Skip to main content
farshif
farshif
New Member
July 13, 2022
Solved

Fortigate models difference in performance specifications

  • July 13, 2022
  • 2 replies
  • 2790 views

Hi

I'm trying to get more info about Fortigate performance specification.

I already know about concurrent session and threat protection definitions. Also I've found out security features involved in threat protection (IPS + App Control + Malware Protection), all require CPU process but a specific model's ability to handle more concurrent session requires more memory ( RAM ).

Here is specification for 900D:

farshif_0-1657699929728.png

Here is specification for 600E:

farshif_1-1657701641742.png

 

900D has lower threat protection capability that is predictable because 900D has weaker CPU than 600E.

Buy in case of firewall throughput or concurrent session, 900D is better while has almost same amount of RAM. I wonder why there is this much difference in FW throughput and concurrent session values while 900D memory is only 733MB more than 600E. Or maybe I'm wrong and there is other hardware factors for firewall throughput.

 

Best answer by pminarik

Hi farshiv,

 

The throughput cap of an NP6 chip is 40 Gbps.¹

600E has a single NP6 chip², so there's no way for it to ever exceed that. (and as you already saw in the datasheet, the unit's real limit is 36 Gbps).
On the other hand, 900D has two NP6 chips³, which in theory could mean 80 Gbps maximum, but given the 52 Gbps number given in the datasheet, clearly there has to be some additional overhead or limits bringing the real maximum for this particular unit down.

 

Lastly, regarding RAM, do keep in mind that in this context RAM is only really relevant for keeping track of existing sessions. It has very little to do with throughput. (30 sessions with 1 Gbps throughput each, assuming fully offloaded, would have absolutely inperceptible impact on RAM utilization)

 

references:

1: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/177344/np6-np6xlite-and-np6lite-acceleration

2: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/733616/fortigate-600e-and-601e-fast-path-architecture

3: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/239506/fortigate-900d-fast-path-architecture

 

2 replies

pminarik
Staff
pminarikAnswer
Staff
July 13, 2022

Hi farshiv,

 

The throughput cap of an NP6 chip is 40 Gbps.¹

600E has a single NP6 chip², so there's no way for it to ever exceed that. (and as you already saw in the datasheet, the unit's real limit is 36 Gbps).
On the other hand, 900D has two NP6 chips³, which in theory could mean 80 Gbps maximum, but given the 52 Gbps number given in the datasheet, clearly there has to be some additional overhead or limits bringing the real maximum for this particular unit down.

 

Lastly, regarding RAM, do keep in mind that in this context RAM is only really relevant for keeping track of existing sessions. It has very little to do with throughput. (30 sessions with 1 Gbps throughput each, assuming fully offloaded, would have absolutely inperceptible impact on RAM utilization)

 

references:

1: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/177344/np6-np6xlite-and-np6lite-acceleration

2: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/733616/fortigate-600e-and-601e-fast-path-architecture

3: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/239506/fortigate-900d-fast-path-architecture

 

    farshif
    farshifAuthor
    New Member
    July 13, 2022

    Hi pminarik

    Thank you for detailed information. 

    Terms & ConditionsAccessibility statement