IPSEC VPN throughput

Posted a similar question to /r/fortinet but thought maybe other recommendations would be warranted.

We're an acute-care hospital - around 90 beds.; probably around 600 guest users (employee phones, patient phones, etc), another 200 private-wireless/wired users, and various medical devices. Our 2 ISP connections (100 Mbps and 500 Mbps) aren't really tapped most of the time except during snapshot/replication pushes off-site, which we're doing more and more of. We have a circuit upgrade in the future that should push both circuits to 500 Mbps.

Right now, we have in place 2x ASA 5525-X firewalls and are crushing our IPSEC VPN throughput limit. 5525 datasheet says that IPSEC is limited to 300 Mbps, and our Palo Alto is limited to 500 Mbps per the data sheet. We're doing VM snapshots to AWS, various imaging study pushes and pulls to/from our facility, etc.

We're looking to up our VPN throughput so we're not stepping all over ourselves with the 15-18 active IPSEC VPN tunnels we have at any given time. My thought is to eliminate the 5525's and the Palo Alto that sit at our edge for a pair of Fortigates. Even moving to strictly the Palo, we're limited to 500 Mbps of VPN throughput.

Can anyone recommend what model Fortigate to go with, or should I look at other hardware? I feel the 100E might be too small; reseller in the past recommended 500E but even that might be too big. Anyone have any advice/direction/opinions?