but you guys catch up rather quickly.
Thank you. I'll just add on to that, Sterling. I think the, certainly for us, the markets are somewhat different. And maybe that comes into play a little bit. The European, the international part of the market, we are oftentimes, you know, have the number one market share with the incumbent. And particularly during the pandemic, I think incumbents had an advantage. I think in the U.S., perhaps we're a bit more of a challenger, if you will. And I don't know that, you know, a lot of CIOs and CISOs were focused on firewall refreshes in the second quarter and third quarter of last year and going through competitive dynamics. And I think there's also a bit of the partner ecosystem. You know, when you're the incumbent, you probably have more mind share with the partners than when you do with the challengers. Now, having said all that, as we look forward and we look at our pipeline, particularly as it relates to the United States, you know, as we go into the second quarter here and through the rest of the year, you know, I think we're feeling very good about the direction that that organization is headed.
Yeah, we also will keep investing more into the U.S. for supporting for the growth like we did for the PGA sponsorship and some other things. I think we'll be helping drive the growth in the U.S.
Got it. Thank you.
Thank you. Our next question comes from the line of Gray Powell with BTIG. Your line is open.
Okay, great. Thanks for taking my question and congratulations on the good numbers. So, yeah, maybe to follow up on the SASE side of the business, how quickly should we think of Billings Growth ramping on the 40 SASE products? And then I don't want to get too aggressive, but could it potentially have a similar ramp to what you saw in 2018 and 2019 with SD-WAN back when that product was just getting started? Yeah, just how should we think about just the overall upsell there? Thanks.
I also have to say a little bit similar question. We're also kind of looking at different market study and also what's the best model to do this with the partner together. I feel maybe similar like SD-WAN, but also SD-WAN is a part of the SASI solution and also SASI including some other function there, which we also want to have like a better integration and a better performance and easy to manage. So that's where we take some time to really launch our SASE and also more closely working with our partner to do that. But the market is definitely growing, but we're also closely watching what's the best way to position ourselves to catch this trend.
Okay. Thank you very much. Thank you.
Thank you. Our next question comes from the line of Shaul Yao with Cohen. Your line is open.
Thank you. Good afternoon, gentlemen. Congrats on a strong performance. Keith or Ken, historically, the refresh cycle concept used to provide some disruption at times. I would even say some noise around specifically for in its business. It would appear that over the past probably 18 months or so, there's less discussion and focus around it. Do you think that 4NET is gradually shifting away from it? Or is that there's so many concurrent internal refresh cycles given the broadening of your platform that it is becoming less of a relevant issue? What's the thinking about it?
I probably hesitate to use the term refresh compared to last time. You can see that 2012, 2013, and that's where the next-gen firewall replacing the traditional firewall VPN, which with next-gen firewall has some intrusion prevention antivirus or other function there proxy. But this time, it's expanding to a much broader, bigger infrastructure, both go internal, inside the company, and also go to the outside company, the one side, even expand work from home. So it's more kind of expanding, and at the same time, different part of security also need to be more working together. So that's from company IT side. if they can consolidate and help them to manage and integrate automate will be important. So that's where, like I said, there's more device, more people connected, and also a little bit more trust environment. So this time it's a little bit different. That's where making like a very broad integrated approach I feel is more important. And at the same time, supporting whether the new technology, whether 5G and also kind of a service model also will be important. But we also feel once the product is in the customer's hand, because of the huge computing power capability, we can also add additional service and keep helping customers adopt the new things they need, also working with service provider. So that's also kind of keeping the business, keeping growing. I think you probably have some.
Yeah, Shell, I think you and Ken are kind of touching on the same thing, which you made a reference to. I would say it this way. It's going to get harder and harder, I think, to discern industry refresh cycles compared to where it was maybe five or six, seven years ago for a number of reasons. One, the firewall vendors are simply larger. Their footprint is much, much bigger than it was before. Secondly, you have some of us who are showing success in the platform strategy you know, when 30% of your billings are coming from the platform, again, to your point, it's going to get a little harder to discern it. And the sheer size, if you will, of the footprint in terms of customers, but also the number of different use cases that are starting to evolve and continue to evolve inside those organizations, I think all that comes together, it's going to get murkier and murkier as you go forward to find a refresh cycle. You may have some individual competitors that maybe have very, very large price points for machines or something like that, where they have their own internal refresh cycle that you may see some noise around. But that's really not the Fortinet approach for firewall refreshes.
