Forescout Licensing and Sizing Guide 1
Forescout Licensing and Sizing Guide
Table of Contents
The Forescout Platform .....................................................1
Scoping Your Needs...........................................................2
Licensing Examples............................................................4
Sizing 5100 Series Appliances (Flexx)..............................5
Virtual Appliance Specifications (Flexx)............................6
Examples of Virtual Appliance Sizing (Flexx).................10
5100 Series Physical Appliance
Specifications (Flexx).......................................................11
4100 Series Physical Appliance
Specifications (Flexx).......................................................14
Sizing CT & CEM Series Appliances
(Per-Appliance).................................................................15
Virtual Appliance Specifications
(Per-Appliance).................................................................15
CT & CEM Series Physical Appliance Specifications
(Per-Appliance).................................................................18
Appendix A
Test Environment..............................................................24
Appendix B
Bandwidth Considerations...............................................25
The Forescout platform delivers complete device visibility and control across the extended enterprise – campus,
data center, Internet of Things (IoT), cloud and operational technology (OT). Products within the Forescout platform
covered here include:
• Forescout eyeSight: complete device visibility, the foundation for the Forescout platform
• Forescout eyeManage: scalable enterprise management (software included with eyeSight license)
• Forescout eyeSegment: enterprise-wide network segmentation
• Forescout eyeControl: policy-based control enforcement
• Forescout eyeExtend: infrastructure-wide security orchestration
• Forescout eyeRecover: service continuity and resiliency for your Forescout deployment
For information on Forescout eyeInspect (formerly SilentDefense™) licensing and sizing, please refer to:
https://www.forescout.com/company/resources/command-center-and-sensor-hardware-guidelines/
This guide will help you scope your requirements for deploying the Forescout platform on:
• Physical appliances: the 5100 Series, 4100 Series and CT Series appliances
• Virtual appliances: supported on VMware ESXi, Microsoft Hyper-V and Linux KVM. Note that virtual appliances
can be deployed on-premises as well as in AWS or Azure public clouds.
The Forescout platform currently offers two licensing paths.
• Flexx Licensing: Licenses are independent of hardware appliances, providing an intuitive and flexible way to
license, deploy and manage Forescout products across your extended enterprise – campus, data center, IoT,
cloud and OT. Existing CT appliance customers can upgrade to Flexx, supported from Forescout software
version 8.0.
• Per-Appliance Licensing: Licenses have a fixed device count per appliance. License counts cannot be
reallocated or shared across appliances. Per-appliance licensing is only available on CT appliances.
 Forescout Licensing and Sizing Guide 2

eyeControl eyeExtend eyeSegment

Policy-based Enforcement Orchestration Portfolio Network Segmentation
Use-Case
Products
eyesight
Complete Device Visibility | across campus, data center, cloud and OT

eyeManage eyeRecover
Scalable Enterprise Management | included in eyesight license Failover and Resiliency
Deployment
Products
Physical Appliances Virtual Appliances Vitual Appliances
5100 Series (on-premises) (public cloud)
CT Series KVM, VMware, Hyper-V AWS, Azure

Consulting Services: Onsite & remote, packaged or tailored

Support & Support Services: Basic & Advanced Active Care
Services Training & Certification: Administrator, Professional, Expert

Scoping Your Needs

Step 1: Determine how many devices you want to manage
To size your deployment, you must identify how many endpoints you are protecting. One of your virtual or hardware Forescout appliances must be dedicated as your
Remember that the Forescout platform can protect devices connected to your eyeManage appliance. In small environments with a single virtual or physical
campus networks including data center, cloud, IoT and OT. appliance, you may not need eyeManage, and the Forescout license file will be
installed on that single appliance. In very large deployments, you may need more
Determine all your traditional devices that are connecting, including managed and than one eyeManage appliance.
unmanaged devices for employees, contractors and guests, as well as network
infrastructure devices and eyeManage appliances. Also, include all the virtual
machines (VMs) in your private and public clouds. Finally, remember that other
devices are accessing your networks—printers, scanners, security cameras and other
diverse IoT devices. Don’t overlook OT devices and industrial control systems (ICS)
that may be connected.

