Dear Brothers
My company currently use several fortigate 100D firewall UTM devices
I need to upgrade to new model because atm the CPU of FGT always reachs high usage, and found that Fortigate 100F and Fortigate 200E meet requiments. Any body can give me that which model between them should be compatible for fortigate 100D replacement?
Our company has 1000 CCU, fortigate device run webfilter, dlp, app control, Explicit proxy. We also have some ipsec vpn channel and web ssl vpn for 50 vpn clients.
Thanks very much with best regards
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
From the spec sheets for both 200E and100F, it's hard to say how either model will perform using real numbers - also factoring in how you are crafting the UTM/firewall policies (amount of packet inspection going on), etc.
On paper, I would have to personally go with the 200E. But I would analyze where most of your current CPU usable (on the 200D) is being used ((ipsengine, scanunitd, etc) then determine whether you need to retweak any policy/utm settings. Even a low-end fgt device can "out perform" a higher-end model if properly configured. IMO.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
The specs were not quite from each other. If you plan to have SDWAN setup I would choose 100F over 200E. IMO 100F uses SOC 4 to speed up the process.
Fortigate Newbie
From the spec sheets for both 200E and100F, it's hard to say how either model will perform using real numbers - also factoring in how you are crafting the UTM/firewall policies (amount of packet inspection going on), etc.
On paper, I would have to personally go with the 200E. But I would analyze where most of your current CPU usable (on the 200D) is being used ((ipsengine, scanunitd, etc) then determine whether you need to retweak any policy/utm settings. Even a low-end fgt device can "out perform" a higher-end model if properly configured. IMO.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Dave Hall wrote:ThanksFrom the spec sheets for both 200E and100F, it's hard to say how either model will perform using real numbers - also factoring in how you are crafting the UTM/firewall policies (amount of packet inspection going on), etc.
On paper, I would have to personally go with the 200E. But I would analyze where most of your current CPU usable (on the 200D) is being used ((ipsengine, scanunitd, etc) then determine whether you need to retweak any policy/utm settings. Even a low-end fgt device can "out perform" a higher-end model if properly configured. IMO.
[attachImg]https://forum.fortinet.com/download.axd?file=0;180946&where=message&f=200E vs 100F.JPG[/attachImg]
I often use the cli "diag sys top" on my FGT100D when the CPU reachs high and found that high cpu cause by ssl vpn (web ssl vpn and ssl vpn tunnel) , when the CPU reach 95-99% ssl vpn monitoring showed that there were 20-30 clients vpn session established. There were 3 running pid of "sslvpnd" cause high cpu.
the wad process also cause high cpu and this is normal because it serve the explicit proxy for 8xx client computers .
Lookin at the hardware platform, 100f and 200e both have 4GB of memory , 100F CPU is Cortex Arm (don't know the version exactly) and 200E is Celeron G1820. I dont know which CPU supply better perfomance. FGT 2003 also has NP6 lite and CP9 , i dont know that does it provide better perfomance for UTM.
Thanks very much
The specs were not quite from each other. If you plan to have SDWAN setup I would choose 100F over 200E. IMO 100F uses SOC 4 to speed up the process.
Fortigate Newbie
James_G wrote:Thanks bro
Bit of a sideways thought, have you ever considered IPsec VPN rather then SSL VPN for some of your remote users, with the new models you are looking at, IPsec is totally offloaded to hardware and uses zero CPU.
I have to use web ssl vpn for some remote user that doesnt have a dedicated computer to connect to office's resource. Web ssl vpn can use on any computer that has a compatible browsers.
Anyway i will consider ipsec vpn for dedicated laptop/pc using forticlient.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.