NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
But I think you' ll see a noticeable difference if only setting the protocol options to use actual port numbers (and not set to 0, which is auto.)Yes and no. You should be aware that the FGT can scan some protocols INDEPENDENT of their well known ports, for example ftp or http. This is a big advantage on the security side whereas it costs on the CPU side. There' s nothing like a free lunch.
none of my smaller boxes are ever hammered, but I found issues with 4.1.10 that made me glad to get away from it. Having two 1000As doing my heavy lifting, memory and CPU were never an issue, but even on those large boxes 4.1.10 gave me grief. Switching to 4.2.x was uneventful, and help me sleep better. If you are going to do the upgrades, 2 things I would recommend: 1) Reboot the units prior to uploading the new code. 2) check out my post here: https://forum.fortinet.com/FindPost/81337
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.