Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
waltvs
New Contributor

Fortigate - Wireguard Support

Hi,

 

I did a less-than-thorough search on the web, but was wondering if Fortinet has plans to integrate Wireguard VPN in their Fortigates?  We've all had some sports with IPSEC tunnels that drop and never come back - might be time to embrace the future. :) 

 

Thanks! 

1 Solution
sancho81
New Contributor II

wireguard is fantastic

 

Implement it (also in beta ) can provide a big advantage on competitors.

it is the future: faster , secure , simple...

 

View solution in original post

20 REPLIES 20
hatlen
New Contributor

Not fully sure what you mean, but I've done a feature request through partner and a contact in FortiNet :) Fingers crossed for future relases!

emnoc
Esteemed Contributor III

Time will tell,  but I highly doubt they are going to implement a rather new protocol into their new features list &  anytime soon nor immediately. Especially since nobody in the industry has not caught up or on wireguard. Then you have software license and end users and other items they would to investigate.

 

I look at it as the same way as OpenVPN, highly used out of commercial firewalls and that is just about it.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
gglendown

Fortigates support almost all - even ancient - tunneling and VPN protocols. Adding a modern, highly acclaimed and easy to implement (from a code point of view) protocol is a logical choice ... all it needs is some nudging from partners and customers ... would be nice to see it appear some time soon!

f_sfetea
New Contributor II

@sancho81 
Would you please share your source on those bandwidth and response time measurements ?
I was under the impression that the ASICs acceleration(NPU, SPU) of FortiGate can do better than WireGuard.

f_sfetea
New Contributor II

Nevermind, I found it my self
https://www.wireguard.com/papers/wireguard.pdf
"
WireGuard was benchmarked alongside IPsec in two modes and OpenVPN, using iperf3(1) between an Intel
Core i7-3820QM and an Intel Core i7-5200U with Intel 82579LM and Intel I218LM gigabit Ethernet cards
respectively, with results averaged over thirty minutes.
...
WireGuard outperformed OpenVPN and both modes of IPsec. The CPU was at 100%
utilization during the throughput tests of OpenVPN and IPsec, but was not completely utilized for the test of
WireGuard, suggesting that WireGuard was able to completely saturate the gigabit Ethernet link.
While the AES-NI-accelerated AES-GCM IPsec cipher suite appears to outperform the AVX2-accelerated
ChaCha20Poly1305 IPsec cipher suite, as future chips increase the width of vector instructions—such as the upcom-
ing AVX512—it is expected that over time ChaCha20Poly1305 will outperform AES-NI [4]. ChaCha20Poly1305
is especially well suited to be implemented in software, free from side-channel attacks, with great efficiency, in
contrast to AES, so for embedded platforms with no dedicated AES instructions, ChaCha20Poly1305 will also
be most performant.
Furthermore, WireGuard already outperforms both IPsec cipher suites, due to the simplicity of implementation
and lack of overhead. The enormous gap between OpenVPN and WireGuard is to be expected, both in terms of
ping time and throughput, because OpenVPN is a user space application, which means there is added latency
and overhead of the scheduler and copying packets between user space and kernel space several times.
"
we have on average 1,5k VPN connections on our FGT
I rest my case

sceliphron
New Contributor II

I also would like to see Wireguard on Fortigate!

DOBIT
New Contributor

20k views and 2 years later: small bump!

beltskyy
New Contributor III

I am joining too!

ASAPDanny
New Contributor

Me too ! 

wirSeefahrer76
New Contributor

Hi Fortigate? Any progress to adopt to new VPN protocols? I would recommend to adopt before the company got hit by the "legacy" train (as it happened for Aqfa long time ago). Don't miss the train and run your company as any other proprietary company producing closed source. Time has changed and even an grey-bearded management should understand that. Beet you competitors with performance instead of supported legacy VPN tunnel technology.  

Labels
Top Kudoed Authors