How to tell when my Fortigate 60 needs to be upgraded because of load problems

Posted on 2008-11-16
Last Modified: 2012-05-05
I have a Fortigate 60 firewall. I'd like to know how I can tell when I'd need to upgrade the firewall and when it is sufficient for my use.
1. Are CPU utilization and memory utilization the only things I should look at?
2. What are the limits for the CPU and memory utilization till which I am safe?
3. My CPU utilization is hardly 2-3 percent but my memory utilization is about 53% (in my current system) without the antivirus being on. Is that too high?

If someone can answer these questions it'd be of great help.

Question by:orazen11
    LVL 32

    Accepted Solution

    For any firewall CPU/Memory and traffic form the first basis to decide if the firewall can adequately handle traffic; other than this based on business requirements you might also look for other features like VPN, content filtering, anti-virus, anti-spam, user licenses, IDP (if an option).

    The rule of the thumb is if the firewall is not dropping packets and is not a performance bottleneck in your network then it is good to stay there. Mere 53% memory utilization does not indicate anything; you should look if that the is peak load or average load. Also, on weekends when the traffic should be low, what are the memory consumption trends. Finally, if everything appears normal and there are no alarms then you need not worry at this time. You might want to keep monitoring the CPU/memory utilization to see if that is actually affecting performance.
    I would say typically upto 80% memory consumption under load conditions is fine; anything above that if is averaged then you should observe to see any performance degradation.

    Hope this helps.

    Thank you.

    Author Comment

    Great. That sounds good. I was under the same impression but my vendor has been telling me to upgrade as according to him if the Antivirus is turned on and it reaches 70% utilization it'll be in dangerous zone. 53% memory utilization I mentioned in my previous message was the average utilization and the peak also stays close to that. The CPU utilization stays close to 3% and number of sessions ranges between 100 to 14000. I am unable to understand how such a wide range (the number of sessions drops drastically when I refresh the number of sessions) but as long as it is within the limit I think it should be fine.

    So as I understand there are three things I should be looking at (please correct me if I am wrong):
    1. CPU utilization (average and peak)
    2. Memory utilization (average and peak)
    3. Number of sessions (average and peak)

    If these are within limits then I don't need to upgrade. Right?

    LVL 32

    Expert Comment

    You are correct; I would say go ahead and enable Anti-virus on the device; if you see any performance degradation and the bottleneck is memory then upgrade as your vendor is suggesting. If there is no impact and the performance is good then nothing to worry! :)

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now