Fortinet has announced a new high performance, compact network firewall appliance for enterprise data centers, large service providers, cloud providers and carriers.
The new FortiGate-3700D, which includes four 40 GbE (QSFP+) and 28 10GbE (SFP+) ports, is able to achieve up to 160 Gigabits per second (Gbps) firewall throughput.
Using Fortinet’s new custom NP6 ASIC, the FortiGate-3700D is able to deliver best-in-class performance, low latency and IPv4 to IPv6 performance parity.
Fortinet claims it is the first network security company to deliver 100 Gbps+ firewall throughput and 40 GbE ports in a compact appliance, which redefines the standard for price per gigabit protected, price per port density, power dissipation per gigabit and space per gigabit. This performance improvement lowers both capital and operational costs for customers while providing the highest performance and lowest latency available.
Data Center Customers Feel the Need for Speed
Infonetics recently conducted a high speed firewall survey oflarge organizations (over 1,000 employees) that have already deployed high-end firewalls, defined as firewalls that currently support greater than 40 Gbps aggregate throughput.
The move to faster network technologies is forcing enterprises to look at upgrading every component of their IT infrastructure, and the need to add new high speed interfaces to firewalls (10 GbE, 40 GbE and eventually 100 GbE) tops the list of drivers for investing in new high-end firewalls.
Jeff Wilson of Infonetics commented: “After port speeds, we asked respondents to tell us what maximum stateful inspection throughput they will require their high-end firewalls to support in the next year, and over 80% are looking for platforms with over 100 Gbps of aggregate performance, with the largest group looking for 100 Gbps to 199 Gbps.” He continued: “Having high speed interfaces means nothing unless the device has the throughput to match.”
The new FortiGate-3700D leverages FortiOS 5, a security-hardened, purpose-built operating system that is the foundation of all FortiGate network security platforms. It can be used across large or small enterprise infrastructures and multiple security application personalities.
FortiOS 5 allows for flexible deployment models within the data center such as core firewall, which provides very high performance firewall with ultra low latency or edge firewall, which can be used to serve internal or external communities with varying trust levels using different firewall personalities, including firewall + VPN, firewall + IPS, NGFW, advanced threat protection and more.
FortiOS 5 also provides multiple forms of high availability (HA) such as Active-Active, Active Passive or Virtual Cluster.
The FortiGate-3700D also features the latest FortiASIC NP6 processor, which has been designed in-house by Fortinet’s network ASIC experts.
The Network Processor ASIC delivers huge performance benefits over a traditional CPU plus software approach. This enables FortiGate high performance network security appliances to have a smaller footprint and consume less power but still deliver the highest throughput numbers at a very low price.
IPv6 is picking up momentum globally, and it is very important for firewall devices sitting at the edge of a network to be able to process IPv6 routed traffic just as fast as IPv4. Additionally, customers often require Network Address Translation (NAT46, NAT64, NAT66), which requires additional processing capabilities.
The FortiASIC Network Processor allows FortiGate appliances to deliver comparable IPv6 and IPv4 throughput and translation, eliminating the performance bottleneck other security vendors cause.
“For some time our data center customers have been asking us for higher firewall throughput and high speed port connections as they consolidate data centers around a 40 or 100 Gbps switching infrastructure/fabric. We have an aggressive roadmap to deliver on these requests starting with the FortiGate-3700D,” said Michael Xie, founder, CTO and vice president of engineering for Fortinet. “Not only have we delivered the required throughput, but we’ve done it at a CAPEX and OPEX, compact form factor, latency and port density not seen in the industry thus far.”
The FortiGate-3700D will be available this quarter.