FortiManager Best Practices

Scenario 3
Number of
FortiGates
Update
Time Per
FortiGate
FortiManager CPU Usage
Network
Bandwidth
(port4
25Gbps)
Max
Concurrent
Connections
Update
Package
Size
FortiGuard
Update
Service
Daemon
FDS Worker=10
3000 100 - 120
seconds
< 10%
50-95%
20G
3000 110M
The third scenario uses the same port and number of FDS workers that are used in the second scenario but the number of FortiGate devices has been increased to 3000. The update time per FortiGate is increased to 100 - 120 seconds, and the FortiManager CPU usage is increased to between 50 and 95%.
As the number of supported FortiGate devices increases, the CPU usage and total time to update each FortiGate also increase.
To set the maximum number of FDS workers:
config fmupdate fds-setting set max-work end max-work
= The maximum number of worker processing download requests (1 - 32, default = 1).
FortiManager 7.2.0 Best Practices
29
Fortinet Inc.

FortiManager performance and sizing in closed networks
Conclusion
The following table provides recommendations about the FDS worker settings that should be configured based on the number of FortiGate devices in your environment. You can seethe expected CPU usage and time to update each
FortiGate device based on the recommended settings.
Number of FortiGate
Recommended number of
FDS workers
CPU Usage
Time to update all FortiGate
devices
1 - 50 devices
Use default setting FDS Worker - 50%
30 seconds
50 - 1000 devices
Change max-worker to 10 50 - 90%
1 minute
1000 - 3000 devices
Change max-worker to 24 50 - 90%
5 minutes
3000 + devices
Keep the max-worker set to While you can configure the
FDS worker setting up to there is no benefit to CPU load beyond 24 in this scenario.
-
-
FortiManager 7.2.0 Best Practices
30
Fortinet Inc.

www.fortinet.com
Copyright© 2022 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names maybe trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract,
signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change,
modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.