I was just speaking to a fortinet specialist and he informed me that turning on the 90D's AV reduces the throughput from 3.5gig to 35meg - he suggested the 80D ,despite only having a 950meg WAN, when AV is turned on it only goes down to 250meg (almost 8x more than that of the 90) I don't see the 80d listed in their product matrix link below, I'm wondering why it's been omitted .
From: [email protected] Date: Wed, 30 Dec 2015 22:07:44 -0500 Subject: Re: [NTSysADM] Cisco 5506 - (was new firewall) To: [email protected] +1 The number of interfaces grows as you move up the product line, but the real value, as Richard points out, is throughput and sessions per second. Adding UTM features eats into your bandwidth, so you want to start with sufficient headroom rather than have to jettison protection that you paid for. Take a look at AV throughput, for example. http://www.fortinet.com/sites/default/files/productdatasheets/Fortinet_Product_Matrix.pdf You can match your needs against the matrix and then see where the best cost/benefit lies. Regards, ASB http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market… GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Wed, Dec 30, 2015 at 8:29 PM, Richard Stovall <[email protected]> wrote: I don't know the Fortinet devices, but 'beefier' also typically means faster UTM throughput. We upgraded from Sonicwall NSA 240s to 2600s and the performance increase was quite nice. Even if you don't use all those interfaces, the processing power of the box is a consideration. On Wed, Dec 30, 2015 at 7:57 PM, J- P <[email protected]> wrote: So you advise against the 60d and advise the 90d would be a wiser choice? Just by looking the specs , and as much as I know them the first two arguments will be; "why do we need 14 lan ports ports on a firewall" and "we will never have the need for 200 vpn tunnels" I will tell them that i strongly advise the 90, but ultimately they have to choose thx to everyone for the feedback and Happy New Year From: [email protected] Date: Wed, 30 Dec 2015 19:20:53 -0500 Subject: Re: [NTSysADM] Cisco 5506 - (was new firewall) To: [email protected] If you stick to the Fortigate 60D and a 1 year subscription for the signatures/services, you can hit that range: https://www.google.com/search?q=fortigate+60d+price&oq=fortigate+60d&tbm=shop IPsec VPNs are included, SSL VPNs could cost some more. There's also pfSense appliances, which might help with the costs. Frankly, for that size business, I'd recommend putting the price range in the $1000-1500 range, and getting a slightly beefier device + 3yr security subscription (which affects the UTM features, primarily). Regards, ASB http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market… GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Wed, Dec 30, 2015 at 2:39 PM, J- P <[email protected]> wrote: Ideally under in the 500 to 700 USD range (INCLUDING the support/mtc/licesning that it may require) I know with Cisco you have to get the support contract , and you also have to pay for vpns separately as well. Jean-Paul Natola From: [email protected] Date: Wed, 30 Dec 2015 14:05:28 -0500 Subject: Re: [NTSysADM] Cisco 5506 - (was new firewall) To: [email protected] I'd recommend a Fortinet 60D or maybe a 90 What is your anticipated budget for this? ASB http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market… GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Wed, Dec 30, 2015 at 11:40 AM, J- P <[email protected]> wrote: So I was looking at new firewalls for a small office 50 users- ~100 nodes dual wan 100mb & 25 mb support for 5 vpn tunnels and a few dial in users I emailed a vendor and they recommended the New 5506, so in doing my due diligence , i came across MANY MANY people that are not happy with this "upgrade of the 5505". here is a link from the Cisco forums where everyone is less than pleased https://supportforums.cisco.com/discussion/12456891/asa-5506-x-switchports anyone have any feedback, also given my above specs I would appreciate any recommendations / suggestions for a new FW. thanks PS: after i mentioned my findings to the vendor, he said perhaps a fortinet maybe better suited thanks
