Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bobm
New Contributor III

5.2 vs 5.4 CPU usage

Hi,

I know we're behind the curve, but I'm looking at finally upgrading our 90D to FW 5.4.x in the near future.  Right now we're running 5.2.7, but I think some of the 5.4 logging and reporting abilities would really be useful.

 

The issue is, though, that our 90D is really too small for our environment.  We have 40-50 users running data and voice, with Web Filtering and load balanced WAN.  I had to turn IPS off because the CPU kept spiking, and even now it spends way too much time in the 60-80% range for my taste. 

 

So my question is, how does CPU utilization compare between 5.2 and 5.4 for these small boxes? Is there a version of 5.4 that seems to be better than others for CPU efficiency? Or will 5.4 just completely overwhelm the box as I have it?

 

Thanks

13 REPLIES 13
FGTuser
New Contributor III

60E/80E/100E is basically the same SoC3 box, 100E just has 4GB RAM (60E/80E have 2GB).

 

With 100E you get:

- more LAN ports

- SSL offload/ Link aggregation (disabled in desktop models - even though they could handle it)

- rackmount box

- ext. RPS possibility

- more RAM, but it's questionable if you will utilize it

 

Depends on those features, if it's worth for you to pay triple for 100E. 

And there is absolutely no reason to pay almost double for 80E comparing to 60E, unless you want  4 more GE ports :D

 

I still don't understand why FTNT is producing so many almost equal (regarding performance, not price :)) models.

bobm
New Contributor III

Doesn't make much sense to me either, just makes it tougher to make a decision.  I think the boss is going to go 100E just because when we went from 60C to 90D a few years ago we thought we were in great shape for the future. Then we added voice, and more customers added their own secure CRM sites to the mix for our reps to log into.  He wants to make sure we're planning ahead. And talking with our Fortinet rep, the 80E is still only recommended for up to 50 users, which is where we are now.  And as FW revs go up and more features come in, CPU load only goes up in general. If he's OK with paying for it, I'm much happier with the bigger box to work with.  Maybe I can start using the box to it's potential for a change.

FGTuser
New Contributor III

Up to you and your boss. CPU is exactly the same 60E/80E/100E and it's quite weak. I don't know where does the 50 user recommendation come from. Yes, 100E will handle more sessions due to RAM, and that's all. But very unlikely >50 users will kill 60E/80E due to sessions.

 

FTNT is doing lot of changes in low end models with every line (C/D/E). Sometimes it's CPU based model (e.g. 80D, 100D), sometimes SoC model (e.g. 90D, 80E, 100E)...huge difference (good and bad - depends what kind of performance you need).

So decision based on history or model number is not good.

 

If money is not a problem and you want something future proof, go for 200E.

 

Also if you need disk, get xx1E not xx0E.

But FAZ-VM is much more recommended instead of disk model.

 

btp
Contributor

I upgraded a FG60D HA running at 5.2.7. to 5.4.6, due to some bugs that have been around until this release (BGP/IPSEC and hardware offloading). We use BFD to shorten failover-time in case of fail, and with the default settings the route kept flapping when traffic increased. The CPU was overwhelmed.

 

For this particular setup there was no BFD before, so I can't really say that it was the new firmware that did this - but it runs fine other places on 5.2.7.

-- Bjørn Tore

-- Bjørn Tore
Labels
Top Kudoed Authors