Yeah, yeah. To put it another way, the traditional firewall, all the way they, where they've been deployed is not going away. They also kind of every five years probably need to be upgraded to the new model to match networking speed or some other one. But they also expanding beyond that one. and also need to be working in that part of security infrastructure. I'll put it this way.
Understood. Thank you so much. Well done. Thank you.
Thank you. Our next question comes from the line of Adam Tindall with Raymond James. Your line is open.
Okay, thanks. Good afternoon. Maybe one for Keith. You talked about this being a year to invest for growth. Your Q1 results clearly say that's working. Billings growth in the high 20s at a scale approaching a billion, and doing that with healthy profit is pretty unique. So for my question, I was just wondering at this point if you evaluated whether to lean even more on growth given the early results that you're seeing, and if you could maybe touch on the logic of why not. Are there diminishing returns above this level? Is this something you'd consider re-evaluating as the year progresses?
Thank you. Yeah. Adam, it sounds like you're listening in to some of the conversations that Ken and I have with our respective points of view, I think. I think, look, we're really pleased with how the business executed in the first quarter, you know, putting up 20%, 27% buildings growth and being, you know, 11 or 12 points above and then raising, you know, to 22%, you know, three and a half points on the buildings line for the year, probably for the quarter, and then taking the year up at the same time by about four points. You know, I think the level of execution is shown to be very, very high and the level of success with the firewalls and the non-FortiGate products have been, we're very, very pleased with what's happening there. You know, I think we'll see how this year plays out. We felt that there were tailwinds coming into the year for us in a number of different ways, you know, whether it was GDP, whether it was stimulus, whether it was the product suite that we had or our sales team's ability to execute. And let's see how we do as we continue on this trajectory hopefully for the rest of the year.
Thank you, that's fair, and I'd love to be a fly on the wall for those conversations.
Thank you. Our next question comes from the line of Andrew Nowinski with DA Davidson. Your line is open.
Great, thank you, and congrats on another great quarter. I wanted to ask about the partnerships with some of the MSPs that you mentioned, AT&T and BT. You know, those have been historically strong partnerships for Zscaler, so I'm wondering, Do you think you're eating into Zscaler's mind share at those partners, or are they just trying to offer their customers maybe another SASE offering?
Like I said, in the last few years, from some point we moved Zscaler as one of the service providers, could be partner. But also some of the telecom companies, they do have their infrastructure and also some of their customer base, which we have been working with them for a long, long time. So it's that once, especially during the pandemic, IT is putting high pressure to supporting whether internal or some other need. I think that's where SASI offers sort of more service-based approach, which also kind of adopt by some customer or service provider quickly. So that's where we also leverage our kind of a relation with the partner and also our product technology advantage and offer much tighter integrated SAS Zero Trust Network solution. So some bigger carrier partners, they like it a lot, I put it this way. So that's what we'll continue to work with them. So I do believe that the business in the carrier service provider will be go back to the number one, like we are a few years ago, the high 20. But it's also have to work in closely with a partner and also some other infrastructure, new infrastructure, like I mentioned, whether the IC1 and the 5G or some other like lot of IoT or even maybe 6G or some other things. I think that there's a lot of potential working with all kind of service provider to keep expanding the security business together.
It sounds like it. Thanks a lot, Ken.
Thank you. Our next question comes from the line of Irvin Liu with Evercore. Your line is open.
Ken, congrats on the great quarter. You previously identified continued expansion into large enterprise as a key contributor to growth and share gains. Can you talk about whether this was a factor in your Q1 outperformance? And also, can you also talk about any key differences when selling to large enterprises versus SME, SME customers, for example, the go-to-market motion and or timetable required to close a deal? So any color here would be helpful. Thanks.
I think we tried to give a little bit of color on that in the script, and I've used the term before, the growth being bookend, if you will, through the pandemic quarters where SMB did well. And I think we provided some metrics there about large deals, deals over a million dollars, which we think is a pretty good proxy for the success that we're seeing in the enterprise. I do think also the mid-segment is coming online for us a little bit stronger than maybe we saw in 2020. I continue to believe that 2020 was an unusual year, both geographically and across customer segments. In terms of the cadence, in terms of how to sell the enterprise versus SMV, I would say absolutely. You make a large investment, and it plays very well with the channel partners. There's no doubt about that, the MSSPs, the carriers, et cetera. And those channel partners oftentimes, particularly distributors, play a role in the enterprise. But to be successful there, you absolutely have to have a direct sales force that is helping to bring deals to those channel partners. And I kind of made a comment earlier about incumbency versus challenger. I think that's perhaps even more important in a geography where you're the challenger and you're trying to get mindshare from some of those large key resellers that are linked together. with some of the legacy firewall vendors. I mean, you've really got to partner with them to bring deals to them and convince them of that strategy. And I think we're starting to see that traction take hold for us. Got it.
