Hi everyone,
I work at a small company and currently we have a Fortigate 40C that manages the traffic from hosts scattered over 10 distinct networks. We have been observing that the CPU and memory has been on the high end since we activated the IPS, application control and FSSO Polling features. Therefore, and since the 40C is EOL, we are thinking about upgrading to a higher performance model, possibly the 60D, 70D or 80D.
What we noticed from the product matrix is that while the performance gap from the 40C to both the 60D and 70D is somewhat linear across all features, the 80D seems like a different beast and has a significant more IPS and AV throughput. However it has a lot less firewall throughput and a substantially higher latency (90us vs 4us) which is a bit worrisome since we don't want the firewall to become a bottleneck between the workstations network and the Gigabit NAS network (currently they are in the same VLAN).
Does anybody know why they are so different? In some ways it seems like they complement each other.
We will ask our provider for a trial but we are undecided if we should even consider 80D due to the above mentioned issue.
Thanks in advance!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi, and welcome!
The answer is very simple.
The 40C,60D 70D and 90D uses a SoC (System on a chip), its a CPU designed by Fortinet to have low latency and high firewall throughput, however when it comes to content inspection like AV, IPS etc.. the RISC CPU is taking over which is a part of this SoC, and that one is not as powerfull as you want it to be.
The 80D and 92D uses a real CPU, like Intel or AMD. The throughput is not as good as this SoC but overall speed is much greater, and it is much better on content inspection.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
As it was pointed out to me by ede in this post...
ede_pfau wrote:
@Dave The 80D is a special device for high throughput AV. It' s CPU based so firewalling throughput is far less than in a 70D/90D (the 70D is a 90D without internal SSD). If your focus is on AV then a 80D will cope with high loads better than a 90D. This is typically the case with a pure gateway firewall. Whereas a 90D can be used to segment a (small to medium) LAN as well if you refrain from AV scanning.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Hi,
one of my new customer´s have a 50B and want to migrate and get some Discounts from the Trade UP Fortinet Promotional.
First i said he should go for a 60D, but then he said that he just became 2x 50mbit/s VDSL WAN´s so its 100mbit/s throughput the firewall should be used as an edge firewall with av proxy and so one, so the 60D is just to small for 100mbit/s throughput. Then i compared all the Fortigates till 100D and the only choice is the 80D and for a edge Firewall it´s perfekt i am just wondering why the 80D has only 4 GE Ports i mean it´s steel enough for me, but some customers have something like 3 Wan´s that they want combine and the leak of free Ports could be a problem then.
NSE 8
NSE 1 - 7
Hi Selective
Does 80D have a "Content Processor"/"Network Processor" in addition to CPU?
Also i heard that SoC is a combination of NP+CP for smaller models, If CP is a part of SoC why low Content Inspection
Ahead of the Threat. FCNSA v5 / FCNSP v5
Fortigate 1000C / 1000D / 1500D
I think all models have some sort of CP, but NP is only available in the SoC chip and in bigger models with NP2,NP4 and NP6.
The CP will help with the inspection but you still need a powerfull CPU for intensive tasks.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.