The market for network security appliances is growing and Fortinet is growing along with it.
Fortinet today announced its latest piece of network security hardware, the FortiGate 5001C blade. The FortiGate 5001C plugs into the FortiGate 5000 series chassis, providing a number of different security services including firewall, IPS and application control.
Kevin Flynn, Sr. Manager of Product Marketing at Fortinet, explained to Enterprise Networking Planet that the FortiGate 5000 chassis itself is not new. Rather what Fortinet is doing is just adding and improving the blades that fit inside of the FortiGate 5000. The 5000 chassis is a large enterprise or carrier class system that can accommodate up to 14 blades that can be aggregated into different service groups and virtual domains.
The new FortiGate 5001C provides up to 40 Gbps of firewall throughput and 17 Gbps of IPsec VPN tunneling bandwidth and 9.8 Gbps of IPS throughput. In terms of scale, the blade can handle up to 64,000 client to gateway IPSec VPN tunnels and up to 29.5 million concurrent sessions.
In terms of physical hardware powering the FortiGate 5001C, Fortinet has packed the blade with 128 GB of storage capacity. The device is also powered by a pair of proprietary silicon ASICs that are unique to Fortinet. Flynn explained that the NP4 is a network ASIC while the CP8 is a content processor technology.
“Having these specialized ASICS enables the throughput and the type of performance that the 5001c delivers,” Flynn said.
While the 5001c specifications are full of big numbers, there is a focus on smaller things too, especially small packets. Flynn noted that the 5001c is able to handle both small 64k packets, mid-sized packets at 512k and large 1,518k sized packets at 40 Gbps.
“High performance on small packets is performance and you see more and more smartphones and mobile traffic that tends to use smaller packet sizes,” Flynn said.
Software Defined Networking
The 5001c can also segment traffic into up to 500 Virtual Domains (VDOMs) to segment customer traffic as well as management.
“The ability to slice and dice traffic in a virtual manner, in this case with the 5000 series plays well into Software Defined Networking,” Flynn said. “A lot of it is just about how you segment traffic and how you are able to deliver a much more flexible environment.”