OK, thanks

OK, got the box up to 5.2.11 this morning seemingly OK (I thought the suggested path was 5.2.7-5.2.9-5.2.11 but the box told me to go straight to 11). Now to upgrade to 5.4 in the next week or two so we're only one major rev behind.

Any recommendations on which 5.4 build will be most stable,  least disruptive and best use of limited resources?

Thanks

That would be v5.4.5 naturally. Next patch is coming up in a few weeks.

On a small FGT (80C) I had disappointing experience with upgrading. It worked but memory usage went up to 67% from about 55%. And kept climbing. Had to downgrade again.

I would only upgrade if the HW had at least 2 GB RAM. v5.2.11 is very stable and offers a lot of features. In your case, new FGT first, nicer features afterwards.

Thanks for the tip.  I am kind of nervous about this. 

But the box does have 2GB, and even though the CPU is pushing pretty hard, the memory tends to hang somewhere in the 30s.  Probably because I disabled so much and am pushing all logging up to the cloud. 

At least I know i'm using a stable rev now, so if I have to downgrade i can rest easy.  It's only been a few hours, but seems to be running better already. 

So now that our renewal date is coming close, there actually may be a possibility of a new box coming my way if I can justify the spending.  I was looking at the 100D/E since they seem to be the next logical step up, but someone recommended I take a look at the 80E instead.  Similar price to the 90D but the numbers do look a lot better. 

Can I configure it for redundant/load balanced WAN?

Anyone have experience with it? Worth looking into for my environment, or should I stick with going bigger box?

Get the 80E and yes you can configure it for redundant / load balanced WAN.

You will be much happier with the performance of it.

The 90D's were dogs and the 80E is way better IMO. Only jump up to the 100E model range if your users are flowing enough bandwidth beyond the device (internal to WAN) to justify the other performance numbers and in turn cost.

Got and IPS enging upgrade in the past week, and the box went into fail open mode when it installed, even though IPS is disabled, so we're looking at the new box now.  The Boss doesn't want to spend money for a bigger box just to get caught behind in a few years again, so asked me to make sure we're sizing up enough to run all the features we may want in the next few years.

So to recap - roughly 50 users running data and voice.  Most traffic is WAN (email, SalesForce, Leadmaster, etc) running over a pair of redundant/balanced 20MB pipes.  Lots of web filtering, and we'd like to actually use IPS and Virus. Maybe vulnerability scan? No VPN today, but possibly limited use in the future. One vendor tried to push me into the 200 series, but that seems overkill to me.  Is the 100 a good fit for us in the real world?

Thanks again to all

Finally got in touch w/a Fortinet rep, and looks like we're going 100E.  Looks like all the desktop models max out around 50 users, but the 100 series is approved for up to 150.