Skip to main content
ppp
ppp
Explorer
March 31, 2022
Question

Fortianalyzer VM vs hardware

  • March 31, 2022
  • 2 replies
  • 3144 views

Hi

 

What are pros and cons here? Im talking about 6-10k log/s. Which of solution would show best GUI, logview, fortiview and reporting performance?

2 replies

ede_pfau
SuperUser
ede_pfau
SuperUser
March 31, 2022

Hard to tell without knowing how your hypervisor hardware looks like. But I estimated...

- 100 bytes per log message

- 100 x 10.000 ~ 1 MBps traffic in

this doesn't look like it couldn't be done.

Integrating 10 k log messages per second into the DB will take some CPU, though.

Same holds true for management and reporting performance, it depends on the type and number of CPUs and size of RAM.

If you need closer right sizing advice, contact your Fortigate partner and/or a FTNT support engineer. They have experience with VM sizing.


What I really like to point out is that with a VM, you will not run into problems with future firmware compatibiliy. HW FAZ will someday tell you that the end of it's lifetime (firmware wise) is reached, and then a new appliance is due. Not so with FAZ-VM.

    Debbie_FTNT
    Staff & Editor
    Debbie_FTNT
    Staff & Editor
    April 4, 2022

    In addition to Ede's update - FortiAnalyzer VM is more scalable, so if you anticipate your logging requirements to change, you can stock up on licenses more easily for a FortiAnalyzer VM.

    But as Ede also mentioned, reaching out to your Fortinet parter/sales representative would be the best option; they can assess your needs and make suggestions accordingly.

      ppp
      pppAuthor
      Explorer
      April 6, 2022

      Thanks for insights. I hope we will get demo VM and will see how does it run in our virtual infrastructure.

      Terms & ConditionsAccessibility statement