Fortigate recently issued a new product matrix for 2017, and it had an interesting update to the 2016 version.
Our base model router has until recently been the Fortigate 50e, which we chose in 2015 as it had an IPsec throughput of 200Mbps, which aligned well with the 200/200 UFB service, and also had an NGFW (firewall packet inspection) throughput of 220Mbps, again making it well suited to what was then the fastest BS2a UFB service available.
The latest version of the Fortigate product matrix now shows the 50e as having an IPsec throughput of 90Mbps, which raised the obvious question, how did the VPN throughput suddenly drop by 110Mbps?
The response from Fortinet was as follows:
“We used a different VPN encryption type in the previous datasheet and we released the revised numbers using the more secure AES256-SHA256 cypher.”
The AES256 is becoming the most widely used encryption variant, meaning the 50e must be grandfathered. For most clients with managed routers from Lightwire, an IPsec limitation is irrelevant, but best practice dictates that we move to a more capable router.
As such we have made the 60e our new based model router/firewall for Ethernet connections.
This model has IPsec throughout of up to 2.5Gbps, and NGFW throughput up to 250Mbps, and we are able to offer it at the same price as we have offered the 50e to date.
Brendan Ritchie