Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
farshif
New Contributor

Fortigate models difference in performance specifications

Hi

I'm trying to get more info about Fortigate performance specification.

I already know about concurrent session and threat protection definitions. Also I've found out security features involved in threat protection (IPS + App Control + Malware Protection), all require CPU process but a specific model's ability to handle more concurrent session requires more memory ( RAM ).

Here is specification for 900D:

farshif_0-1657699929728.png

Here is specification for 600E:

farshif_1-1657701641742.png

 

900D has lower threat protection capability that is predictable because 900D has weaker CPU than 600E.

Buy in case of firewall throughput or concurrent session, 900D is better while has almost same amount of RAM. I wonder why there is this much difference in FW throughput and concurrent session values while 900D memory is only 733MB more than 600E. Or maybe I'm wrong and there is other hardware factors for firewall throughput.

 

1 Solution
pminarik
Staff
Staff

Hi farshiv,

 

The throughput cap of an NP6 chip is 40 Gbps.¹

600E has a single NP6 chip², so there's no way for it to ever exceed that. (and as you already saw in the datasheet, the unit's real limit is 36 Gbps).
On the other hand, 900D has two NP6 chips³, which in theory could mean 80 Gbps maximum, but given the 52 Gbps number given in the datasheet, clearly there has to be some additional overhead or limits bringing the real maximum for this particular unit down.

 

Lastly, regarding RAM, do keep in mind that in this context RAM is only really relevant for keeping track of existing sessions. It has very little to do with throughput. (30 sessions with 1 Gbps throughput each, assuming fully offloaded, would have absolutely inperceptible impact on RAM utilization)

 

references:

1: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/177344/np6-np6xlite-and-np6...

2: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/733616/fortigate-600e-and-6...

3: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/239506/fortigate-900d-fast-...

 

[ test signature, please ignore ]

View solution in original post

2 REPLIES 2
pminarik
Staff
Staff

Hi farshiv,

 

The throughput cap of an NP6 chip is 40 Gbps.¹

600E has a single NP6 chip², so there's no way for it to ever exceed that. (and as you already saw in the datasheet, the unit's real limit is 36 Gbps).
On the other hand, 900D has two NP6 chips³, which in theory could mean 80 Gbps maximum, but given the 52 Gbps number given in the datasheet, clearly there has to be some additional overhead or limits bringing the real maximum for this particular unit down.

 

Lastly, regarding RAM, do keep in mind that in this context RAM is only really relevant for keeping track of existing sessions. It has very little to do with throughput. (30 sessions with 1 Gbps throughput each, assuming fully offloaded, would have absolutely inperceptible impact on RAM utilization)

 

references:

1: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/177344/np6-np6xlite-and-np6...

2: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/733616/fortigate-600e-and-6...

3: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/239506/fortigate-900d-fast-...

 

[ test signature, please ignore ]
farshif
New Contributor

Hi pminarik

Thank you for detailed information.