All you need to know is what the native rates of the Internet interfaces are and how many there are. You need to assume that all the inbound and outbound native rate will be used during an attack. FortiDDoS specs below are TOTAL inbound plus outbound bandwidth so a single-GBE customer can use an FDD-200B while a customer with 2xGbE should probably move to an FDD-400B.

Note as well that the customer must have enough "overhead" (unused bandwidth) to fight an attack.  If the customer is regularly seeing 500Mbps inbound and gets a 900Mbps attack, we can mitigate the attack but it is still going to impact his good traffic.  I see this a lot when we are protecting enterprise firewalls, where LAN clients are accessing outside resources, resulting in high inbound data rates.

The bandwidths of the various products are below.  If your slides or datasheet do not agree with these, please get the latest from FUSE.

FDD-200B - 3Gbps (GbE interfaces only)
FDD-400B - 6Gbps (GbE interfaces only)
FDD-600/800B - 12Gbps (however this is like 2 stacked 400Bs - 4 port pairs can access 6Gbps) (GbE interfaces only)
FDD900B/1000B -18Gbps (10GbE or GbE interfaces)
FDD-1200B - 36Gbps (10GbE or GbE interfaces)

FortiDDoS is sized so that at max bandwidth, the system can process the smallest packets. For example, the theoretical limit of SYNs on a link is about 1.25x the link rate but expressed in Mpps. So a 1Gbps can deliver about 1.25M SYNs per second. Specifically for a SYN flood, FortiDDoS must also respond with SYN-ACKs at the same rate. That means a total of 2.5Mpps. FDD-200B is specced at 4Mpps, so well above max rates. The same is true for all models.

Steve Robinson - stephen@fortinet.com
PM - FortiDDoS, FortiWAN/AscenLink
Phone:  +1-716-261-1308
Mobile: +1-647-308-7686
Skype:  severob8090