- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Best way to choose Fortigate model?
Hi Guys,
Just a quick one...whats the best way to determine which fortigate unit to go with? Example: client has 150 users at their office...how do I determine what fortigate to go with? I've checked the product matrix and all it shows are the number of connections the units can handle. Is there like a set amount of connections per user I should calculate on or how?
Regards,
theG
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
well some thoughts (how I'm doing it most of the time)
- total Bandwidth that the device should be able to handle
- VPN / SSL connections concurrent
- more then 4 ports needed? (like DMZ etc. etc.)
- what are the users doing ie. agency for SEO stuff will surf ways more then "normal office users"
- plans for the next say 2-3 years (more bandwidth, users etc. etc.)
I calculate for normal office users x 50 concurrent session. So in your case it should be ~7.500 concurrent sessions. This is not a killer even not for a FG60D. But take a close look on IPS/Antivir throughput! If you have ie. 100mbit line a 60D will not be enough if you enable UTM fully. I'm personally missing a real follow up of a 110C but that is now
OT :)
Depending on the line speed etc. and reliability 2 x 60D in active-active can be a good choice or if your budget
allows it 2 x 80D
Don't forget - that is a guess as you need to have a look at the scenario you have.
Cheers, Patrick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have to agree with patrick assessment and would add to his observations;
> Do you need etherchannel bonding
> GRE tunnel
> a model that supports more vdom than the defacto 10-vdoms
> switch segementation
> do you need cooper only or have plans for fiber
> any plans for 10GIGE ( yes 10GIGE is getting cheaper every year )
> do you need diskstorage ( log, webcache,etc...)
> do you have plans for running WLC and managing APs? and if yes, how many ?
> do you need load balance SLB VIPs
Many items should be considered when buying a firewall regardless of the brand, and user count for a fortigate is not a very big item to be concern with. What your planning todo now and future is the most important imho.
FWIW: I'm seeing more and more 100D and 140D fitting the roles in SMB verses the smaller 30/60 models.
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for pointing me in the right direction guys...much appreciated. Looking at getting 2 x 100D units along with a FAZ-200D for some customized reporting.