Dave Hall wrote:

From the spec sheets for both 200E and100F, it's hard to say how either model will perform using real numbers - also factoring in how you are crafting the UTM/firewall policies (amount of packet inspection going on), etc.

 

On paper, I would have to personally go with the 200E.  But I would analyze where most of your current CPU usable (on the 200D) is being used ((ipsengine, scanunitd, etc) then determine whether you need to retweak any policy/utm settings.  Even a low-end fgt device can "out perform" a higher-end model if properly configured. IMO.

 

[attachImg]https://forum.fortinet.com/download.axd?file=0;180946&where=message&f=200E vs 100F.JPG[/attachImg]

I often use the cli "diag sys top" on my FGT100D when the CPU reachs high  and  found that high cpu cause by ssl vpn (web ssl vpn and ssl vpn tunnel) , when the CPU reach 95-99%   ssl vpn monitoring showed that there were 20-30 clients vpn session established. There were 3 running pid of "sslvpnd" cause high cpu.

the wad process also cause high cpu and this is normal because it serve the explicit proxy for 8xx client computers .

Lookin at the hardware platform,  100f and 200e both have 4GB of memory , 100F CPU is Cortex Arm (don't know the version exactly) and 200E is Celeron G1820. I dont know which CPU supply better perfomance.  FGT 2003 also has NP6 lite and CP9 , i dont know that does it provide better perfomance for UTM.

Thanks very much

James_G wrote:
Bit of a sideways thought, have you ever considered IPsec VPN rather then SSL VPN for some of your remote users, with the new models you are looking at, IPsec is totally offloaded to hardware and uses zero CPU.

I have to use web ssl vpn for some remote user that doesnt have a dedicated computer to connect to office's resource. Web ssl vpn can use on any computer that has a compatible browsers.

Anyway i will consider ipsec vpn for dedicated laptop/pc using forticlient.