WIXLIB

CyberElasticScalable Next-Gen FirewallSolution BriefSolution DescriptionThe CyberElastic Scalable Next-Gen Firewallcombines best-of-breed components from NoviFlow,Lanner and Fortinet to deliver a powerful cybersecuritysolution. The integrated multivendor solutionleverages modular hardware and software to provideup to 1 Tbps of scale-out Firewall service withunmatched flexibility and scalability, while deliveringsignificant reductions in capital and operating costs,footprint and power consumption.Components of CyberElastic HTCA hardware from Lanner: an all-in-one 6Uchassis with pre-integrated compute andstorage components, and is unique in providinga fully programmable network fabric leveragingthe Intel/Barefoot Tofino chip. FortiGate virtual x86 Firewall from Fortinet , atrusted global leader in cybersecurity. CyberMapper and NoviWare software fromNoviFlow deliver switching, load balancing,mitigation and High Availability (HA). NoviFlow’s VisualAnalytics software whichharvests detailed sensor and log data from allsystem components and presents operationalhealth and performance via powerful, intuitiveweb-based dashboards.Benefits of CyberElastic Scalable – start at 145 Gbps and scale up to 1Tbps by adding security blades ie. pay-as-yougrow. Deployment-ready – Quick to deploy with simpleinstallation instructions and scripts. Out-of-thebox to deployment in a day. Avoid unnecessary truck rolls via sophisticatedremote monitoring and management.CyberElastic is a powerful, pre-integrated Firewallsolution that offers elastic scalability, pay-as-yougrow economics, massive throughput, sophisticatedanalytics, easy installation, configuration and remotemonitoring.Solution Featureso CyberElastic software components integrated with the modular andscalable Lanner HTCA chassiso Core hardware features leverage by CyberElastic framework§ Redundant switch slots§ 6 security blade slots§ Up to 336 x86 cores / 732 threads§ 1.2 Tbps backplane to each switch§ 1.6 Tbps front ports to each switcho CyberElastic core features§ Load Balancing to Security Tool farm(s)§ at scale Terabit LB§ Multiple LB instances, one for each Security Tool Farm§§§§Service chainingInternal Tool sequence policiesPacket classified by policy matchIn-packet sequencing implantation (SRv6 and legacy VLAN)§§§External service chain requestA CyberElastic instance is an IPv6 addressable deviceSRv6 implementation§§§Legacy and NG interfacesbump-in-wire for IP4/6IPv6 routable device for SRv6 requested services§Visualization of a rich array of operational data that improvesmonitoring and trouble shootingall hardware sensorsNOS, CyberMapper, an Operating System logsSEL major event log§§§Contact NoviFlow today for a demo ofCyberElastic, email: contact@noviflow.com

CyberElastic Scalable FirewallDeployment ScenariosCyberElasticCyberElasticBump in the WireSRv6 AddressableCyberElastic is easy to install into any legacy networkwhen deployed as a bump in the wire. Furthermore, itcreates a security domain inside which Firewall servicesare invisible and independent of the rest of the network.This is ideal for adding Terabit scalable, dynamically loadbalanced Firewall services to network edges and peeringpoints.CyberElastic supports SRv6 , making Firewall resourcesaddressable from anywhere in the network. With SRv6,CyberElastic can be part of a global network service chainreducing the need to overprovision Firewalls to meet peaklocal demand. With VisualAnalytics, you can see trends inFirewall usage evolve over time, enabling capacityplanning based on utilization. It also allows operatorswith network orchestration to divert traffic tounderutilized firewalls and thus recover unused capacity.ThroughputPay as You Grow!The modularity of the CyberElastic appliance allows you todeploy with a single security blade for up to 145 Gbps offirewall services. As your capacity grows over time, you canscale out incrementally with additional security blades for upto 986 Gbps of Firewall services.986 Gbps1 Tbps812 Gbps750 Gbps638 Gbps464 Gbps500 Gbps290 Gbps\250 Gbps145 GbpsBladesInstalledSecurityBlade 1SecurityBlade 2SecurityBlade 3SecurityBlade 4SecurityBlade 5SecurityBlade 6

