Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SecurityPlus
Contributor II

Created on ‎03-23-2020 07:48 AM

Replace Old FortiGate 200B With New FortiGate

We have a new potential customer that wants to replace their old FortiGate 200B with a new FortiGate. I'm not familiar with FortiGates prior to the D models. What would a new E or D series firewall that would be equivalent to this firewall? They will have about 100 users using VPN with a 500 MB pipe. They can only get 100 MB through their 200B.

4167
0 Kudos
4 REPLIES 4
rwpatterson
Valued Contributor III

Created on ‎03-23-2020 08:07 AM

Starting with some of the "C" models. WAN ports were GB. After that most models had them on most ports. You should check out the spec sheets for today's models to see what's offered. With the CPU and technology improvements over the years, the smaller number models now have more horsepower than the larger ones of yesteryear did.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
2470
0 Kudos
SecurityPlus
Contributor II
In response to rwpatterson

Created on ‎03-23-2020 08:49 AM

Thanks!

2470
0 Kudos
Dave_Hall
Honored Contributor
In response to SecurityPlus

Created on ‎03-23-2020 10:22 AM

We replaced our 200Bs with 200Ds, but overall they were both a bit over powering for the remote locations we placed them in.  Originally the 200B was the recommended replacement for the 200A (from a Fortinet partner).  This time around, we will be replacing the 200Ds with 101Es.  I agree with Bob - the new models are more powerful then models of yesteryear. 

 

That said, with regards to possible suitable replacement it's been suggested to look at the CPU/Memory/current session usage on your current model then find a suitable replacement with perhaps better specs.  If you find more than one comparable model, I suggest checking the VPN related system performance of the models involved.

 

 

Other things to keep in mind, performance wise, is optimizing the configuration on the fgt - even an high-end fgt model can be "dog slow" if the config is not tailored to the network/traffic and with all the bells and whistles enabled (unless of course you need it).

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
86 KB
2470
0 Kudos
ede_pfau
Esteemed Contributor III
In response to Dave_Hall

Created on ‎03-24-2020 03:50 AM

All true but still there is a fine line between SoC models and those with a proper CPU.

 

Up to and including the 100E/F, these FGTs are considered "desktop models" and feature a SoC3/4. There are tasks which demand high CPU performance, like session buildup, SSLVPN, IPsec tunnel buildup (not: usage) and more. A look into the datasheet will reveal if these figures suit your needs - and future needs.

 

I personally was always grateful to my customer when he decided for a 'real' FGT. Work on and manage a 60X and then a 600X and you'll see what I mean. There is a reason why the 1500D with several Xeon multicore CPUs still is around a lot, though being a D series model.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
2470
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.