+1 The number of interfaces grows as you move up the product line, but the real value, as Richard points out, is throughput and sessions per second.
Adding UTM features eats into your bandwidth, so you want to start with sufficient headroom rather than have to jettison protection that you paid for. Take a look at AV throughput, for example. http://www.fortinet.com/sites/default/files/productdatasheets/Fortinet_Product_Matrix.pdf You can match your needs against the matrix and then see where the best cost/benefit lies. Regards, *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…* * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Wed, Dec 30, 2015 at 8:29 PM, Richard Stovall <[email protected]> wrote: > I don't know the Fortinet devices, but 'beefier' also typically means > faster UTM throughput. We upgraded from Sonicwall NSA 240s to 2600s and > the performance increase was quite nice. Even if you don't use all those > interfaces, the processing power of the box is a consideration. > > On Wed, Dec 30, 2015 at 7:57 PM, J- P <[email protected]> wrote: > >> So you advise against the 60d and advise the 90d would be a wiser choice? >> >> Just by looking the specs , and as much as I know them the first two >> arguments will be; >> >> "why do we need 14 lan ports ports on a firewall" >> and >> "we will never have the need for 200 vpn tunnels" >> >> >> I will tell them that i strongly advise the 90, but ultimately they have >> to choose >> >> thx to everyone for the feedback >> >> and Happy New Year >> >> >> >> >> >> >> ------------------------------ >> From: [email protected] >> Date: Wed, 30 Dec 2015 19:20:53 -0500 >> >> Subject: Re: [NTSysADM] Cisco 5506 - (was new firewall) >> To: [email protected] >> >> If you stick to the Fortigate 60D and a 1 year subscription for the >> signatures/services, you can hit that range: >> >> >> https://www.google.com/search?q=fortigate+60d+price&oq=fortigate+60d&tbm=shop >> >> IPsec VPNs are included, SSL VPNs could cost some more. >> >> There's also pfSense appliances, which might help with the costs. >> >> Frankly, for that size business, I'd recommend putting the price range in >> the $1000-1500 range, and getting a slightly beefier device + 3yr security >> subscription (which affects the UTM features, primarily). >> >> Regards, >> >> >> >> >> >> >> >> *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> >> *Providing Virtual CIO Services (IT Operations & Information Security) >> for the SMB market…* >> >> * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A >> >> >> >> On Wed, Dec 30, 2015 at 2:39 PM, J- P <[email protected]> wrote: >> >> Ideally under in the 500 to 700 USD range (INCLUDING the >> support/mtc/licesning that it may require) >> >> I know with Cisco you have to get the support contract , and you also >> have to pay for vpns separately as well. >> >> >> >> Jean-Paul Natola >> >> >> >> ------------------------------ >> From: [email protected] >> Date: Wed, 30 Dec 2015 14:05:28 -0500 >> Subject: Re: [NTSysADM] Cisco 5506 - (was new firewall) >> To: [email protected] >> >> I'd recommend a Fortinet 60D or maybe a 90 >> >> What is your anticipated budget for this? >> >> >> >> >> >> >> >> >> *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> >> *Providing Virtual CIO Services (IT Operations & Information Security) >> for the SMB market…* >> * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A >> >> >> >> On Wed, Dec 30, 2015 at 11:40 AM, J- P <[email protected]> wrote: >> >> So I was looking at new firewalls for a small office >> 50 users- ~100 nodes >> dual wan 100mb & 25 mb >> support for 5 vpn tunnels and a few dial in users >> >> I emailed a vendor and they recommended the New 5506, so in doing my due >> diligence , i came across MANY MANY people that are not happy with this >> "upgrade of the 5505". here is a link from the Cisco forums where everyone >> is less than pleased >> >> https://supportforums.cisco.com/discussion/12456891/asa-5506-x-switchports >> >> anyone have any feedback, also given my above specs I would appreciate >> any recommendations / suggestions for a new FW. >> >> thanks >> >> PS: after i mentioned my findings to the vendor, he said perhaps a >> fortinet maybe better suited >> >> thanks >> >> >> >> >> >
