Security

Dive into the next gen firewall power of FortiGate Security Appliance 10Gbps

Share this post:

We recently unveiled our latest firewall offering, FortiGate Security Appliance 10Gbps (FSA 10G). Now let’s dig into the capabilities and features of this next generation firewall.

Level up on threat protection

As the volume of data increases with the rise in IoT and cloud, the scope and scale of networks expands. The FSA 10G is a new firewall offered by IBM Cloud, powered by Fortinet’s patented security processors and highly optimized security software. This powerful firewall provides the industry’s highest threat protection and SSL inspection performance, whether they are deployed at the network edge, in the core, or in the segments.

In today’s digital world, there’s a critical need to establish network protection while maintaining the ability to efficiently provide demanding services and applications. The FSA 10G offering is a perfect match. It protects multiple VLANs (public or private) with not only firewalling, but also with advance inspection technologies such as IPS, application control, and anti-malware.

Bypass bottlenecks

Let’s face it, you are only as strong as your weakest link. With FSA 10G, you get the raw horsepower that comes with custom built security processors (ASICS) hardware acceleration. In other words: If your workload desires higher throughput, the bandwidth limitations can create painful bottlenecks. Decryption, deep packet inspection, and threat correlation are extremely CPU-intensive and are notorious for bringing many commercial firewalls (especially virtual ones) to their knees. To avoid these bottlenecks, customers should deploy the FSA 10G as they would a hardware firewall built for higher throughput, advanced inspection, and complex computations.

In a nutshell: This offering keeps you safe from any hypervisor-level vulnerabilities that virtual firewalls can be exposed to.

Dive into the details of FSA 10G features and capabilities

FortiGate 10Gbps next-generation firewall

Stateful firewall inspection

FSA 10G not only tracks the state of traffic based on OSI layers 2 through 4, but also from layers 2 through 7. This difference allows more control and gives the InfoSec engineer or administrator the ability to have very granular policies.

SSL inspection

Powered by ASICS, SSL inspection performance is hard to beat with FSA 10G. You can use the firewall for either deep or full inspection, in which the firewall decrypts, inspects, and re-encrypts to create an SSL connection.  The other option for SSL certificate inspection is where the firewall inspects the header to verify the webserver identity at wire speed.

NAT support

FSA 10G efficiently supports NAT for both IPV4 and IPV6 and they can configure either DNAT (Destination NAT), SNAT (Source NAT), or CNAT (Central NAT) based on their requirements.

VPN

Whether the choice is SSL VPN or IPSEC VPN, now drive multiple VPN sessions at up to wire speed. SSL VPN can be configured in web-only mode or tunnel mode. Both route-based VPN or policy-based VPN are supported by FSA 10Gbps.

FortiGuard Anti-Virus

You can order the optional FortiGuard Anti-Virus add-on service on the IBM Cloud FSA 10G, which protects your workload against the latest viruses, spyware, and other content-level threats. Signatures are updated automatically thanks to the FortiGuard Threat Intelligence Lab.

Intrusion Prevention Systems (IPS)

Every minute of every day, FortiGuard IPS blocks approximately 470,000 network intrusions. Powered by purpose-built hardware, FSA 10G can achieve attractive TCO while meeting performance requirements. IPS features are easy to set up and offer rich capabilities, including contextual visibility and coverage.

FortiGuard Web Filtering

FortiGuard Web Filtering blocks access to malicious, hacked, or inappropriate websites—the primary vector for initiating attacks by triggering downloads of malware, spyware, or other risky content. This service blocked 97.7{07c2b926d154bd5dc241f595a572d3349d41d98f2484798a4a616f4fafe1ebc0} of direct malware downloads and stopped 83.5{07c2b926d154bd5dc241f595a572d3349d41d98f2484798a4a616f4fafe1ebc0} of malware served through all tested methods in Virus Bulletin’s 2015 VBWeb security testing.

Read the documentation and learn even more about this powerful firewall solution.

If you’re already game to take your network security to the next level, send an email to fsa10gbps@us.ibm.com to sign up for the FSA 10Gbps Early Access Program.

More Security stories
May 7, 2019

We’ve Moved! The IBM Cloud Blog Has a New URL

In an effort better integrate the IBM Cloud Blog with the IBM Cloud web experience, we have migrated the blog to a new URL: www.ibm.com/cloud/blog.

Continue reading

May 6, 2019

Use IBM Cloud Certificate Manager to Obtain Let’s Encrypt TLS Certificates for Your Public Domains

IBM Cloud Certificate Manager now lets you obtain TLS certificates signed by Let’s Encrypt. Let’s Encrypt is an automated, ACME-protocol-based CA that issues free certificates valid for 90 days.

Continue reading

May 6, 2019

Are You Ready for SAP S/4HANA Running on Cloud?

Our clients tell us SAP applications are central to their success and strategy for cloud, with a deadline to refresh the business processes and move to SAP S/4HANA by 2025. Now is the time to assess, plan and execute the journey to cloud and SAP S/4HANA

Continue reading