Using Fortigate virtual instead of Fortigate physical

Forum|Forum|7 years ago
February 28, 2019
1 reply
2848 views

Hi!

I need a new internal "segmentation-firewall". On the perimeter, there is a ha-pair of FG-200E. The new segmentation-firewall filters between different Client- / Server-Security-Zones...

...but I need 10GbE for backup-jobs between the internal segments.

So: I need a ha-device, that can do: 5 Gbps IPS and full 10 Gbps for "non-NGFW-traffic" for single streams.

Long introduction, but: What do you think about buying two FG-VM08v as VMs (HA-pair) to handle that traffic on VMWare (without SR-IOV, as I do not have Ent. plus). Is this a good idea? The alternative would be a pair of 1000Ds or 1200Ds because the smaller devices do not have 10 GbE-interfaces...

VMs seem to be much cheaper...

Thank you for your thoughts

KPS

IlariExove

New Member

Have you considered a simpler solution such as getting a pair of 10G switches that can do line rate routing and L4 ACLs on hw?

KPSAuthor

New Member

Hi!

Yes, that would be possible, but I hope to get a solution with better security. Currently, I am using a Linux-Cluster as segmentation-firewall. That is cheap and fast, but I think, I should have an "Enterprise-grade-IPS" between the zones.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded