Fortinet white logo
Fortinet white logo

Handbook

6.0.0

Performance

Performance

  • Disable any management features you do not need. If you don’t need SSH or SNMP, disable them. SSH also provides another possibility for would-be hackers to infiltrate your FortiGate unit.
  • Put the most used firewall rules to the top of the interface list.
  • Log only necessary traffic. The writing of logs, especially if to an internal hard disk, slows down performance.
  • Enable only the required application inspections.
  • Keep alert systems to a minimum. If you send logs to a syslog server, you may not need SNMP or email alerts, making for redundant processing.
  • Establish scheduled FortiGuard updates at a reasonable rate. Daily updates occurring every 4-5 hours are sufficient for most situations. In more heavy-traffic situations, schedule updates for the evening when more bandwidth can be available.
  • Keep security profiles to a minimum. If you do not need a profile on a firewall rule, do not include it.
  • Keep VDOMs to a minimum. On low-end FortiGate units, avoid using them if possible.
  • Avoid traffic shaping if you need maximum performance. Traffic shaping, by definition, slows down traffic.

Performance

Performance

  • Disable any management features you do not need. If you don’t need SSH or SNMP, disable them. SSH also provides another possibility for would-be hackers to infiltrate your FortiGate unit.
  • Put the most used firewall rules to the top of the interface list.
  • Log only necessary traffic. The writing of logs, especially if to an internal hard disk, slows down performance.
  • Enable only the required application inspections.
  • Keep alert systems to a minimum. If you send logs to a syslog server, you may not need SNMP or email alerts, making for redundant processing.
  • Establish scheduled FortiGuard updates at a reasonable rate. Daily updates occurring every 4-5 hours are sufficient for most situations. In more heavy-traffic situations, schedule updates for the evening when more bandwidth can be available.
  • Keep security profiles to a minimum. If you do not need a profile on a firewall rule, do not include it.
  • Keep VDOMs to a minimum. On low-end FortiGate units, avoid using them if possible.
  • Avoid traffic shaping if you need maximum performance. Traffic shaping, by definition, slows down traffic.