In recent years, high-performance and fast firewalls have become critical in enabling security infrastructures to keep up with the ever increasing Ethernet speeds of networks threat management tool developed for data centres and enterprise organizations.
Fortinet Inc. is aiming its FortiGate 3700D appliance, the latest high-end data centre firewall from the network security hardware maker, at enterprise organizations which it projects will in the next two years be in the market for a firewall that can provide 100+ Gigabits per second (Gbps) of aggregate throughput.
The need to support faster physical interfaces is driven in many cases by network upgrades in data centres, said John Maddison, vice president of marketing for Fortinet.
Adding multiple security functions such as intrusion prevention systems, anti-virus and anti-spam also tend to slowdown firewalls, he said.
“Faster networks require faster firewalls,” he said in an interview.“If your firewall is unable to keep pace with your network, that the firewall becomes a bottleneck.”
He said a recent survey commissioned by Fortinet indicates that while the maximum interface speed requirements of a majority of large companies’ are at around 40G. This is expected to rise further by 2015.
Security product manufacturers are “scrambling to meet port requirements” according to the Infonetics Research, a telecommunications research firm that surveyed 104 large corporations for Fortinet.
Infonetics said that while there are plenty of manufacturers offering 10G interfaces, there are very few manufacturers who are able to ship products with 40G ports. Infonetics advised that vendors who want to get ahead of the curve should consider offering their customers products with 100G ports at this stage.
“We expect many data centre customers to attempt to leapfrog 40G and go straight to 100G,” according to Infonetics. “So vendors should talk to their largest customers to understand if (and when) they’ll need to support 40G or if it will be easier to just skip 40G and go straight to developing 100G interfaces if buyers are looking to upgrade in the late 2014 or early 2015 (when 100G ports become more widely available on network gear).”
“After port speeds, we asked respondents to tell us what maximum stateful inspection throughput they will require their high-end firewalls to support next year,” said Jeff Wilson, analyst for Infornetics, “Over 80 per cent are looking for platforms with over 100 Gbps of aggregate performance…Having high speed interfaces means nothing unless the device has the throughput to match.”
Maddison said FortiGate 3700D is able to achieve up to 160 Gbps firewall throughput. The cloud-ready appliance is suitable for multi-tenant deployment and capable of physical, virtual or hybrid network segmentation via its virtual domain capability.
FortiGate’s new custom NP6 ASIC is able to 45 million packets per second (pps) for both IPV4 and IPV6, had a latency of 3 microseconds and consumes 9 watts of power at a cost of $23.
Intel’s Xeon E6 2640V2 processor, according to Fortinet, moves 6.7 million pps for both IPV4 and IPV6, has a latency of approximately 100 microseconds and consumes 95 watts of power at a cost of $885.
According to Fortinet’s numbers, the FortiGate 3700D’s performance to cost ration is $.62/Megabits per second.
The FortiGate 3700D will be available later this year.