FortiGate Consulting: Architecture, Sizing & Migration (2026)
FortiGate consulting is an expert service offered to help organizations design, size, and position their Fortinet security infrastructure correctly. It covers architectural design, model selection, migration from other brands, SD-WAN and SASE planning, and security posture assessment. Sora Yazılım carries out this consulting from strategic objectives to technical implementation with its NSE 4-7 certified engineers.
What is FortiGate consulting?
FortiGate consulting emphasizes the importance of building the right architecture before buying the right product. The success of a security infrastructure depends less on the device itself and more on its being designed to fit business needs, sized correctly, and positioned correctly.
An incorrectly designed security infrastructure will not deliver the expected outcome even with the best hardware: a device that is too small creates a bottleneck, an incorrectly positioned policy leaves a security gap, and an unplanned migration causes an outage. Consulting prevents these mistakes before they start; experience and best practices are turned into an organization-specific solution.
Sora Yazılım provides this consulting with its Fortinet Advanced/Expert authorized channel partner status and NSE 4-7 certified team. Its field experience in the finance, manufacturing, retail, and public sectors turns theoretical knowledge into practical and proven solutions. You can review our Fortinet solutions page for the entire Fortinet product family.
Good consulting focuses on solving problems rather than selling products. Sometimes the right answer is not the largest or most expensive device but the most appropriate and balanced solution for the workload. This impartial approach directs the organization's budget toward real needs rather than unnecessary features and builds the foundation of a long-term relationship of trust.
Architectural design
Architectural design is the foundation of consulting: the current topology, branch count, bandwidth, and application profile are analyzed to recommend an organization-specific Fortinet reference architecture. A good architecture both meets today's need and is ready for future growth.
Design starts from the organization's reality: how many locations are there, how are they connected, which applications are critical, where is data kept? When these questions are answered, it becomes clear where and how the security layers will be positioned. Fortinet's Security Fabric architecture enables components such as FortiGate, FortiSwitch, FortiAP, and FortiAnalyzer to converge in a single consistent architecture.
A good architecture also incorporates the principles of segmentation and redundancy. Logically dividing the network shrinks the attack surface, while redundancy at critical points protects business continuity. For cloud workloads, the architecture is designed to also cover cloud-native components such as FortiGate CNF.
High availability and disaster recovery are integral parts of the architecture. The firewall should not be a single point of failure; an HA cluster is planned at critical locations, and a backup site or cloud failover in disaster scenarios. A good architecture optimizes normal operation while also anticipating the worst-case scenario and being prepared for it.
Sizing and model selection
Selecting the right FortiGate model is a cost-performance balance. Sizing is done according to user count, bandwidth, the share of encrypted traffic, and the security features to be enabled. Fortinet's performance guide forms the basis of this selection.
The most common mistake in sizing is looking only at firewall throughput. In fact, real performance is determined with all security features enabled (threat-protection throughput); when intensive operations such as SSL inspection are not taken into account, the device runs slower in the field than expected. Correct sizing is based on these real-world metrics.
Sizing must also account for redundancy needs as much as future growth. If an HA cluster will be built, two devices; if there are potential campaign or seasonal peaks, an additional capacity margin is planned. The goal is to ensure the device runs comfortably under normal load and stably at peak load; a device that constantly operates at its capacity limit is both risky and short-lived.
Model selection varies by scale: entry-level models are preferred for small offices, mid-range models such as the FortiGate 90G for large branches, and top-tier models for data centers. Consulting meets today's need while anticipating future growth, thereby avoiding an early upgrade.
The license structure is also part of sizing. In addition to hardware, Fortinet offers various subscription bundles (for example, a UTM Bundle); these bundles combine FortiCare support with FortiGuard threat intelligence. Choosing the right bundle ensures both that protection is complete and that the budget is used efficiently. Consulting determines the license combination suited to the organization's needs.
Brand migration and conversion
Migrating from another brand of firewall (Cisco ASA, Palo Alto, Check Point) to FortiGate requires careful planning. Fortinet's conversion tool automatically transfers most of the rules; the remaining custom rules are then adjusted manually by expert engineers.
Migration projects are among the riskiest operations, because the firewall is at the center of the network and a faulty migration can create both an outage and a security gap. Automated conversion tools transfer approximately 70-80% of the rules, but the remaining complex rules and architectural differences require expert intervention. For this reason, migration is not merely a tool task but an engineering project.
A typical migration includes analyzing the current configuration, conversion, testing in a pilot environment, and a controlled go-live during a planned maintenance window. This disciplined approach ensures the migration is uninterrupted and secure. Sora Yazılım carries out such projects in a planned process of 2-6 weeks.
Every migration plan must include a rollback strategy. When an unexpected issue arises, being able to quickly return to the previous state is the foundation of managing risk; for this reason, full backups are taken before migration and the old system is kept ready for a certain period. This safety net allows migration projects to be entered with confidence.
