How does the company that pays me make money (aka an overview of Fortinet business)

I joined Fortinet for a 2nd time in May 2025 with the FortiStack team supporting FortiSASE operations. I wanted to take some time out to write about what it is that I do at work and what the Fortinet business is.

Fortinet is a cybersecurity company that was founded in 2000. The company's first and main product is the FortiGate, a physical firewall. They come in different sizes to be used at small offices to large campuses.


The main thing that makes the FortiGate special is the custom Application Specific Integrated Circuit (ASIC) used in them such as a network processor (NP) for firewall/VPN throughput, content processor (CP) for inspection, & Security Processor (SP) for SoC on entry models.

This allows higher inspection throughput at lower cost/watt than software-on-x86 competitors and it runs FortiOS which is a purpose-built OS (not Linux-derived at the datapath).

Say you have a business or are in industry, there's a boundary between your LAN and the internet, between 2 data centers, or between operations technology (factory floor IoT devices, robots, telecom systems, etc.) & the information technology. This boundary needs to be secured, verified that content that's passing through is safe and secure. It's a Next Generation Firewall, which means that it does packet inspection. A friend of mine recently asked, but aren't all the HTTPS packets encrypted, how does the Firewall inspect them? It does them through a 'man-in-the-middle' attack type inspection.

It terminates the client's TLS session using a certificate it creates on the fly, opens a second, separate TLS session to the real server, and decrypts/inspects the plaintext in between before re-encrypting. The FortiGate cert gets added to the client's trust store. 

Unified SASE

The above perimeter model works well when there are users in the office and the apps are at a data center. Now though, users are everywhere (homes/coffee shops/airports) and apps are SaaS and public cloud. So the traffic that used to go through the FortiGate is now going through user -> internet -> SaaS.

Routing everything back from the office's Firewall is a solution but not a good one because that would add latency (it's called trombone or hairpin shaped traffic). The alternative is split tunneling; send SaaS traffic directly to the internet but this ends up inspecting nothing.

So what SASE does is move the inspection point to the cloud, near the user. The user connects to the nearest one, gets full inspection, and exits the internet locally. Security will follow the user (identity) instead of the network location.


My team helps build the infrastructure that supports the SASE operations. SASE identifies the location that a Point of Presence (PoP) is needed and then the Project Management team finds us a data center location, either a colocation center or a Fortinet owned Data Center.

Then, we estimate the compute, memory, storage, network bandwidth requirements and design the data center layout as per the allocated racks/pods/cages. Once the design is ready, we contract technicians to install the servers, initialize them, and cable them (power and networking).

After all of the above work is done, we setup the OpenStack cloud on the hardware and Rancher cloud along with Multus CNI to allow pods to have more than one network interface.

NOTE: the above images were generated using Claude but the text was generated using my own brain after reading the docs and thus might contain typos but conceptually should be right! :)

Resources:

[1] https://www.fortinet.com/products/next-generation-firewall

[2] https://www.fortinet.com/products/sase

Comments

Popular posts from this blog

Working with APIs using Python

SNMPv3

Object Oriented Programming using Python