The Hybrid Mesh Firewall, first introduced by Gartner, is a single firewall operating system that can be deployed across multiple platforms, anywhere people, applications and data could be.  

Fortinet has integrated this concept into their Next-Generation Firewall (NGFW) offering as the Fortinet Hybrid Mesh Firewall (HMF), deployable across a multitude of hardware form factors, virtualization platforms and public cloud providers.

The figure below shows how HMF can be deployed in various locations across the network: 

Figure 1: Fortinet Hybrid Mesh Firewall (HMF) deployment options 

Using the Advanced Technology Center (ATC), World Wide Technology evaluated the Fortinet NGFW offering across two primary elements: key innovation and market velocity factors. 

Key Innovation Factors 

As our clients evaluate an NGFW solution within their overall enterprise cybersecurity strategy, we find they are most interested in how solutions compare when it comes to specific innovation factors: 

Hardware 

At the heart of the Fortinet HMF is the Security Processing Unit (SPU), leveraging the Fortinet custom built and designed ASIC processor. The ASIC is comprised of the network, content, and security processor. These SPUs offload functions, such as web filtering, intrusion prevention systems, application control, IPSEC, logging, and SD-WAN, that would normally be handled by an off the shelf processor, significantly increasing performance.

Figure 2: Security Processor Unit (SPU) performance comparison 

In a third-party 2023 enterprise firewall report, Fortinet scored an effectiveness rating of 99.88%, in no small part due to the innovation contained in the ASICs.

Figure 3 ASIC impact on performance 

Security features with AI threat intelligence 

The FortiGuard AI-Powered Threat Intelligence suite of services provides market-leading security capabilities designed to protect application content, web traffic, devices, and users wherever they are. It continuously assesses risks and automatically responds to and counters known and unknown threats anywhere across the distributed network. Its coordinated and consistent real-time services defend against the latest attacks. 

FortiGuard AI-Powered Security Services is natively integrated into the Fortinet Security Fabric to deliver coordinated detection and enforcement across the entire attack surface. Its technology continuously assesses risks and automatically adjusts the Security Fabric to counter known and unknown threats, including:

  • Evasive and malicious AI-powered threats in real time, regardless of where they occur
  • Through context-aware, consistent security policy for users and applications
  • Across hybrid deployments that span the traditional network, endpoints, and clouds

The FortiGuard Labs cybersecurity experts are enhancing security posture by a combination of static analysis augmented with rapid intelligence based on AI and Machine Learning (ML) models using large-scale, cloud-driven data sets and working with hundreds of intelligence-sharing partners. 

Figure 4: FortiGuard Security Services 

Management and visibility 

The Fortinet HMF provides built-in management for multiple devices via Fortinet Security Fabric. The Fortinet Security Fabric sets the HMF as the centerpiece of the network-driven security approach. From a single HMF, you can manage multiple devices including additional HMFs, Fortinet Access Points (FortiAP), Fortinet Switches (FortiSwitch), Fortinet Extenders (FortiExtender) and other products. The Fortinet NGFW (HMF) Lab in the WWT ATC enables clients to experience hands-on exercises configuring the FortiGate HMF using the built-in Security Fabric and leverage the FortiManager and FortiAnalyzer to provide centralized device, configuration, and logging management at scale. 

Resiliency options 

An area where the HCF solution stands out is High Availability (HA), and the ability to span HA clusters (up to 16) across geographic areas. HA is usually required in a system where there is high demand for little downtime. There are usually hot-swaps, backup routes, or standby backup units and as soon as the active entity fails, backup entities will start functioning. This results in minimal interruption for the users. WWT's ATC has tested HA options in several POCs (3 to 4 vendors) and can quickly spin up an environment to do further testing as needed. 

The FortiGate Clustering Protocol (FGCP) is a proprietary HA solution whereby FortiGates can find other member FortiGates to negotiate and create a cluster. A FortiGate HA cluster consists of at least two FortiGates (members) configured for HA operation. All FortiGates in the cluster must be the same model and have the same firmware installed. Cluster members must also have the same hardware configuration (such as the same number of hard disks). All cluster members share the same configurations except for their host name and priority in the HA settings. The cluster works like a device but always has a hot backup device. 

Figure 5: HA architecture with FGCP enabled 

SD-WAN/SD-Branch 

Fortinet's Secure SD-WAN strategy has an application-driven approach that provides broad application steering with accurate granular identification, advanced WAN remediation, and accelerated cloud on-ramp for optimized network and application performance with 5000+ applications identified with real-time SSL inspection.    

The Fortinet solution integrates networking services into the security infrastructure through FortiOS, the Fortinet HMF operating system in environments, regardless of size. The key benefits include:

  • A common management platform and integrated security
  • Enabling Ethernet switching
  • WLAN interfaces
  • LTE/5G backhaul to be controlled with the same level of enforcement as firewall interfaces

Fortinet HMF uses FortiLink technology to communicate with switch and wireless platforms and requires no additional licenses. SD-Branch and SDWAN capabilities are included as part of the FortiOS running on every HMF. All these capabilities and components are simplified with NOC/SOC management and analytics through Fortinet's Fabric framework. 

Market Velocity Factors 

WWT has assessed several factors through the lens of our specific customer base, which includes large organizations across enterprise, service provider, and public sector segments to evaluate how successful the Fortinet firewall solution has been adopted. 

Client mentions 

In conversations where network security solutions are in play, Fortinet is consistently mentioned as one of the top two network security solutions across multiple verticals, including global financial, manufacturing, retail and healthcare.  These conversations usually start with the firewall, and then extend out to the built-in SD-WAN and how to deploy it at scale (FortiManager and FortiAnalyzer). 

Proof of concept (POC) participations 

Fortinet is no stranger to WWT's ATC environment, consistently being down selected in POCs across verticals. Some examples: 

  • Firewall Feature and Performance Testing, Multinational Financial Services Company (4 vendors)
  • Virtual NGFW Sandbox testing, American Technology Company (3 vendors)
  • Perimeter Security testing, Utilities Corporation (head-to-head)
  • NGFW POC, Health Insurance Company (single vendor, design validation)

POC success 

When asked to participate in a competitive POC, Fortinet has proven its high-quality capability in features, functionality, performance and ease of use.   

The following is an example of a Fortinet win from a global financial customer. Fortinet is one of WWT's preeminent firewalls across its Financial Services market

Figure 7: Large financial services POC data 

Production deployments  

Over the past two years, WWT has deployed many NGFW and SD-WAN Fortinet solutions. With the support of WWT and Fortinet teams, our clients have increased their visibility and time to market while reducing complexity across their network management.  

About WWT & Fortinet  

WWT's partnership with Fortinet has grown stronger over the years with WWT being awarded Fortinet's partner of the year in 2021 and eventually their largest global partner in 2023. 

Fortinet has invested both capital and resources in the ATC to assist in developing our learning paths centered around the Fortinet NGFW and SD-WAN offerings. WWT's Fortinet Center of Excellence (FCOE) provides subject-matter expertise applied in designing the best solutions for our clients. 

In most network security conversations, clients want to know the latest on Fortinet technology. In terms of innovation, performance, HMF feature efficacy, and value, Fortinet's HMF offering is highly recommended for all network security use cases across the enterprise. 

Connect with a security expert today Contact Us

Resources: 

Gartner Magic Quadrant for Network Firewalls Report

Technologies