Executive summary
Fortinet is pleased to announce that FortiGate Virtual Appliance Firewall protecting public and private clouds has scored an overall rating of AAA in the recent cloud network firewall report done by CyberRatings, the highest score possible. CyberRatings’ independent testing on Fortinet virtual appliances resulted in AAA scoring in all 5 areas tested (Management & Reporting Capabilities, Routing and Policy Enforcement, SSL/TLS Functionality, Threat Prevention, Performance). The score reflects Fortinet’s continuous commitment to providing holistic architecture that protects our customers’ environment regardless of where they might be located in. The achievement establishes FortiGate virtual appliances as leaders when it comes to protecting workloads on public or private cloud platforms. To learn more about Fortinet’s AAA score from CyberRatings Cloud Network Firewall report, visit their website located here
Fortinet sets the bar for cloud network firewalls
In this blog, we will review what happened in the report generated by CyberRatings. Within the report, CyberRatings looked at a few areas when evaluating FortiGate virtual appliance firewalls. These are:
Management & Reporting Capabilities
Result: AAA
For centralized controls, firewalls managed by Fortinet’s management system, FortiManager, can use out-of-the-box (OOB) templates for faster on-ramp or create their own for a more granular definition. Not only is FortiManager able to centrally manage and enforce policies on firewalls, but it extends capabilities into many of Fortinet’s Security Fabric ecosystem such as FortiSOAR, FortiSwitch, FortiAP.
For organizations looking to quickly manage a single FortiGate and upstream sync to FortiManager, FortiGate provides an intuitive view for reporting, automation, security, network policies, and much more. OOB reports, playbooks, and other content are available for organizations to quickly on-ramp their security infrastructure. To summarize, robust logging, auto-remediation capabilities, built-in reports, built-in security profiles, flexible and granular authentication methods are some of the reasons why Fortinet believes CyberRatings scored us AAA in this category.
Routing and Policy Enforcement
Result: AAA
FortiGate virtual appliance firewalls (FortiGate-VM) combine both networking and security capabilities into a single platform. In this test, CyberRatings utilized our security profiles (IPS, AV, and more) and found that FortiGate virtual appliances can easily enforce anything from simple policies with no policy restriction to complex multi-zone structure that utilized many users, networks, applications, and polices.
SSL/TLS Functionality
Result: AAA
Testing was done here by CyberRatings to confirm that FortiGate-VM can decyrpt SSL/TLS traffic using a variety of different ciphers. FortiGate-VM can support either SSL (Secure Sockets Layer) certificate inspection or full SSL inspection. In this test, a full SSL inspection was performed. Testing was done for both TLS (Transport Layer Security) 1.2 and 1.3 in which FortiGate-VM was able to deliver SSL/TLS decryption without a problem.
Threat Prevention
Result: AAA
For any security vendor, having effective security is necessary. Native security from cloud vendors often lacks advanced security capabilities, granular policy definition, and includes unexpected costs. With Fortinet’s programmatic and user interface (UI) capabilities for security, operators can quickly create automation functions to auto-remediate issues or create policy-based/profile-based security rules to protect workloads on the cloud. FortiGate-VM uses Fortinet’s threat intelligence, FortiGuard, to ensure real-time protection and security and thus was able to block CyberRatings threat repositories from successfully exploiting the system or evading detection.
Performance
Result: AAA
In this section, CyberRatings performed tests for raw packet processing performance, HTTP performance, and HTTPS performance. HTTP throughput was rated to be 1000 Mbps out of 1000 Mbps. HTTPS throughput was rated to be 892 Mbps out of 1000 Mbps. Overall rated throughput was 946 Mbps out of a maximum 1000 Mbps that was configured on the testing appliance. The purpose of this test is believed to ensure that FortiGate-VM can continuously support 1000 Mbps of testing throughput without high degradation to performance. Multiple ciphers were used when testing HTTPS performance. FortiGate-VM was able to succeed in this test with little to no performance degradation and zero packet loss.
Stability and Reliability
Result: AAA
As a critical requirement of any cloud firewall, stability and reliability is necessary. Security outages caused from a poor performing product can have disastrous outcomes for any organization. FortiGate-VM was able to score AAA in this category as we were able to detect and block malicious traffic while being under stress while maintaining high traffic flows to go through our virtual firewall.
