Application Control and Maximum number of Sessions

I' ll take a stab at this. . . Every feature of the Fortigate that you turn on can potentially impact its performance. It' s just the nature of the device. That' s why it' s important to size the device for your particular environment. Turning on a single UTM Application Control policy for a few major nuisance apps (Skype, Bittorrent, Hulu, etc.) won' t have a big impact, and I believe there is a " best practices" document floating around somewhere that gives a general idea of the impact of the various services on performance. The maximum sessions advertised for each device are not necessarily the recommended number of top sessions the unit could handle without blinking. The things to look for in sizing a Fortigate are: maximum number of users, maximum number of sessions, maximum bandwidth available, features you expect to turn on (AV, antispam, data-leak detection). If you put your full list together, someone here might be able to make a recommendation. Or, better yet, work with a Sales Engineer who can send you a demo unit that you can try out in your particular environment. Overall, when using a stable firmware, I' ve been impressed with the speed the Fortigate processes everything I throw at it. If this doesn' t help, try posting back. I' m not an expert on the Fortigate, but I' ve spent many hours tweaking my particular configuration and know the things that stress the CPU on my 111c' s.

Application Control and IPS in theory shouldn' t decrease number of sessions. It can slow down traffic. It depends on how much traffic you can push over box. Limitations on sessions is with AV, AS, webfilter. 80C is recommended for 25 users, so 50B can be about 10.