Hey experts!
We’re looking to deploy a Fortinet device for ~50 users. The site has a 100Mbit connection and we’re going to to send traffic to Z-scaler for most of the security stuff. Exception being L4 IPs signatures.
Checked the datasheets got an idea what should be OK but I prefer experience to marketing material so:
What boxes would you recommend? Glad to answer any additional questions.
/Patrik
Hey Patrik -
From what I recall zScaler works over GRE and you’ll have to setup a tunnel to them for that. Since you are using zScaler, are you not using the local FortiGate for web filtering? The NGFW features are really what impact the sizing because all features turned on = much bigger FortiGate. a 60E should do ~100 mbps with full services, 280 mbps with partial services. However, given the quantity of users (which means more sessions), you may consider an 80E instead which would do a little higher throughput. Note, those models are not rack-mountable without an add-on rackmount kit, the 100E is the smallest rackable unit. A 100E would produce ~110 mbps with full security services. Generally, my recommendation would be a 100E for rackmount and scale given your user count, however you can probably get away with anything between 60E, 80E, 100E. I would not go with a 90E as it doesn’t have a SoC3 processor can’t do ASIC offload of VPN tunnels, but the other 3 can.
Also, the X1E version (61E, 81E, 101E) has a logging disk if you need local logging and don’t have a platform like FortiAnalyzer.
Curious to see where other people land with what I put forth.
Hi Chris!
Thanks a lot for your thorough answer.
Correct, since we’re using Z-scaler we would not be using the 60E for Web filtering. It might do some IPS work though for some types of connections. The reason for the small boxes is that we’d potentially roll this out to hundreds, if not thousands of locations with low bandwidth requirements.
We’ve tried it now in an office of 50 users on a 100Mbit connection. So far it’s been passing with flying colors.
/Patrik