SOURCE: Fortinet


June 06, 2012 08:45 ET

On IPv6 World Launch Day, Fortinet® Announces 500+ Gbps Protection

Massive-Scale, Real-World Testing of Actual Application Traffic Shows That Fortinet Raises the Performance Bar Again

SUNNYVALE, CA--(Marketwire - Jun 6, 2012) - Fortinet® (NASDAQ: FTNT) -- a world leader in high-performance network security -- announced that as the world celebrates IPv6 Launch Day, the Fortinet FortiGate-5140B chassis, powered by FortiGate-5101C blades, has achieved 536 Gbps of blended application and security attack traffic during an IPv6 test driven by the BreakingPoint FireStorm CTS. Telecommunication carriers, service providers, and other performance-focused enterprises that have deployed an IPv6 infrastructure can rely on Fortinet to help protect their network while helping maintain the performance they require.

"IPv6 Launch Day represents a major milestone in the transition from IPv4 to IPv6 as many of the world's largest networks and content providers permanently enable IPv6 in their networks," said Patrick Bedwell, vice president of product marketing for Fortinet. "This means that the content and services that businesses and consumers rely on every day will now be delivered via IPv6. IPv6 presents significant performance and security challenges, and this test establishes that Fortinet can help protect those networks and content with the world's fastest IPv6 firewall."

Ability to Inspect IPv4 and IPv6 Traffic is Key
One of the challenges networks face as they migrate to IPv6 is the inability of their existing network security tools to detect threats within IPv6 traffic. This is due to legacy firewalls not implementing a 'dual stack' approach, in which a firewall has dual IPv4 and IPv6 protocol stacks running at the same time, to allow it to inspect the contents and enforce policies regardless of the version of the protocol used. Instead, the limited IPv6 support these legacy tools offer means they simply forward IPv6 traffic to its destination, allowing threats hidden within IPv6 content to pass undetected.

FortiGate devices utilize a dual stack approach and provide the same network security technologies in IPv4 as IPv6, thus eliminating any potential gaps in protection caused by IPv6 traffic.

Fortinet's IPv6 technology has been certified compliant by the US DoD JITC since 2008, and has earned "IPv6 Ready Phase-2" compliance.

Testing Methodology
Testing was performed by Fortinet using five BreakingPoint FireStorm CTMs in May 2012. Each BreakingPoint FireStorm CTM test system is capable of generating 120 Gbps of stateful application traffic. The FortiGate-5140B chassis under test consisted of 14 FortiGate-5001B high-performance blades, with each blade capable of 40 Gbps firewall throughput and up to 11 million concurrent sessions per blade.

Benchmark Results
The FortiGate-5140B was put through a number of industry-standard tests for performance using IPv6 traffic. Highlights include:

  • Stateless UDP traffic: the type of traffic typically seen in financial trading and streaming environments, showed 536 Gbps for large (1518 byte) packets, 532 Gbps for small (64 byte) packets.
  • Stateful TCP traffic: seen in today's typical enterprise environments, showed 503 Gbps for HTTP and 514 Gbps with real-world application traffic. Application traffic included Facebook, Zynga Farmville, Pandora radio, AOL Instant Messenger, Microsoft Outlook and others. The FortiGate-5140B was also able to process more than 1.4 million connections per second.

Unparalleled Performance via Hardware Acceleration
The FortiGate-5101C blade achieves its breakthrough performance through the use of custom FortiASIC™ processors that are built on a technology platform first engineered at Fortinet more than 10 years ago. FortiASIC processors provide the hardware-based performance acceleration needed to deliver the highest IPv6 throughput of any firewall on the market. Competing firewall manufacturers, on the other hand, process IPv6 traffic in software only and not hardware, which significantly reduces network performance. These competing solutions cannot meet the security demands of today's high-performance, high-volume networks.

What is IPv6?
IPv6 was developed by the Internet Engineering Task to deal with this long-anticipated IPv4 address exhaustion. Like IPv4, IPv6 is an internet-layer protocol for packet-switched internetworking and provides end-to-end datagram transmission across multiple IP networks. While IPv4 allows 32 bits for an IP address and therefore has 232 (4 294 967 296) possible addresses, IPv6 uses 128-bit addresses, for an address space of 2128 (approximately 3.4×1038) addresses. This expansion allows for many more devices and users on the Internet as well as extra flexibility in allocating addresses and efficiency for routing traffic. It also eliminates the primary need for network address translation which gained widespread deployment as an effort to alleviate IPv4 address exhaustion.

Follow Fortinet Online:
Subscribe to threat landscape reports:; Twitter at:; Facebook at:; YouTube at:

About Fortinet (
Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and the market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2011 Fortune Global 100. Fortinet's flagship FortiGate product delivers ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Fortinet's broad product line goes beyond UTM to help secure the extended enterprise -- from endpoints, to the perimeter and the core, including databases and applications. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.

Copyright © 2012 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties, such as BreakingPoint or DoD JITC, and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, binding specification or other binding commitment by Fortinet, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements and expressly disclaims any obligation to update these forward-looking statements.


Contact Information