Over the years, two trends have conspired to make managing security in the data center more challenging than ever. The first is the simple act of consolidation in data center. There may be fewer data centers, but the number of servers in each of those data centers tends to be higher. In addition, those servers invariably are more robust, which means the number of virtual servers running on each one has been increasing exponentially.
All that leads to more traffic than ever moving through firewalls that can’t handle the volume. Looking to solve that problem, Fortinet today unveiled the Fortigate 3700D, a firewall appliance for data centers that can be configured with four 40G Ethernet ports or 28 10G Ethernet interfaces.
According to John Maddison, vice president of marketing for Fortinet, the Fortigate 3700D is based on the next generation of Fortinet ASIC processors. Rather than being dependent on general-purpose processors, Maddison says the algorithms used in firewalls are the type of function that an ASIC is optimally designed to handle. That means rather than having to acquire a processor from Intel that might cost $100, Fortinet relies on ASIC processors that cost $25 per chip. In the Fortigate 3700D, that translates into a cost of 62.5 cents per Mbps of throughput, which Maddison says is less than half of the nearest competitor.
Maddison says, given the increased density of server environments, he expects some data center environments will soon be moving to firewalls capable of supporting 100GB of traffic, especially as new technologies such as network virtualization become more widely deployed.
It doesn’t make a whole lot of sense to invest in next-generation servers capable of supporting 10G Ethernet cards only to have all that traffic either throttled by the firewall or, worse yet, not inspected at all. As more virtual and physical servers get packed into the data center, it’s only a matter of time before existing firewalls keel over under the strain.