SD-WAN and SASE consulting
For multi-branch organizations, SD-WAN connects different locations securely and intelligently. FortiGate offers SD-WAN without an additional license; SASE, in turn, moves this architecture to cloud-based, user-centric security. Consulting designs the right architecture according to the organization's needs.
SD-WAN both reduces cost and improves application performance by intelligently using multiple internet lines; critical traffic is steered to the best line, while automatic failover is provided in the event of link faults. FortiGate offering SD-WAN in the base firmware eliminates the cost of a separate solution.
SASE (Secure Access Service Edge), in turn, responds to the security needs of hybrid work: users are protected with the same security policy no matter where they connect from. Fortinet's FortiSASE solution provides this cloud-based security. Consulting charts the roadmap from SD-WAN to SASE according to the organization's maturity.
The Zero Trust approach is at the center of modern security consulting. The traditional "inside is safe, outside is dangerous" model falls short in the age of hybrid work and the cloud; instead, every access is verified based on identity and device posture, regardless of its source. ZTNA (Zero Trust Network Access) puts this principle into practice, and consulting designs an organization-specific Zero Trust roadmap.
Security posture assessment
A security posture assessment objectively analyzes the strengths and weaknesses of the current infrastructure. Configuration audit, policy review, and best-practice compliance checks reveal opportunities for improvement.
Over time, every security infrastructure "drifts" due to accumulated rules, temporary workarounds, and unupdated policies. An assessment detects this drift: unused rules, overly broad permissions, missing security features, and configuration weaknesses are identified. This is the basis for improving the security posture with concrete data.
The assessment also covers compliance requirements: frameworks such as KVKK, PCI-DSS, and ISO 27001 require specific security controls. Consulting compares the current state with these requirements to identify compliance gaps and offers a closing roadmap. For continuous improvement, firewall maintenance and technical support processes come into play.
The assessment must be repeated at regular intervals; security is not a one-time project but a discipline that requires continuity. The threat landscape, business needs, and infrastructure change over time; therefore, a configuration that was ideal a year ago may require improvement today. Periodic assessment keeps the security posture continuously current and strong.
The Sora consulting process
Sora Yazılım's consulting process consists of four stages: architectural design, sizing, deployment and migration, and continuous operation. Each stage is built on the output of the previous one, producing a consistent result from start to finish.
| Stage | Scope |
|---|---|
| Architectural design | Topology analysis, reference architecture recommendation |
| Sizing | Model and license selection, formal quote |
| Deployment and migration | Pilot, policy migration, go-live |
| Continuous operation | Health report, optimization, support |
This structured process turns consulting from a one-time recommendation into something tied to implementation and continuous improvement. Decisions made in design are realized in sizing and deployment; in the operation stage, they are monitored and improved. This way, consulting does not remain on paper but turns into a real result.
Knowledge transfer is also an important part of the process. In the projects it carries out, Sora Yazılım provides documentation and training to the organization's internal team, aiming to keep the infrastructure understandable and manageable within the organization as well. This builds a healthy collaborative relationship without making the organization dependent on a single supplier.
Frequently Asked Questions
What does FortiGate consulting cover?
It covers architectural design, model sizing, migration from other brands, SD-WAN and SASE planning, and security posture assessment. The goal is to position the right product in the right architecture.
How is the right FortiGate model selected?
It is selected according to user count, bandwidth, the share of encrypted traffic, and the security features to be enabled, using Fortinet's performance guide. Real performance is determined by the threat-protection throughput achieved with all features enabled.
How long does migration from another brand to FortiGate take?
It depends on the complexity of the environment; a typical migration project takes 2-6 weeks. The conversion tool transfers most of the rules, and the remaining custom rules are adjusted manually by experts.
Is an additional license required for SD-WAN?
No. FortiGate offers SD-WAN in its base firmware without an additional license. This is an important cost advantage for multi-branch organizations and also forms the basis for the transition to SASE.
What is a security posture assessment?
It is an objective analysis of the current infrastructure in terms of configuration, policy, and compliance. It reveals improvement opportunities such as unused rules, overly broad permissions, and missing security features.
Does consulting also cover implementation?
Yes. Sora Yazılım's process runs end to end, from architectural design to sizing and from deployment and migration to continuous operation; consulting does not remain on paper but turns into implementation.
Conclusion
FortiGate consulting secures the success of the security infrastructure through the right architecture, sizing, and positioning before hardware. Brand migration, SD-WAN/SASE design, and security posture assessment are turned into organization-specific solutions with the experience of an NSE 4-7 certified team.
To design and size your Fortinet infrastructure correctly or migrate from another brand, you can schedule a free discovery call with the Sora Yazılım team.