< Back to Tech Corner

Build Your Security Strategy with the FortiGate 200F NGFW Firewall

Challenges have brought many of our clients to one question. How can we leverage the changes we've seen in the data center landscape to have the most impactful security strategy moving forward? Three key technologies step out from the crowd, Network Security, SD-WAN, and Network Automation. The previous Tech Corner post highlighted two OEM leaders in the SD-WAN and wireless spaces, this week we put our focus on Network Security. 

Security professionals were in a demanding position before the pandemic, and that demand only increased once remote working became normal for everyone. While the world takes on the challenge of a virus affecting human health, security professionals remain focused on network health and adapting to attacks.

Threat management has its challenges as more and more data is being generated along with higher traffic flow. Today, we put network security concerns and challenges up against a Next-Generation Firewall (NGFW) from Fortinet. The FortiGate 200F series NGFW is built to take on threat management and network security for mid-sized to large enterprises. This firewall can be deployed at the campus or enterprise branch level. As offices have been shaken by the pandemic, this firewall remains stable in protecting your network even when employees become remote. Let’s dive into the performance, management, and overall protection of the FortiGate 200F Next-Generation Firewall.

fortinet logo

A Quick Look at Fortinet

Fortinet offers high-performance, integrated security solutions to Enterprise, Small Business, and Security Service Providers. They empower their customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Organizations looking for application control, intrusion prevention, and advanced visibility across their network should look to Fortinet’s FortiGate NGFWs. Their recognition by Gartner as an industry leader proves they are not only strong in threat protection but remain relevant in innovation.

Deploying the 200F Series

fortinet 200f series firewall

With full power redundancy, an SD-WAN processor, and performance that matches next-tier devices, the FortiGate 200F NGFW is the firewall you may be looking for to combat security threats. Its AI-powered FortiGuard Labs threat intelligence prevents and detects attacks, mitigating exploitable vulnerabilities within your network. As an administrator, you’ll have full visibility of users, devices, applications, and consistent security policy enforcement through enhanced real-time and historical analytics. The FortiGate 200F Series gives you a Next-Generation Firewall, Secure SD-WAN, and a Secure Web Gateway in one device. Here is how the multi-layered advanced protection keeps your network secure:

Firewall IPS NGFW Threat Protection Interfaces
27 Gbps 5 Gbps 3.5 Gbps 3 Gbps Multiple GE RJ45, GE SFP and 10 GE SFP+ slots

 

Expedited deployment with zero-touch provisioning and automated VPN tunnels help simplify the firewall's management. Through intuitive workflows the overall security posture benefits. Take a look at the full data sheet here.

Palo Alto's PA-800 versus the Fortigate 200F

Palo Alto Networks, a powerhouse in the firewall space, designed a firewall series powered by machine learning that competes in a same-tier comparison to the FortiGate 200F. The PA-800 series (PA-820 and PA-850) focuses on providing secure connectivity for branch offices and midsize businesses. When looking at a side-by-side comparison of Fortinet and Palo Alto firewalls, there is a small challenge. Palo Alto publishes their performance metrics using HTTP, rather than UDP, as they believe HTTP is more computationally strenuous. In the table below, we still put them side-by-side in the key performance areas to give you a view of both firewalls.

Unit / Model FortiGate 200F PA-850
Firewall Throughput* 27/27/11 Gbps 2.1/2.1 Gbps
Threat Prevention** 3 Gbps 1.0/1.2 Gbps
IPsec VPN Throughput*** 13 Gbps 1.6 Gbps
New Sessions per Second 280,000 (TCP) 13,000
Concurrent/Max Sessions 3 Million (TCP) 192,000
  • *Firewall Throughput Measurements 
    • FortiGate: 1518/512/64 byte UDP packets
    • PA: Firewall throughput is measured with App-ID and logging enabled, using 64 KB HTTP/appmix transactions
  • **Threat Prevention Measurements
    • FortiGate: Firewall, IPS, Application Control, URL filtering, and Malware Protection with sandboxing enabled
    • PA: Threat Prevention throughput is measured with App-ID, IPS, antivirus, antispyware, WildFire, file blocking, and logging enabled, utilizing 64 KB HTTP/appmix transactions
  • **IPsec VPN Throughput
    • FortiGate: 512 byte using AES256-SHA256
    • PA: IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled

 

fortinet 200f vs. palo alto 800 firewalls

 

Both the PA-800 series and FortiGate 200F are built for similar tier networks, small to medium-sized businesses, but the comparison doesn’t stop there. The FortiGate 200F challenges Palo Alto’s 3220 firewalls as well. The 200F’s dual PSU, four 10G slots, two GE RJ45 HA/MGMT ports, and 16 G RJ45 ports put its performance in line with the 3220 from Palo Alto. When looking at the overall comparison between Fortinet and Palo Alto, it comes down to which has the better performance per price. As price comes into the game, Fortinet knocks Palo Alto off as Fortinet has the more attractive total cost of ownership. If price isn’t as big of a factor, Palo Alto’s ability to meet performance requirements is unmatched with its advanced features.

                                     

Hardware Options For You

It's important to compare firewalls like the Palo Alto and Fortinet devices. Here at PivIT, we know the importance stretches beyond the firewall to what is available today, financing options, and more. We make it easy for you to find the hardware to build your network on your terms.

Explore Hardware Options

                                     

Technical Specs

Unit Measurement
System Performance - Enterprise Traffic Mix  
IPS Throughput 5 Gbps
NGFW Throughput 3.5 Gbps
Threat Protection 3 Gbps
System Performance  
Firewall Latency (64 byte UDP packets) 4.78 
Firewall Throughput (packets per second) 16.5 Mpps
Concurrent Session (TCP) 3 Million
Firewall Policies 10,000
SSL-VPN Throughput 2 Gbps
Application Control Throughput (HTTP 64K) 13 Gbps
CAPWAP Throughput (HTTP 64K) 20 Gbps

 

Leave a comment below or get in touch with your firewall needs! Here at PivIT, we offer a fresh approach to sourcing, maintaining, and servicing your data center infrastructure. We’ve reimagined the status-quo and offer our customers strategies not found in the traditional IT channels. Our focus is to examine your CAPEX/OPEX limitations and present you with options to free up your budget, achieve your goals and Do IT Better.