Fortinet Firewall Performance Boosted By World's First SD-WAN ASIC

Fortinet has debuted the industry's first SD-WAN ASIC chip, enabling the company's FortiGate 100F firewall to deliver performance that's 10 times faster than the competition.

The Sunnyvale, Calif.-based platform security vendor said the SD-WAN ASIC can ensure applications get to the right place as quickly as possible with a high degree of security and quality, according to John Maddison, Fortinet's EVP of product and solutions. The ASIC chip can run and define applications very quickly while at the same time applying best security practices such as SSL inspection, Maddison said.

"The real capability of our solution is that we can bring those two things [networking and security] together, sitting on the same device," Maddison told CRN. "And we're going to get very high performance."
[Related: Fortinet CEO Ken Xie On Leading The Charge In SD-WAN And Facing Off Against Palo Alto Networks In The Cloud]

Fortinet plans to leverage the new ASIC chip to combine SD-WAN functionality and advanced security into a single offering, starting with the FortiGate 100F Next-Generation Firewall. The FortiGate 100F hardware box will retail for $2,800, slightly higher than its previous price to account for the performance improvements stemming from the SD-WAN features, Maddison said.

The SD-WAN enabled FortiGate 100F is intended for price-sensitive organizations with many branch offices or retail locations for which a $5,000 product wouldn't be practical, Maddison said. The company started by introducing the ASIC chip to the 100F since it's at the high-end of the company's entry-level firewalls, with 10G ports to support larger branch offices that need lots of throughput.

The SD-WAN ASIC is designed for cost-conscious organizations, and will be rolled out across all the company's entry-level firewalls within the next one-to-two years, Maddison said. The enhanced SD-WAN capabilities also include an orchestration overlay feature, Maddison said, providing administrators with easier point-and-click functionality across multiple office locations.

"The bigger marketplace is really WAN edge," Maddison said. "As customers are building out their evolving networks, more edges are appearing."

As wide-area networks (WANs) interface more with the internet due to the disappearance of the perimeter, Maddison said more processing capabilities and power are needed so that the network and security can be handled in the same space. Traditional SD-WAN players have been focused primarily on the network stack, Maddison said, and subsequently add in security from the outside.

But the real power of SD-WAN is unleashed only when networking and security are brought together and sit on the same device, according to Maddison. And channel partners can take advantage of that opportunity by providing pre- and post-architecture services for customers, Maddison said, as well as ongoing management of the device.

Unlike other SD-WAN vendors that continue to rely on low-end CPU-based systems, Maddison said Fortinet's ASIC is optimized for the security stack and has CPU, network processing and content processing all built into the chip. The process of bringing the ASIC chip to market from starting the design process to actually implementing it in products lasted approximately four years, Maddison said.

"It's a pretty big investment," Maddison said, "but once you've got that performance advantage, you can then roll it out very effectively and scale solutions to many thousands of sites at a very, very attractive price performance point."