Step 2: Determine which use cases you want to solve
The Forescout platform provides visibility and control for your devices from campus to
data center to cloud and to IoT and OT devices. In addition to the visibility capabilities
of eyeSight, you may be considering network segmentation and want
to evaluate eyeSegment. As you start rolling out enforcement of policy-based
actions, you’ll need to add licenses for eyeControl. To help you get more from your
investments in other security and IT management tools, eyeExtend products can
provide bi-directional data sharing and workflows across 25 technologies.
eyeExtend Connect enables integration with even more IT and security tools. An
eyeExtend Connect license is required to run eyeExtend apps. If you want to run more
than two eyeExtend apps, you can purchase eyeExtend app licenses in bundles of
five apps. You may also have resiliency requirements for high availability or failover
scenarios. Forescout eyeRecover enables failover or disaster recovery. All of these
products are licensed per device.
License Sub-Scoping
Available on Forescout version 8.1 or higher, sub-scoping enables you to purchase
licenses to cover a portion rather than all of their connected devices. Forescout offers
sub-scoping for eyeControl and eyeRecover as well as for eyeExtend products for
Advanced Compliance, EMM, EPP, EDR, PAM and CTM categories.
Examples include:
• If you are deploying in both campus and OT networks, you may choose to deploy
eyeControl only in your campus environment.
• If you have an EMM solution, you may choose to purchase eyeExtend product
licenses just for your mobile devices.
When calculating devices to be covered, make sure to factor in any sub-scoping.
Sub-scoping is only available through Flexx licensing, except for EMM (MobileIron,
AirWatch and IBM MaaS 360), which is also enabled for sub-scoping on per-appliance
licensing. Sub-scoping is not available for eyeSight, eyeSegment or eyeExtend Connect
licenses.
Step 3: Determine how you want to deploy
The Forescout platform can be deployed as a physical appliance or as a software-only
solution on a virtual appliance. Virtual appliances are supported on VMware ESXi,
Microsoft Hyper-V and Linux KVM, and can be deployed on premises or in AWS or
Azure public clouds.
Forescout Licensing and Sizing Guide 3
Forescout 4100/5100 Series Appliance Deployments (Flexx Licensing Only)
• Forescout 5120
• Forescout 5160
• Forescout 5140 • Forescout 5110
• Forescout 4130
The Forescout 5160/5140/5120 appliances are 1U appliances. Although size is not
the only consideration, in general, Forescout 5160 appliances are better suited to
large deployments, Forescout 5140 to medium-size deployments and Forescout 5120
to small deployments. For centralized management and single-pane manageability
across all Forescout appliances, you simply dedicate one of the rack-mounted
Forescout appliances to be your Forescout eyeManage appliance. The Forescout
5110 is a small form-factor desktop version for extra-small deployments and is not
recommended for the integrated OT sensor. Forescout version 8.2.0 and higher are
not supported on the 5110 appliances, but a Limited Appliance option is available
starting from the 8.2.1 release.
CT Series Deployments (Per-Appliance Licensing)
• Forescout CT-10000 • Forescout CT-1000
• Forescout CT-4000 • Forescout CT-100
• Forescout CT-2000 • Forescout CT-R
Upgrades from per-appliance licensing to Flexx are available for existing CT Series
customers. The Forescout CT appliances are 1U appliances with the exception of
the CT-R, which is a small form-factor, desktop version for extra-small deployments.
Forescout version 8.2.0 and higher are not supported on the CT-R appliances but a
Limited Appliance option is available starting from the 8.2.1 release.
Virtual Appliance Deployments
The complete virtual appliance license package/system includes Forescout virtual
appliances, Forescout eyeManage and the Console. These components function
identically to physical components in either licensing mode, Flexx or per appliance.
(Licensing, however, functions differently depending on the licensing mode.)
AWS and Azure Public Cloud Deployments
Forescout eyeManage and virtual appliances can be deployed either on premises
or in the cloud. For hybrid (mix of cloud-based and on-premises) solutions, virtual
private network (VPN) infrastructure must be deployed between the premises and
the cloud. Our recommended best practices to optimize functionality and minimize
 Forescout Licensing and Sizing Guide 4

