IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
2022-03-22T21:11:03Z
Mar 22, 2022
The "old" answer: calculate how many concurrent connections you are gonna get from the devices in your network. But, nowadays, you should also define if it's an HW-based or SW-based router.
Also, check how many;
-VPN connections you need
-if you're gonna use QoS (consumes a lot of processor and RAM).
-if you're gonna use traffic analysis (same as above).
If you can get the sales area from any brand they gonna ask you those and more questions!!
I would add the throughput of NGFWs for the internal nets to my list.
Most people only focus on their WAN and forget they may have internal networks they need to protect from one another. Well, those networks operate at 1 GB normally if not higher.
If your firewall cannot handle the traffic odd things can happen. For example, on certain Sophos models if you attempt to pass more traffic than it can handle the firewalls simply reboot themselves. Thus, pay attention to the numbers.
To estimate the capacity of the firewall we need to consider:
1. Connectivity links to be connected, their throughput.
2. Concurrent and sessions.
3. Additional functions to be enabled: application control, SSL traffic inspection, web filtering, IPS, antivirus. 4. if it is going to be used for SSL VPN we need to consider the amount of SSL concurrent VPN connections.
On the physical side:
1. Type and quantity of ports to be used for links and to connect to the LAN: fiber and RJ45.
2. Single or dual power supply.
3. Rack space required.
Nowadays, we have advanced NGFW with SD-WAN and application control functionalities that allow collapsing in one single hardware with specialized processors that integrates border functions, LAN & WLAN management with security facilitating the It management and expanding security policies across all infrastructure.
E.g., Check the Fortinet Mesh concept for more details, great vision and Gartner's new security management concept.
The number of users - increasing # of users both local/remote will increase the size of the firewall needed.
The bandwidth available - Larger ISP pipes imply more user traffic increasing the size of the firewall needed.
SSL decryption - Requires more CPU and memory resources. Look to the SSL decryption throughput and then test this against your actual HTTPS traffic. Faster decryption/re-encryption requires firewalls with more throughput. Larger firewalls tend to have better throughput numbers.
Applications to be traffic shaped, SDWAN connections and the number of remote users supported by the firewall have an impact on the sizing.
Fortinet firewalls can be configured to control switches and APs. The number of devices controlled has a marginal impact but does require some CPU and memory resources.
Finally, the money available for purchase is the final calculation. Note that maintenance agreements are also part of this equation as an NGFW is a brick without maintenance.
Hello peers,
I work at a media company and am researching firewalls.
What are the differences between WatchGuard 390 and FortiGate 80F? Which solution do you prefer and why?
Thank you for your help.
Instrutor at a tech services company with 1,001-5,000 employees
Dec 20, 2022
Hello, The 820 and 850 belong to the family 800 of Palo Alto Firewall.I caught a comparison between both firewalls on the Palo Alto site and I believe it will help with your decision.Regards820 and 850 comparison
Hello peers,
We are looking for a firewall solution in Fortigate for a software training institution with 2000 students. Each student has one laptop and two mobile phones (maximum). There are four Internet connections, two broadbands, and two leased lines (optical fiber). There is no need for content filtering and application control. We need a solution for load balancing and traffic shaping.
...
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Dec 7, 2022
Hi @Gulzar C , Some of the preferred solutions seen in educational institutes are mentioned below:
Sophos.
Fortinet Fortigate.
Juniper SRX Firewall.
SonicWall.
Untangle was born in the educational sector, and now it has been acquired by Arista in case you would like to check it out. Any solution is recommended, it all depends on the budget, you can also check pfSense which is free. fatpipeinc.com is a native solution for balancing WAN, VERSA for 8 wan, FortiGate, Sophos, VMware and Cisco are the leaders on Gartner. Greetings
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote!
If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too!
...
Hi dear community members,
In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own!
Trending
These are the topics your peers are talking about on PeerSpot this week
How do I estimate the requir...
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers!
Also, special thanks to the articles' contributors included in this Community Spotlight:
@Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Dear PeerSpot community members,
This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.
