·8 min read

How to size a Fortinet firewall for your business

Picking the wrong-sized FortiGate is one of the most common — and most expensive — mistakes in network security buying. Too small, and your firewall becomes the bottleneck the moment you enable IPS and SSL inspection. Too large, and you've spent two or three times the budget on capacity you'll never use.

This guide walks through a practical sizing rubric used by our sales engineers, the three numbers that actually matter, and a quick model-by-model fit chart.

The three numbers that actually drive sizing

Forget marketing throughput claims for a moment. Real-world FortiGate sizing comes down to three inputs:

1. Concurrent user count

This is the number of people generating traffic at peak hours, not your total headcount. A 200-person office where engineering is on-prem at 9 AM looks the same to a firewall as a 200-person hybrid team where 60 are usually remote.

For sizing:

  • Up to ~75 concurrent users — FortiGate 30G–70G range is a comfortable fit
  • 75–500 concurrent users — FortiGate 90G–121G handles this with headroom
  • 500+ concurrent users — FortiGate 200G or larger; talk to a sales engineer

2. Internet throughput, measured with security services on

This is where most spec-sheet sizing goes wrong. Fortinet publishes multiple throughput numbers per model — "firewall throughput", "threat protection throughput", "IPS throughput", "SSL inspection throughput". They differ by 5-10× on the same hardware.

For a serious deployment, plan against the IPS+SSL inspection number, not the raw firewall number. If your ISP delivers 1 Gbps and you want IPS + SSL deep inspection on most traffic, a model rated "1 Gbps firewall throughput" but only "300 Mbps IPS throughput" will choke at peak hours.

3. Which security services you actually need

The four services that matter for throughput math:

  • Stateful firewall — cheapest in CPU; every model handles line rate
  • IPS (Intrusion Prevention) — moderate cost; cuts throughput 40-60% on smaller models
  • Antivirus + web filtering — moderate cost; usually bundled with IPS load
  • SSL/TLS deep inspection — most expensive; cuts throughput 70-90%

If you're terminating SSL for inspection on most outbound traffic (which most modern deployments do), use the SSL-inspection throughput as your sizing ceiling.

A quick model-by-model fit chart

The current Fortinet G-series replaces the older E-series and F-series:

| Tier | Model range | Typical fit | Starting price | |---|---|---|---| | Small business | FortiGate 30G – 70G | Up to ~75 users, sub-gigabit internet, branch offices | from $395 | | Mid-market | FortiGate 90G – 121G | 75-500 users, gigabit internet, SD-WAN, multi-site | from $2,150 | | Enterprise | FortiGate 200G+ | 500+ users, multi-gig internet, high-throughput SSL inspection | from $6,600 |

Prices reflect base hardware; add an Enterprise (-BDL-809) or Unified Threat Protection (-BDL-950) bundle for multi-year support and threat intelligence subscriptions.

Common sizing mistakes to avoid

1. Sizing for current users instead of 3-year users. Firewalls are a 3-5 year asset. If you're a 100-person company growing 20%/year, size for 175.

2. Forgetting about VPN concurrency. SSL-VPN and IPsec tunnel limits vary widely by model. A FortiGate 60F supports ~500 concurrent SSL-VPN users; a 30G supports ~100. If you have a hybrid workforce, this often constrains sizing more than throughput.

3. Picking based on "max throughput" instead of inspected throughput. The number on the box is rarely the number you'll get with the services you bought the firewall for.

4. Not budgeting for FortiCare + FortiGuard subscriptions. The hardware is one-time; the subscriptions are recurring and required for IPS signatures, antivirus updates, and web filtering categories. Budget for 3-5 years up front.

Need help picking?

Two ways to get a sized recommendation in minutes:

  • AI Security Advisor — Our Claude-powered advisor on the homepage asks the right sizing questions and recommends specific SKUs and bundles.
  • Browse by use case/solutions groups our catalog into Small Business, Mid-Market, and Enterprise tiers with pre-engineered options.

For enterprise orders (subtotal $3,000+), every quote is reviewed by a dedicated account manager before delivery.

← More buyer's guidesBrowse the catalog