Need help speccing a firewall

[mrbios]

Hello chaps,

Looking at firewall spec sheets i feel a bit out of my depth, i'm specifically looking at fortinet fortigate appliances (because it's what we're using at the moment, albeit in a hosted solution) but i've no idea what model fits my network. What's the best way to determine this?

Criteria:
Heavy internet use with a peak user count of about 350-400 users.
100/100 internet line
inbound access is relatively small usage, internally hosted sites for external access get maybe 50 concurrent users max.
no VPN use (yet) but even if we do use that it'll be remot access only and small usage
Filtering done by a separate service.

I'm thinking the 100D? but I don't really understand how to interpret the specs.

 

[mrbios]

What is your budget?

Well, tough to answer really. There isn't one as such, it's a case of the cheaper the better, but finding the right balance of feature set and performance vs price means we'd spend a bit more if needed. I'd say that given alternative options i wouldn't really want to spend over £1,500 really if i can help it. (exVAT)

At the moment our firewall is a hosted solution which is shared with lots of other customers on a forigate 3450C device. I have a few issues with it being hosted (for starters there is no logging, at all, it's turned off because of a bug and hasn't been fixed in over a year by our ISP :|) which is why i want a smaller equivalent internally for whatever size is right for my network.

Caveat to anything I say is I'm not a networking/Firewall person (I know IPS and that's about it!), but generally initial things I'd want to know are what's the peak throughput that'll likely be hitting the appliance and how many interfaces of what type do you need.

That's the stuff I'd likely use as a starting point to work out what appliance to choose.

How do i determine the peak throughput it'll be hitting? Unfortunately I'm a "jack of all trades" where i work so have large gaps in my knowledge, fine with internal networking, but as soon as it attempts to exit past my router I'm a bit lost . As for interfaces we only need 1GbE, no SFP or 10GB required.

 

[mrbios]

Meraki MX100?

Interesting that you should point that out...we're currently gathering details and creating a proposal for a new wireless network, we've pretty much narrowed our ideas down to two vendors, those being meraki and ruckus. So if we happened to lean more towards meraki (pending further investigation) could possibly get a good price if we added a firewall in too. (again pending investigation, no knowledge of their firewalls up until you've posted that! ) EDIT: looks a fair bit more expensive than a fortigate option though, but then again i guess we get special pricing through a vendor...I've just checked web pricing which i guess isn't accurate.

a bit off topic but i've heard good things about meraki switches too, any thoughts on those? We use 95% HP procurves at the moment.