Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Dimensioning Fortigates
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 06-11-2004 02:08 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dimensioning Fortigates
Does someone have any documentation about the dimensions (number of users, servers, etc.) that are supported by each type of fortigate (especially concerning the models of Fortigate 60 / 100 /200 /300 /400 /800)
I would like to have the dimensions in (almost) worst case scenerio, so AV, IDS (may decrease highly the performances) and other possibilities activated
After calculation, stress and load tests and ponderation i have found next scales:
FG 60 : <15 machines (machines = PCs, workstations and servers)
FG 100 : 50 machines
FG 200 : 60 machines
FG 300 : 135 machines
FG 400 : 150 machines
FG 500 : 130 machines
FG 800 : <1000 machines
Does any one has more experiences with this kind of calculations or in practic
Thanks in advance,
Bart - Ipelium
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
17 REPLIES 17
Not applicable
Created on 06-11-2004 04:53 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From what I gather, FG60' s should be used in site under 10 hosts and FG100' s in sites under 20.
Although the hardware is there to handle more, more significant loads seems to cause frequent problems as the firmware code is still maturing.
Not applicable
Created on 06-11-2004 06:23 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After calculation, stress and load tests and ponderation i have found next scales: FG 60 : <15 machines (machines = PCs, workstations and servers) FG 100 : 50 machines FG 200 : 60 machines FG 300 : 135 machines FG 400 : 150 machines FG 500 : 130 machines FG 800 : <1000 machinesWooohooo... My FG-300 outperforms an FG-500.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have 60 nodes behind a Fortigate 60, no prob.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is all very subjective.
I can have one machine generate traffic of 100 machines, yet I can have 100 machines idling 99% of the time, thus generating a load of 1 machine.
For example, my very popular UT server generates 700Gbytes/month. Just one machine.
Not applicable
Created on 06-22-2004 10:53 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[Deleted by Admins]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Christian, you are absolutely right, the smaller boxes have too little memory, especially as they also suffer from memory leaks.
Thats exactly why the FGT50A was released, its the same as the FGT50 except for the memory expansion.
Memory is cheap nowadays anyway, so dont know why they do that.
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: Christian Heger I think the small boxes could do a lot better if it had a bit more RAM. I do not know what' s in there in absolute numbers - but it should be cheap to stock it up a little!I totally agree with this statement. I have two FGT-60C' s and the memory usage is the issue with UTM services provisioned. The memory runs low 50' s to mid 60' s at all times, while the CPU usage even under load of 3-10 machines rarely goes above a few percent. Since the memory is whats required to do so many of the things that FGT advertises the devices for, I don' t see why they aren' t a little more generous with it. If I didn' t want UTM, $100 Linksys units with open source firmware can do most of the same stuff. As far as user/machine load, I have one FGT-60C provisioned where there is a server hosting multiple services, six PCs, plus a customer WiFi network that averages 5-10 users at a time. The other I have installed at an office with six PCs and two servers. This week I' m putting a FWF-60C into an office with no servers but 15 PCs. It will be linking back with IPSec and WAN Optimization to the office with two servers. I hope both units can handle it!
Not applicable
Created on 06-23-2004 04:39 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is not an issue of machines rather than bandwidth and concurrent connections.
I have a case of a 512kb line and a FGT-50 2.36 (not 50A) protecting 30 users a proxy and a mail-server. It works fine (ful AV, URL block of 40.000 urls and so).
Memory is an issue when you have for example 50 users downloading files from the web and also have a 10mb (buffer size) for WEB antivirus. If these users start t0 download a 20mb file each one you would need 50x10=500 RAM free for antivirus checking only. If you reduce the web antivirus to 1mb (that is what I do) you need only 1mb for each user thus 50mb total.
It is true that lines up to 1mb (internet connections) can be handled easily from any FGT (even 50A) with no problem (for up to 50 users or even more).
You buy bigger machines only for LAN to LAN connections (which use 100mb networks or so). Bigger Fortigates are good for endurance (they will have more chances working with newer firmwares)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tmavr,
Think it works for you because you are on the old firmware revision.
Version 2.5 uses more memory, hence the FGT50 problems.
Thats why support recommended my customers to drop to 2.36.
But the problem is, there are bugs in the VPN on 2.36, so if you want that
functionality, you have to go to 2.5.
I can pretty much guarantee you will start seeing problems if you up the firmware.
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,700 -
FortiClient
1,763 -
5.2
801 -
FortiManager
729 -
5.4
639 -
FortiAnalyzer
558 -
FortiSwitch
475 -
FortiAP
471 -
FortiClient EMS
432 -
6.0
416 -
5.6
362 -
FortiMail
318 -
6.2
251 -
SSL-VPN
245 -
FortiAuthenticator v5.5
234 -
IPsec
210 -
FortiWeb
205 -
5.0
196 -
FortiNAC
189 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiAuthenticator
103 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
96 -
FortiToken
92 -
Firewall policy
82 -
Customer Service
79 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
51 -
ZTNA
49 -
Routing
46 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
41 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
VDOM
30 -
FortiConnect
29 -
FortiLink
29 -
FortiWAN
27 -
Web profile
27 -
Application control
26 -
FortiConverter
25 -
Logging
25 -
FortiGate v5.2
24 -
Virtual IP
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
FortiGate-VM
13 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
Fortinet Engage Partner Program
6 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
API
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1713 | |
| 1093 | |
| 752 | |
| 447 | |
| 231 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.