Hi,
I did a less-than-thorough search on the web, but was wondering if Fortinet has plans to integrate Wireguard VPN in their Fortigates? We've all had some sports with IPSEC tunnels that drop and never come back - might be time to embrace the future. :)
Thanks!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
wireguard is fantastic
Implement it (also in beta ) can provide a big advantage on competitors.
it is the future: faster , secure , simple...
Not fully sure what you mean, but I've done a feature request through partner and a contact in FortiNet :) Fingers crossed for future relases!
Time will tell, but I highly doubt they are going to implement a rather new protocol into their new features list & anytime soon nor immediately. Especially since nobody in the industry has not caught up or on wireguard. Then you have software license and end users and other items they would to investigate.
I look at it as the same way as OpenVPN, highly used out of commercial firewalls and that is just about it.
Ken Felix
PCNSE
NSE
StrongSwan
Fortigates support almost all - even ancient - tunneling and VPN protocols. Adding a modern, highly acclaimed and easy to implement (from a code point of view) protocol is a logical choice ... all it needs is some nudging from partners and customers ... would be nice to see it appear some time soon!
@sancho81
Would you please share your source on those bandwidth and response time measurements ?
I was under the impression that the ASICs acceleration(NPU, SPU) of FortiGate can do better than WireGuard.
Created on 11-29-2022 08:11 PM Edited on 11-29-2022 08:14 PM
Nevermind, I found it my self
https://www.wireguard.com/papers/wireguard.pdf
"
WireGuard was benchmarked alongside IPsec in two modes and OpenVPN, using iperf3(1) between an Intel
Core i7-3820QM and an Intel Core i7-5200U with Intel 82579LM and Intel I218LM gigabit Ethernet cards
respectively, with results averaged over thirty minutes.
...
WireGuard outperformed OpenVPN and both modes of IPsec. The CPU was at 100%
utilization during the throughput tests of OpenVPN and IPsec, but was not completely utilized for the test of
WireGuard, suggesting that WireGuard was able to completely saturate the gigabit Ethernet link.
While the AES-NI-accelerated AES-GCM IPsec cipher suite appears to outperform the AVX2-accelerated
ChaCha20Poly1305 IPsec cipher suite, as future chips increase the width of vector instructions—such as the upcom-
ing AVX512—it is expected that over time ChaCha20Poly1305 will outperform AES-NI [4]. ChaCha20Poly1305
is especially well suited to be implemented in software, free from side-channel attacks, with great efficiency, in
contrast to AES, so for embedded platforms with no dedicated AES instructions, ChaCha20Poly1305 will also
be most performant.
Furthermore, WireGuard already outperforms both IPsec cipher suites, due to the simplicity of implementation
and lack of overhead. The enormous gap between OpenVPN and WireGuard is to be expected, both in terms of
ping time and throughput, because OpenVPN is a user space application, which means there is added latency
and overhead of the scheduler and copying packets between user space and kernel space several times.
"
we have on average 1,5k VPN connections on our FGT
I rest my case
I also would like to see Wireguard on Fortigate!
I am joining too!
Hi Fortigate? Any progress to adopt to new VPN protocols? I would recommend to adopt before the company got hit by the "legacy" train (as it happened for Aqfa long time ago). Don't miss the train and run your company as any other proprietary company producing closed source. Time has changed and even an grey-bearded management should understand that. Beet you competitors with performance instead of supported legacy VPN tunnel technology.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1066 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.