Establishing your network’s need for a Fortigate firewall and determining the right model for your network can be easy if you understand the attributes for measuring its suitability for your network. Before explaining what to look out for when deciding on a Fortigate firewall for your network, let’s briefly talk about Fortigate and its functionalities.
Fortigate is a brand of network security appliances that offer unified threat management (UTM), intrusion prevention, antivirus, and firewall capabilities. These devices are widely used in small to large enterprises to secure their network infrastructure and protect their data. Ranked as a leader in the Gartner next generation firewall market, Fortigate firewalls are designed to provide robust security against a variety of cyber threats. They offer a wide range of features and functionalities, including firewall, VPN, intrusion prevention system, web filtering, anti-virus and anti-malware, application control, data loss prevention, email filtering, traffic shaping, captive portal, etc.
Do you need a firewall on your network?
Every network, irrespective of its size or complexity, needs a firewall; in fact, a next generation firewall (NGFW). A firewall is a critical component of any organization’s security strategy that helps protect its network from numerous cyber threats, such as unauthorized access, malware, viruses, and other malicious content. You need a Fortigate Unified threat manager on your network for network security, compliance, internet connectivity, and business continuity. You need a firewall if your network is connected to the internet or has multiple access points, handles sensitive data,or is subject to regulatory requirements.
What model of Fortigate firewall for your network?
Fortigate firewalls are available in different models, ranging from the entry level for branch offices, mid-range for campuses and high-end for data centers. In addition to hardware features like port type and wireless module, the determination of your Fortigate of choice will be tied to the attributes listed in the table below. Note that the specifications captured in the table are for the Fortigate 80F bypass next generation firewall.
| Specification | FG-80F Bypass | Description |
| IPS Throughput | 1.4 Gbps | IPS (Intrusion Prevention System) throughput refers to the maximum amount of network traffic that an IPS can process while still providing intrusion prevention capabilities such as identifying and blocking network-based attacks. IPS throughput is typically measured in terms of packets per second (pps) or bits per second (bps). |
| NGFW Throughput | 1Gbps | NGFW (Next-Generation Firewall) throughput refers to the maximum amount of network traffic that a next-generation firewall can process in a given time period while still providing advanced security features such as intrusion prevention, application control, and threat detection. NGFW throughput is typically measured in terms of packets per second (pps) or bits per second (bps). |
| Threat Protection Throughput | 900Mbps | Threat protection throughput refers to the ability of a security device or solution to inspect network traffic for potential threats such as malware, viruses, and other malicious activities while maintaining network performance. It is usually measured in terms of packets per second (pps) or bits per second (bps). |
| Firewall Throughput (Packet per Second) | 10.5 Mpps | Firewall throughput refers to the amount of data that can be processed by a firewall in each period. |
| Concurrent Sessions (TCP) | 1.5 Million | The maximum supported concurrent sessions on the device. Concurrent sessions, in the context of TCP (Transmission Control Protocol), refer to the number of active connections or communication streams that a device can maintain simultaneously. |
| Firewall Policies | 5000 | Maximum number of firewall policies that can be created on the device. |
| IPsec VPN Throughput (512 byte) | 6.5 Gbps | Total throughput for all IPsec VPN connections. |
| Gateway-to-Gateway IPsec VPN Tunnels | 200 | Total number of site-to-site VPN connections that can be configured on the device. |
| Client-to-Gateway IPsec VPN Tunnels | 2500 | Total number of remote access IPsec VPN connections supported on the device. |
| SSL-VPN Throughput | 950 Mbps | Total throughput for all SSL VPN connections. |
| Concurrent SSL-VPN Users | 200 | Maximum number of SSL VPN users that can connect at the same time. |
| SSL Inspection Throughput | 715 Mbps | Maximum throughput for SSL inspection. |
| SSL Inspection Concurrent Session | 100000 | Maximum SSL inspection session that can be established at a time. |
| Application Control Throughput | 1.8Gbps | Maximum application control policy throughput. |
| CAPWAP Throughput (HTTP 64K) | 9Gbps | Maximum CAPWAP throughput for managing FortiWiFi |
| Maximum Number of FortiTokens | 500 | Maximum supported FortiToken for managing authentication on the Fortigate. |
| High Availability Configurations | Active-Active, Active-Passive, Clustering | Supported options for high availability deployment. |
To select the Fortigate device that is suitable for your network, the client’s requirements must be matched against the specifications listed above to determine what model of Fortigate to be deployed. Please see the official Fortigate documentation for details.
You may like: How to implement Cisco L3 MPLS to connect four customer branches
If you enjoyed this tutorial, please subscribe to this blog to receive my posts via email. Also subscribe to my YouTube channel, like my Facebook page and follow me on Twitter.