costs are to keep appliances near the assets (devices and switches) with which they
interact. Deploy as follows:
• Use cloud-based appliances to manage cloud-based assets
• Use on-premises appliances to manage on-premises assets
• Mix cloud-based and on-premises appliances to manage hybrid assets
• Use focal and dedicated appliances close to the third-party applications with
which they interact
What if licenses have been exceeded?
If you have exceeded the license count purchased for your devices, you will need
to do an “Endpoint Count True-Up,” where you pay prorated fees for the additional
licensing units required as well as the prorated fees for the associated Forescout
ActiveCare. Fees for both true-up licenses and ActiveCare are based on your most
recent and applicable order(s). Please refer to the End User License Agreement
(EULA) for full details: https://www.Forescout.com/company/legal/eula.

For detailed deployment guidance, see the “Forescout Platform Implementation in the Licensing Examples
AWS or Microsoft Azure Cloud How-to Guide,” available on the Forescout Customer
Portal. Example A:
You have 18,000 devices across three locations. Location A has a physical Forescout
5160 appliance that manages 6,000 devices. Location B also has a physical
Step 4: Determine how you would like to license
Forescout 5160 appliance that manages 7,000 devices. Location C is managing 5,000
Many products in the Forescout platform are offered in perpetual and term-based
devices with a virtual appliance. They have dedicated a physical Forescout 5140
licensing modes. Forescout eyeSight, eyeControl, eyeRecover and eyeExtend products
appliance for Forescout eyeManage (EM below).
are all available through term-based and perpetual licenses. Forescout eyeSegment
is available through subscription licenses of one or three years. For term-based
or subscription licensing, you must be running Forescout 8.1 or later. Forescout
Customer – Worldwide License for 18,000 Devices (installed at EM)
eyeManage functionality is included with the eyeSight license. Shipping Company

Customer has 18,000

License Count & Consumption devices across 3 locations
FS-HW-5140 (EM)

The “endpoint count” is the maximum number of endpoints monitored by Forescout

Location A - 6,000 devices Location A Location B Location C
products and licensed to customers, as specified in the order. More specifically: (Physical Appliance)

• The device count is the maximum number of devices known to eyeSight by either Location B - 7,000 devices
(Physical Appliance)
their MAC addresses and/or their IP addresses FS-HW-5160 FS-HW-5160 Spin-Up Virtual Appliance
Location C - 5,000 devices
• Devices may be detected by eyeSight when on site or off site, or they may be (Virtual Appliance) Using 18,000 Licenses Across 3 Locations

made known to eyeSight via third-party integrations

• A device may be counted more than once if it uses multiple IP addresses and/or
multiple MAC addresses
• Devices include user endpoints (such as laptops, tablets and smartphones),
network infrastructure devices (such as switches, routers and access points),
non-user devices (such as printers, IP phones, security equipment, medical
devices, manufacturing equipment), virtual machines and cloud instances.
• Device data is retained in the Forescout platform from initial discovery until the
information is purged, based on user-defined aging preferences
To start, 18,000 eyeSight licenses are required for visibility capabilities. A single
licensing file is created for 18,000 devices and is installed in eyeManage. These
18,000 licenses are shared across all Forescout physical and virtual appliances and
across all locations, so there is no need to allocate licenses for each of the different
locations. eyeManage components are included with these eyeSight licenses, so no
additional licenses are needed for eyeManage.

