Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1135
  • Last Modified:

How to tell when my Fortigate 60 needs to be upgraded because of load problems

Hi,
I have a Fortigate 60 firewall. I'd like to know how I can tell when I'd need to upgrade the firewall and when it is sufficient for my use.
1. Are CPU utilization and memory utilization the only things I should look at?
2. What are the limits for the CPU and memory utilization till which I am safe?
3. My CPU utilization is hardly 2-3 percent but my memory utilization is about 53% (in my current system) without the antivirus being on. Is that too high?

If someone can answer these questions it'd be of great help.

Thanks.
0
orazen11
Asked:
orazen11
  • 2
1 Solution
 
dpk_walCommented:
For any firewall CPU/Memory and traffic form the first basis to decide if the firewall can adequately handle traffic; other than this based on business requirements you might also look for other features like VPN, content filtering, anti-virus, anti-spam, user licenses, IDP (if an option).

The rule of the thumb is if the firewall is not dropping packets and is not a performance bottleneck in your network then it is good to stay there. Mere 53% memory utilization does not indicate anything; you should look if that the is peak load or average load. Also, on weekends when the traffic should be low, what are the memory consumption trends. Finally, if everything appears normal and there are no alarms then you need not worry at this time. You might want to keep monitoring the CPU/memory utilization to see if that is actually affecting performance.
I would say typically upto 80% memory consumption under load conditions is fine; anything above that if is averaged then you should observe to see any performance degradation.

Hope this helps.

Thank you.
0
 
orazen11Author Commented:
Great. That sounds good. I was under the same impression but my vendor has been telling me to upgrade as according to him if the Antivirus is turned on and it reaches 70% utilization it'll be in dangerous zone. 53% memory utilization I mentioned in my previous message was the average utilization and the peak also stays close to that. The CPU utilization stays close to 3% and number of sessions ranges between 100 to 14000. I am unable to understand how such a wide range (the number of sessions drops drastically when I refresh the number of sessions) but as long as it is within the limit I think it should be fine.

So as I understand there are three things I should be looking at (please correct me if I am wrong):
1. CPU utilization (average and peak)
2. Memory utilization (average and peak)
3. Number of sessions (average and peak)

If these are within limits then I don't need to upgrade. Right?

Thanks.
0
 
dpk_walCommented:
You are correct; I would say go ahead and enable Anti-virus on the device; if you see any performance degradation and the bottleneck is memory then upgrade as your vendor is suggesting. If there is no impact and the performance is good then nothing to worry! :)
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now