Testing was performed by Fortinet using five BreakingPoint FireStorm CTMs in May 2012. Each BreakingPoint FireStorm CTM test system is capable of generating 120 Gbps of stateful application traffic. The FortiGate-5140B chassis under test consisted of 14 FortiGate-5001B high-performance blades, with each blade capable of 40 Gbps firewall throughput and up to 11 million concurrent sessions per blade.
The FortiGate-5140B was put through a number of industry-standard tests for performance using IPv6 traffic. Highlights include:
Stateless UDP traffic: the type of traffic typically seen in financial trading and streaming environments, showed 536 Gbps for large (1518 byte) packets, 532 Gbps for small (64 byte) packets.
Stateful TCP traffic: seen in today’s typical enterprise environments, showed 503 Gbps for HTTP and 514 Gbps with real-world application traffic. Application traffic included Facebook, Zynga Farmville, Pandora radio, AOL Instant Messenger, Microsoft Outlook and others. The FortiGate-5140B was also able to process more than 1.4 million connections per second.
One of the challenges networks face as they migrate to IPv6 is the inability of their existing network security tools to detect threats within IPv6 traffic. This is due to legacy firewalls not implementing a ‘dual stack’ approach, in which a firewall has dual IPv4 and IPv6 protocol stacks running at the same time, to allow it to inspect the contents and enforce policies regardless of the version of the protocol used.
Instead, the limited IPv6 support these legacy tools offer means they simply forward IPv6 traffic to its destination, allowing threats hidden within IPv6 content to pass undetected.
Fortinet’s IPv6 technology has been certified compliant by the US DoD JITC since 2008, and has earned “IPv6 Ready Phase-2” compliance.