I have a company that wants to give a kick to an SSG140, and they ask me for a FortiGate hardware to be able to replace it. I don't see that Fortinet has any sizing tool for these cases, so reviewing the datashee of this SSG140, it seems that all the 60, 70 and 80 models fit perfectly, but I want your support, I don't want wrong sizing
80F looks to be a very solid fit giving you some room to grow into (SSL inspection throughput shows 715Mbps...so even if all 5 ISPs were delivering you 100Mb and you were utilizing all at the same time, that's only 500Mb max). I would be cognizant that you would need the 81F for local reporting since it will have an internal storage unlike the 80F that would need a external system for long term storage like FortiAnalyzer.
Again, just confirm on the ability to utilize those "internal" ports for SD-WAN/WAN zone for that branch level hardware.
how much throughput do you need? -They didn't really specify a performance, they focused on just removing Juniper for something more updated... Today they have about 5 internet links of 100 and 50 mbps each
what NGFW features do you require? -all security features
how many users do you have? -According to customer information, there are around 200 users
will you be using IPSec VPN or SSL VPN (either client or site-to-site) -yes, will use vpn ipsec and ssl
any other features/functionality? -not for the moment
What is the current and/or expected bandwidth for your Internet? What do you expect to implement in regards to threat protection (AV, Web filter, IPS, File filtering, Deep packet inspection, etc...)?
Anything you get, due to the age of your Juniper appliance, will be double if not easily triple the performance on Fortinet's entry level models but everything you do comes at a process cost, so depending on those answers you provide, might change the determination of the model or models to zone in on. So for a simplistic example, if you have a 1Gb shared Internet connection, the 60F would only be able to give you 700Mb of threat protection for example, so probably not the right size appliance...so information like that helps better determine where you might need to focus in on.
"Today they have about 5 internet links of 100 and 50 mbps each"... I guess I am still a little confused then. So just to confirm, you have 5 different ISPs and they are delivering you either 50Mb or 100Mb service each to this 1 firewall? And you have it set where you are load balancing across all 5 different connections?
well, i don't really have much information on how they currently do load balancing, due to their topology it is possible that they do it within their SSG140, but yes, I can confirm that according to what the client has commented they have 5 ISPs, connected with metroethernet connections
I'm going to let @gfleming answer this one as with those branch level models, I don't know if the ports defined as WAN ports and Internal ports are just marketing verbiage (i.e.. I could use the port for whatever I want even though it says "internal") or truly purposed ports. In the mid-range models like the 100F and above, the verbiage for those ports change and I know I can use any of those ports for "WAN" purposes and since you have so many WAN ports and there is also the question of that many ports in a SD-WAN at the branch model I would inquire about, someone more in the product know would need to answer.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.