How To Properly Size A SOHO FortiGate
Рет қаралды 4,314
Күн бұрынThe video is dark (got a new DSLR that I'm learning) but at least you can hear the audio and that is where all the knowledge is)
I get asked this a lot. How do I properly size a SOHO style FortiGate?
Well, you need to take a few things into consideration to make sure you are getting what you need.
Fortinet is very good at making their datasheets confusing on what speeds you will actually see in the real world.
Buy Hardware: bit.ly/2QZVeqh
Get Consulting: bit.ly/36FinSU
My Other Projects:
Office Of The CISO: bit.ly/3HGMH1o
Packet Llama: bit.ly/3SEX3H4
###### SOCIAL LINKS ######
Twitter: bit.ly/2WXiRAv
Facebook: bit.ly/3eigz4D
Instagram: bit.ly/3cZneAz
######################
@FortinetGuru 4 жыл бұрын
What methods are you using to size your FortiGates?
@ps2jnky 4 жыл бұрын
I dont size off of NGFW unless the customer already has another mechanism such as a Proxy. IMO, you should always be running AV, especially in SOHO where you likely don't have other compensating protections. That will also provide you some coverage to run web filtering, which doesn't have a spec listed anymore. I typically size the FortiGate to be at minimum equal to the Threat Protection, and if there is any discussion of SSL inspection account for that performance hit as well (which requires a little math). I like your suggestion about ports. While switches are incredibly easy to add up front, adding them later is a huge burden.
@sullimd 4 жыл бұрын
I use the “half rule” as a starting point. For customers with ~1-15 users, a 30E. ~20-25 users, a 60E/F. 50-60 users, 100E\F. Take the model, divide by 2 and that’s approx how many users you can put through it. Obviously there are lots of other factors when it comes to services, but I also size them assuming I’ll turn on everything the box will do, even if we just use a couple things. Never know what the future brings. You don’t want to size it specifically for 20 users and 100mbps, then 8-10mo later they add another 20 employees and bump up to 250mbps. Now you hit them with another $1200-1500 firewall plus a couple hours of time to swap it out.
@sullimd 4 жыл бұрын
I also try to stay away from the 30E unless I KNOW they’re not planning on growing. Been screwed before with “let’s add a 3rd AP”...
@playboy0308 4 жыл бұрын
Mike, I like it when you show data on the screen. I was hoping to see some data and different FortiGate models in this. It would've been cool if you would've given us some different examples. I can't wait for your next video to come out and have a great day!
@anonymousjones4016 4 жыл бұрын
Very usefu insight! Thanks Mike! Heck, I'm buying your merch. Shirt or mug? Hmmm...maybe both. Keep up the good work!!!
@FortinetGuru 4 жыл бұрын
I guess I need to tell the wife she needs to start making some products? :P
@TheRealDasluft 4 жыл бұрын
Bro. You rock. Kudos for an excellent explanation.
@blairgetz32 4 жыл бұрын
Identify current or expected bandwidth requirements and then take Threat Protection divided by .50 for proxy or .75 for flow and you'll have a device that you can turn additional features without it tipping over and gives you room to grow over 3-5 years. The important part and the most difficult is having a roadmap of where you want to be in 3-5 years...if you can get this mapped out it will save you alot of grief and properly allocate your budget.
@computerlist 4 жыл бұрын
Thanks Fortinet Guru. I'm your disciple. I have had this question for a long time. In my country, we have very low speeds. Most SMEs use max 30 Mbps. If I put 60E at the network Edge, will it be enough for a web app server in the DMZ handling about 30K request at any time with about 20 computers and 15 users internally?
@FortinetGuru 4 жыл бұрын
If you are buying new go for the F model.
@computerlist 4 жыл бұрын
@@FortinetGuru and which fortigate model. Thinking of using vdoms to do internal segmentation to server vlan, because most smbs won't buy multiple FGs
@vinnyn2249 4 жыл бұрын
Shitty SonicWall. Lol! So true!
@FortinetGuru 4 жыл бұрын
I hate them
@jonnyboy006 11 ай бұрын
Just upgraded a network from "shitty SonicWall" FW & AP to a Fortinet full stack, so that hit home! lol! Having never worked on the SonicWall (replaced due to EOL), why do you hate them @FortinetGuru? Sounds like we dodged a bullet by not upgrading within that brand
@manotas05A 4 жыл бұрын
Hi, i'm pretty noob in this IT area (and i'm speaking from my ignorance), but what about CPU and Memory?
@FortinetGuru 4 жыл бұрын
This sizing is how I do it for soho boxes based on those items. The throughput capability is tied to those limiting factors.
@manotas05A 4 жыл бұрын
@@FortinetGuru So, more NGFW throughput more CPU and RAM
@battlement 4 жыл бұрын
Thanks Mike, but the video is a bit dark...
@FortinetGuru 4 жыл бұрын
Yeah, got a new DSLR and it looked brighter on the screen. Already have the fix in the mix for that! The audio is where the details are :P No one wants to SEE my face probably anyways haha
@AlainSylvestre 4 жыл бұрын
too dark background.
@FortinetGuru 4 жыл бұрын
Yeah. I think I have it figured out now
@AlainSylvestre 4 жыл бұрын
@@FortinetGuru Your green backgroud was ok. I think.,
@hemmizack3769 4 жыл бұрын
when you mentioned the 30E and FortiAP´s... speaking from early on experience.. your going to have a bad time!
@saikenjkd 4 жыл бұрын
I never spec a Fortigate based on the amount of ports they require. Thats what FortiSwitch and FortiAP are for..... sell the full stack! also, FortiWifi needs to die....
Fabiosa Best Lifehacks
Рет қаралды 39 МЛН