Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
farshif
New Contributor

Created on ‎07-13-2022 01:53 AM

Fortigate models difference in performance specifications

Hi

I'm trying to get more info about Fortigate performance specification.

I already know about concurrent session and threat protection definitions. Also I've found out security features involved in threat protection (IPS + App Control + Malware Protection), all require CPU process but a specific model's ability to handle more concurrent session requires more memory ( RAM ).

Here is specification for 900D:

farshif_0-1657699929728.png

Here is specification for 600E:

farshif_1-1657701641742.png

 

900D has lower threat protection capability that is predictable because 900D has weaker CPU than 600E.

Buy in case of firewall throughput or concurrent session, 900D is better while has almost same amount of RAM. I wonder why there is this much difference in FW throughput and concurrent session values while 900D memory is only 733MB more than 600E. Or maybe I'm wrong and there is other hardware factors for firewall throughput.

 

Labels:
1363
0 Kudos
1 Solution
pminarik
Staff
Staff

Created on ‎07-13-2022 05:11 AM Edited on ‎07-13-2022 05:45 AM

Hi farshiv,

 

The throughput cap of an NP6 chip is 40 Gbps.¹

600E has a single NP6 chip², so there's no way for it to ever exceed that. (and as you already saw in the datasheet, the unit's real limit is 36 Gbps).
On the other hand, 900D has two NP6 chips³, which in theory could mean 80 Gbps maximum, but given the 52 Gbps number given in the datasheet, clearly there has to be some additional overhead or limits bringing the real maximum for this particular unit down.

 

Lastly, regarding RAM, do keep in mind that in this context RAM is only really relevant for keeping track of existing sessions. It has very little to do with throughput. (30 sessions with 1 Gbps throughput each, assuming fully offloaded, would have absolutely inperceptible impact on RAM utilization)

 

references:

1: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/177344/np6-np6xlite-and-np6...

2: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/733616/fortigate-600e-and-6...

3: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/239506/fortigate-900d-fast-...

 

[ corrections always welcome ]

View solution in original post

1352
2 REPLIES 2
pminarik
Staff
Staff

Created on ‎07-13-2022 05:11 AM Edited on ‎07-13-2022 05:45 AM

Hi farshiv,

 

The throughput cap of an NP6 chip is 40 Gbps.¹

600E has a single NP6 chip², so there's no way for it to ever exceed that. (and as you already saw in the datasheet, the unit's real limit is 36 Gbps).
On the other hand, 900D has two NP6 chips³, which in theory could mean 80 Gbps maximum, but given the 52 Gbps number given in the datasheet, clearly there has to be some additional overhead or limits bringing the real maximum for this particular unit down.

 

Lastly, regarding RAM, do keep in mind that in this context RAM is only really relevant for keeping track of existing sessions. It has very little to do with throughput. (30 sessions with 1 Gbps throughput each, assuming fully offloaded, would have absolutely inperceptible impact on RAM utilization)

 

references:

1: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/177344/np6-np6xlite-and-np6...

2: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/733616/fortigate-600e-and-6...

3: https://docs.fortinet.com/document/fortigate/6.4.9/hardware-acceleration/239506/fortigate-900d-fast-...

 

[ corrections always welcome ]
1353
farshif
New Contributor

Created on ‎07-13-2022 11:26 AM

Hi pminarik

Thank you for detailed information. 

1342
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.