Business & Technology

Recommended! FortiGate 7060E and 3000D Excel in Combined Security Effectiveness, Performance and TCO in the First NSS Labs Data Center Security Gateway Group Test

By Rajoo Nagar | December 21, 2017

Threats are constantly evolving to evade security defenses at the same time that digital transformation initiatives are introducing new attack vectors. And in addition to staying ahead of the latest threats, security solutions must also keep up with the vast amounts of differing network traffic types they have to inspect, such as IPv4 and IPv6, and increasingly, encrypted traffic as well. And they must do all this without adding latency or decreasing the speed of access. Today’s threats also proliferate quickly, requiring advanced threat prevention to be matched with dedicated processing and high throughput.

Performance Matters

Intrusion prevention, SSL inspection, and deep inspection of application-layer traffic are critical to network security defenses, but they can slow down the network. Advanced threats and malware hide in SSL-encrypted traffic, but because SSL inspection can create performance bottlenecks, many organizations elect to not inspect SSL traffic. This is very risky considering that 75% of web traffic will be encrypted by 2019, and more than half is encrypted today. Without inspecting that traffic for malicious code, organizations put themselves at serious risk of everything from ransomware, to data theft, to distributed denial of service (DDoS) attacks. As a result, according to Gartner, 50% of enterprise firewalls deployed by 2020 will be used for SSL inspection.

Traditionally, firewalls weren’t built for inspecting high volumes of SSL traffic or 100 GB network architectures, but today’s networks require firewalls that can handle these realities. That’s because even a second’s delay in application response can quickly compound into substantial productivity inefficiencies and frustrated end users.

But there are options, and FortiGate Next-Generation Firewalls (NGFWs) offer a powerful SSL-inspection capability—from the edge of the network to the core of the data center. The FortiGate 7060E offers a breakthrough solution for accelerating SSL, IPsec VPN, and IPS traffic by offloading compute-intensive processes such as SSL decryption and full signature matching to high-performance custom-built security processors. Indeed, the FortiGate 7060E is the first enterprise firewall in the market to deliver SSL-inspection throughput of over 50 Gbps, making it possible for organizations to inspect their growing volume of encrypted traffic without compromising network performance.

NSS Labs 2017 DCSG Test Results

NSS Labs recently introduced the industry’s most comprehensive test to date for data center security gateway (DCSG) devices. It thoroughly examined DCSG devices in the areas of security, performance, and total cost of ownership (TCO). Fortinet participated in this test as part of our ongoing commitment to the independent testing and validation of our solutions to demonstrate how our products perform in the real world.

Both the FortiGate 7060E and 3000D NGFWs earned high security effectiveness scores at 97.9% and 98% in the Security Value Map (SVM) respectively. Some of the highlights included: 

  • The FortiGate 7060E and 3000D both excelled in security effectiveness and value per protected megabit per second (Mbps).
  • The FortiGate 7060E demonstrated a faster IPS throughput performance than the performance we guarantee to customers.
  • Both the FortiGate 7060E and 3000D delivered high performance for both IPv4 and IPv6 traffic.

The FortiGate 7060E NGFW is a powerful combination of advanced intrusion prevention (IPS), granular application control, and broad threat protection, all operating at multi-gigabit speeds. And we’re talking about unprecedented performance: it delivered 131,486 Mbps (IPv4) and 114,416 Mbps (IPv6) of IPS throughput and high detection rates. The result is that customers can protect even the fastest parts of their network without any performance or security compromises. In particular, as IPv6 traffic is increasingly more common in data center networks and requires security without any performance penalties, an NGFW solution such as the FortiGate 7060E is a requisite. In terms of efficacy, the FortiGate 7060E blocked 100% of evasions and 97.87% of exploits.

Fortinet’s FortiGate 3000D NGFW is engineered to deliver the highest firewall performance in a compact appliance form-factor, with the flexibility to be deployed at the internet or cloud edge, in the data center core, or between internal segments. IPS protected throughput was 30,987 Mbps (IPv4) and 30,046 Mbps (IPv6). It also blocked 100% of evasions as well as 97.97% of exploits.

As part of their design, FortiGate firewalls utilize custom Fortinet security and network processors to enable the delivery of high-security performance for both IPv4 and IPv6 traffic. With independently validated NGFW throughput of more than 100 Gbps, the 7060E excels at protecting customer networks, operating efficiently as a data center security gateway without disrupting network speed.

Fortinet Delivers an NSS Labs Recommended Security Fabric

Fortinet solutions consistently demonstrate superior security effectiveness, advanced features, and exceptional performance when put to the test. Fortinet’s commitment to testing and validation has resulted in nine Fortinet solutions earning NSS Labs “Recommended” ratings across seven different group tests throughout 2017:

  • Data Center Security Gateway: FortiGate 7060E and FortiGate 3000D
  • Breach Prevention Systems: FortiSandbox Cloud, FortiGate 600D, FortiMail Virtual Appliance, and FortiClient
  • Next-generation Intrusion Prevention System: FortiGate 600D
  • Breach Detection Systems: FortiSandbox 2000E and FortiClient
  • Next-Generation Firewall: FortiGate 3200D and FortiGate 600D
  • Web Application Firewall: FortiWeb 3000E
  • Advanced Endpoint Protection: FortiClient

Besides being best-in-class solutions, these different technologies are also individual pieces of the broader Fortinet Security Fabric. When combined, they enable true end-to-end protection by integrating security products deployed throughout the network that have been designed to dynamically share and correlate intelligence for a faster response to threats and enable end-to-end visibility and control.

More Details on the NSS Labs Results

For details on NSS Labs’ exploit and intrusion testing, plus more on TCP connections and other revealing results, read the full NSS Labs test reports: FortiGate 7060E and FortiGate 3000D.

To hear more on how the FortiGate 7060E achieves such high performance, watch the video: