Fortinet brings AI data centre security to NVIDIA DPUs

Fortinet has unveiled a new integration that embeds its FortiGate virtual firewall directly on NVIDIA's BlueField-3 data processing unit, shifting core security functions away from host servers and into the data centre infrastructure that underpins emerging AI workloads.

The move extends Fortinet's presence in private cloud and AI data centres and deepens its collaboration with NVIDIA around what both companies describe as the emerging "AI factory" model for large-scale, accelerated computing clusters.

Under the arrangement, FortiGate VM now runs on the BlueField-3 DPU rather than on the host CPU. The integration targets environments that deploy high-density GPU nodes and high-speed fabrics for AI, private cloud and edge applications.

Fortinet positions the approach as a way for enterprises and service providers to maintain security controls while keeping GPU resources focused on compute-intensive AI workloads.

Security on the DPU

The new solution embeds firewalling, segmentation and policy enforcement in the DPU. These functions now operate on BlueField hardware that sits between the network and the host server.

Fortinet said this model supports higher throughput and lower latency than traditional host-based firewalls. It also separates the security control plane from application workloads.

John Whittle, Chief Operating Officer at Fortinet, said organisations are rethinking data centre design as AI adoption advances.

"As enterprises are modernizing their data centers to support AI, private cloud and edge applications require much higher throughput than traditional workloads," said John Whittle, Chief Operating Officer, Fortinet. "Integrating FortiGate VM on BlueField-3 DPU gives customers a practical way to keep security aligned with these new performance demands. By moving firewalling, segmentation, and zero-trust controls on the DPU, we help organizations improve isolation, reduce latency, and simplify consistent policy enforcement across their environments."

FortiGate VM on BlueField runs on Fortinet's FortiOS operating system. Fortinet said this brings its existing security policy models and management tools into AI-focused environments and multi-cloud deployments.

AI factory focus

NVIDIA has promoted the concept of the AI factory as a new class of infrastructure that aggregates GPUs, DPUs and high-speed networking into a single fabric. These designs handle large-scale model training, inference and data processing.

Kevin Deierling, Senior Vice President of Networking at NVIDIA, said the Fortinet integration expands the scope of services that AI data centres can offload into infrastructure components.

"AI factories demand an entirely new class of secure, accelerated infrastructure," said Kevin Deierling, Senior Vice President of Networking, NVIDIA. "By running FortiGate VM directly on NVIDIA BlueField-3 DPUs, we're extending the model of infrastructure-offloaded services to include advanced security. This collaboration allows organizations to enforce firewalling, segmentation and zero-trust policies at line rate, without impacting GPU workloads. Together with Fortinet, we're delivering the secure, high-performance fabric customers need to build and scale their AI-powered data centers with confidence."

BlueField-3 DPUs handle networking, storage and security functions on dedicated silicon. This reduces the load on host CPUs and leaves GPUs to run AI models without additional security overhead on the host.

Performance and isolation

Fortinet said running FortiGate VM on the DPU bypasses the host CPU. The company said this can reduce latency and support higher throughput for large traffic volumes in AI clusters.

The security stack operates within what Fortinet describes as an isolated trust domain on BlueField. This separated domain manages firewall and segmentation policies without sharing resources with tenant workloads on the host.

Fortinet said this design strengthens multitenant isolation in environments such as cloud service providers, telecom edge deployments and enterprise private clouds. These environments host multiple customers or internal business units on shared infrastructure.

Segmentation policies now apply directly in the network fabric. Traffic between tenants and between services passes through FortiGate VM instances running on the DPU before it reaches host workloads.

The company said the approach also supports service chaining at scale. Security services can link together in a sequence across BlueField-enabled servers without additional software on the host.

Integration and operations

Fortinet has produced a validated deployment guide for the joint solution. The guide covers configuration using standard Open vSwitch bridges and VXLAN tunnels. It also covers deployment of FortiGate VM images on servers that include BlueField hardware.

Fortinet said the security controls are infrastructure-embedded but remain software defined. Administrators can manage policies through Fortinet's existing tools while enforcement occurs on the DPU.

The company said converged networking and security offloads can reduce complexity for security teams. It also said the model can lower total cost of ownership for large AI and private-cloud estates by consolidating functions on shared DPUs.

The integration targets traditional host-based firewall designs that struggle with AI workloads and multitenant isolation. Fortinet said organisations gain security inspection with no impact on host resources and fabric-level zero-trust controls.

The joint solution is supported from FortiOS version 7.6.3. Fortinet said customers and service providers can access validated hardware configurations and deployment documentation through their usual sales channels.