Choosing Wisely: 5 Critical Factors for Selecting Your Next FortiGate Firewall

(Subtitle: Don’t Get Burned: Ensure Performance, Security, and Scalability for Your Network)

In today’s rapidly evolving digital landscape, robust network security isn’t just an IT requirement; it’s a fundamental business necessity. Cyber threats are becoming more sophisticated, and your firewall often stands as the crucial first line of defense. Fortinet, a recognized leader in cybersecurity, offers the FortiGate line of Next-Generation Firewalls (NGFWs), known for their powerful performance and integrated security features.

However, Fortinet offers a wide array of FortiGate models, each tailored for different environments and needs. Choosing the right one is critical. Select an underpowered model, and your network grinds to a halt. Overspend on an oversized unit, and your budget takes an unnecessary hit. Make the wrong choice, and you might lack the specific security features needed to protect against modern threats.

So, how do you navigate this complex decision? This guide will walk you through the five most critical factors to consider, ensuring you select the optimal FortiGate firewall for your unique requirements.

Choose the Right FortiGate From The Start

Take our quick quiz to get a personalized suggestion for your business.

Start Quiz

Modern abstract graphic representing potential or growth


1. Performance & Throughput Requirements

Think of your firewall as the main highway interchange for your network traffic. If it can’t handle the volume, you get gridlock. An underpowered firewall becomes a frustrating bottleneck, slowing down applications and hindering productivity. Conversely, over-provisioning wastes resources.

To choose correctly, you need to understand key performance metrics found on FortiGate datasheets:

  • Firewall Throughput: Measures basic packet filtering speed (stateful inspection). Often the highest number, but not reflective of real-world performance with security features enabled.
  • IPS Throughput: Performance with the Intrusion Prevention System active.
  • NGFW Throughput: Performance with core NGFW features like IPS and Application Control running.
  • Threat Protection Throughput: This is often the most critical metric. It reflects performance with multiple advanced security services running simultaneously (like IPS, Antivirus, Web Filtering, Application Control). Use this as a more realistic benchmark.
  • VPN Throughput (IPSec & SSL): Crucial if you rely heavily on remote access or site-to-site VPNs.
  • Concurrent Sessions: The total number of active connections the firewall can track simultaneously.
  • New Sessions Per Second: How quickly the firewall can establish new connections, important for environments with lots of short-lived connections (like web browsing).

How to Assess Your Needs: Analyze your current peak network traffic, consider your internet circuit speeds, count your users and devices, and importantly, project your growth over the next 3-5 years. Always look for a model that exceeds your current needs to provide headroom.

2. Required Security Services (NGFW/UTM Features)

Gone are the days of simple port blocking. Modern threats require layered security, which FortiGate delivers through its integrated suite of FortiGuard security services (often called Unified Threat Management or UTM). Enabling these services is why you invest in an NGFW, but you need to choose the right services and ensure your chosen model can run them effectively.

Key FortiGuard Services to Consider:

  • Intrusion Prevention System (IPS): Protects against known exploits.
  • Antivirus (AV) / Anti-malware: Scans traffic for malicious files.
  • Web Filtering: Controls access to websites based on category and risk.
  • Application Control: Identifies and controls traffic based on the application, not just port.
  • SSL Inspection: Decrypts and inspects encrypted traffic (vital, as much traffic is now encrypted, but resource-intensive).
  • Sandboxing: Sends suspicious files to a safe environment for analysis to detect zero-day threats.
  • SD-WAN: Many FortiGates include robust Secure SD-WAN capabilities for optimizing and securing WAN connections.

Matching Features to Needs: Identify your organization’s specific risks, compliance requirements (like PCI-DSS or HIPAA), and security policies. Which threats are you most concerned about? Which services are essential versus optional? Remember, enabling more security services impacts performance, directly linking back to Factor 1 – ensure the Threat Protection throughput aligns with your needs with your desired services enabled.

3. Scalability and Future-Proofing

Your business and its network needs aren’t static. You’ll likely add more users, adopt new technologies, potentially increase internet speeds, or even expand to new locations. Your firewall needs to be able to grow with you. Choosing a model solely based on today’s requirements can lead to a costly replacement sooner than expected.

