Skip to main content
A
Anonymous_User
Contributor
September 16, 2008
Question

connection limit

  • September 16, 2008
  • 5 replies
  • 7536 views
My fortigate 100a was recomended for 100 or less users. I have 60 users. I frequently hit my connection limit. does anyone know how to increase or remove the connection limits? Thanks in advance.... Bonz

    5 replies

    abelio
    SuperUser
    abelio
    SuperUser
    September 16, 2008
    My fortigate 100a was recomended for 100 or less users. I have 60 users.
    ftg units doesn' t count users; to dimensionate an unit, it' s necessary evaluate several parameters, network usage, expected traffic, expected filtering requirements, etc. etc
    you can' t remove it; you could with tuning your config; use http://kc.forticare.com/default.asp?id=1076&SID=&Lang=1 as reference. maybe you can shutdown features you don' t need. If you' ve already done that, you could need a bigger box.
    A
    Anonymous_UserAuthor
    Contributor
    September 17, 2008
    abelio
    thanks abelio, thats what i figured. didn' t know if someone had some tricks up their sleeve.
    A
    Anonymous_UserAuthor
    Contributor
    October 11, 2008
    In a related issue, does anyone know if it is possible to limit the number of connections per IP or per FW policy match? I sometimes have a few users who suck up so many connections that I hit the limit and it messes things up for everybody. Thanks!
    A
    Anonymous_UserAuthor
    Contributor
    October 11, 2008
    My fgt is 60 with 80 users, I always hit connection limit . If I use FGT-200A to replace fgt-60, connection limit is removed or not?
    laf
    laf
    New Member
    October 11, 2008
    My fgt is 60 with 80 users, I always hit connection limit . If I use FGT-200A to replace fgt-60, connection limit is removed or not?
    A 200A will no longer give you: connection limit, I think. Still if you ll change your number of user or your internet connection with a bigger one...I recommend you a FG 310B. Also be aware that FG200A already became obsolete since Octomber this year ;).
    In a related issue, does anyone know if it is possible to limit the number of connections per IP or per FW policy match? I sometimes have a few users who suck up so many connections that I hit the limit and it messes things up for everybody. Thanks!
    I would make a special firewall policy for the guys that are exceeding my bandwidth and restrict their services and also use Traffic shaping and simply restrict their maximum bandwidh ;).
    A
    Anonymous_UserAuthor
    Contributor
    October 11, 2008
    How about FGT-224B ? Compared with FGT-200A, FGT-224B is suitable for my environment?
    FortiRack_Eric
    FortiRack_Eric
    New Member
    October 13, 2008
    I think you should analyse why it hits connection limit. On a FG60 can very well be wrong firmware version. Connection limit on the console will also refer to conserve mode. The real connection limits are very high. I believe it' s something of 50.000 connections for a FG60. That should be sufficient. So my strong believe you don' t need more than 50.000 connections for 80 users. Cheers, Eric
    A
    Anonymous_UserAuthor
    Contributor
    October 14, 2008
    AV, IPS ,antispam and Web filter are all enabled. In the furture, VPN connections (site to site IPSEC, SSL VPN) are under consideration. 200A or 224B is suitable for these service and local 80 users?
    laf
    laf
    New Member
    October 14, 2008
    Depending of your Internet bandwidth, mainly yes...still if you have a big pipe to scan, it won t prove enough.
    A
    Anonymous_UserAuthor
    Contributor
    October 14, 2008
    Thanks laf. What' a big pipe to scan?
    Terms & ConditionsAccessibility statement