Fortinet has announced an integration with NVIDIA aimed at addressing one of the recurring challenges in AI-focused data centers: how to enhance security without slowing down extremely latency-sensitive and throughput-intensive workloads. The proposal involves running FortiGate-VM (Fortinet’s virtual firewall) directly on the NVIDIA BlueField-3 DPU, shifting key network and security functions from the host to the infrastructure layer.
The approach aligns with the concept of “isolated and accelerated infrastructure” that many teams are pursuing when designing private cloud environments and accelerated AI compute clusters: as east-west traffic grows, the density of GPUs increases, and segmentation requirements become more complex, there is less margin for relying on purely “host-based” inspections without incurring additional costs.
Security “within the fabric” of the data center
Instead of running security as an additional layer consuming server CPU resources (or competing indirectly for resources), Fortinet proposes that firewalling, segmentation, and zero-trust controls be executed on the DPU, within a trusted domain separate from compute. The message is clear: move protection into the infrastructure fabric itself to bolster isolation —especially in multitenant scenarios— and maintain consistent policies without impacting AI workloads.
From an operational perspective, the idea is that the firewall ceases to be a “performance toll” and instead becomes an offloaded service: security remains “software-defined,” but is supported by the DPU’s role as an isolated, optimized network/security plane.
What benefits does this integration promise?
Fortinet summarizes the value of this move across four axes, tailored for high-performance environments:
- Zero impact on the host for high-performance inspection: By running on the DPU, FortiGate-VM avoids loading the server CPU, reducing latency and enabling higher throughput under heavy traffic conditions.
- Segmentation and zero-trust with reinforced isolation: The security plane is separated from the compute plane, aligning with multi-tenancy and domain separation requirements.
- Practical integration into private cloud: Deployment leverages standard configurations with Open vSwitch, using bridges for WAN and VXLAN tunnels for LAN.
- Scalability for multi-tenant architectures: The design targets cloud providers, telco edge deployments, and enterprises needing accelerated inspection, isolation, and large-scale service chaining.
The underlying message is that, in the era of GPU clusters and AI-related traffic (including the rise of more complex, distributed, and “agentic” flows), traditional perimeter security and centralized inspection are no longer sufficient: what matters is applying policies close to the data and network fabric, at line-speed.
Availability: version requirements and access to the validated guide
Fortinet indicates that this solution will be supported starting with FortiOS 7.6.3. Additionally, both companies and providers must request access from Fortinet to the validated hardware configurations and the deployment guide.
Frequently Asked Questions
What does it mean that FortiGate-VM “runs on the DPU” rather than on the host?
It means security functions like firewalling or segmentation are executed on the BlueField-3 DPU, rather than consuming the server’s resources hosting workloads (such as AI), reducing the impact on host performance.
What types of environments is this integration intended for?
For data centers with private cloud, high-performance AI clusters, multi-tenant scenarios, and also telco edge deployments where isolation and large-scale inspection are critical.
What technical components does Fortinet mention for network integration?
Deployment involves Open vSwitch with bridges for WAN and VXLAN tunnels for LAN, along with FortiGate-VM images running on servers equipped with BlueField DPU support.
From which version is it officially supported?
Starting with FortiOS 7.6.3. Access to validated configurations and deployment guides is managed through Fortinet’s commercial channels.
via: fortinet