Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Doliphils
New Contributor

Internet ThroughPut Bandwith from Fortigate Firewall

Hi all,

I have a FortiGate firewall that reduces my 250MBps Internet to about 22Mbps. I have tested the network without the firewall and i get a speed of about 240 Upload and Download.

PLease help out!

 

My device is a Fortigate 60E and possibly have Features turned-on i.e Application Control, Web Filter, SSL Protection. 

 

Kindly advise the best Fortigate Firewall Model that Give me a good ThroughPut Bandwith nearly to 250Mbps with all the Important Features turned on.

 

I heard about FortiGate 80F. 

1 Solution
ede_pfau
Esteemed Contributor III

Hi,

and welcome to the forums.

 

While the 80F is a very decent model with strong UTM features, I would rather first find out why the current FGT throttles the throughput so much. This is, by no means, normal.

 

From the datasheet, a 60F should be able to handle at least 100 Mbps with full SSL content inspection and AV, IPS.

In general, I trust the figures published in the datasheets, they are sometimes even exceeded with FTNT gear.

So, if you design goal upfront was to fully inspect a permanent stream of 250 Mbps, the 60E would be the wrong choice.

 

What can happen, independent of the inherent power of the FG T, is that one misconfigures the filters. For instance, applying all IPS signatures (~ 4.000 last time I counted) regardless of the kind of target hosts is overkill and will down any model. Select only those signatures which make sense (Windows related for Win PCs etc.).

 

The 80F is part of the next generation of Fortinet firewalls, featuring a lot more power as such. For the same aspect (SSL traffic inspection), the datasheet specifies 715 Mbps for this model vs. 135 Mbps for the 60E. Comparing apples to bananas, the 80F is an advanced model aiming at high inspection throughput, coming with a significant higher price tag.

What I would do is talk to my FTNT reseller about a test device, say for a week. That should not be a problem, and you'll see what you'll get. Nonetheless, do have a look at the protection profiles in place and adjust them to your needs.


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Ede"Kernel panic: Aiee, killing interrupt handler!"
1 REPLY 1
ede_pfau
Esteemed Contributor III

Hi,

and welcome to the forums.

 

While the 80F is a very decent model with strong UTM features, I would rather first find out why the current FGT throttles the throughput so much. This is, by no means, normal.

 

From the datasheet, a 60F should be able to handle at least 100 Mbps with full SSL content inspection and AV, IPS.

In general, I trust the figures published in the datasheets, they are sometimes even exceeded with FTNT gear.

So, if you design goal upfront was to fully inspect a permanent stream of 250 Mbps, the 60E would be the wrong choice.

 

What can happen, independent of the inherent power of the FG T, is that one misconfigures the filters. For instance, applying all IPS signatures (~ 4.000 last time I counted) regardless of the kind of target hosts is overkill and will down any model. Select only those signatures which make sense (Windows related for Win PCs etc.).

 

The 80F is part of the next generation of Fortinet firewalls, featuring a lot more power as such. For the same aspect (SSL traffic inspection), the datasheet specifies 715 Mbps for this model vs. 135 Mbps for the 60E. Comparing apples to bananas, the 80F is an advanced model aiming at high inspection throughput, coming with a significant higher price tag.

What I would do is talk to my FTNT reseller about a test device, say for a week. That should not be a problem, and you'll see what you'll get. Nonetheless, do have a look at the protection profiles in place and adjust them to your needs.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Top Kudoed Authors