Total Cost of Ownership (TCO)
Result: AAA
Cost is an important conversation in any cloud strategy conversation. To determine cost, CyberRatings applied the following formula:
Security Effectiveness = Exploit Block Rate* Evasions* Stability and Reliability
TCO per Protected Mbps = TCO / (Security Effectiveness * Tested Throughput)
To put it simply, the total cost of owning a virtual security appliance is the total cost of the virtual appliance itself divided by how security the appliance is measured to be multiplied by the throughput of the security appliance. As discussed above, the tested throughput for Fortinet was 946 Mbps out of 1000 Mbps of maximum configured throughput. This resulted in Fortinet scoring a TCO per Protected Mbps of $66.06. As the max throughput tested on the test loading appliance was configured not to exceed 1 Gbps (or 1000 Mbps), the TCO per Protected Mbps should only be used as a baseline in the specific context of 1 Gbps of maximum configured throughput. FortiGate-VM can achieve a much higher throughput as internal testing done have shown below in Table 1 from a 10Gbps maximum configured throughput.
Fortinet tested on 10Gbps max configured limit |
129.4KB |
64.8KB |
Fortinet throughput (CPS) |
9885 |
17660 |
AWS max throughput (CPS) |
10000 |
20000 |
Fortinet throughput (Mbps) |
9975 |
8824 |
Table 1: 10 Gbps maximum configured throughput testing
Also note that the FortiGate-VM license used in CyberRatings report was an unlimited license that can provide over 36 vCPU support. This means that while the unlimited license did support the 36 cores launched in a c5.9xlarge, the license can also be used to support additional cores. There are no limitations from Fortinet end, and limitations are set from cloud vendors.
While Fortinet believes CyberRatings TCO scoring is incredibly competitive against comparable cloud solutions, organizations can gain massive value and lower their TCO per Protected Mbps by utilizing higher max throughput and higher vCPU instances when using the unlimited license.
Overall, CyberRatings scoring of FortiGate-VM validates Fortinet’s commitment to providing a unified architecture with integrated and effective security. Additional testing at a bigger spectrum could have been carried out (10 Gbps vs 1 Gbps limit). However, the purpose of this test was not to test for max performance, but consistent performance. The test was also not performed on an optimized instance type. Readers will need to research which instance type should be launched based on the use case for their organization. It is recommended that organizations with high network performance requirements launch a network optimized VM (Virtual Machines) type. For real world applications of FortiGate, note that the TCO would be lower as traffic throughput increases as there will be no limitations besides network limitations from the cloud vendors and actual max throughput for FortiGate. Fortinet believes the TCO achieved in this report provides greater value than many of the comparable solutions currently available.
An integrated cloud firewall is critical in providing effective security
When talking cloud strategy, there are many key areas to look at including security, performance, costs, service limits, fault tolerance. If we were to focus on security within those areas, a key challenge has always been consistent visibility and enforcement across cloud platforms. The problem is that cloud vendors each have their own terminologies, services, and restrictions, that makes it difficult to centrally control and gain visibility, as well as enforcing security policies. FortiGate virtual appliances enable centralized visibility and security policies enforcement across all public and private cloud vendors. By providing a single security hub for security controls, operators can work together in providing a unified cloud strategy to secure their organizations cloud environments regardless of where the workloads reside. Fortinet considers CyberRatings’ AAA scoring of its FortiGate virtual appliance firewalls to validate this strategy. By simplifying and centralizing the ability to create, enforce, and manage network and security policies, FortiGate virtual appliances have shown to provide high visibility, high performance, low TCO, and high security effectiveness. To learn more about our cloud strategy, please visit a blog written by Fortinet’s Senior Director of Product Marketing, Vincent Hwang located here
Action Items:
Download CyberRatings Cloud Network Firewall Report here.
Read more about the Fortinet Security Fabric and the future of networking is converged networking written by Fortinet’s CMO, John Maddison
Visit Fortinet’s FortiGate Next-Generation Virtual Appliance Firewall homepage to learn more about this advanced security solution.
About CyberRatings
CyberRatings.org is a non-profit 501(c)6 entity dedicated to quantifying cyber risk and providing transparency on cybersecurity product efficacy through testing and ratings programs. To learn more, visit www.cyberratings.org
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.