As the title suggests, I have a number of small web applications that I need to refresh the firewalls for. Currently using cisco asa5506-x which was fine until we started doing more layer 3.
Externally, we currently have around 25mbps with peaks at around 100mbps and we are looking for the basic security functions, probably just the IPS (ATP license). We have no internal users, little VPN and 10 vlans.
Internally, network is 10gb and we are running Vsan/vmotion but these would not go via firewall. At most, the internal traffic will not go over 1gb and that's probably due to backups running directly from servers.
Looking at the specs, it suggests it will do well in excess of that. However, in the real world does this sound sufficient?
I was looking at the G series for the new hardware.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you are protecting Web application servers then the WAF is the solution you need.
Hi Rakunn,
A Fortigate firewall suites you best for your requirement. I think you are going to use it for facing the Internet. As a guide, you can check your current utilization (concurrent session, Bandwidth and etc..) on asa5506-x. Take note that addition inspection for security profile will add some resources.
Hi,
Thank you for reaching out. I would not recommend WAF as a security profile for protecting web servers and web application although it has been historically used for this function in the past. The reason being IPS and application control UTMs are performing the same job also providing the custom signature option where you can have more granular control on user access. Main suggestions as mentioned by nathan_h is to check data sheet for 90G vs the actual number of current session in max, min and average conditions. Also remember that this is a lower end module therefore, If you have plans for bigger role for the device such as vpn, ztna, proxy authentication, ztna or others I would recommend making sure from data sheet and max value table link below that resources such as memory and cpu also max limits does cover your network needs:
https://docs.fortinet.com/max-value-table
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigate-fortiwifi-90g-series.pdf
Thank you,
saleha
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1546 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.