Consider these scalability factors:

  • User & Device Growth: How much do you anticipate your user count or the number of connected IoT devices increasing?
  • Bandwidth Increases: Are faster internet connections planned in the next few years?
  • Network Expansion: Will you be adding new branches, connecting to cloud environments (requiring specific VPN performance), or integrating networks after a merger?
  • New Applications: Will you deploy bandwidth-heavy or latency-sensitive applications?
  • High Availability (HA): Is network uptime absolutely critical? If so, you’ll need a pair of FortiGates configured for redundancy (check specific model support for HA modes).

Choosing for Growth: Aim for a model that offers roughly 30-50% more performance capacity (especially Threat Protection throughput) than your current peak needs dictate. This buffer helps ensure smooth operation as your demands increase.

4. Management and Integration (Security Fabric)

How you manage your firewall significantly impacts operational efficiency, security posture, and troubleshooting time. Fortinet offers several options:

  • On-box Management: Using the intuitive Web GUI or powerful Command Line Interface (CLI) directly on the device. Ideal for single-firewall deployments.
  • FortiManager: A centralized management platform essential for organizations deploying multiple Fortinet devices (FortiGates, FortiSwitches, FortiAPs, etc.). It simplifies policy deployment, monitoring, and configuration across the board.
  • FortiCloud: A cloud-based management option offering convenience, particularly for distributed sites or smaller businesses wanting simplified oversight.

Beyond basic management, consider Fortinet’s Security Fabric. This is Fortinet’s architectural approach where various Fortinet products integrate seamlessly, sharing threat intelligence and enabling automated responses. If you already use or plan to use other Fortinet products (like switches, access points, or FortiAnalyzer for logging), selecting a FortiGate ensures tight integration, unified visibility, and a stronger overall security posture.

5. Licensing, Support, and Total Cost of Ownership (TCO)

The price tag on the hardware is just the beginning. To unlock the advanced security features (Factor 2) and receive essential support, you need subscriptions. Understanding these recurring costs is vital for calculating the Total Cost of Ownership (TCO).

Key Cost Components:

  • Hardware Cost: The initial purchase price of the physical appliance or virtual license.
  • FortiGuard Subscriptions: These bundles activate the security services. Common bundles include:
    • UTM Protection: Includes core protections like NGFW (App Control, IPS), AV, Web Filtering, and Anti-Spam.
    • Enterprise Protection: Typically includes everything in UTM plus features like Security Rating, Industrial Security, and potentially FortiCASB.
    • ATP (Advanced Threat Protection): Focuses on advanced threats, often including Sandboxing.(Bundle contents can evolve, always check current Fortinet documentation). Licenses are usually sold in 1, 3, or 5-year terms.
  • FortiCare Support: This subscription provides technical support, firmware updates, and hardware replacement options (with different Service Level Agreements – SLAs). It’s essential for maintaining uptime and getting help when needed.

Making the Right Choice: Carefully match the FortiGuard bundle to the security services you identified in Factor 2. Don’t overpay for services you won’t use, but absolutely ensure you license the protections you need. Factor in the cost of hardware, multi-year subscriptions, and support renewals when comparing models to understand the true TCO over the firewall’s expected lifespan (typically 3-5 years).

Bonus Considerations

While the five factors above are critical, also keep these in mind:

  • Form Factor: Desktop models for small offices, rackmount units for server rooms/data centers, virtual machines (VMs) for virtualized environments, or cloud-native versions for public cloud deployments (AWS, Azure, GCP).
  • Port Density and Types: Ensure the model has the right number and type of ports (Copper, Fiber) at the speeds you need (1GbE, 10GbE, 40GbE+). Some models offer Power over Ethernet (PoE) ports.
  • Specific Use Cases: Different models might be optimized for roles like a small branch office, a large campus edge, internal network segmentation, a high-performance data center, securing cloud environments, or even specialized OT/ICS environments.

Conclusion: Making the Right Choice for You

Selecting your next FortiGate firewall is a significant decision that impacts your network’s performance, security, and your organization’s bottom line. By carefully evaluating your needs against these five critical factors – Performance, Security Services, Scalability, Management/Integration, and Licensing/TCO – you can make an informed choice that provides robust protection and value for years to come.

Feeling ready to choose, or still weighing the options? Balancing performance metrics, security bundles, and future growth can feel complex. To simplify the process and get a personalized recommendation based on your specific needs, try our quick and easy quiz!

Ready to find the perfect fit?

➡️ Take the “Find the Right FortiGate For You” Quiz Now! ⬅️

By investing a few minutes now in careful consideration (and perhaps taking our helpful quiz!), you can deploy your next FortiGate with confidence.