The world’s fastest data centre firewall appliance?

Fortinet® has announced a new high performance, compact network firewall appliance for enterprise data centres, large service providers, cloud providers and carriers. The new FortiGate®-3700D, which includes four 40 GbE (QSFP+) and 28 10GbE (SFP+) ports, is able to achieve up to 160 Gigabits per second (Gbps) firewall throughput. Using Fortinet’s new custom NP6 ASIC, the FortiGate-3700D is able to deliver best-in-class performance, low latency and IPv4 to IPv6 performance parity. Fortinet is the first network security company to deliver 100 Gbps+ firewall throughput and 40 GbE ports in a compact appliance, which redefines the standard for price per gigabit protected, price per port density, power dissipation per gigabit and space per gigabit. This performance improvement lowers both capital and operational costs for customers while providing the highest performance and lowest latency available.

  • Monday, 14th October 2013 Posted 11 years ago in by Phil Alsop

Data Centre Customers Feel the Need for Speed
Infonetics recently conducted a high speed firewall survey of large organisations (over 1,000 employees) that have already deployed high-end firewalls, defined as firewalls that currently support greater than 40 Gbps aggregate throughput. The move to faster network technologies is forcing enterprises to look at upgrading every component of their IT infrastructure, and the need to add new high speed interfaces to firewalls (10 GbE, 40 GbE and eventually 100 GbE) tops the list of drivers for investing in new high-end firewalls.


Jeff Wilson of Infonetics commented, “After port speeds, we asked respondents to tell us what maximum stateful inspection throughput they will require their high-end firewalls to support in the next year, and over 80% are looking for platforms with over 100 Gbps of aggregate performance, with the largest group looking for 100 Gbps to 199 Gbps.” He continued, “Having high speed interfaces means nothing unless the device has the throughput to match.”


The full report can be downloaded at: www.fortinet.com/resource_center/solution_briefs/faster-firewalls-for-faster-networks.html


FortiOS Flexibility
The new FortiGate-3700D leverages FortiOS 5, the industry’s most advanced network security operating system. FortiOS is a security-hardened, purpose-built operating system that is the foundation of all FortiGate network security platforms. It can be used across large or small enterprise infrastructures and multiple security application personalities.


FortiOS 5 allows for flexible deployment models within the data centre such as core firewall, which provides very high performance firewall with ultra low latency or edge firewall, which can be used to serve internal or external communities with varying trust levels using different firewall personalities, including firewall + VPN, firewall + IPS, NGFW, advanced threat protection and more.


Data Centre Network Segmentation
As customers build out new or redesign data centres, they are starting to incorporate network segmentation into the architecture. The segmentation may be based on perimeter architecture, services, function or regulatory requirements and effectively separates networks physically or virtually to better provide security service level agreements. Fortinet offers physical, hybrid or virtual network segmentation via its virtual domain (VDOM) capability.


The FortiASIC™ Advantage
The FortiGate-3700D features the latest FortiASIC NP6 processor, which has been designed in-house by Fortinet’s network ASIC experts.
The Network Processor ASIC delivers huge performance benefits over a traditional CPU plus software approach. This enables FortiGate high performance network security appliances to have a smaller footprint and consume less power but still deliver the highest throughput numbers at a very low price.


IPv6 Ready
IPv6 is picking up momentum globally, and it is very important for firewall devices sitting at the edge of a network to be able to process IPv6 routed traffic just as fast as IPv4. Additionally, customers often require Network Address Translation (NAT46, NAT64, NAT66), which requires additional processing capabilities. The FortiASIC Network Processor allows FortiGate appliances to deliver comparable IPv6 and IPv4 throughput and translation, eliminating the performance bottleneck other security vendors cause.


High Availability
The Data Centre requires extremely high availability to maintain Application Service Level Agreements. FortiOS 5 provides multiple forms of high availability (HA) such as Active-Active, Active Passive or Virtual Cluster. Depending on the configuration, failover times are in the sub-second range. Multiple HA deployment modes allow tight integration into different data centre architectures.


Cloud Ready Management
To simplify the management and analysis of physical and virtual security infrastructures deployed in large data centres and multi-tenant cloud environments, Fortinet provides single-pane-of-glass management with the FortiManager family of physical and virtual management devices. FortiManager centralised management allows security administrators to configure and manage thousands of physical appliances and virtual machines. Flexible APIs, such as JSON and XML, allow automated configuration and provisioning of devices.


The FortiAnalyzer family of physical and virtual devices provides centralised logging and reporting, which enables administrators to analyse, report and archive security event, network traffic, Web content and messaging data to accurately measure policy compliance.


“For some time our data centre customers have been asking us for higher firewall throughput and high speed port connections as they consolidate data centres around a 40 or 100 Gbps switching infrastructure/fabric. We have an aggressive roadmap to deliver on these requests starting with the FortiGate-3700D,” said Michael Xie, founder, CTO and vice president of engineering for Fortinet. “Not only have we delivered the required throughput, but we’ve done it at a CAPEX and OPEX, compact form factor, latency and port density not seen in the industry thus far.”