Fortinet Speeds Network Security with 160 Gbps Firewall
New Silicon ASICs power FortiGate-3700D Data Center Firewall
Networking vendor Fortinet is taking the wraps off its most robust data center firewall platform yet. The new FortiGate-3700D boasts up to 160 Gigabits per second (Gbps) of throughput.
Powered by the NP6 ASIC, a new piece of silicon developed by Fortinet, the device includes four 40 Gigabit Ethernet (GbE) QSFP+ and 28 x 10 GbE SFP+ ports.
John Maddison, Fortinet VP of marketing, explained to Enterprise Networking Planet that the NP6 is a network processor that is essentially a firewall engine on an ASIC (Application Specific Integrated Circuit) developed as a building block for very high-performance network security firewalls.
"It's very different from a multi-core architecture CPU in that it can handle up to 45 million packets per second (40G at 128 bytes packets) with less than 3 microsecond latency, and it can handle 25 Gbps IPsec using just 9 watts," Maddison said.
Fortinet is positioning the FortiGate-3700D in the Next Generation Firewall (NGFW) marketplace. NGFWs boast features beyond just the traditional stateful packet inspection capabilities. Maddisson noted that the FortiGate-3700D can have multiple personalities, including firewall, Virtual Private Network (VPN), Intrusion Prevention System (IPS), NGFW (App Control), web gateway and even Unified Threat Management (UTM).
Fortinet has made IPv6 performance is a key attribute of the platform. With the availability of IPv4 addresses limited by only a 32 bit address space, IPv6, with its 128-bit address space, will become increasingly important in the coming years.
The FortiGate-3700D promises to handle native IPv6 at the same performance levels of IPv4. Additionally, the device can work across both IPv4 and IPv6 stacks with support for NAT64, NAT46 and NAT66. Those NAT (Network Address Translation) capabilities enable an organization to translate an incoming IPv6 address into a IPv4 address or vice-versa.
The FortiGate-3700D plays in the Software Defined Networking (SDN) space in a number of ways. Fortinet has its own technology, called Virtual Domain (VDOM), which allows a physical appliance to be split into many different virtual appliances.
Maddison explained that each virtual appliance can be tied to specific physical ports or VLANs. Each virtual appliance can have its own personality. Additionally, each virtual appliance can have its own administrator.
From a broader SDN perspective, Maddison noted that Fortinet is committed to the OpenFlow standard.
"Although SDN is more focused on switch fabrics, we are working with the major infrastructure vendors to integrate into their SDN architectures from a security device prospective," Maddison said.
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist