back to article Fortinet's latest hyperscale kit packs 2.4Tbit/sec of firewall into a 4U chassis

As port speeds creep ever higher to support larger hyperscale workloads and bandwidth-hungry 5G applications, Fortinet says its latest generation of firewalls should keep even the largest data flows safe from would-be attackers. The vendor this week unveiled its FortiGate 4800F-series of appliances, which top out at 2.4Tbit/ …

  1. Nate Amsden

    impressive but scary

    Pretty amazing specs on paper at least. Though the idea of having so much traffic being routed through a complex next generation firewall as a single point of failure (referring to software failure not hardware) is scary. I've read (from Fortinet fans) that Fortinet has a history of questionable firmware versions that can cause big problems(so find a good version and stick to it is the suggestion). They aren't alone here for sure, Cisco has a really bad reputation for Firepower. Sonicwall has a pretty terrible reputation among network folks as well. I'm sure there are others too. I personally have used Sonicwall for the past decade without much issue but all my firewalls are basically layer 4. I assume most of the pain with Sonicwall may be the layer 7 stuff. I recall one stupid mistake on Sonicwall's part earlier this year I think where they pushed a bad signature update out to their Gen7 firewalls and made them go into a crash reboot loop. One of my office edge firewalls was hit by that, what was even more strange to me is that firewall had no layer 7 licensing, so why the hell was it bothering to download a signature update that it didn't have a license to use. Stupid.

    Load balancers have a solid history of being able to do Layer 7 well at high speeds, but they too are far less complex than a next generation firewall.

    Point being, firewall at layer 4 is pretty well flushed out at this point the systems are simple and reliable probably 98-99% of the time. Layer 7 firewalls and deep packet inspection, SSL inspection reliability seems to be far less (and such reliability hasn't seem to have improved much in recent years as complexity grows ever greater). Having so much complexity at a single point for massive traffic just scares me(probably anything over say 50Gbps).

    I'm less concerned about something getting through the firewall (as in firewall not detecting a threat, since no way any firewall can block everything so some stuff will get through regardless) than I am the firewall outright crashing, dropping packets for unknown reasons or otherwise blocking valid traffic because of bug(s).

    Maybe I'm wrong though.

  2. Anonymous Coward
    Anonymous Coward

    Having worked in distribution, I would rank Fortinet up there with Oracle in terms of who to not do business with. Nice kit, but horrible company.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like