Next-gen firewall : NP7 security processing unit , Fortinet Launches FortiGate 1800F

posted in: Blog | 0

Fortinet launched its next-generation firewall powered by its NP7 network processor, which aims to accelerate security operations much like graphics processors boost computing performance.

The firewall, the FortiGate 1800F Next-Generation Firewall, is designed to address hyperscale data centers and scale to address emerging threats, improve performance and enforce policies.

John Maddison, executive vice president of products and chief marketing officer at Fortinet, said the company developed its own processor for its systems to better manage security across the Internet of things, mobile devices and multi-cloud deployments.

NP7 is essentially designed to be a security processing unit. “NP7 will help us build out hyperscale protection going forward,” said Maddison, who noted that NP7’s predecessor NP6 launched in 2012. “Think of it as a complete firewall on a chip.”

CEO Ken Xie touted the NP7 processor as Fortinet reported better-than-expected fourth quarter earnings. For 2019, Fortinet delivered revenue of $2.16 billion, up 20% from a year ago. “We are focused on continuing to gain market share by investing in network security, the build out of our Security Fabric platform, and innovations in the areas of 5G, IoT, edge and cloud security,” said Xie.

Fortinet decided to build its own custom processors instead of going with off-the-shelf central processing units. The reason is that security traffic has become an infrastructure bottleneck. Offloading security traffic to Fortinet’s NP7 can maintain application performance.

The FortiGate 1800F has multiple 40G interfaces to allow enterprises to segment traffic. The firewall also adapts to segmented users, devices and application regardless of their location.

Other FortiGate 1800F features include:

The highest SSL inspection performance with a Security Compute Rating of 20x and support for the latest TLS 1.3 standard.
Hardware accelerated virtual extension local area network, or VXLAN. The idea here is that VXLAN enables fast communication between scaled services co-hosted on virtual and physical platforms.
The ability to secure artificial intelligence and machine learning workloads as well as large datasets.
Fortinet also launched its FortiOS 6.4, a security fabric that aims to automate workflows across infrastructure and attack vectors. The platform gets more than 350 new features including an SD-WAN orchestrator, application optimization, segmentation visibility, zero-trust network access, improved profiling of devices, AI-driven security operations and support for AWS Outposts and Google Cloud Anthos.

Maddison noted that Fortinet’s hardware portfolio all runs on the same security platform and architecture. “The operating system on the current platform is the same for all. We keep all the APIs consistent with policies, so partners don’t have to change,” he said.

In addition, the company launched FortiGuard Labs via the Fortinet 360 Protection Bundle, which includes operational, support and security services as well as its platform.

FortiGate 1800F NGFW Use Cases and Benefits:

Fortinet’s FortiGate 1800F NGFW is engineered for large enterprises to quickly and securely drive digital innovation by offering capabilities to meet the huge capacity and performance demands of critical business operations such as:

Managing Internal Security Risks: Most firewalls simply cannot perform fast enough to enable internal segmentation. With multiple high speed 40G interfaces and the industry’s best threat protection performance with a Security Compute Rating of 3x, FortiGate 1800F enables enterprises to properly segment their network to manage internal security risks. Additionally, FortiGate 1800F intelligently adapts to segmented users, devices, and applications – regardless of their location, whether on-premise or in multiple clouds – providing automated threat detection and enforcement.

Accelerating the Cloud On-Ramp: IPsec encryption must be high performing to enable and accelerate the cloud on-ramp for organizations adopting multiple clouds for IaaS and SaaS services. FortiGate 1800F offers the highest Security Compute Rating of 14x for IPsec encryption when benchmarked against competitors, enabling the required speed, scale, and availability organizations need when on-ramping to the cloud.

Removing Blind Spots: With as much as 60 percent of encrypted traffic containing malware, SSL inspection performance has become critical to properly secure the network. FortiGate 1800F offers the industry’s highest SSL inspection performance with a Security Compute Rating of 20x, as well as support for the industry’s latest TLS 1.3 standard, to eliminate network blind spots by enabling full visibility of clear-text and encrypted network flows.
Securing Services Across Hybrid Architectures: Traditional software-based security solutions have low performance and high latency, which increases time to service and provides a poor user experience. The FortiGate 1800F’s hardware-accelerated Virtual Extension LAN (VXLAN) feature enables massively scalable, adaptable internal segmentation and allows super-fast communication between enormously scaled services, such as compute, storage, and applications that are co-hosted on physical and virtual platforms. This allows organizations that leverage a highly scalable virtual services architecture to launch services and applications in the most agile fashion possible to increase productivity and revenue opportunities.

Enabling Secure Advanced Research: Organizations often transition their research to AI and ML simulations to allow for faster discovery of their objectives. For example, pharmaceuticals can measure the effectiveness of new drugs or develop drugs faster with reduced risks and potentially with lower costs. AI/ML simulations require the transfer of huge datasets (e.g. 1 TB files), called an elephant flow, that today’s data centers struggle to securely transfer, bringing research and collaboration to a crawl. The performance capabilities of FortiGate 1800F allow research organizations to perform big data analysis and natural language processing at unprecedented speeds where a single elephant flow can reach up to 40Gbps. Just as important, with FortiGate 1800F NGFWs, these elephant flows are secured using high-performance encryption to ensure privacy and compliance.