Selecting a next-generation data center firewall is one of the most important decisions for any enterprise managing hybrid or large-scale environments. FortiGate Next-Generation Firewalls offer extremely high performance, AI/ML-powered security services, and the ability to consolidate tens of millions of connections per second, making them a leading option for modern data centers.
When evaluating FortiGate NGFWs for a data center, several major factors should guide the decision-making process:
Understanding these elements ensures the chosen model meets both current needs and future scalability requirements.
These models deliver IPS throughput up to 24 Gbps, SSL inspection up to 20 Gbps, and IPsec VPN performance up to 55 Gbps. Options include onboard storage variants and support for 10G, 25G, 40G, and 100G interfaces.
Designed for higher-performance environments, this series provides up to 86 Gbps IPS throughput, up to 63 Gbps SSL inspection, and firewall performance reaching 595 Gbps depending on the model. Select models include 400G interfaces capable of supporting high-bandwidth data centers.
This series offers firewall throughput from 800 Gbps to over 3 Tbps, with IPsec VPN speeds reaching up to 800 Gbps. These appliances are suitable for demanding data centers requiring performance at scale, with optional Hyperscale licensing available.
At the top end of the portfolio, these units deliver up to 520 Gbps threat protection, as much as 1.89 Tbps firewall throughput, and can handle up to 9 million new sessions per second. Models include 400G interfaces and are designed for the largest enterprise or carrier networks.
Fortinet provides two primary license bundles that address most deployment needs:
The Unified Threat Protection bundle includes IPS, malware protection, application control, botnet protection, mobile malware defense, outbreak prevention, web and video filtering, secure DNS filtering, anti-spam, cloud sandboxing, and 24×7 support.
For high-availability deployments, each appliance in the cluster must carry identical FortiCare and FortiGuard licensing.
Enables hardware-accelerated Carrier Grade NAT (CGNAT) using Fortinet’s NP7 security processor. This option is targeted toward high-scale carrier environments.
Supports inspection of GTP and PFCP protocols and enables SCTP firewall functionality for carrier-grade deployments.
A DNS-based global server load balancing solution that enhances application availability across distributed data centers and hybrid cloud environments. It integrates with FortiGate VIP and ZTNA features and includes optional advanced health checks and deployment services.
DC360 can help you select, size, and source the ideal FortiGate NGFW for your environment, including performance planning, licensing guidance, and hardware options.
Contact DC360 today to discuss your firewall requirements.