Business & Technology

Ushering the Era of Hyperscale Security – The New FortiGate 4400F

By Muhammad Abid | August 06, 2020

Fortinet was built on the premise that a network firewall should not just deliver a full range of tightly integrated network and security functions – a goal that many other NGFW solutions still fail to achieve ­– but do so with the scale and performance that today’s most demanding hyperscale environments require. And all at a price point that doesn’t break the bank so that the decision makers don't have to make a tradeoff between best of security at a scale vs. the cost.

That premise starts with two essential strategies. The first is to offer solutions designed to actually operate together as part of a single security system, sharing threat intelligence to achieve a strong security posture. The second one is to offer scale with not just a collection of mostly isolated security systems wrapped together in a cumbersome and expensive cluster for scale. That first objective is what has driven the development and delivery of the Fortinet Security Fabric. The second strategy involves developing active, purpose-built hardware processors designed to accelerate the performance of essential security functions within a single system.

Announcing the FortiGate 4400F Network Firewall

The truth is, very few vendors have made more than a token effort at achieving the first, and none even seem to have a game plan for achieving the second. And even if they were to start, any sort of solution would be years away. ASIC development is a long and expensive process, and other security vendors are already more than a decade behind. 

Fortinet already has two purpose-built SPUs (Security Processing Units) in place that power our security hardware, with a new hybrid processor designed just for SD-WAN. Our content processors (CPs) are designed to accelerate critical security functions, such as inspecting encrypted traffic, and our network processors (NPs) accelerate networking functions. And these aren’t just fledgling solutions. This past February we released our 7th generation network processor (the NP7). The first FortiGate NGFW solutions powered by NP7 were released soon after, as the FG-1800F and FG-4200F.

Today, the launch of the FortiGate 4400F continues our commitment to delivering SPU-powered products capable of providing the fuel needed for digital innovation. It is positioned to support the most processor-intensive security environments of today – environments that will quickly become the norm of tomorrow.

Today’s Networks Require Security Solutions that Combine Productivity with Hyper-efficiency

Increasing productivity, even with a remote workforce, is a critical goal of many organizations. But with only so many working hours in a day, productivity gains rely exclusively on the efficiency of the tools being used. But in today’s environments, securing the proliferation of new applications is only part of the challenge for today’s firewalls. The volume of data being processed also needs to be addressed, and this is where traditional firewalls fall down flat.

Imagine a cutting-edge pharmaceutical research company looking to build new medicines while delivering value to shareholders. Testing, modeling, and 3D rendering are key to that process. These functions require the processing and transferring of very large datasets – often tens of Terabytes or more – as quickly as possible to AI/ML simulators. This enables new medicines to be developed faster, with lowered costs and reduced risk to human life. 

But that data also needs to be secured. The surreptitious injection of bad data can ruin months or years of research. And competitors and even nation-states may be looking to circumvent the time and expense of research by stealing this intellectual property. But without specially designed security hardware, few security devices on the market are able to keep up.

The FortiGate 4400F changes all of that natively by supporting multiple 100Gbps connections, enabling the inspection and protection of critical Elephant Flows by enabling organizations to make the most efficient use of their existing investments in 40G and 100G WAN links without compromising security at any layer of the network as defined by the OSI model.

But this is only the beginning. The next generation of smart cars, smart cities, and smart infrastructures – including transportation, power grids, manufacturing, and more – all augmented by AI and Machine Learning – will require the management and processing of massive amounts of Big Data. Providing sufficient performance and processing to support these new architectures will require even faster and more efficient infrastructures. And for most security vendors, this is a looming challenge that isn’t even on their drawing boards – which puts the future of the digital revolution at risk.

A Hyperconnected World Requires Hyper-Efficient Firewalls

The transition from 4G to 5G likewise promises huge potential for more efficient systems, the more rapid delivery of increasingly rich media, and a host of new applications and services still unseen that will benefit users and providers equally. But security is lagging from traditional security vendors still relying on off-the-shelf processors to power their devices.

Mobile network operators (MNOs) need a solution like the FortiGate 4400F that can ensure security and business continuity as 4G expands and they evolve their services to include 5G. The evolution of 4G and the introduction of 5G create the perfect storm for new levels of security performance and hyperscale needed to support the exploding number of devices connected to the mobile network. New security performance and scalability standards will need to be met to support the hyperconnected world where users talk to users and machines, where machine to machine communication becomes the norm, and data processing, decision-making, and transactions – often involving massive amounts of data – are measured in microseconds.

Likewise, mobile users adopting broadband wireless in 5G want very quick downloads of rich media, a very fast gaming experience, and the ability to generate ad hoc edge networks. Service providers need security solutions like the FortiGate 4400F to support and secure their massively scalable networks while ensuring fast user connection setup and the lowest possible latency. If not, the user experience will suffer, and revenue loss will follow as customers abandon the provider. 

Securing Data in Transit Remains Pivotal

Enabling providers to scale their radio access networks (RAN) and core infrastructures is already a challenge for nearly all modern security solutions. But adding the delivery of user data by leveraging hardware accelerated Suite-B encryption is an even more daunting task – and one that virtually every traditionally developed security solution fails to deliver. The FortiGate 4400F, however, delivers tens of thousands of tunnels while delivering 420Gbps of IPSec throughput, combined with a security compute rating of 11X better than other solutions for Security Gateway (SecGW) deployments. The versatility and performance of FortiGate Network Firewalls really futureproofs company investments because solutions like the FortiGate 4400F enable them to build high-speed, high-performance Data Center Interconnects. For situations that require encrypting at high speeds, IPsec can be turned on non-intrusively to support high-bandwidth IPsec tunnel flows.

Hyperscalability is as Essential as Hyperperformance

Performance is only half of the equation. Scalability is equally essential. With the greatest vertical scaling capability within a 4RU form factor, the FortiGate 4400F not only supports a very high influx of connections – 10 million connections per second and a security compute rating of 12x – it also reduces power cooling and rack space while offering the industry’s best price performance. And even at that level of scaling, you can still turn on essential Layer 4 firewalling and layer it with volumetric-based DDoS (distributed denial of service) attack prevention without impacting performance – ensuring all of your services are protected from bad actors.

Best-of-Breed Advanced Layer 7 Security for Everyone

FortiGate 4400F offers SSL inspection, including TLS 1.3, that is 6.5x better than competing products to provide full visibility into threats that hide in encrypted channels and the ability to detect unsanctioned applications. Inspection alone, however, is not sufficient. A strong security posture requires both threat protection and detection, and the FortiGate 4400F not only delivers two times the threat protection performance of its competitors, it is also powered by AI-enabled FortiGuard and FortiSandbox services to detect and stop known and unknown attacks. FortiGuard Labs has discovered a whopping 890 zero days – more than most competitors combined – with 104 detected so far just in 2020.

Hyperscale and hyperperformance are table stakes in our new digital world, and the new FortiGate 4400F provides these at a price-performance ratio unmatched in the industry. As organizations plan to move aggressively into the next phase of digital innovation, having a high performance security tool such as this in place is essential so that they never have to make the choice, now or in the future, between being competitive and being safe.

Read more about the announcement and how the FortiGate 4400F delivers security for hyperscale data centers with the industry’s best total cost of ownership (TCO). 

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.