Thank you.
Thank you. Our next question comes from the line of Fatima Ulani with UBS. Your line is open.
Good afternoon. Thank you for taking my questions. Keith, for you, I was hoping you could – Share some more details around the expectations of the SD-WAN mix that you have embedded in your guidance. How should we think about that? And certainly, how are you thinking about it? And where are the incremental areas of budgets or dollars and ultimately share gains within SD-WAN slash SASE going to come from between the carrier market as well as the enterprise DIY market?
I think in terms of SD-WAN, the way we go about budgeting, we would describe SD-WAN as you've heard us before. SD-WAN is a use case for the firewall, similar to OT, micro-segmentation, zero-trust, etc. We're not necessarily prone to building our models, if you will, by use cases for the firewalls, nor similarly necessarily by products. We do look at our pipeline, and we do a 10-day check against gardener projections for growth and things of that nature to make sure that we're in the range, if you will. So I would expect that. The other comment I would offer is Ken's been quite clear for setting the goal early on that he wanted SD-WAN to be 5% of buildings. And we got there, and he moved it to 10. And we got there, and now he's moved it to 15%. So it's a little bit of who moved my cheese, I guess, with Ken. in terms of setting goals for us, but that's fine. We like that. And I think you really kind of answered your own question in terms of growth investments, where we would spend money. I think the carrier service provider opportunities for both SD-WAN and SASE are key areas for those investments, but I'll hand it back to Ken.
Yeah, we do believe SD-WAN will be a bigger long-term market, and we want to be the number one. And also, like... We do see a lot of potential, even this work from home, a lot of enterprise try to do, a lot of service providers try to support in still very small percentage, very early stage to use in the ICD-1. So that's where, and also we have huge advantage using our ISOC4 chip to support in this like one box solution. which has about 20 times better performance and much lower cost compared to the second nearest competitor. So that's where it's a huge opportunity with the best technology and working closely with a partner to keep it growing at SD-WAN. So we do see there's a huge potential, and we also target to be the number one soon.
Thank you. Our next question comes from the line of Hamza Farawala with Morgan Stanley. Your line is open.
Hi, guys. Good evening, and thank you for taking my question. I was wondering on the core sort of firewalling side, you know, how much of the demand are you seeing come from use cases around micro-segmentation, you know, particularly given some of these recent cyber attacks?
We do have a lot of... asking about how to secure internally, whether within a campus and a company or within a data center. But I have to say, security still need much more computing power to process the traffic compared to the opt-in switching. My estimate probably like easily 30, 50, even 100 times more computing power is needed. That's where if we cannot solve That speed issue or some other kind of managed deployment issue is still more difficult. That's also the ASIC has more advantage, like a five to ten times better performance computing power and the cost are lower than other software on the approach. So it's a lot of requests, but I have to say it's not many solutions can meet some of the requests because internal whether we're in a campus or in a data center, the network speed tends to be easily 10 to 100 times more faster than the one approach, I mean the one connection. So that's where we're working with whether the customer or the partner directly and also combine both the one security and the LAN security and the whole infrastructure security is more important. is today work from home with what they call the zero-trust network access. It's like you have to be making the whole infrastructure secure. So it's basically a huge market potential for the internal segmentation inside data center of campus security, but it's also a challenging job to meet the speed requirement compared to networking and also make sure they can easily deploy and easily managed.
Thank you for the call. Thank you.
Thank you. Our next question comes from the line of Saket Khalil with Barclays. Your line is open.
Okay, great. Hey, thanks for taking my question here, guys. Keith, maybe for you, just going back to the non-forti-gate part of the business, do you see any trends in perhaps market segment or geography that is adopting non-forti-gate at higher rates? And I only ask that because with the growing enterprise business, with your growing enterprise business, that is, I would imagine more of the enterprises would maybe be more willing to work with multiple specialist vendors. So is the non-FortiGate part of the business perhaps more weighted towards the mid-market or perhaps international? And relatedly, you know, just kind of broad brushes, how is that non-FortiGate business sort of split between product and services? Sorry, there's a lot there. Does that make sense?
