Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- How to Suggest Fortigate to customer
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to Suggest Fortigate to customer
I would like to ask that how we suggest fortigate to customer , For example we have 500 user so how we will check which device is best and what will be through output will be better for it
Solved! Go to Solution.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi There!
The answer is a little bit tricky, because a single user could generate a lot of sessions and another just a few.
Other case would include if you have a service exposed to internet, like a website, so you want to use a IPS, or in the other hand you just use the Fortigate like a Router to Internet. that's why the answer depends on several things, not just the amount of users.
In my experience with around 500 users i got this status:
CPU states: 77% user 42% system 0% nice 51% idle CPU0 states: 77% user 42% system 0% nice 51% idle Memory states: 54% used Average network usage: 40936 kbps in 1 minute, 44003 kbps in 10 minutes, 37604 k bps in 30 minutes Average sessions: 28504 sessions in 1 minute, 29806 sessions in 10 minutes, 2943 4 sessions in 30 minutes Average session setup rate: 192 sessions per second in last 1 minute, 186 sessio ns per second in last 10 minutes, 183 sessions per second in last 30 minutes Virus caught: 0 total in 1 minute IPS attacks blocked: 0 total in 1 minute Uptime: 104 days, 13 hours, 4 minutes
This is from two Fortigate 110C in a HA configuration with IPS, Antivirus, Web Filter, Application Control and a lot of IPSec VPN's. and FortiOS 5.2.10
The cluster is not responding very quickly sometimes or the CPU have spikes 100%, so taking this as a example I am short of resources, but I think a 200 would probably fit for me.
The list below just reflect my opinion:
500-1000 users = Fortigate 300D
250-500 users = Fortigate 200E
100-250 users = Fortigate 100E
Around 100 users = Fortigate 90E
50-100 Users= Fortigate 60E
1-50 Users = Fortigate 50E/Fortigate 30E
in my opinion, a Fortigate 200E would be great for 500 users and a few features enabled on it.
Hope it helps!
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi There!
The answer is a little bit tricky, because a single user could generate a lot of sessions and another just a few.
Other case would include if you have a service exposed to internet, like a website, so you want to use a IPS, or in the other hand you just use the Fortigate like a Router to Internet. that's why the answer depends on several things, not just the amount of users.
In my experience with around 500 users i got this status:
CPU states: 77% user 42% system 0% nice 51% idle CPU0 states: 77% user 42% system 0% nice 51% idle Memory states: 54% used Average network usage: 40936 kbps in 1 minute, 44003 kbps in 10 minutes, 37604 k bps in 30 minutes Average sessions: 28504 sessions in 1 minute, 29806 sessions in 10 minutes, 2943 4 sessions in 30 minutes Average session setup rate: 192 sessions per second in last 1 minute, 186 sessio ns per second in last 10 minutes, 183 sessions per second in last 30 minutes Virus caught: 0 total in 1 minute IPS attacks blocked: 0 total in 1 minute Uptime: 104 days, 13 hours, 4 minutes
This is from two Fortigate 110C in a HA configuration with IPS, Antivirus, Web Filter, Application Control and a lot of IPSec VPN's. and FortiOS 5.2.10
The cluster is not responding very quickly sometimes or the CPU have spikes 100%, so taking this as a example I am short of resources, but I think a 200 would probably fit for me.
The list below just reflect my opinion:
500-1000 users = Fortigate 300D
250-500 users = Fortigate 200E
100-250 users = Fortigate 100E
Around 100 users = Fortigate 90E
50-100 Users= Fortigate 60E
1-50 Users = Fortigate 50E/Fortigate 30E
in my opinion, a Fortigate 200E would be great for 500 users and a few features enabled on it.
Hope it helps!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How fast is the internet connection?
Are you breaking your network up into several subnets?
Do those subnets talk with one another?
Do you want UTM functionality on the traffic traversing said subnets?
