Hello everyone,
I’m currently working on the design of a FortiSIEM deployment expected to handle 10,000 EPS, and I’d like to get some insights or recommendations from the community.
1 Supervisor
1 Worker
Collectors at each site (multiple sites)
ClickHouse for event storage
Before finalizing the architecture, I have a few questions about the design choices and database placement.
What are the main advantages of separating the Supervisor and Worker compared to using an all-in-one Supervisor setup (for a 10K EPS environment)?
Does it provide noticeable performance or scalability improvements in real-world deployments? or would be an all in one supervisor good enough (to optimize resources usage).
Where should ClickHouse ideally be installed — on the Supervisor or on the Worker?
My initial preference is to host ClickHouse on the Worker to reduce load on the Supervisor, but I’d like to confirm if that’s a recommended or supported approach.
If ClickHouse can (or should) reside on the Worker, how can I install and configure it there instead of the Supervisor?
If anyone has an official Fortinet KB or deployment guide covering this scenario, please share the reference.
I’d really appreciate feedback from anyone who has implemented or benchmarked a similar setup — especially around event storage design, deployment best practices, and operational lessons learned.
Thanks in advance for your help!
Dear @Secusaurus ,
Thanks a lot for your reponse . We have decided to go with the recommended fortinet architecture (1 super + 1 worker + collectors). My concern now is storage requirements. In the provided formulas by fortinet, i dont know if i should include the compression rate and what compression rate to include (since the administrator has no control over it) and this applies to the 2 replicas and the collector cache.
Your support would be appreciated on this matter.
Best regards.
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
| User | Count |
|---|---|
| 77 | |
| 25 | |
| 15 | |
| 10 | |
| 10 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.