Skip to content Skip to navigation Skip to footer

Carrier-Grade NAT (CGNAT)

Transparent Connectivity for the All-Connected World

The explosive growth of mobile devices and cloud services has created massive networks with no boundaries. To compound the issue, the surge in IoT and the recent global depletion of public IPv4 addresses strains existing IPv4 infrastructures and increased demand for Carrier-Grade Network Address Translation (CGNAT) IPv4 services. CGNAT must be deployed to enable key capabilities such as:

  • Enablement of IP address expansion by relying on the CGNAT to overcome the IPv4 address exhaustion, with the support of NAT64/DNS64 and NAT46 seamless IPv4/v6 connectivity
  • Enhanced threat prevention by hiding subscribers’ and infrastructures’ IP addresses from the Internet
  • High scalability to support the rapid growth in the number of subscribers and devices to substantially increase revenue

Fortinet CGNAT Solutions

With the migration from 4G to 4.5G and 5G comes a migration from a physical infrastructure to a hybrid one and a complete virtual infrastructure with 5G. To facilitate this migration and allow for a complete CGNAT solution, Fortinet provides a hardware-accelerated physical network function (PNF) and a virtual network function (VNF) with complete feature parity. Both physical and virtual options are powered by FortiOS to provide a comprehensive set of carrier-grade security and NAT capabilities.

FortiGate CGN 3000 E-Series line of purpose-built carrier-grade IPv4/v6 network service appliances adding hardware acceleration to FortiOS to bring high predictability and service-level consistency to environments that generate massive amounts of connection set ups and tear downs.

FortiGate High-End Next-generation Firewall (NGFW) physical appliances provide highly scalable carrier-grade NAT services with hardware acceleration. They deliver a full set of NGFW and UTM security capabilities and services—all in a single physical appliance.

FortiGate VM VNF provides the same functionalities, while scalability and consistency are provided via dynamic auto scaling and integration with the operators’ software-defined networking (SDN) and management and network orchestration (MANO) technologies and ecosystems.

FortiGate deployment on physical or virtual networks

Physical or Virtual Network Function

Flexible deployment options are available with FortiGate appliances. Physical appliances include high availability and the highest proven scalability. Fortinet’s custom security processors deliver unparalleled hardware acceleration. The same capabilities are also provided by FortiGate virtual machines (VMs) acting as security VNFs for specific interfaces and protocols. The FortiGate VNF has the industry’s smallest footprint and fastest boot time. It integrates with NFV MANO platforms such as Amdocs, Ciena’s Blue Planet, HPE, Ericsson, Nokia, Cisco, VMware, and more.

SDN integration via Fortinet SDN Connectors

SDN Integration

Fortinet technology and Fabric-Ready Partner programs ensure SDN integration via Fortinet SDN Connectors and Fortinet APIs (available via the Fortinet Developer Network). These include integration with Nuage Networks, Cisco ACI, and VMware NSX.