Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
janderson13
New Contributor

Sizing for a Small School

Hope someone can recommend a device.   I help a small school that has a total of maybe 200 devices.  I'm guessing no more than 100 people would be using the internet at a given time.   Their internet connection is 150Mb via Comcast.  I plan to implement firewall, IPS, SSL intertercept, and web categories.  There could be some very light VPN use (but this would probably be when no one is there).  Oh... and some APs (but only the Guest network will be tunneled to firewall).  A 92D seems like it should be enough, but maybe a 100D?

8 REPLIES 8
emnoc
Esteemed Contributor III

It depends on what your doing. For example, I had a similar setup that I did many years ago using comcast business but at 50mbps. It for a private school with a bunch of  k5 grade classes. I'm using  a pair of FGT60C ( that all they could afford  ) and in one case a FGT80CM.

 

We are doing  URL filtering for the most part, no AP, no DMZ hosted devices, etc....

 

A FGT90D or 100D should fit your needs but how much  AP traffic to you see and really how many APs?

 

note: a FGT90D has more thruput than the 92D and is still cheaper priced, not to sure on cpu/memory requires of the  92D.

 

 

if you budget can afford it the FGT100D are great in the low-end spectrum  and not a whole lot more. Review the specs and matrix and then go from that point and the needs you forecast now and in the future. Fortinet always stress more than less.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
JamesVirgil

emnoc wrote:

 It for a private school with a bunch of  k5 grade classes. I'm using  a pair of FGT60C ( that all they could afford essaytyper.pro ) and in one case a FGT80CM.

For small school pair of FGT60C is more than enough.

 

Chura
New Contributor

both the 90 and the 100 will be enough.

150mb is not a problem even for the 40C device, however its the amount of connectio and connection rate that actually dictate the sizing.

200 users on school, I'm guessing can be 500 new connection/sec and damn I took it far.

90D can take 4K new session on basic configuration.

So yeah, you are on the safe side. Please notice that as my friend above mentioned, the 90D is superior to the 92D (go figure...)

//Chura CCIE, NSE7, CCSE+

//Chura CCIE, NSE7, CCSE+
Dave_Hall
Honored Contributor

Most of the fortigates we manage are deployed at educational institutions in rural areas, about half on ForiWifi 80CMs, the rest on 200Bs or 200Ds.  Soon we will be evaluating a suitable replacement for our ageing (1st generation) 80CMs (they just don't cut it under 5.x., even after following fortinet's recommended optimization). Have looked at FortiWiFi-90D and FortiWifi 92D.  While the 90D has better throughput, I have decided on demoing the 92D for the evaluation because almost all of the traffic going through the Fortigate will be subject to all/most of the UTM features: IPS, anti-virus, web filter, Application control.  And on paper, the 92D looks more promising in that area (better firewall new sessions per second, IPS throughout, and anti-virus throughput).  Cost-wise, (from one online vendor) there seems to be $300-400 difference between the two. 

 

(Re 90D can take 4K new session, The linked document shows the 92D with 22K new sessions unless that is a typo.)

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
janderson13

Thanks everyone - I was leaning toward the 92D vs 90D because of IPS throughput and capwap throughput. They don't have a lot of $$ so the 92D seems right.
Dave_Hall

If purchasing the 92D new, it should automatically come with a 1-year subscription.  But check with your local Fortinet dealer and consult with the school admins on what 1-3 year subscription/support bundles are affordable to the school.  Let the school admins know what the approx. cost to renew the subscription if they choose to renew it yearly.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
janderson13

Thanks everyone - I was leaning toward the 92D vs 90D because of IPS throughput and capwap throughput. They don't have a lot of $$ so the 92D seems right.
janderson13

Thanks everyone - I was leaning toward the 92D vs 90D because of IPS throughput and capwap throughput. They don't have a lot of $$ so the 92D seems right.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors