Determining the right Fortigate firewall for your network

Establishing your network’s need for a Fortigate firewall and determining the right model for your network can be easy if you understand the attributes for measuring its suitability for your network. Before explaining what to look out for when deciding on a Fortigate firewall for your network, let’s briefly talk about Fortigate and its functionalities.

Fortigate is a brand of network security appliances that offer unified threat management (UTM), intrusion prevention, antivirus, and firewall capabilities. These devices are widely used in small to large enterprises to secure their network infrastructure and protect their data. Ranked as a leader in the Gartner next generation firewall market, Fortigate firewalls are designed to provide robust security against a variety of cyber threats. They offer a wide range of features and functionalities, including firewall, VPN, intrusion prevention system, web filtering, anti-virus and anti-malware, application control, data loss prevention, email filtering, traffic shaping, captive portal, etc.

Do you need a firewall on your network?

Every network, irrespective of its size or complexity, needs a firewall; in fact, a next generation firewall (NGFW). A firewall is a critical component of any organization’s security strategy that helps protect its network from numerous cyber threats, such as unauthorized access, malware, viruses, and other malicious content. You need a Fortigate Unified threat manager on your network for network security, compliance, internet connectivity, and business continuity. You need a firewall if your network is connected to the internet or has multiple access points, handles sensitive data,or is subject to regulatory requirements.

What model of Fortigate firewall for your network?

Fortigate firewalls are available in different models, ranging from the entry level for branch offices, mid-range for campuses and high-end for data centers. In addition to hardware features like port type and wireless module, the determination of your Fortigate of choice will be tied to the attributes listed in the table below. Note that the specifications captured in the table are for the Fortigate 80F bypass next generation firewall.

SpecificationFG-80F BypassDescription
IPS Throughput1.4 GbpsIPS (Intrusion Prevention System) throughput refers to the maximum amount of network traffic that an IPS can process while still providing intrusion prevention capabilities such as identifying and blocking network-based attacks. IPS throughput is typically measured in terms of packets per second (pps) or bits per second (bps).  
NGFW Throughput1GbpsNGFW (Next-Generation Firewall) throughput refers to the maximum amount of network traffic that a next-generation firewall can process in a given time period while still providing advanced security features such as intrusion prevention, application control, and threat detection. NGFW throughput is typically measured in terms of packets per second (pps) or bits per second (bps).  
Threat Protection Throughput900MbpsThreat protection throughput refers to the ability of a security device or solution to inspect network traffic for potential threats such as malware, viruses, and other malicious activities while maintaining network performance. It is usually measured in terms of packets per second (pps) or bits per second (bps).  
Firewall Throughput (Packet per Second)10.5 MppsFirewall throughput refers to the amount of data that can be processed by a firewall in each period.  
Concurrent Sessions (TCP)1.5 MillionThe maximum supported concurrent sessions on the device. Concurrent sessions, in the context of TCP (Transmission Control Protocol), refer to the number of active connections or communication streams that a device can maintain simultaneously.  
Firewall Policies5000Maximum number of firewall policies that can be created on the device.
IPsec VPN Throughput (512 byte)6.5 GbpsTotal throughput for all IPsec VPN connections.
Gateway-to-Gateway IPsec VPN Tunnels200Total number of site-to-site VPN connections that can be configured on the device.
Client-to-Gateway IPsec VPN Tunnels2500Total number of remote access IPsec VPN connections supported on the device.
SSL-VPN Throughput950 MbpsTotal throughput for all SSL VPN connections.
Concurrent SSL-VPN Users200Maximum number of SSL VPN users that can connect at the same time.
SSL Inspection Throughput715 MbpsMaximum throughput for SSL inspection.
SSL Inspection Concurrent Session100000Maximum SSL inspection session that can be established at a time.
Application Control Throughput1.8GbpsMaximum application control policy throughput.
CAPWAP Throughput (HTTP 64K)9GbpsMaximum CAPWAP throughput for managing FortiWiFi
Maximum Number of FortiTokens500Maximum supported FortiToken for managing authentication on the Fortigate.
High Availability ConfigurationsActive-Active, Active-Passive, ClusteringSupported options for high availability deployment.

To select the Fortigate device that is suitable for your network, the client’s requirements must be matched against the specifications listed above to determine what model of Fortigate to be deployed. Please see the official Fortigate documentation for details.

You may like: How to implement Cisco L3 MPLS to connect four customer branches

If you enjoyed this tutorial, please subscribe to this blog to receive my posts via email. Also subscribe to my YouTube channel, like my Facebook page and follow me on Twitter.

Spread the love

Leave a Comment