Hi team,
I would like your help with the following
I have a company that wants to give a kick to an SSG140, and they ask me for a FortiGate hardware to be able to replace it. I don't see that Fortinet has any sizing tool for these cases, so reviewing the datashee of this SSG140, it seems that all the 60, 70 and 80 models fit perfectly, but I want your support, I don't want wrong sizing
https://www.juniper.net/documentation/hardware/netscreen-systems/netscreen-systems54/GSG_SSG140.pdf
http://www.nha-fl.com/files/SSG140.pdf
Solved! Go to Solution.
80F looks to be a very solid fit giving you some room to grow into (SSL inspection throughput shows 715Mbps...so even if all 5 ISPs were delivering you 100Mb and you were utilizing all at the same time, that's only 500Mb max). I would be cognizant that you would need the 81F for local reporting since it will have an internal storage unlike the 80F that would need a external system for long term storage like FortiAnalyzer.
Again, just confirm on the ability to utilize those "internal" ports for SD-WAN/WAN zone for that branch level hardware.
Yes 80F works and you can re-purpose the LAN ports as WAN ports but just be conscious of the total number of usable ports on that box is 10. So you are using half the ports just for WAN connectivity.
The Fortinet data sheets are very accurate.
Please let us know what your requirements are.
If you are comparing just the specifications for the hardware devices then yes even a FortiGate 60F will work for you. But you have to consider your future needs as well.
One thing to note the 80F has dual PSU if you want that
Also you will need to order a separate rackmount kit for the 40,60,70,80F firewalls
Hi Graham, how are you
Thanks for your comment
how much throughput do you need?
-They didn't really specify a performance, they focused on just removing Juniper for something more updated... Today they have about 5 internet links of 100 and 50 mbps each
what NGFW features do you require?
-all security features
how many users do you have?
-According to customer information, there are around 200 users
will you be using IPSec VPN or SSL VPN (either client or site-to-site)
-yes, will use vpn ipsec and ssl
any other features/functionality?
-not for the moment
What is the current and/or expected bandwidth for your Internet? What do you expect to implement in regards to threat protection (AV, Web filter, IPS, File filtering, Deep packet inspection, etc...)?
Anything you get, due to the age of your Juniper appliance, will be double if not easily triple the performance on Fortinet's entry level models but everything you do comes at a process cost, so depending on those answers you provide, might change the determination of the model or models to zone in on. So for a simplistic example, if you have a 1Gb shared Internet connection, the 60F would only be able to give you 700Mb of threat protection for example, so probably not the right size appliance...so information like that helps better determine where you might need to focus in on.
Hi friend
Sorry for reply late
What is the current and/or expected bandwidth for your Internet?
A: Today they have 5 links of all 100mbs
What do you expect to implement in regards to threat protection (AV, Web filter, IPS, File filtering, Deep packet inspection, etc...)?
A: They want to use all the security features that FortiGate offers like av, web filter, ips, app control etc
Created on 02-24-2023 08:41 AM Edited on 02-24-2023 08:46 AM
"Today they have about 5 internet links of 100 and 50 mbps each"... I guess I am still a little confused then. So just to confirm, you have 5 different ISPs and they are delivering you either 50Mb or 100Mb service each to this 1 firewall? And you have it set where you are load balancing across all 5 different connections?
Hellooo
well, customer told me that he had around 5 ISPs, each internet link was distributed among its providers between 100mb and 50mb of bandwidth, some of these links are a Backup....
well, i don't really have much information on how they currently do load balancing, due to their topology it is possible that they do it within their SSG140, but yes, I can confirm that according to what the client has commented they have 5 ISPs, connected with metroethernet connections
I'm going to let @gfleming answer this one as with those branch level models, I don't know if the ports defined as WAN ports and Internal ports are just marketing verbiage (i.e.. I could use the port for whatever I want even though it says "internal") or truly purposed ports. In the mid-range models like the 100F and above, the verbiage for those ports change and I know I can use any of those ports for "WAN" purposes and since you have so many WAN ports and there is also the question of that many ports in a SD-WAN at the branch model I would inquire about, someone more in the product know would need to answer.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.