Performance issues with 250 or more VDOMs configured

‎10-30-2008

Article

Issue

Reduced performance and other issues with 250 or more VDOMs configured

Description

When you create VDOMs on a FortiGate, you are dividing the available system resources between those VDOMs. As the number of VDOMs increases, the available system resources per VDOM decreases. At 250 or more VDOMs, this results in a significant performance issues across your FortiGate when compared to configurations with only one VDOM.

Some FortiGate unit system resources with limits include:

CPU cycles and memory
firewall policies, schedules, and service groups
VPN and dial-up tunnels
local users, and user groups

For more information on FortiGate maximum values, see the related article "FortiGate Maximum Values for FortiOS 3.0".

Solution

There are three solutions you can choose from to solve this issue.

1. Buy more stand-alone FortiGate units
By spreading the same number of VDOMs over more hardware, you will achieve better performance.

2. Ensure you are using top end hardware that has increased physical resources
The 5000 models have more memory and faster CPUs than other FortiGate models. They are better able to handle large numbers of configured VDOMs. Also you can upgrade them with additional blades when required for easy expansion.

3. Limit the features used
If you do not increase your FortiGate hardware, you must limit the features you are using on the FortiGate unit. Only firewall features can be configured. This means not using UTM features such as:

Antivirus / Antispyware / Antimalware
Intrusion Prevention System (IPS)
Web Filtering
Antispam
Traffic Optimization

Related Articles

Unified Threat Management (UTM)