The entire purpose of Fortigate and similar devices is to man-in-the-middle everyone in an organisation, so they are possibly the most valuable target possible for any miscreant.
Once they've got that, they can poison anything and everything.
There's no need to actually attack, they can just wait for users and administrators to download legitimate files and installers they need to do their work, then silently redirect them to whatever they wish, even signing their malicious payloads with the root certificates the IT dept carefully installed on everyone's computers to enable the MitM functionality.
Seems to me that Fortigate is the perfect trojan horse.