CyberElastic Scalable FirewallLine Rate Programmable NetworkAt the heart of the platform, is the embedded hardware-basedload balancer which utilizes the Barefoot Networks 3.2 TbpsTofino programmable silicon. You get the flexibility ofsophisticated load-balancing and traffic mitigation featureswritten in software and executed in silicon at line rate. Utilizingthis architecture built on commercial silicon, you eliminate theneed to deploy expensive dedicated load balancers to scale outyour firewall services.Virtual Physical AppliancesThere’s no need for a forklift upgrade of your firewallenvironment with CyberElastic. Utilize your existing physicalappliances seamlessly by connecting them to the CyberElasticswitching fabric and add security blades to the CyberElasticplatform as capacity is needed. With proportional loadbalancing, you can mix and match virtual and physicalappliances with different throughput capacity, CyberElastic canbe configured to load balance traffic for the capacity availablefor that device.High Availability FeaturesCyberElastic was designed to be resilient with multipleredundancies in the hardware platform. At the firewall servicelevel multiple features were built into the hardware load balancerto deal with failures: In the event of a security blade failure, Affinity LoadBalancing will move the traffic from the failed blade tothe other security blades in the chassis; when a newsecurity blade comes online, CyberMapper will move thetraffic back to the replacement blade with minimal statedisruption. In the event that maintenance needs to be performed orservice is degraded, you can put CyberElastic in BypassMode. This will divert all incoming traffic around thefirewall. You can also configure CyberMapper toautomatically bypass traffic if firewall services dropsbelow a certain percentage of normal capacity.

CyberElastic Scalable FirewallCyberElastic Software ArchitectureNoviFlow’s CyberMapper accelerates and dynamically scales cybersecurityservices and virtualized network functions into the Terabit scale by implementinga powerful Security Load Balancer, packet filtering and telemetry solution thatleverages is a high-performance programmable networkfabrics. CyberMapper achieves unprecedented performance, flexibility, and scaleby leveraging the power of programmable match-action pipelines, white-boxhardware, and open standard interfaces such as OpenFlow, gRPC and P4runtime.Using the advanced FortiOS operating system, FortiGate appliances effectivelyneutralize a wide range of security threats facing your virtualized environment.Whether deployed at the edge as a front-line defense, FortiGate appliances protectyour infrastructure with some of the most effective security available today byenabling security features you need.The NoviWare Network Operating System is the networking industry’s highestperformance implementation of SDN, featuring Open, programmable matchaction pipelines optimized for high performance switching chipsets such asBarefoot’s Tofino chip. Architected from the ground up to be a reliable, scalableplatform for gRPC, and P4-Runtime, NoviWare offers the industry’s most completeimplementation of the next generation of PISA architecture based SDNapplications and solutions.Visual Analytics visualizes times series data from sensors, counters and logs fromall of the major subsystems within CyberElastic. Visual Analytics converts thesestreams of information into dashboards so that customers can make operationdecisions on actionable information. Information collected can be used to look fortrends or anomalies to preempt unplanned outages and reduce the number oftruck rolls needed for operational maintenance.

CyberElastic Scalable FirewallSpecifications# of Security Blades123456System PerformanceFirewall Throughput (Gbps)145290464638812986Concurrent Sessions 0250,000400,000550,000700,000850,000145 / 67290 / 133464 / 214638 / 294812 / 374986 / 45540801281762242721835567798119New Sessions/Second (TCP)IPsec VPN Throughput(AES256 SHA1, 512 Byte)(Gbps)Gateway-to-Gateway IPsecVPN Tunnels (VDOM/System)Client-to-Gateway IPsec VPNTunnelsSSL-VPN Throughput (Gbps)Concurrent SSL-VPN UsersIPS Throughput(HTTP/Enterprise Mix) (Gbps)Application ControlThroughput (Gbps)CAPWAP Throughput (Gbps)Actual performance may vary depending on the network and system configuration. Performance metrics were based on Fortinet published performance specs of theFortiGate-VM16 on the Lanner HTCA 6600 Platform and KVM. 1. 24 GB RAM assigned to instance; results will be higher with more RAM added. 2. IPS performance ismeasured using 1 Mbyte HTTP and Enterprise Traffic Mix. 3. Application Control performance is measured with 64 Kbytes HTTP traffic. 4. NGFW performance is measuredwith IPS and Application Control enabled, based on Enterprise Traffic Mix. 5. Threat Protection performance is measured with IPS and Application Control and Malwareprotection enabled, based on Enterprise Traffic Mix. 6. CAPWAP performance is based on 1444 byte UDP packets. For more information,see: ts/data-sheets/FortiGate VM KVM.pdf