To ensure that Forescout can provide the best experience, four ActiveCare Basic
or Advanced licenses for maintenance and support of the hardware and software
Forescout appliances are needed: two ActiveCare licenses for the two 5160
appliances, one ActiveCare license for the 5140 appliance used for eyeManage and
18,000 ActiveCare licenses for the 18,000 devices.
Example B:
In this example, you have the same deployment as example A. However, you have
additional use cases: you desire resiliency for your Forescout appliance deployment.
You are also using ServiceNow® and Splunk® and would like to leverage Forescout
eyeExtend for these integrations.
In addition to the licenses in Example A, you would purchase 18,000 licenses for
eyeRecover, eyeExtend for ServiceNow and eyeExtend for Splunk. You would also
need the accompanying ActiveCare maintenance and support for each license. Note
that vulnerability assessment (VA), security information and event management
(SIEM), IT service management (ITSM), next-generation firewall (NGFW), advanced
threat detection (ATD) and the Forescout Open Integration Module (OIM) eyeExtend
licenses are not available for sub-scoping.
Example C:
Let’s take an example where you already have a deployment with 100,000 devices,
8,000 of which are mobile devices. Also, you have just purchased MobileIron®. You
also have CrowdStrike® deployed to protect 60,000 of your devices and would like to
take advantage of our orchestration solutions with both CrowdStrike and MobileIron.
As sub-scoping is supported for both of these eyeExtend products, only 60,000
orchestration licenses are needed for eyeExtend for CrowdStrike and 8,000
orchestration licenses for eyeExtend for MobileIron. You will also need 60,000 and
8,000 of the associated ActiveCare Basic or Advanced licenses.
Forescout Licensing and Sizing Guide 5
Sizing Forescout 5100 Series
Appliances (Forescout Flexx Licensing)
Forescout 5100 Series appliances only support Flexx, not per-appliance licensing.
Identify the load/performance required
To understand what size virtual and/or physical Forescout appliance(s) you need to
deploy, use the requirements from the “Scoping Your Needs” section. Then use this
section of the document to find physical and virtual appliance specifications of the
Forescout 5100 Series appliances.
Appliance specifications
Large networks that require multiple appliances can be centrally managed by
Forescout eyeManage. Up to a maximum of 200 Forescout appliances can be
managed in a single eyeManage deployment.
Appliance sizing recommendations are based on the following performance
requirements:
• Managed endpoints/devices
• Managed switch/wireless LAN devices
• Traffic monitoring (Gb/s) + captive portal (HTTP logins/minute)
• 802.1X (authentications/second)
Note: The hardware and virtual appliance specifications were tested using the test
environment described in Appendix A of this document. This test environment
simulates a common customer environment and includes typically used modules.
Your environment may differ from our test environment due to different configuration
settings, amounts of network traffic, installed modules or other factors. Your observed
performance will vary accordingly.
 Forescout Licensing and Sizing Guide 6

Virtual Appliance Specifications (Forescout Flexx Licensing)

Virtual appliances operating in the Forescout Flexx licensing mode can be deployed • Minimum 2.0 Ghz CPU
with Forescout version 8 or higher in five sizes: extra-small, small, medium, large and • No CPU over-commitment on virtual hosts
extra-large*. Virtual appliances are supported on VMware ESXi, Microsoft Hyper-V
and Linux KVM. • The CPUs and memory must be dedicated/reserved to the virtual appliance
• Additional disk space may be required to store local debug logs; up to 2 TB of
Hardware requirements: virtual storage are supported

• Maximum disk latency of 5ms

Note: In virtual environments, factors such as the CPU type, hypervisor version,
• Recommended I/O Read 200MB/s or higher, I/O Write 200MB/s or higher memory and network I/O options may impact virtual appliance performance.1

Virtual appliance for managed endpoints/devices

Performance Specifications Extra-Small Small Medium Large Extra Large

Devices2,3 Up to 100 Up to 1,000 Up to 5,000 Up to 10,000 Up to 20,000

Switch/WLAN devices3 Up to 4 Up to 20 Up to 100 Up to 200 Up to 400

802.1x Authentications per Up to 5 Up to 10 Up to 42 (+2 vCPUs & Up to 86 (+4 vCPUs & Up to 166
second4 4GB memory)4 4GB memory)4

Traffic Monitoring5 Up to 100 [Mb/s] 25 Up to 1 [Gb/s] 250 Up to 3 [Gb/s] 750 Up to 3 [Gb/s] 750 Not supported
[KPPS] [KPPS] (requires an [KPPS] (requires an [KPPS] (requires an
additional 2 vCPUs & 4 additional 8 vCPUs & 12 additional 8 vCPUs & 12
GB Memory)4 GB Memory)4 GB Memory)4

