Fortigate 90D for XG-7100



  • I am thinking about changing my Fortigate 90D equipment for an XG-7100, since currently with 3000 sessions per second and 200,000 concurrent sessions 24 hours a day, the firewall uses 100% of the CPU and its administration is very slow. Ask about the features of Netgate and they tell me they do not have a datasheet like Fortigate ..http://openskytech.com/pdf/FortiGate_FortiWiFi_90D_Series.pdf

    Can you say that you have to have the equipment? Better real data is not what the manufacturer says.

    Thank you



  • @fjsantos said in Fortigate 90D for XG-7100:

    I am thinking about changing my Fortigate 90D equipment for an XG-7100, since currently with 3000 sessions per second and 200,000 concurrent sessions 24 hours a day, the firewall uses 100% of the CPU and its administration is very slow. Ask about the features of Netgate and they tell me they do not have a datasheet like Fortigate ..http://openskytech.com/pdf/FortiGate_FortiWiFi_90D_Series.pdf

    Can you say that you have to have the equipment? Better real data is not what the manufacturer says.

    Thank you

    Real data now.
    0_1544292034888_a0a5d94d-7dc7-49c3-8116-f738c1aea07a-image.png

    0_1544291828910_dcbedcf1-8e7a-48e8-8258-8ce1598dfef7-image.png


  • Netgate

    I fine it hard to believe you're establishing 3000 sessions per second and only moving 5Mbps consistently. Anything peculiar about your traffic makeup?



  • Hi Derelict.

    There are many cases in which there may be an unusual traffic for so many sessions, one of them, for example mine, server ntp stratum 1.

    Regards.



  • 0_1544421964627_5ab9428c-f174-44f9-ad6f-48b4d2736ae9-image.png !



  • Good night friends.

    Netgate has not been able to easily provide data on how many sessions per second the XG-7100 can manage without affecting performance.

    I have been able to replace a Fortigate 90D with a Fortigate 100D and here are the captures.

    As a comment, all this to serve an NTP Stratum 1.

    Could someone from the forum working with an XG-7100 performance be opting, with a service exposed to the Internet as a public DNS at the national level, an NTP or similar sercicios where the important thing is the sessions per second and concurrent and not the traffic generated?

    Thank you all.
    0_1544821976086_a3e9778b-8ddd-4491-a582-95ce99e517e2-image.png
    0_1544822218499_101e7d20-1f22-4251-926b-489ba5ddda98-image.png
    0_1544821934290_0ccb8f08-dc42-42e2-915a-5ac80a31a344-image.png



  • @fjsantos said in Fortigate 90D for XG-7100:

    200,000 concurrent sessions

    The spec page for the 7100 (https://www.netgate.com/solutions/pfsense/xg-7100.html) shows 8 million "Max Active Connections." The PDF you linked shows 2 million "Concurrent Sessions."

    I'm not sure if you're questioning pfSense, or the XG-7100, or both. Do you have an old PC you can install a second network card and install pfSense on, and just try it? Picking a random CPU benchmark web site they list these as similar benchmark numbers:
    Intel Celeron G1830 @ 2.80GHz
    AMD Phenom 9550 Quad-Core
    Intel Atom C3558 @ 2.20GHz <-- the 7100
    Intel Xeon X5270 @ 3.50GHz
    Intel Core i3-2328M @ 2.20GHz

    Note the 7100 has two SFP+ ports and a switch, not two Ethernet plus a switch.



  • Hi Steve.

    My question is about the "real" capabilities of the XG-7100. I love PfSense software and I know you can trust it on critical sites, that with good hardware, do everything you want.

    I know that with an old PC and a couple of nic I could solve this, but I would like to know how the XG-7100 works. We installed many fortigate at the end of the year and are becoming more expensive.

    Thanks for the idea.

    Regards


  • Rebel Alliance Netgate Administrator

    We are light on marketing materials as we find that most of our competitor's test criteria is not stated or the data is subjective and incomparable.

    Both the XG-7100 and the SG-5100 will be very capable unit's for what you are trying to achieve. I don't think many people on the forums are doing exactly what you are doing, any numbers they share won't be comparable.