Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BrianPro
New Contributor

sizing assistance

I was wondering if anyone can offer suggestions on sizing for our environment: -Strictly a datacenter environment, no end users VPNing into this setup, VPN would be used only for admin purposes at this point. -3 segments: 2 DMZ and 1 LAN (each DMZ would have 1 web server, the LAN = the rest of our internal servers (about 15 total, mix of FTP, other web servers) -ISP connection : 1 WAN @ 100Mbit, current utilization 2Mbit + periodic bursts several times a day to 15-20 Mbit (about 15 minutes or so sustained) -only interested in applying IPS at this point between segments (no AV, etc) -2 web servers in the DMZs are hosted for external customers and are the busy ones for us. Currently we get about 500-1000 sessions concurrent on each and would expect growth of 2-3x over the next year or so due to some larger customers coming on board. -Would need the firewall to perform as a router (internal traffic would pass through it for backup purposes). Mostly rsync traffic for large database backups -Backend switch is currently a HP Procurve 1800-24G which is an older managed switch capable of VLANs When looking at this I' d guess a 110C would be the starting point? The limitation is only having 2 gigabit ports and concerns with routing/backups. We could jump to a 200B, but that seems like overkill (maybe not)... Oh forgot to mention we do see peak spikes on concurrent sessions up to 10K or so beyond normal due to external scanning tools.
16 REPLIES 16
FortiRack_Eric
New Contributor III

Correct

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
billp
Contributor

That' s good to know about the 1/2 price deal. I don' t think I got that bargain when we purchased :(

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
BrianPro
New Contributor

That' s good to know about the 1/2 price deal. I don' t think I got that bargain when we purchased :(
Unfortunately my VAR says he called fortinet and couldn' t get that offer (I' m in the US). I think we' ll have to go with 1 unit and hope the 60C in fw only mode covers us in an emergency :( Hopefully fortinets are pretty solid and I won' t have to live through that situation.
billp
Contributor

My reseller said they rarely have hardware problems with the Fortigates. He only had one DOA. I guess it depends on your comfort level and budget.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
BrianPro
New Contributor

That is good to know.
I guess it depends on your comfort level and budget.
That is a pretty common decision for anything in IT :) Insurance costs money. BTW I want to thank everyone on this thread for the input. Nice to know there is a good community here on the forums.
rwpatterson
Valued Contributor III

We purchased our second 1000A. After configuring, it would randomly reboot. We RMAd it, and promptly received a replacement. Both have been up 24/7/365. I have yet to lose one in the line of duty. The FortiAnalyzer? Well that' s another ball of wax altogether...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
FortiRack_Eric
New Contributor III

I can make you an offer for 2 200B in HA no problem with the discount.

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Labels
Top Kudoed Authors