Fortinet today released a family of next-generation firewalls that feature intent-based segmentation. The company says that this approach provides organizations with a granular level of security control by matching functionality to specific use cases and business requirements.

The four next-generation firewalls in the family are the FortiGate 3600E, the FortiGate 3400E, the FortiGate 600E and the FortiGate 400E.

“The thing that’s new here is the support for the different types of segmentation,” ZK Research Principal Analyst Zeus Kerravala told SDxCentral. He said that next-generation firewalls long have been used for segmentation, mostly at the macro and occasionally endpoint levels. The Fortinet platform adds micro and application/process segmentation. This means that separate platforms are not necessary to perform these tasks.

Fortinet, which has been on a good run lately, has taken segmentation a step further. The idea is that different levels of security are needed in different scenarios. Fortinet’s next-generation firewalls enable this. “The other thing that’s new here is ‘Intent based’ segmentation where customers can align their segmentation strategy with business intent,” Kerravala wrote in an email. “For example, the business may want to tier cloud access and Fortinet will automate [the entire] configuration.”

Thus, an organization that needs extra levels of security around financial or medical databases, or in other ways needs to modulate its security posture, can do so efficiently and at comparatively low costs. “Intent-based segmentation allows enterprises to segment flat-networks intelligently in accordance with business outcomes that will achieve improved security posture, mitigate risks, compliance and operational efficiency,” Nirav Shah, Fortinet senior director of network security, told SDxCentral.

Kerravala recommends that organizations considering the platform ask Fortinet three basic questions:

  • What visibility tools are available to view segmentation schemes?
  • How easy is configuration? (Kerravala added that complexity is the biggest challenge to segmentation.)
  • Is the platform agile enough to change dynamically as policies change?

The new Fortinet family of next-generation firewalls gives organizations a consistent and integrated security policy across all its assets, whether they be on-premise or in the cloud, the company says. The 3600E provides 30Gbps threat protection performance and 34Gbps SSL inspection performance. The 3400E provides 23Gbps threat protection performance and 30Gbps SSL inspection performance. The 600E Series offers 7Gbps threat protection and 8Gbps SSL inspection performance and the 400E offers 5Gbps threat protection and 7.8 SSL inspection performance.

The company says intent-based segmentation is available across its entire FortiGate next-generation firewalls product line without retrofitting or forklift upgrades.