Skip to main content
UnDocumented
UnDocumented
New Member
February 13, 2017
Question

recommend me a fortigate FW

  • February 13, 2017
  • 2 replies
  • 10883 views

hi,

i'm deciding to redesign my server room and structures,

unfortunately there is no UTM in my network and i need your recommendation to choose a model.

 

there is a flat network without VLan (all switch are unmanageable)

i use of 12 Physical Windows Servers

and 100 Clients (win XP and 7)

and have 5 megabits internet (avg throughput is 300-400 KB)

and there is 1 E1 line connected to our cisco router (1-1.5 megabits)

 

which model is suitable for this?

 

Thnx in Advance

    2 replies

    MikePruett
    MikePruett
    New Member
    February 13, 2017

    Some questions before I can give a recommendation

     

    1. This location has how many subnets?

    2. If it has multiple subnets, are you going to perform UTM between them?

     

     

    I assume, based on location size, that you have switches already deployed etc. If it is a flat network you won't need much as you can size based on the bandwidth you will use going out to the internet (which would make a 60/61E a good fit for you).

     

    If you DO have multiple subnets and you are wanting to do UTM between them, depending on the amount of traffic traversing those links you would look at sizing based on that.

    UnDocumented
    UnDocumentedAuthor
    New Member
    February 13, 2017

    MikePruett wrote:

    Some questions before I can give a recommendation

     

    1. This location has how many subnets?

    2. If it has multiple subnets, are you going to perform UTM between them?

     

     I assume, based on location size, that you have switches already deployed etc. If it is a flat network you won't need much as you can size based on the bandwidth you will use going out to the internet (which would make a 60/61E a good fit for you).

     

    If you DO have multiple subnets and you are wanting to do UTM between them, depending on the amount of traffic traversing those links you would look at sizing based on that.

    Thanks Mike for your reply

    there is only one subnet (Class c : 192.168.0.0)

    and i don't think to deploy VLan as soon

     

    i want to use UTM in edge and some servers will be in DMZ

    other will keep in LAN

     

    what is your idea about 200D?

     

    Regards

    UnDocumented
    UnDocumentedAuthor
    New Member
    February 14, 2017

    Thanks all

    how can measured input / throughput Packet Data fromLAN to firewall?

     

    based on what parameters need to choose a models?

     

    THNX

    bmekler
    bmekler
    New Member
    February 14, 2017

    200D/200E is overkill for your listed requirements, you'll pay a fortune in fortiguard renewals as well. Just get a 60E/61E.

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    February 15, 2017

    If you are hosting a DMZ with public servers then you have at least 2 subnets. So MikePruett's recommendations apply.

     

    Still, LAN to DMZ traffic usually isn't going to be huge. The 60E is capable of 2.5 Gbps throughput at max and some substantial UTM throughput as well, for a dime and a nickel. This is independent of the packet size (mostly) as this traffic is ASIC accelerated.

     

    And forget about VLANs - VLAN or not, tagging won't cost you anything in performance.

    Terms & ConditionsAccessibility statement