Fortinet revs its security gear

Multifunction device packs 4G bit/sec firewall potential.

Fortinet is getting ready to ship a beefed-up version of its security platform that would let service providers protect their networks and offer security services to customers.

SANTA CLARA - Fortinet is getting ready to ship a beefed-up version of its security platform that would let service providers protect their networks and offer security services to customers.

Called FortiGate 3600, the new hardware platform is one-third faster than its previous top-shelf box, the FortiGate 3000, with a potential firewall throughput of 4G bit/sec if no other security applications are running at the same time. The top speed for FortiGate 3000 was 3G bit/sec. The new gear comes with firewall, VPN, antivirus, content filtering and intrusion-detection software installed.

Fortinet says the device can perform virus screening at more than 100M bit/sec, but the exact speed depends on the mix of traffic types on the wire. Some traffic, such as HTTP, is easier to screen than others, such as executable files, the company says.

The equipment could be placed in service provider networks to perform two functions.

First, it could be placed at peering points with other provider networks to screen traffic before it enters, reducing the threat of intercarrier infection by viruses and worms.

FortiGate 3600 also could be placed between customer sites and the provider network to screen traffic to and from customers. The box would be placed on the carrier side of a customer-line aggregation device such as a DSL access multiplexer. The carrier could then charge a premium for securing the link, the company says. Japanese carrier KDDI uses FortiGate 3000 to support a managed antivirus service, Fortinet says.

Large companies could use the box, too.

This type of screening is the most efficient way to secure a network, says Eric Ogren, a senior analyst at The Yankee Group. "You might as well scan at the network layer rather than try to get every PC inside the network to do it," he says. Any updates could be done on a single device rather than each desktop, saving on operational costs, he says.

The box includes a new feature that lets it accept updated intrusion and virus signatures without having to seek them out from Fortinet. Instead, new signatures are pushed to the machines via the Internet.

Fortinet says its gear has a leg up on other security vendors because its custom processor, FortiASIC, was designed to speed up deep inspection of each packet and share that information with various security applications on the device. The company's closest competitor is ServGate, although it also competes indirectly with firewall and VPN vendors, Ogren says.

Some of these firewall/VPN vendors, such as NetScreen Technologies and WatchGuard Technologies, are adding security functions like virus scanning, and as such are becoming more direct competitors, he says.

FortiGate 3600 has a standard hardware configuration consisting of six Gigabit Ethernet ports, two copper and four fiber, and one 10/100 Ethernet port that could be used for management or to connect to a secure network demilitarized zone segment.

It costs about $30,000 and comes with free intrusion-detection and antivirus updates from the FortiResponse network for the first 90 days.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Now read: Getting grounded in IoT