Hello,
What would be your choice to calculate/correctly estimate the number of users supported by a Fortinet device? The rest of the functionality in the bundle might or might not be exploited. We are looking for a Firewall solution for a 400 users environment.
I understand this involves the amount of throughput and latency supported on every model, and we definitely should know about the usage of net resources, I'm just curious to know which ways would be usefull to throw some first numbers.
Thank you in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Speak to your local fortinet dealer -- they should be able to scope out or size a model (or two) for your company. That said, you may want to use the search link at the top of this page as this topic has been covered a few times.
Some formulas I have seen tossed around is to est the number of device connections x sessions (e.g. 250) vs max concurrent firewall sessions or new firewall sessions. Strictly as a firewall (with little or light UTM feature set, e.g. anti-virus or IPS), any of the D models in 300-500 series range may fit the bill.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
I agreed that the SSE is your 1st start. YOU have way too many issues to look at, but some of things to look and consider in your planning;
How many ssl process that you can run on the appliance.. ( you have some set commands to tweak this
but it varies by appliance on the final #s )
CPU sizing ( yes a FGT90D for example would be way undersize when compared to a 3040B )
CP types ( co-Processor support i.e cp8 )
How many CPs ( the more is better, probably applicable in a 5K chassis only , I don't think anything smaller has 2 or more CPs )
Do you have auto-asic offload enable/disable ( this will make a big impact on the raw traffic capacity )
With that said , we are running 200 users active plus or minus on a FGT800C with no issues but he CPU runs very high. We are migrating towards a 3700 due to the bigger NP6s overall and collapsing our dedicated FGT800C into one appliance in a HA A-P.
I wish fortinet would build a dedicated ssl-vpn-concentrator that's optimized for SSLvpn users.
( yes I'm dreaming LOL )
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1584 | |
1038 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.