Yes, there is a lot there. And depending upon my answer, we'll know if it made sense. How's that? Look, I don't think the product-service mix between... We've talked about it previously. The FortiGate versus non-FortiGate... The product-service mix is not different in any meaningful way, if you will, when you look at the mix. And again, we're selling solutions, so you're typically bundling that with a firewall sale. To see the non-FortiGate billings, you know, growth at that 50% number and seeing the mix of the business, I think, may have obviously... makes us very excited. It's actually a little bit counterintuitive in terms of where it sells. For the last several quarters, the Americas has done very, very well with selling the fabric. And I've been on phone calls with very large enterprises that want to know much more about the fabric now that they've become comfortable with the firewall. I probably went into those conversations, Sokka, with much the same expectation that you perhaps described, which is, That may be something that plays more to the SMB part of the business or the mid-enterprise, and I do think it does. I do think the enterprise willingness, and in the U.S. to see the enterprise willingness to engage on the fabric is probably a sign of a number of things. One is, at the end of the day, everybody's got a budget, and this is a more cost-effective way to go about doing it. You can manage your infrastructure much easier, perhaps, with a single-vendor strategy than you might otherwise. And I think the common operating system with it running on or being integrated to OS 7 is something that's very exciting. And then you start talking to the division about, you know, a SASE offering that's running on an integrated OS 7 system as well. So I gave you a lot there, but to give color to it, I think the long-winded response would be it has not shown to be unique to a size of customer or to a geography.
That makes sense. Thanks, Keith. Thanks, Keith.
Thank you. Our next question comes from the line of Keith Backman with Bank of Montreal. Your line is open.
Thank you very much. I'm going to follow on Socket, and I have one question to keep within Peter's rules, but I'm going to break it into a couple subparts on the non-FortiGate side as well. I wanted to break it into, A, is there anything over the next 12 months that you look at that you think in particular is interesting or exciting? Keith, is there anything you could break out on attach rates, where you currently stand on the non-FortiGate side to attach rates? It would seem to me that there's still a hell of a lot of room to run there, just if you look at your installed base for some opportunities, and then see if you think about if you had to partition the non-FortiGate into cloud and non-cloud. In other words, there's a lot of, I think, the FortiGate products that are relevant to on-premise situations versus cloud. But is there a way to just kind of break it out in percentage dollar-wise, you know, 50% of it's aligned to on-premise deployments versus 50% is cloud deployments. Is there any way to break that out in the non-40-gate side in particular? Thanks very much.
We are charging by the question, I think, as we go forward, Keith. Then I'm broke. Yeah, I think there was a, I'm going to leave the tough question or the fun question for Ken at the end, which is, if you look at over 12 months, what's going to take off in non-FortiGate? Keith, I would probably point you back to, if we didn't do it in the analyst day in March, we did do it in the analyst day in November of 19, where we gave some breakdown of the fabric products between what we call cloud and what we call infrastructure. And you can think of that as being hardware, and that'll kind of help answer your question there. I think when you use the term attach rate, we may use the term penetration rate, and by that is, you know, for a customer that's a firewall vendor, how many, you know, as you start looking at your expansion opportunity to keep inside these customers, what type of penetration are you seeing and how are you going to market, if you will, and encouraging the sales team and the marketing team to whatever that number is, increasing the penetration. And I would say that's something that's really been an area of focus, I would say, for us more recently over the last couple of quarters, And I think that's really at the moment more of a, we're pleased with it, don't get me wrong, but I think right now that's more of an internal metric that we're using with our sales team and our marketing team, and to some extent with our engineering team.
Yeah, great. I think also, I probably not to the detail, not to the number, so far the non-forti-grade almost double the forti-grade growth in the last, I don't know, a few years, right? So I don't see any change in the trend right now. But definitely from a customer angle, we also asked what's the reason that they really need to be more consolidated, make the whole infrastructure, manage working together, all these kind of things, which are working quite well with us because we design the product of the Nanogate working with FortiGate from day one and then making the whole fabric working together to integrate, automate all the security solution there. So that's where the – but also we see there's still small percentage customer has a – multiple FortiGate still a lot of room to grow. And at the same time, it's – yeah, there's a new product keeping come up to working with the FortiGate. So that's where we do see we probably keep the trend. The non-FortiGate will keep it grow faster and probably eventually even the business may be more than FortiGate, maybe within a few years.