Traffic Monitoring specs 5 HTTP logins/minute 10 HTTP logins/minute 88 HTTP logins/minute 88 HTTP logins/minute Not supported
above deliver captive portal
capacity for:

NetFlow 0 0 50,000 flows per 50,000 flows per 50,000 flows per
second second second
 Forescout Licensing and Sizing Guide 7

Virtual Machine (VM) Specifications1 Extra-Small Small Medium Large Extra Large

vCPUs 4 vCPUs 6 vCPUs 10 vCPUs 14 vCPUs 40 vCPUs

Memory 12 GB (*) 14 GB 24 GB 32 GB 80 GB

Minimum Hard Drive Storage 200 GB 200 GB 200 GB 200 GB 200 GB

* For Extra Small appliance, a minimum of 8 GB is needed if using version prior to 8.2.2.
* Extra-Large appliance is available starting from version 8.2.2.

Virtual appliance dedicated to managing switch/WLAN devices

When a Forescout virtual appliance doesn’t manage endpoints and only manages switch/WLAN devices, the maximum number of switch/WLAN devices it can manage is:

Performance Specifications Small Medium Large Extra Large

Switch dedicated appliance Up to 120 managed Up to 280 managed Up to 400 managed Up to 1,900 managed
switches3,6 switches3,6 switches3,6 switches

Wireless dedicated appliance Up to 140 WLAN devices3 Up to 250 WLAN devices3 Up to 360 WLAN devices3 Up to 1,500 WLAN devices

NetFlow dedicated appliance 0 Up to 300,000 flows per Up to 300,000 flows per Up to 300,000 flows per
second second second

VM Specifications Small Medium Large Extra Large

vCPUs 6 vCPUs 10 vCPUs 14 vCPUs 40 vCPUs

Memory 14 GB 24 GB 32 GB 80 GBs

Minimum Hard Drive Storage 200 GB 200 GB 200 GB 200 GB

 Forescout Licensing and Sizing Guide 8

Virtual appliance dedicated to traffic monitoring

When a Forescout virtual appliance doesn’t manage any endpoints but performs traffic monitoring only, the maximum bandwidth the appliance can manage is:

To achieve: Up to 3 [Gb/s] 750 [KPPS] Up to 4 [Gb/s] 1000 [KPPS] Up to 9 [Gb/s] 2250 [KPPS]

Tested NIC VMware E1000/Hyper-V Network Adapter VMware VMXNET3 VMware PCI Passthrough

Maximum Traffic Monitoring per vNIC 750 [MB/s] 1 [Gb/s] 4.5 [Gb/s]

Maximum number of vNICs 4 4 2

vCPUs 8 vCPUs 16 vCPUs 26 vCPUs

Memory 12 GB 12 GB 24 GB

Minimum Hard Drive Storage 200 GB 200 GB 200 GB

Forescout virtual eyeManage deployment

eyeManage Performance Specifications Small Medium Large

Managed Appliances Up to 10 Up to 100 Up to 200

VM Specifications Small Medium Large

vCPUs 4 vCPUs 8 vCPUs 10 vCPUs

Memory 12 GB 16 GB 24 GB

Minimum Hard Drive Storage 200 GB 200 GB 200 GB

The maximum number of Forescout appliances that can be managed will vary based on factors including but not limited to network environment, product configuration and use cases.
 Forescout Licensing and Sizing Guide 9

Forescout platform deployment in AWS or Microsoft Azure Public Clouds

The information below summarizes the tested performance specifications for AWS/Azure small, medium, and large deployments. For more information, refer to the Forescout
Platform Implementation in the AWS or Microsoft Azure Cloud How-to Guide available on the Customer Portal.

