2

Is there any way to do this?

We are looking into buying a Fortigate 100D but are unsure if it will hold up to our requirements.

http://www.fortinet.com/products/fortigate/100D.html

While the firewall throughput at 1518 Bytes looks great (2.5 Gbps), but at 64 Bytes (200 Mbps) it seems to go down quite a bit.

We have around 30 active computers, but only 4-5 that really use the network 8x5.

I want to see on average our packet size as to judge which model we need.

Mint
  • 456
  • 2
  • 9
  • 23
  • Are you wanting to measure traffic between the LAN and the Internet, or all traffic within the LAN? What is your current edge router? – mgorven May 14 '12 at 01:22
  • I'm a bit confused as to what the fortigate "firewall throughput" is for? Is it just for traffic between fortigate and the internet (WAN port). Our current firewall is an old ISA 2006 PC. Hence the upgrade. – Mint May 14 '12 at 01:24

1 Answers1

5

The problem that your hitting is that Fortigate's Marketing department got a hold of the webpage for the product and gave you a useless as crap number (data rate_. What you need to know is the products throughput in packets per second (PPS). Unfortunately Managers like units they've seen before, so they don't feel "out of the loop". The size of the packet has almost nothing to do with the product's ability to analyze and forward it.

Almost any router, switch, or OS should be able to quickly tell you how many packets your sending and/or receiving. This is the number you'll need to compare against the different models. If you contact Fortinet's sales department they should be able to give you approximate values for their products throughput (in the useful PPS number). They may call it a "Packet Forward Rate", depending on what century they got into the biz.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • Also, products will have different switching and routing rates. – Rapzid May 14 '12 at 03:27
  • The 200D has 290 Kpps, how do I know if this is enough for our network though? – Mint May 14 '12 at 03:30
  • @Mint I'm assuming you'll be using this as a firewall/NAT box to the Internet (only). If that's the case, the quickest way to get the average PPS is to open powershell on that box and run `gwmi Win32_PerfFormattedData_Tcpip_NetworkInterface`. The output is somewhat long, but one of the first interfaces should be your Local Area Connection, with the PacketsPersec counter. Note, since it's averaged since the server was last rebooted you might have to multiply by about 3x to 6x to get your peak period PPS. There are more accurate ways, but this is quick and usually good enough. – Chris S May 14 '12 at 11:50