my provider recommends me to replace current RB1100AHx2 to FortiGate 60E. If we don’t take into account antivirus & etc. features - how does Mikrotik compares to FortiGate on port forwarding and filtering?
FortiGate 60E technical documentation gives 3 Gbps throughput (1518/512/64 byte UDP) when Mikrotik RB1100AHx2 gives 2.9/1.0/0.142 Gbps throughput (1518/512/64 byte UDP with 25 firewall rules - and I have ~100 firewall rules, so speed will be lower?). Fortigate 60E indicates 3 us latency, when RB1100AHx2 latency I failed to find.
Which one is better? Has better routing/filtering performance?
IF they promise same performance with any size of the packets, i can tell you for sure it is hardware abased solution, so your biggest problem will be feature set, usually hardware based solutions have limited feature set.
Those performance numbers are worst case scenario numbers, when software needs to check against all 25 filter rules, usually accept= established and related, captures most of the traffic before that, and there are things like fasttrack, so…
If you looking for firewalling and packet inspection, then the Fortigate is the way to go, they work brilliantly and we have them deployed all over our infrastructure.
However take the fortigate numbers with a pinch of salt. Once you enable things like anti-virus flow filtering and DPI then these numbers do drop (look at the NGFW & Threat Protection numbers they list on their spec sheets). The 60E only does 180Mbps of full threat protection.
How much traffic are you looking at pushing through it?
Office with 25 PCs + 10 iPads. However we plan video streaming from Internet for our internal demonstrations, so there will be spikes on throughput requirement.
We have optical cable with 60 Mbps speed limit.