Overview
In FortiProxy, the number of concurrent proxied sessions subjects to the number of available seats in a FortiProxy. Each seat is entitled to 25 concurrent proxied-sessions with security (UTM) applied. The number of seats is determined by the license upon purchase. When the number of proxied sessions exceeds the limit allowed by the purchased license, new proxied sessions are blocked (default) or bypassed, depending on the configuration, without undergoing UTM.
To maximize license utilization and minimize business interruption, you can configure FortiProxy to allow sharing of available seats with peer devices in a Security Fabric group. All member devices with license sharing enabled contribute their seats to and acquire seats from the shared seat pool managed and maintained by the Security Fabric root. The root dynamically allocates licenses to downstream devices per request based on the number of sessions going through the device. When you remove a member from the Security Fabric, the licenses contributed by the member are removed from the license pool. When a member goes offline, it can keep the allocated number of seats or locally purchased seats, whichever is greater, for eight hours before falling back to locally purchased seats.
License sharing provides the following benefits:
-
Reduced total cost of ownership (TCO)—License seats are allocated dynamically to the most needed, resulting in fewer idle seats and fewer purchased licenses for the same overall usage.
-
Reduced total operation cost (TOC)—Less or no work of manual load balancing as the license sharing mechanism automatically takes care of load balancing by assigning license seats to members on a need basis.
-
Minimized risk of business interruption—With license sharing, the breakdown of one machine or connection issues mean the related license seats are returned to the pool and dynamically re-assigned to other machines in need with no loss of seats. If required, you can set up a replacement machine without purchasing additional licenses as the new machine can take advantage of the existing license pool.