Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FORTIGATE SIZING
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FORTIGATE SIZING
Hi team,
I would like your help with the following
I have a company that wants to give a kick to an SSG140, and they ask me for a FortiGate hardware to be able to replace it. I don't see that Fortinet has any sizing tool for these cases, so reviewing the datashee of this SSG140, it seems that all the 60, 70 and 80 models fit perfectly, but I want your support, I don't want wrong sizing
https://www.juniper.net/documentation/hardware/netscreen-systems/netscreen-systems54/GSG_SSG140.pdf
http://www.nha-fl.com/files/SSG140.pdf
Solved! Go to Solution.
Labels:
- Labels:
-
FortiGate
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
80F looks to be a very solid fit giving you some room to grow into (SSL inspection throughput shows 715Mbps...so even if all 5 ISPs were delivering you 100Mb and you were utilizing all at the same time, that's only 500Mb max). I would be cognizant that you would need the 81F for local reporting since it will have an internal storage unlike the 80F that would need a external system for long term storage like FortiAnalyzer.
Again, just confirm on the ability to utilize those "internal" ports for SD-WAN/WAN zone for that branch level hardware.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes 80F works and you can re-purpose the LAN ports as WAN ports but just be conscious of the total number of usable ports on that box is 10. So you are using half the ports just for WAN connectivity.
Cheers,
Graham
Graham
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Fortinet data sheets are very accurate.
Please let us know what your requirements are.
- how much throughput do you need?
- what NGFW features do you require?
- App Ctrl
- IPS
- Web Filter
- Anti Malware
- SSL Deep Inspection
- how many users do you have?
- will you be using IPSec VPN or SSL VPN (either client or site-to-site)
- any other features/functionality?
Cheers,
Graham
Graham
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are comparing just the specifications for the hardware devices then yes even a FortiGate 60F will work for you. But you have to consider your future needs as well.
One thing to note the 80F has dual PSU if you want that
Also you will need to order a separate rackmount kit for the 40,60,70,80F firewalls
Cheers,
Graham
Graham
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Graham, how are you
Thanks for your comment
how much throughput do you need?
-They didn't really specify a performance, they focused on just removing Juniper for something more updated... Today they have about 5 internet links of 100 and 50 mbps each
what NGFW features do you require?
-all security features
how many users do you have?
-According to customer information, there are around 200 users
will you be using IPSec VPN or SSL VPN (either client or site-to-site)
-yes, will use vpn ipsec and ssl
any other features/functionality?
-not for the moment
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is the current and/or expected bandwidth for your Internet? What do you expect to implement in regards to threat protection (AV, Web filter, IPS, File filtering, Deep packet inspection, etc...)?
Anything you get, due to the age of your Juniper appliance, will be double if not easily triple the performance on Fortinet's entry level models but everything you do comes at a process cost, so depending on those answers you provide, might change the determination of the model or models to zone in on. So for a simplistic example, if you have a 1Gb shared Internet connection, the 60F would only be able to give you 700Mb of threat protection for example, so probably not the right size appliance...so information like that helps better determine where you might need to focus in on.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi friend
Sorry for reply late
What is the current and/or expected bandwidth for your Internet?
A: Today they have 5 links of all 100mbs
What do you expect to implement in regards to threat protection (AV, Web filter, IPS, File filtering, Deep packet inspection, etc...)?
A: They want to use all the security features that FortiGate offers like av, web filter, ips, app control etc
Created on 02-24-2023 08:41 AM Edited on 02-24-2023 08:46 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"Today they have about 5 internet links of 100 and 50 mbps each"... I guess I am still a little confused then. So just to confirm, you have 5 different ISPs and they are delivering you either 50Mb or 100Mb service each to this 1 firewall? And you have it set where you are load balancing across all 5 different connections?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hellooo
well, customer told me that he had around 5 ISPs, each internet link was distributed among its providers between 100mb and 50mb of bandwidth, some of these links are a Backup....
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
well, i don't really have much information on how they currently do load balancing, due to their topology it is possible that they do it within their SSG140, but yes, I can confirm that according to what the client has commented they have 5 ISPs, connected with metroethernet connections
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm going to let @gfleming answer this one as with those branch level models, I don't know if the ports defined as WAN ports and Internal ports are just marketing verbiage (i.e.. I could use the port for whatever I want even though it says "internal") or truly purposed ports. In the mid-range models like the 100F and above, the verbiage for those ports change and I know I can use any of those ports for "WAN" purposes and since you have so many WAN ports and there is also the question of that many ports in a SD-WAN at the branch model I would inquire about, someone more in the product know would need to answer.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Encrypted logging on Fortigate 100F 21 Views
- VXLAN over IPSEC - ARP Table... 54 Views
- Schedules not working after upgrading to... 19 Views
- FortiGate DDNS 35 Views
- Connect SSL VPN On Phone, Error... 32 Views
Labels
-
FortiGate
8,500 -
FortiClient
1,722 -
5.2
801 -
FortiManager
715 -
5.4
639 -
FortiAnalyzer
548 -
FortiSwitch
460 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
309 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
223 -
FortiWeb
200 -
5.0
196 -
IPsec
188 -
FortiNAC
180 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
71 -
4.0MR3
64 -
FortiProxy
59 -
Fortivoice
53 -
FortiADC
53 -
High Availability
53 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
40 -
DNS
40 -
BGP
39 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
33 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
27 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
24 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
SSL SSH inspection
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1662 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.