Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nsantin
New Contributor III

When do you replace?

Hi All,

 

In our primary production site we're running a HA cluster of 100D's that are over 6 years old. Everything is running well (6.0.10) but my Foritguard subscription is up for renewal so Im debating if it's worth it to replace with a pair of 100F's.  

 

Just wondering how long the community runs production boxes. Until EOL of the OS? Time based? When you have budget? When you're bored and want to work all weekend? ;)  I've run smaller units (60A's, etc) 8-10years, but they were in less important home office sites.

 

Any opinions?

 

5 REPLIES 5
James_G
Contributor III

Depending on your use you could use this to save money, either use trade up to get a 100f at discount, or possibly reduce to 80f that's still faster then 100d in every possible metric.
Dave_Hall
Honored Contributor

We manage/maintain about 40-50 fgt in the field (200D/101E/92D/80E), in mostly remote areas - all educational type institutions, so the requirement for us is the model is still supported by Fortinet and/or the subscription can still be renewed.  Then there is whether the OS is still supported or can be firmware upgraded.  In recent years, if we have seen a bandwidth explosion, mostly due to increased mobile usage - with that in mind, we are watching out for system resource exhaustion (.e.g. CPU/memory/sessions near maxing out) - which is telling us we are are outgrowing these models and it is time to replace them.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Toshi_Esumi
Esteemed Contributor III

The 100D reached EOO(end of order) on 2018-07-26, then 2022-07-26 is the LSE(last service extention) then 2023-07-26 is EOS(end of service). So you can renew the 1yr support a couple of more times.

On the other hand, 6.2 or later OS doesn't support 100D due to unsupported ASIC NP4Lite. So 6.0.x is the last version of OS on the unit.

I would expect FTNT would keep update 6.0.x when major vulnerabilities are found and need to be patched at least until the EOS date due to the fact no options to go up to 6.2 or above.

 

My personal opinion is it's completely up to the situations if the current 100D with 6.0.x is well enough and comfortable for your needs. If that's the case, why would you spend money now while you can save it for next or the following fiscal year? But, if you want to have a better performance with new feature sets and want to explore them, going to "F" version would provide you lots of opportunities.

If you can't decide now, I would just renew it for one more year then, secure the budget for next year well ahead, which actually we decided to do for 200Ds.

M_M_SW

FG-100D is really old enough Update to replace it is needed The best choice is FG-101F

 

But if you don’t use new features such as security fabric It’s a pity, but FG-40F or FG-60F can be used

Yurisk
Valued Contributor

It really depends on specifics of the site in question. We are VAR/Partner and I see these points clients take into account:  

 

[ul]
  • Are Subscription services  essential? If a Fortigate works as pure Firewall/NAT/VPN device with no URL filtering, then this makes us consider only next points. BTW I am yet to see client that would reach EOS stage for his production Fortigate (hey, even  310B is not EOS yet:) ).
  • Is the current Fortigate making troubles and a bug fix is only available for higher and thus must-upgrade model? Clients are really unwilling to upgrade when they are satisfied with everything except some nagging bug and they will ask (and we will try our best) to circumvent this and prevent the unnecessary upgrade.  
  • Is there some critical vulnerability that cannot be compensated for except via upgrade (E.g. SSL VPN) ? But again, this would mean old hardware AND unavailable 6.x train for it, so we are talking B,C series which I don't have anywhere in production.
  • Capacity exhaustion - well, here it is no-brainer, you don't have "whether" but "upgrade to what".
  • Price - as always in IT, every decision comes down to the gain vs price. Recently one of our clients considered switching from 200D to either 101F or 200E - I recommended him 200E as the discount + performance = ROI he was getting  was just much higher as opposed to F train. So his decision was mostly price-based and budget, he was getting a discount on 200E here and now or would have to wait for the F train new models some day in the future but before 200D end of services in 2022.[/ul]
  • Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
    Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
    Labels
    Top Kudoed Authors