A Next Generation Firewall for Your 2021 Security Strategy
by Darin Knobbe, on Dec 3, 2020 1:45:00 PM
As we enter the final month of 2020, a quick reflection of the year is in store. What are the things we learned that can help set us up for success in 2021? Three key technologies step out from the crowd, Network Security, SD-WAN, and Network Automation. The previous Tech Corner post highlighted two OEM leaders in the SD-WAN and wireless spaces, this week we put our focus on Network Security.
Security professionals were in a demanding position before the pandemic, and that demand only increased once remote working became normal for everyone. While the world takes on the challenge of a virus affecting human health, security professionals remain focused on network health and adapting attacks.
Threat management has its challenges as more and more data is being generated along with higher traffic flow. Today, we put network security’s concerns and challenges up against a Next-Generation Firewall (NGFW) from Fortinet. The FortiGate 200F series NGFW is built to take on threat management and network security for mid-sized to large enterprises. This firewall can be deployed at the campus or enterprise branch level. As offices have been shaken by the pandemic, this firewall remains stable in protecting your network even when employees become remote. Let’s dive into the performance, management, and overall protection of the FortiGate 200F Next-Generation Firewall.
A Quick Look at Fortinet
Fortinet offers high-performance, integrated security solutions to Enterprise, Small Business, and Security Service Providers. They empower their customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Organizations looking for application control, intrusion prevention, advanced visibility across their network should look to Fortinet’s FortiGate NGFWs. Their recognition by Gartner as an industry-leader proves they are not only strong in threat protection but remain relevant in innovation.
Deploying the 200F Series
With full power redundancy, an SD-WAN processor, and performance that matches next tier devices, the FortiGate 200F NGFW is the firewall you may be looking for to combat security threats. Its AI-powered FortiGuard Labs threat intelligence prevents and detects attacks, mitigating exploitable vulnerabilities within your network. As an administrator, you’ll have full visibility of users, devices, applications, and consistent security policy enforcement through enhanced real-time and historical analytics. The FortiGate 200F Series gives you a Next-Generation Firewall, Secure SD-WAN, and a Secure Web Gateway in one device. Here is how the multi-layered advanced protection keeps your network secure:
|27 Gbps||5 Gbps||3.5 Gbps||3 Gbps||Multiple GE RJ45, GE SFP and 10 GE SFP+ slots|
Expedited deployment with zero touch provisioning and automated VPN tunnels help simplify the firewall's management. Through intuitive workflows the overall security posture benefits. Take a look at the full data sheet here.
Cross Tier Comparison
Palo Alto Networks, a powerhouse in the firewall space, designed a firewall series powered by machine learning that competes in a same-tier comparison to the FortiGate 200F. The PA-800 series (PA-820 and PA-850) focuses on providing a secure connectivity for branch offices and midsize businesses. When looking at a side-by-side comparison of Fortinet and Palo Alto firewalls, there is a small challenge. Palo Alto publishes their performance metrics using HTTP, rather than UDP, as they believe HTTP is more computationally strenuous. In the table below, we still put them side-by-side in the key performance areas to give you a view at both firewalls.
|Unit / Model||FortiGate 200F||PA-850|
|Firewall Throughput*||27/27/11 Gbps||2.1/2.1 Gbps|
|Threat Prevention**||3 Gbps||1.0/1.2 Gbps|
|IPsec VPN Throughput***||13 Gbps||1.6 Gbps|
|New Sessions per Second||280,000 (TCP)||13,000|
|Concurrent/Max Sessions||3 Million (TCP)||192,000|
- *Firewall Throughput Measurements
- FortiGate: 1518/512/64 byte UDP packets
- PA: Firewall throughput is measured with App-ID and logging enabled, using 64 KB HTTP/appmix transactions
- **Threat Prevention Measurements
- FortiGate: Firewall, IPS, Application Control, URL filtering, and Malware Protection with sandboxing enabled
- PA: Threat Prevention throughput is measured with App-ID, IPS, antivirus, antispyware, WildFire, file blocking, and logging enabled, utilizing 64 KB HTTP/appmix transactions
- **IPsec VPN Throughput
- FortiGate: 512 byte using AES256-SHA256
- PA: IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled
Both the PA-800 series and FortiGate 200F are built for similar tier networks, small to medium sized business, but the comparison doesn’t stop there. The FortiGate 200F challenges Palo Alto’s 3220 firewall as well. The 200F’s dual PSU, four 10G slots, two GE RJ45 HA/MGMT ports, and 16 G RJ45 ports putting its performance in line with the 3220 from Palo Alto. When looking at the overall comparison between Fortinet and Palo Alto, it comes down to which has the better performance per price. As price comes into the game, Fortinet knocks Palo Alto off as Fortinet has the more attractive total cost of ownership. If price isn’t as big of a factor, Palo Alto’s ability to meet performance requirements is unmatched with their advanced features. Get in touch with a PivIT representative to match your needs with the right security solution for you.
|System Performance - Enterprise Traffic Mix|
|IPS Throughput||5 Gbps|
|NGFW Throughput||3.5 Gbps|
|Threat Protection||3 Gbps|
|Firewall Latency (64 byte UDP packets)||4.78|
|Firewall Throughput (packets per second)||16.5 Mpps|
|Concurrent Session (TCP)||3 Million|
|SSL-VPN Throughput||2 Gbps|
|Application Control Throughput (HTTP 64K)||13 Gbps|
|CAPWAP Throughput (HTTP 64K)||20 Gbps|
Leave a comment below or get in touch with your firewall needs! Here at PivIT, we offer a fresh approach to sourcing, maintaining, and servicing your data center infrastructure. We’ve reimagined the status-quo and offer our customers strategies not found in the traditional IT channels. Our focus is to examine your CAPEX/OPEX limitations and present you with options to free up your budget, achieve your goals and Do IT Better.