We're quickly approaching the IPSec throughput limits of our PA-3020. We're currently at roughly 60% sustained dataplane CPU utilization with the majority of it attributed to IPSec tunnels and we're adding more and more tunnels every month. We do much more than IPSec on the PaloAlto. Upgrading to a higher end PaloAlto is cost-prohibitive for us so I started to research some other solutions to offload the IPSec.
FortiGate seems to have massive amounts of IPSec throughput per dollar compared to Cisco or PaloAlto. Seems like a great fit for us but before I engaged our VAR for demos/licensing?/pricing I wanted to make sure I wasn't missing anything.
Do FortiGate firewalls typically reach the throughput advertised? We're just going to be using these for IPSec tunnels with BGP routing over the tunnels. All content filtering/blocking/inspection/IPS/IDS/etc will still be managed by our PaloAlto so we're not interested in the Firewall/IPS/NGFW/Threat Protection throughput of the device.
No comments:
Post a Comment