NP4 traffic shaping offloading
Accelerated Traffic shaping is supported by NP4 processors with the following limitations.
NP4 processors support policy-based traffic shaping. However, fast path traffic and traffic handled by the FortiGate CPU (slow path) are controlled separately, which means the policy setting on fast path does not consider the traffic on the slow path.
The port based traffic policing as defined by the inbandwidth and outbandwidth CLI commands is not supported.
DSCP configurations are supported.
Per-IP traffic shaping is supported.
QoS in general is not supported.
NP4Lite processors do not support traffic shaping for offloaded sessions.
You can also use the traffic shaping features of the FortiGate unit's main processing resources by disabling NP4 offloding. See Disabling NP offloading for firewall policies.https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-hardware-acceleration/NP4.htm==============================================================================
NP6 processors and traffic shaping
NP6-offloaded traffic supports traffic shaping just like any other traffic with one exception: configuring in bandwidth traffic shaping has no effect on NP6 accelerated traffic. In bandwidth traffic shaping sets the bandwidth limit for incoming traffic for an interface.
Out bandwidth traffic shaping is supported. Out bandwidth traffic shaping sets the bandwidth limit for outgoing traffic for an interface. You can use the following command to configure out bandwidth traffic shaping:
config system interface
set outbandwidth 2000
If you have a VM environment with spare resources and you want to go that route then compare to the VM performance.https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigate-vm.pdf
For hardware appliances then compare to https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdfI typically use the NGFW throughput to give myself lots of room for enabling features. For what you are doing, it sounds very different from a standard setup so you may want to look at doing a POC with a 60F, then design your real HA solution out with more like 100F firewalls.
I would start with this to see if you can find any of the limits then reach out directly to Fortinet with the specifics. The 100F has a lot of power so I would consider that when you look at the specs.