Fortinet’s latest firewall runs on AWS Graviton CPUs • The Register

For years, Fortinet has relied on its custom security and networking ASICs to compete in the firewall space against competing vendors such as Juniper, Palo Alto Networks and Cisco.

But when it comes time to extend their security stack to the cloud, any advantage that custom silicon offers begins to dwindle. Fortinet cannot provision its hardware directly in the cloud. Instead, like most other vendors, it’s forced to run its firewall on a general-purpose computing infrastructure, which traditionally means Intel or AMD x86 CPUs.

Fortinet’s latest attempt to sell customers through its cloud firewalls is to repackage its security stack as a software-as-a-service platform on AWS. Dubbed FortiGate CNF, the service offers the standard suite of security features you would expect from a next-generation firewall, including URL, DNS and application filtering, and intrusion prevention/detection to name a few.

However, unlike most virtualized or containerized firewalls, Fortinet’s kit is designed to take advantage of Amazon Web Services (AWS) proprietary custom silicon in the form of its Graviton GPUs.

AWS began offering Arm-based VMs with the introduction of Graviton in 2018. Instead of trying to outperform Intel or AMD x86 CPUs, Graviton tried to offer better value for money. Amazon claims that its third-generation Graviton CPUs offer 40 percent better price/performance than “comparable fifth-generation x86-based instances.”

Similarly, Fortinet made every effort to avoid the performance issue in its announcement. It’s an uncharacteristic move for a company that rarely misses an opportunity to address the performance gap between its devices and those of its competitors. Instead, the vendor emphasized the consistent management experience and touts the lower operational costs associated with running its software stack on Amazon’s Arm-based CPUs.

Lower operational costs have been a hallmark of ARM CPUs as cloud providers try to attract customers to the architecture. When Oracle launched its Ampere Altra-based instances, it cost $0.01 per core per hour.

Whether Fortinet somehow managed to achieve consistent performance across on-premises and cloud deployments by going the cloud-native route or opting for Amazon’s ARM cores remains unclear. Pressing a performance delta between its on-prem and cloud capabilities, Fortinet made the following vague statement. “We run FortiGate VMs, which deliver very high firewall throughput performance.”

Each customer is assigned their own VM that automatically scales as needs change, Fortinet said The registry. And a look at AWS Graviton instances offers some clues as to where the ceilings of Fortinet’s new cloud firewalls might lie. The largest Graviton instance from Amazon – the c7g.16xlarge with 64 cores and 128 GB – achieves a maximum network bandwidth of 30 Gbit/s.

That would put the maximum threat check on par with the FortiGate 3000F – a high-throughput firewall appliance for hyperscale environments – but that assumes the CPU can actually keep up. And even if it did, it wouldn’t be cheap. At $2.7/hour plus $0.031 per gigabyte inspected, a 30 Gbps data flow would feed a customer anywhere near $420 per hour.

That being said, there are still benefits to maintaining a consistent security stack across on-premises and cloud infrastructure.

While all major cloud providers offer some form of firewall functionality in-house, deploying it typically requires compliance with two separate security policies. Microsoft’s security department this summer attributed 80 percent of ransomware attacks to configuration errors.

Extending an organization’s existing security stack to the cloud to minimize this potential has been a key selling point for a number of virtualized or containerized firewalls, including those from Juniper, Palo Alto Networks, and in this case, Fortinet. ® Fortinet’s latest firewall runs on AWS Graviton CPUs • The Register

Rick Schindler

World Time Todays is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button