Fortinet has a new ASIC for edge appliances. The Fortinet FortiSP5 integrates security functions on a 7nm chip for its next-gen appliances. We have not covered Fortinet in some time, but since we have been focusing more on the networking space over the past few quarters we figured why not cover this chip as well.
Fortinet FortiSP5 ASIC Launched
The FortiSP5 has a built-in Layer 7 firewall and acceleration for a number of other features. For example, it is able to power up to 37Gbps of IPsec VPN and 40Gbps of firewall traffic.
There are a few interesting specs on the new chip. First, the chip supports 2.5Gbps of SSL deep inspection, volumetric DDoS protection, and 2.8Gbps of threat protection. There are other features like hardware-accelerated QoS and VXLAN/GRE hardware encapsulation that make a lot of sense on a chip like this. Likewise, Fortinet appliances are designed to run the company’s own software (e.g. FortiOS), so having a secure boot feature that validates that a valid OS is booted makes a lot of sense.
Some of the specs are a bit strange. For example, it has 88% lower power consumption compared to “Leading Industry-Standard CPUs.” No citation is given on what is an industry-standard CPU. Is it an Intel Xeon Platinum 8490H with 800Gbps of QAT acceleration? Is it a Marvell Octeon 10 that we looked at a few months ago? Perhaps it is an Intel Xeon D-1700/ D-2700 that we looked at the OpenSSL and IPsec VPN offload features of a few months ago.
Fortinet makes a similar claim about next-gen firewall (NGFW) performance saying that FortiSP5 is 3.5x faster than “leading standard CPUs”. The 32x faster encryption performance versus something that was not defined.
These days it is fairly uncommon to see vendors not at least footnote the comparison point. We hope that Fortinet at least starts to provide citations for what it is using to make claims in the future.
For a company like Fortinet, it makes a lot of sense to have a more specialized ASIC with more networking and accelerator technologies. The FortiSP5 is the next generation of the company’s architecture, and it is great to see it is finding enough performance differentiation to build an ASIC. We have been discussing acceleration in both our CPU series and DPU series on STH. These types of edge gateway appliances are certainly a use case that can make use of heavy acceleration so it makes sense.
Perhaps the bigger question is: should we start looking at Fortinet boxes. Above was a Fortinet FG-60C that STH was looking at deploying in its data center lab in 2013. I need to get the story of why STH did not at the time. As we have looked at a lot of hardware solutions for open-source and those like the Netgate 4100 pfSense Plus router-firewall-VPN appliance, perhaps it is time to add this class of device to the mix.