Fortinet has announced four new FortiGate next-gen firewalls (NGFWs), with throughputs up to 40 Gbps in NGFW mode depending on the model.
As with other FortiGates, the new firewalls include custom ASICs, which Fortinet calls Security Processing Units (SPUs). The SPUs on each box divide security and networking tasks to improve overall performance.
For instance, one SPU on the box might handle network processing such at NAT. The other can be dedicated to computationally intensive operations such as decrypting SSL traffic for inspection and then re-encrypting it.
The four new device specs break out as follows:
- 10, 40, 100G interfaces
- 40Gbps throughput for NGFW
- 34Gbps SSL inspection
- 10, 40, 100G interfaces
- 34Gbps throughput for NGFW
- 30Gbps SSL inspection
- 1, 10G interfaces
- 9.5Gbps throughput for NGFW
- 8Gbps SSL inspection
- 1G interfaces
- 5Gbps throughput Threat Protection
- 7.8Gbps SSL inspection
A Security Fabric
Fortinet makes a variety of security products, including physical and virtual firewalls, Web application firewalls, wireless APs and secure access software, email gateways, and endpoint protection software.
The company touts all these products as belonging to a security fabric. This fabric gets stitched together by Fortinet’s management, analytics, and SIEM products to correlate logs and events, analyze incidents, and orchestrate a response across different devices.
Clearly, one goal of the security fabric is to get customers to buy into Fortinet’s product line. And that’s fine. Lots of vendors do this because it’s how they make money.
But Fortinet also recognizes it has to operate in a heterogeneous world, so the company has come up with Fabric Connectors that aim to integrate third-party products into the fabric via APIs.
For example, Fortinet has a Fabric Connector for Cisco ACI, which connects with Cisco’s APIC controller to automate the service insertion of virtual or physical Fortigates to protect workloads running in ACI’s own fabric.
It’s About Execution
I like the concept of the security fabric. The question is how well Fortinet executes on it.
Security vendors, log management companies, and SIEM vendors have struggled for years to correlate logs, events, alerts, alarms and all the other data elements spewed by security and network devices into information that’s seamlessly presented and quickly actionable.
Vendors also struggle with automated responses of security devices. That task becomes measurably more complex if you try to coordinate responses across systems in different categories, such as a firewall, an AP, and end point software.
If Fortinet has cracked this nut, that’s a significant accomplishment. If Packet Pushers readers have experience with the security fabric, I’d be interested to get your feedback.