In our primary production site we're running a HA cluster of 100D's that are over 6 years old. Everything is running well (6.0.10) but my Foritguard subscription is up for renewal so Im debating if it's worth it to replace with a pair of 100F's.
Just wondering how long the community runs production boxes. Until EOL of the OS? Time based? When you have budget? When you're bored and want to work all weekend? ;) I've run smaller units (60A's, etc) 8-10years, but they were in less important home office sites.
We manage/maintain about 40-50 fgt in the field (200D/101E/92D/80E), in mostly remote areas - all educational type institutions, so the requirement for us is the model is still supported by Fortinet and/or the subscription can still be renewed. Then there is whether the OS is still supported or can be firmware upgraded. In recent years, if we have seen a bandwidth explosion, mostly due to increased mobile usage - with that in mind, we are watching out for system resource exhaustion (.e.g. CPU/memory/sessions near maxing out) - which is telling us we are are outgrowing these models and it is time to replace them.
The 100D reached EOO(end of order) on 2018-07-26, then 2022-07-26 is the LSE(last service extention) then 2023-07-26 is EOS(end of service). So you can renew the 1yr support a couple of more times.
On the other hand, 6.2 or later OS doesn't support 100D due to unsupported ASIC NP4Lite. So 6.0.x is the last version of OS on the unit.
I would expect FTNT would keep update 6.0.x when major vulnerabilities are found and need to be patched at least until the EOS date due to the fact no options to go up to 6.2 or above.
My personal opinion is it's completely up to the situations if the current 100D with 6.0.x is well enough and comfortable for your needs. If that's the case, why would you spend money now while you can save it for next or the following fiscal year? But, if you want to have a better performance with new feature sets and want to explore them, going to "F" version would provide you lots of opportunities.
If you can't decide now, I would just renew it for one more year then, secure the budget for next year well ahead, which actually we decided to do for 200Ds.
It really depends on specifics of the site in question. We are VAR/Partner and I see these points clients take into account:
Are Subscription services essential? If a Fortigate works as pure Firewall/NAT/VPN device with no URL filtering, then this makes us consider only next points. BTW I am yet to see client that would reach EOS stage for his production Fortigate (hey, even 310B is not EOS yet:) ).
Is the current Fortigate making troubles and a bug fix is only available for higher and thus must-upgrade model? Clients are really unwilling to upgrade when they are satisfied with everything except some nagging bug and they will ask (and we will try our best) to circumvent this and prevent the unnecessary upgrade.
Is there some critical vulnerability that cannot be compensated for except via upgrade (E.g. SSL VPN) ? But again, this would mean old hardware AND unavailable 6.x train for it, so we are talking B,C series which I don't have anywhere in production.
Capacity exhaustion - well, here it is no-brainer, you don't have "whether" but "upgrade to what".
Price - as always in IT, every decision comes down to the gain vs price. Recently one of our clients considered switching from 200D to either 101F or 200E - I recommended him 200E as the discount + performance = ROI he was getting was just much higher as opposed to F train. So his decision was mostly price-based and budget, he was getting a discount on 200E here and now or would have to wait for the F train new models some day in the future but before 200D end of services in 2022.[/ul]
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.