Check them out!
Trending
See what your peers are discussing at the moment!
What were your main pain points during the SIEM product purchase process?
What...
Hi peers,
This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.
Articles
Check the top products and solutions below (selected based on peer reviews) or contribute your own article!
Top Security Orchestration Automation and Response (SOAR) Solutions
Top 8 Data Loss Prevention (DL...
Hi community members,
As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers.
Trending
See what is trending at the moment and chime in to discuss!
Top 8 Extended Detection and Response (XDR) Tools 2022
Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons?
What is the...
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
The "old" answer: calculate how many concurrent connections you are gonna get from the devices in your network. But, nowadays, you should also define if it's an HW-based or SW-based router.
Also, check how many;
-VPN connections you need
-if you're gonna use QoS (consumes a lot of processor and RAM).
-if you're gonna use traffic analysis (same as above).
If you can get the sales area from any brand they gonna ask you those and more questions!!
Good luck!
These are some excellent comments.
I would add the throughput of NGFWs for the internal nets to my list.
Most people only focus on their WAN and forget they may have internal networks they need to protect from one another. Well, those networks operate at 1 GB normally if not higher.
If your firewall cannot handle the traffic odd things can happen. For example, on certain Sophos models if you attempt to pass more traffic than it can handle the firewalls simply reboot themselves. Thus, pay attention to the numbers.
Hi Niranjan,
In my case, I use this simple template:
Throughput:
- Total WAN Bandwidth (Mbps)
- Average WAN Consumption (Mbps)
- Anticipated WAN growth over 3 years (%)
- Anticipated Peak Growth
- Anticipated Average Growth
WAN Protection:
- SSL/TLS Decryption (Yes/No)
- Intrusion Prevention (Yes/No)
- Application Control (Yes/No)
- Anti-Malware Protection (Yes/No)
- Web Protection (Yes/No)
VPN:
- Concurrent IPSec tunnels
- Concurrent SSL VPN tunnels
-IPSec peak throughput requirements (Mbps)
Authentication:
-Nb users
After filling this template, I compare it with the market firewall's constructors.
At this point, the calculator is my experience to choose the best solution :)
Regards,
A.Rastello
To estimate the capacity of the firewall we need to consider:
1. Connectivity links to be connected, their throughput.
2. Concurrent and sessions.
3. Additional functions to be enabled: application control, SSL traffic inspection, web filtering, IPS, antivirus.
4. if it is going to be used for SSL VPN we need to consider the amount of SSL concurrent VPN connections.
On the physical side:
1. Type and quantity of ports to be used for links and to connect to the LAN: fiber and RJ45.
2. Single or dual power supply.
3. Rack space required.
Nowadays, we have advanced NGFW with SD-WAN and application control functionalities that allow collapsing in one single hardware with specialized processors that integrates border functions, LAN & WLAN management with security facilitating the It management and expanding security policies across all infrastructure.
E.g., Check the Fortinet Mesh concept for more details, great vision and Gartner's new security management concept.
The number of users - increasing # of users both local/remote will increase the size of the firewall needed.
The bandwidth available - Larger ISP pipes imply more user traffic increasing the size of the firewall needed.
SSL decryption - Requires more CPU and memory resources. Look to the SSL decryption throughput and then test this against your actual HTTPS traffic. Faster decryption/re-encryption requires firewalls with more throughput. Larger firewalls tend to have better throughput numbers.
Applications to be traffic shaped, SDWAN connections and the number of remote users supported by the firewall have an impact on the sizing.
Fortinet firewalls can be configured to control switches and APs. The number of devices controlled has a marginal impact but does require some CPU and memory resources.
Finally, the money available for purchase is the final calculation. Note that maintenance agreements are also part of this equation as an NGFW is a brick without maintenance.
Different vendors have different metrics to consider but it all comes down to throughput, user count and processing power requirements.
For instance, if you switch on all the NGFW features, the device may have to be sized up to cope with the extra processing requirements.
There are many factors but it is the number of users and the second is throughput.