Fortinet moves AI data centre security onto NVIDIA DPUs

Fortinet has launched an integrated security product with NVIDIA that embeds its virtual firewall directly on NVIDIA's BlueField-3 data processing units inside AI and private cloud infrastructure.

The move places security inspection and policy enforcement on the DPU rather than on host servers. The companies target emerging "AI factory" data centres and high-density private clouds that run latency-sensitive workloads.

FortiGate VM, Fortinet's virtual firewall, now runs natively on NVIDIA BlueField-3 DPUs. The DPU sits in the data centre infrastructure and offloads networking and security tasks from general-purpose CPUs.

Fortinet said this design brings what it calls "isolated infrastructure acceleration" into AI data centres. Security functions shift from the host to the DPU. This keeps GPU and CPU resources focused on training and inference tasks.

The companies said the joint product delivers firewalling, network segmentation and zero-trust policy enforcement at line rate. The security stack runs on the BlueField hardware. The host systems process AI and application workloads.

John Whittle, Chief Operating Officer, Fortinet, said organisations face new performance constraints as they deploy AI and private cloud workloads at scale.

"As enterprises are modernising their data centres to support AI, private cloud and edge applications require much higher throughput than traditional workloads. Integrating FortiGate VM on BlueField-3 DPU gives customers a practical way to keep security aligned with these new performance demands. By moving firewalling, segmentation, and zero-trust controls on the DPU, Fortinet helps organisations improve isolation, reduce latency, and simplify consistent policy enforcement across their environments," said John Whittle, Chief Operating Officer, Fortinet.

The collaboration with NVIDIA targets organisations that are building AI clusters and fast network fabrics. These environments generate large east-west traffic volumes between servers and accelerators inside the data centre.

Fortinet said the arrangement supports high-throughput traffic inspection without extra load on host CPUs. It also said it improves isolation between tenants and between workloads on shared infrastructure.

Aim at AI factories

NVIDIA has promoted the concept of "AI factories" as large-scale facilities that process and refine data for AI models. These sites often use GPU clusters and dedicated DPUs.

Kevin Deierling, Senior Vice President - Networking, NVIDIA, said the new solution extends an existing model in which the DPU offloads infrastructure functions.

"AI factories demand an entirely new class of secure, accelerated infrastructure. By running FortiGate VM directly on NVIDIA BlueField-3 DPUs, we're extending the model of infrastructure-offloaded services to include advanced security. This collaboration allows organisations to enforce firewalling, segmentation, and zero-trust policies at line rate, without impacting GPU workloads. Together with Fortinet, NDVIDIA is delivering the secure, high-performance fabric customers need to build and scale their AI-powered data centres with confidence," said Kevin Deierling, Senior Vice President - Networking, NVIDIA.

FortiGate VM on BlueField uses FortiOS, Fortinet's operating system for its security products. Fortinet said this gives customers a consistent policy model across on-premise, multi-cloud and AI infrastructure.

The security engine now runs in a separate trust domain on the DPU. This domain isolates security processes from user workloads, which remain on the host CPU and GPUs.

Fortinet said this setup supports zero-trust segmentation within the data centre fabric. Security policies sit at the network infrastructure layer. They apply before traffic reaches workloads.

Security offload

The new design offloads firewalling, segmentation and zero-trust checks from the host to the DPU. The company said this reduces latency and supports higher throughput for AI-era traffic.

It also said this approach improves multi-tenant isolation. Traffic between tenants or between application domains stays segmented in the network fabric.

Fortinet said customers can use a validated deployment guide that describes how to configure Open vSwitch bridges for wide-area and VXLAN tunnels. It also covers the rollout of FortiGate VM images on servers that include BlueField accelerators.

The companies position the integrated product for cloud service providers, telecom edge environments and enterprise private clouds. These environments often run shared infrastructure and require per-tenant or per-application traffic inspection.

Replacing host firewalls

Fortinet said traditional host-based firewall models cannot match the traffic growth seen in AI workloads and edge services. These models use CPU resources on the main server for packet inspection and policy checks.

With inspection shifted into the DPU, security enforcement runs at the hardware level. The control is still software defined. Policies flow from central management systems into the FortiGate VM software on each DPU.

The company said this reduces infrastructure complexity and can lower total cost of ownership. Network and security functions now share the same offload hardware.

FortiGate VM on NVIDIA BlueField is supported from FortiOS version 7.6.3. Customers and service providers can engage Fortinet sales teams for hardware validation details and deployment guidance.

Fortinet said it will continue to work with partners in AI infrastructure. It plans further integrations between its security products and emerging data centre architectures built around accelerators and DPUs.