Mike Pruett
Mike Pruett
Fortinet GURU | Fortinet Training Videos
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
https://competitive.myfortinet.com/product_sizing
it's an old tool but gives you an idea of which paramters are importants
Loïc
Loïc
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That sizing tool is useless imho and same for the sizing app
http://socpuppet.blogspot.com/2015/05/the-fortigate-sizing-app.html
These are great for general guess but "the number of users " is NOT a factor in a fortigate sizing set. I ran a org on a pair of 2x 200B for over 5 years with no problems. They had way over end-points and had a lot of internal items such as
steelhead
web/ftp-proxy
no vpn-ipsec
no ssl-vpn
no ips
etc....
So it's really depends on what you are GOING TODO !
ideals;
Do you need IPS
Do you ever plan on explicit Proxy
Do you do or need SSL inspection
Do you run any SLB VIP
Do you need ssl-vpn
Do you need logging ( on disk )
Do you plan on using a FAZ in the near future
etc......
All of that are more important imho. A firewall fgt or non is not like a shoe-size selection where you measure a foot a pick a pair of shoes by that size of the foot. I like to look at it as what your going todo ( dance, job, for a job interview, climbing, walking, if walking on what,etc......)
;)
Ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Selecting a model can be a little tricky. I would suggest reaching out to your local Fortinet or Fortinet Partner representative, they will be able to help you. Just keep in mind that they will not take any chances and will propose a model that will work 200% without creating a bottleneck, so it might be considered to be an overkill for some users.
NSE 7
All oppinions/statements written here are my own.
NSE 7
All oppinions/statements written here are my own.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you need a quick budget, then work on the worst possible scenario. Take the sum of the bandwidth you want to inspect, i.e. 40 down 10 up is 50, then triple it because we like future proofing.
So we have a value of 150mbs we want to size, look at the fortigate product matrix for the 'threat protection throughtput' that assumes everything turned on, and find the product that matches.
So in summary a 40mbs fttc would probably best fit a 100e, 100mbs leased line then a 200e etc.
If you need to scan East West traffic in the land, then the sizing gets a lot more complicated.
Just my 2c.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Budget is a huge topic to debate when selecting the right Firewall. What's the end goal for this network? Also, if this company is growing then I highly recommend you take this into account. I currently have two 600C Fortigates for a company with about 230 employees, and about triple that in devices. They're setup in Active-Active for HA. Now, as I'm sure you're aware as you move up in each Fortigate Models, the more expensive they become,however the more features you will get with the main advantage of obtaining some crazy throughput. In my opinion after working with Fortigates for over 6 years now, I would consider what security features you will need first, then build from there.
As a side note. I've ran a 200 user office off two 100D Firewalls without complaints. However, it was only servicing Internet with web filtering at first. I then downgraded an older Layer 3 HP switch to Layer 2 Access, and had the 100D route. Made a huge difference in performance believe it or not. The ASIC Chips in the Fortigates really do a nice job with offloading now, at first there were some weird anomalies, but those bugs were squashed with firmware updates. We saw better throughput to our CoLo to end user without the units exhausting their resource limits. And, with all with the added benefits of Application, Device, and User discovery to make managing Policies, Users, and Device Groups much simpler.
Things I would consider before purchasing.
[ol]
Hope this helps! best of luck with whichever device you decide on. Not everyone is a fan of Fortigates, but I am. Once you learn them, it's hard to use other products. Not to mention Fortinet's huge push into their Collective Security Fabric with the more recent Firmware updates. I'm personally just about ready to update to 5.6.
-ChrisRX
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,706 -
FortiClient
1,766 -
5.2
801 -
FortiManager
729 -
5.4
639 -
FortiAnalyzer
558 -
FortiSwitch
475 -
FortiAP
473 -
FortiClient EMS
434 -
6.0
416 -
5.6
362 -
FortiMail
318 -
6.2
251 -
SSL-VPN
246 -
FortiAuthenticator v5.5
234 -
IPsec
210 -
FortiWeb
205 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiAuthenticator
104 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
82 -
Customer Service
79 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
51 -
ZTNA
49 -
Routing
46 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
41 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
VDOM
30 -
FortiConnect
29 -
FortiLink
29 -
FortiWAN
27 -
Web profile
27 -
Application control
26 -
FortiConverter
25 -
Logging
25 -
FortiGate v5.2
24 -
Virtual IP
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
FortiGate-VM
13 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1713 | |
| 1093 | |
| 752 | |
| 447 | |
| 231 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.