Tech Insight

FortiADC SSL Performance Results

FortiADC - Application Delivery Controllers
(Updated February 12, 2018)

Fortinet opts to publish only a subset of SSL performance numbers that are consistent with others in the industry. Although we
test all our products extensively, we choose to share these additional details with customers, as they are needed on a case-by-
case basis. SSL Performance numbers are based on best effort and depend on many variables. This should be taken into account
when designing the solution.

Below is a list of the latest complete SSL performance statistics for the FortiADC based on version 5.0 B0045.

We have tested the following scenarios:

• SSL Offloading - FortiADC offloads server-intensive SSL processing with support up to 4096-bit keys
• SSL Forward-Proxy (Inspection) - SSL Forward Proxy utilizes FortiADC’s high-capacity decryption and encryption to allow other
devices, such as a FortiGate firewall, to easily inspect traffic for threats.
• SSL Visibility (Mirroring) - FortiADC’s transparent HTTP/S Mirroring capabilities decrypt secure traffic for inspection and
reporting by FortiGate or other third-party solutions.

SSL Offloading:
. 60F 100F 200F 300D 400D 1000F 2000F 4000F
Hardware Appliances HW SSL HW SSL HW SSL HW SSL
L4 Throughput 500 Mbps 1.5 Gbps 3.0 Gbps 6.0 Gbps 12.0 Gbps 20.0 Gbps 40.0 Gbps 60.0 Gbps
SSL CPS (1:1) 1K key* 350 1,900 3,000 3,700 19,000 31,000 42,000 48,000
SSL CPS (1:1) 2K key* 50 400 1,000 1,500 7,000 20,000 37,000 54,000
SSL CPS (1:1) 4K key* 10 60 150 180 1,100 3,000 6,000 9,300
SSL CPS (1:1) 2K key ECC** 10 60 150 165 1,000 3,000 5,000 8,000
SSL CPS (1:1) P256 ECDSA *** - - - - 2,200 6,800 12,500 18,000
SSL Throughput 4K key 240 Mbps 400 Mbps 1 Gbps 1.4 Gbps 4.3 Gbps 9.5 Gbps 13.5 Gbps 17.7 Gbps
SSL Concurrent Connection 40K 80K 90K 100K 180K 380K 780K 1.5M

* SSL CPS (TPS) - measures number of new SSL connections (1 HTTPS Request per Connection) within 1 second; SSL Ciphers=AES128-SHA
** SSL CPS (TPS) ECC - measures number of new SSL connections (1 HTTPS Request per Connection) within 1 second; SSL Ciphers= ECDHE-RSA-AES256-SHA384
*** SSL CPS (TPS) ECDSA - measures number of new SSL connections (1 HTTPS Request per Connection) within 1 second; SSL Ciphers=ECDHE-ECDSA-AES128-SHA

CONFIDENTIAL: For use by Fortinet Employees and Authorized Partners only.

 FortiADC Testing and Performance Metrics Tech Insight

SSL Forward-Proxy (Inspection):

. 60F 100F 200F 300D 400D 1000F 2000F 4000F
Hardware Appliances HW SSL HW SSL HW SSL HW SSL
L4 Throughput 500 Mbps 1.5 Gbps 3.0 Gbps 6.0 Gbps 12.0 Gbps 20.0 Gbps 40.0 Gbps 60.0 Gbps
SSL Throughput 4K key 240 Mbps 500 Mbps 700 Mbps 1.3 Gbps 4.5 Gbps 9.5 Gbps 13.5 Gbps 17.7 Gbps
SSL-FP CPS 2048 key* 40 250 600 900 5,000 15,000 27,000 40,000
SSL-FP Throughput* 200 Mbps 570 Mbps 800 Gbps 1.0 Gbps 2.5 Gbps 5.5 Gbps 8.0 Gbps 10.6 Gbps
SSL-FP CPS 2048 key** 30 200 500 640 4,100 8,600 13,500 16,000
SSL-FP Throughput** 100 Mbps 280 Mbps 400 Mbps 700 Mbps 2.1 Gbps 2.9 Gbps 5.5 Gbps 5.6 Gbps

*SSL-FP performance is based client side ADC encryption performance in a “sandwich” deployment. In this scenario, we used 2 ADC (one to decrypt, and the
second one to encrypt). The results refer to the first ADC (decrypt); SSL Ciphers=AES256-SHA
**SSL-FP performance is based 1 ADC with 2 VDOMs. ADC decrypts and encrypts traffic on the same appliance; SSL Ciphers=AES256-SHA

SSL Visibility (Mirroring):

. 60F 100F 200F 300D 400D 1000F 2000F 4000F
Hardware Appliances HW SSL HW SSL HW SSL HW SSL
L4 Throughput 500 Mbps 1.5 Gbps 3.0 Gbps 6.0 Gbps 12.0 Gbps 20.0 Gbps 40.0 Gbps 60.0 Gbps
SSL Throughput 4K key 200 Mbps 380 Mbps 800 Mbps 1.2 Gbps 3.0 Gbps 7.0 Gbps 10.0 Gbps 12.0 Gbps
SSL offloading with Server
270 Mbps 400 Mbps 1.6 Mbps 1.2 Gbps 3.5 Gbps 8 Gbps 10.8 Gbps 13.0 Gbps
HTTP - Throughput*
SSL offloading with Server
130 Mbps 260 Mbps 500 Mbps 750 Mbps 2.2 Gbps 4.0 Gbps 7.0 Gbps 7.2 Gbps
SSL - Throughput**

*HTTP Mirroring with SSL Offloading to the Backed Real Server

**HTTP Mirroring with SSL Offloading and re-encryption once again to the Backend Real Server (RS-SSL)

If you have any questions regarding Fortinet’s ADC testing processes or results, please contact productmanagement@fortinet.com
for more information.

Page 2
CONFIDENTIAL: For use by Fortinet Employees and Authorized Partners only.