Okay, thank you.
Thank you. Our next question comes from the line of Michael Turitz with KeyBank. Your line is open.
Hey, guys. For Ken and Keith, do you see any difference in the type of projects and security that you were seeing last year primarily for the move to work from home versus this year when we have work from home as well as back to office? Yes. And as part of that, Keith, you mentioned, I think, saying that you are seeing, I think, some more willingness to do firewall replacements this year. Is that also part of it?
Yeah, last year, work from home is more like a patch, whatever they have, and to, without changing model, infrastructure. This year, definitely, the same thing, redesigning infrastructure, weather leverage, like better technology, like SD-WAN or some other, and at the same time making kind of a better solution in a zero-trust environment is much more secure. And so that's probably, but still in the early stage, we do see a lot of growth potential there. But it's a whole infrastructure changing compared to kind of last year, the quick, like, patch solution.
Yeah, Michael, I would add to Ken's comments. I think the headline is we look at tailwinds coming this year. Security is top of mind for so many companies right now, so many CIOs and CISOs. And whether that's, you know, SolarWinds or it's work from home or it's Microsoft's little challenge, it's the ramp up in ransomware. It's a year, I think, that a lot of CIOs and CISOs are focused on security for a lot of different reasons. I do think that there was a, for us in the U.S. market, if you will, and Ken's talked about this before, a little more difficult, say, in the middle part of last year, it's kind of within a year, to get mindshare from CIOs and CISOs to have a conversation about how you can save money while improving performance in their firewalls. I think those opportunities are starting to appear more in terms of getting out and having customers take their prospects take that meeting, if you will. And I think there's also, you know, some of these larger deployments that can go on for well over a year or a couple years. You know, I think some of those deployments perhaps were a bit stalled, if you will, last year, and they're coming back online as we look at 2020 and 2021.
So just to clarify, larger deployments are starting to come back online. And is that the answer, yes, that people are more willing to talk about displacements of competitors this year than last year?
Is it the answer to which – are you asking if I'm seeing that? The answer is yes. If you're asking if that's a driver to the business, I would say yes. If you're asking if that's the driver to the business, I don't think so.
No, just if you're seeing more of it.
Yeah. Yeah, there are more that expand beyond the traditional deployment and also – like more device, more people, and more infrastructure need to be secured. Thanks, guys.
Thank you. Our final question comes from the line of Patrick Colville with Deutsche Bank. Your line is open.
Squeezing me in. Can I just finish off on a multi-parter? I guess the first one would be just about linearity. Last year, the linearity between 1 and 2Q was kind of kind of unusual. So just help us understand how that might play out in fiscal 21. And then I guess my kind of second part, if I may, is, you know, product revenue this quarter was phenomenal. Baked into guidance, I guess, is that there's a, you know, the kind of the rest of the year is more like a kind of mid-teens growth rate. Just to help us understand, is that anything that is worth flagging in regards to the kind of performance in the rest of the year versus 1Q. Thank you.
Yeah, I think that, you know, if you get comfortable with the business model, you understand the difference between products and services and how very predictable that higher margin services revenue is. You know, I think that we did take this as the opportunity to raise product revenue, the implied product revenue guidance, if you will, when you reverse engineer it after we give the service revenue guidance by about five points, and I think that takes you to about 17% in terms of our guidance now for the full year. And we'll see how the year plays out. I think we feel good about it. In terms of limited area from Q1 to Q2, you know, I would probably point you to one, our actual results that we had last year in Q1 and Q2 and our actual results in Q1 of this year and our guidance for Q2.
That's very clear. Thanks for your time.
Thank you. I would now like to turn the call back over to Peter for closing remarks.
Thank you, Tawanda. I'd like to thank everyone for joining the call today. Fortinet will be attending a few conferences in the second quarter. We have the J.B. Morgan Conference on May 25th, the Alliance Fernstein on June 2nd, and then Bank of America on June 8th. Event presentations and webcast links are up on our website. Thank you very much. Have a great day, and please reach out if you have any other questions. Have a great day. Thank you. Bye-bye.
Ladies and gentlemen, this concludes today's conference call. Thank you for your participation. You may now disconnect.