Best Practices for Sizing an SD-WAN Hub

Question

Hi everyone,

I am relatively new to the Fortinet world and I’m currently working on my first SD-WAN deployment exercise. I’m at the stage where I need to select the right FortiGate model to act as the Hub, but I want to make sure I don't under-provision the hardware or over-spend unnecessarily.

Could you help me identify the critical variables I should consider for the correct sizing of the Hub? From my initial research, I’m looking into: Total Number of Spokes, Tunnel Count, Routing Table Size.

Beyond these, what else am I missing? For example, how do I calculate the impact of security profiles (IPS, Antivirus, Application Control) when they are applied at the Hub level in an SD-WAN architecture?

If there are any specific FortiGate Sizing Guides or "rules of thumb" you use when designing the Hub capacity, I would love to hear them.

Thanks in advance for your patience and help!

AEK · Answer

Hi VictorCheck the FGT models for a quick comparison.https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdfIn your case it is good to check the following columns:Max GW to GW IPsec tunnelsIPsec VPN ThroughputFirewall / IPS / NGFW / Threat-Protection throughputOther advice:For hub we use HA, since a failure will simply kill the whole networkAvoid FGT models with 2GB RAMPersonally I'd not go under FG-120G as hubHope it helps.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded