Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FB
New Contributor

the hardware behind 300E?

we´re evaluating the exchange of a 200D (first hardware genration, 2 GB of RAM)

 

We´re on conserve mode most of the day so we´ve decided to not reduce the security, but offer a good service

Maybe the new revision of 200D (4 GB of RAM) could be used, but we´re evaluation as alternatives:

200E, 500D or, the newly 300E.

But we we have prices of 300E, but fortinet web site have no information on specifications for 300E

 

we have 1000 devices, 5 IPSec VPNs, two-node CLuster HA/A-A, SSL inspection, webfilter, AV, IPS (client protect default)

Mosf of the day, our 200D operates in 75-90% of RAM and 65-85% of CPU

 

Which are good alternatives ? 200E? 300E? 500D? (resonable price, of course, cost and benefit)

---

---
5 REPLIES 5
bartman10
Contributor

How many users are behind that 200D? The 200D is quite good. 

Also what firmware version are you running? Some older firmware seem to use much more ram than current revisions. 

Try upgrading to whatever is current for the branch you are in. 5.2.x or 5.4.x. Possibly try 5.6... but I'd stay with 5.4 for now.

 

Also limiting the session TTL and DNS cache will really reduce the ram usage by not keeping "old" TCP connections open for so long. It has to remember all of these in ram. The only drawback I had when lowering the TTL is on our site-to-site VPN's where clients use telnet. The telnet session will timeout after the TTL and will disconnect. Almost all other kinds of web traffic will simply re-open the connection if needed. 

If you need to fix the issue like I had with site-to-site and telnet. Don't set the "global" TTL as in the below example. Look up how to set per interface ttl. 

 

[ul]
  • change the default session TTL:    config system session-ttl         set default 300     end

  • change the fortiguard TTL:    config system fortiguard         set webfilter-cache-ttl 500         set antispam-cache-ttl 500     end

  • change DNS cache:    config system dns         set dns-cache-limit 300     end

    [/ul]
  • 300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

    Over 100 WiFi AP's and growing.

    FAZ-200D

    FAC-VM 2 node cluster

    Friends don't let friends FWF!

    300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track. Over 100 WiFi AP's and growing. FAZ-200D FAC-VM 2 node cluster Friends don't let friends FWF!
    liv_liv
    New Contributor

    I don't get it why Fortinet does not have this kind of information in their product's datasheet. It would be very easy. Some clients need to have a written proof of the hardware performance from the vendor...they need to see the RAM,CPU and flash. It would be very useful such a document in the future...

    oheigl

    Hi,

     

    100E:

    ARMv7 Processor

    3GB RAM

     

    200E:

    2xIntel Celeron G1820

    4GB RAM

     

    300E:

    4xIntel(R) Core(TM) i5-6500 CPU @ 3.20GHz

    8GB RAM

     

    The biggest point of evaluation is your internet bandwidth, or the bandwidth you want to scan.

    James_G
    Contributor III

    The 100f is 4gb and 8 core arm, it's got some grunt, more than the 200d for sure
    boneyard
    Valued Contributor

    replacing a 200D now isnt weird but still i would contact support or your partner to determine if that CPU and memory usage makes sense compared to the amount of traffic you send through it. in principle if you remain within the specs you shouldnt have such issues.

    Labels
    Top Kudoed Authors