Needless to say - FortiGate is a complex device with tons of features, and it has quite a learning curve. Or you can request a free trial VM (feature-restricted) or full-featured evaluation VM (available on request) and use it for evaluation. If you are using a virtualized infrastructure, you may consider a FortiGate VM form factor. FortiGate goes into Conserve Mode when hitting something like 75% RAM use, so it is a good idea to keep the normal usage around 50%. In our use case, it looks like the RAM is a more scarce resource than the CPU. Think more of the number of transactions (TCP connections, UDP "sessions") than the actual packet or byte rates. On the HW capacity scaling - this one is tricky, as it heavily depends on the traffic patterns and on the depth of firewall scrutiny. Remember that the HW cost is just a fraction of TCO, the subscription being a substantial part. Rackmount - do not worry too much about that - the low-end units (40F, 60F) are not rack-mounted per se, but you can get an original adapter kit or just use a shelf as we do. Do you need a hard drive in the unit? Typically, it is used for local logging where remote logging options (FortiCloud, Syslog, etc.) are not practical or possible for technical, financial, or irregular reasons. What are the Internet and local network connectivity requirements? Is 1Gbit Ethernet enough, or do you need 10Gbit? Will FortiGate serve as a router for multiple segments of your local network? That may mandate 10Gbit interfaces on the LAN side even where your Internet connectivity does not require that bandwidth.
Think about high availability? How stringent are your requirements? What would device reboot (minutes downtime), tripped circuit breaker (minutes to hours down), or hardware failure (days down or more) mean? Are you operating single or multiple installations? What is the availability of a replacement device? Based on that - are you considering a single device, a single device with a dual power supply, or a HA pair of devices? (We have quite good experience with a HA pair of 60F's.) Here are some ideas based on our experience:
Like Hillstone, FortiGate firewalls are a line with a huge range of capabilities.
0 kommentar(er)