Performance Specifications (AWS) Small Medium Large

EC2 Instance Type c5.2xlarge c5n.2xlarge c5.4xlarge

Capacity Up to 1,000 devices Up to 5,000 devices Up to 10,000 devices

Performance Specifications
Small Medium Large
(Microsoft Azure)

Instance Type Standard_F8s_v2 Standard_B8ms Standard_F16s_v2

Capacity Up to 1,000 devices Up to 5,000 devices Up to 10,000 devices

 Forescout Licensing and Sizing Guide 10

Example of Virtual Appliance Sizing (Forescout Flexx Licensing)

Example 1: Example 2:
Customer site details: Customer site details:

• 6,000 endpoints • 1,000 endpoints

• 100 wired switch devices • 40 wired switch devices
• 50 WLAN devices • 30 WLAN devices

Requirements: Requirements:
• Traffic monitoring performance: 2 [Gb/s] • Support 10 802.1X EAP-TLS authentication events per second
• 802.1X is not required • Traffic monitoring is not required

Forescout Virtual Appliance Sizing: Forescout Virtual Appliance Sizing:

Given the number of endpoints, the “large” virtual appliance configuration is
needed. This configuration size is a good starting point to manage up to 10,000
endpoints and 200 switch and WLAN devices.
From the above specification tables, you can see that the minimum required
virtual machine specifications for this virtual appliance are:
• CPU: 14 vCPUs
• Memory: 32 GB
Given the number of endpoints, the “small” virtual appliance configuration should be the
starting point. However, this configuration cannot handle the number of wired switch/WLAN
devices required for this site – the “small” configuration only supports up to 20 such devices.
Therefore, the “medium” virtual appliance configuration should be selected.
From the above specification tables, you can see that the minimum required virtual machine
specifications for this virtual appliance are:
• CPU: 10 vCPUs

• Minimum hard drive storage: 200 GB • Memory: 24 GB

• Minimum hard drive storage: 200 GB
In addition, since traffic monitoring is required for this site, additional resources
need to be added to the virtual appliance per the resources indicated in the In addition, since this site requires 802.1X, additional resources need to be added to the
traffic monitoring row of the “large” configuration: virtual appliance per the resources indicated in the 802.1X row of the “medium” configuration:

• CPU: 8 vCPUs • CPU: 2 vCPUs

• Memory: 12 GB RAM • Memory: 4 GB

Therefore, the total virtual appliance size would be: Therefore, the total virtual appliance size would be:

• CPU: 22 vCPUs • CPU: 12 vCPUs

• Memory: 44 GB • Memory: 28 GB
• Minimum hard drive storage: 200 GB • Minimum hard drive storage: 200 GB
 Forescout Licensing and Sizing Guide 11

5100 Series Physical Appliance Specifications (Forescout Flexx Licensing)

Forescout 5100 Series appliances operate in Flexx licensing mode and are offered in different sizes. Note that the 5110 appliances will not support Forescout version 8.2.0 but
do support a Limited Appliance option starting with the 8.2.1 release.

Performance Specifications 5110 5120 5140 5160

Devices2,3 Up to 100 Up to 1,000 Up to 5,000 Up to 20,000

Switch/WLAN devices3 Up to 4 Up to 20 Up to 100 Up to 400

802.1X Authentications per

Up to 5 Up to 11 Up to 42 Up to 166
second4

Traffic Monitoring Up to 100 [Mb/s] 25 [KPPS] Up to 1 [Gb/s] 250 [KPPS] Up to 5 [Gb/s] 1250 [KPPS] Up to 10 [Gb/s] 2500 [KPPS]

Captive Portal (capacity) Up to 5 HTTP logins/minute Up to 10 HTTP logins/minute Up to 50 HTTP logins/minute Up to 200 HTTP logins/minute

OT Sensor Traffic Monitoring7 N/A Up to 500 [Mb/s] Up to 500 [Mb/s] Up to 500 [Mb/s]

NetFlow 0 50,000 flows per second 50,000 flows per second 50,000 flows per second

Hardware Specifications 5110 5120 5140 5160

Form Factor Shelf/Desktop 1RU 19” Rack Mount 1RU 19” Rack Mount 1RU 19” Rack Mount

Fixed Network Interfaces 4x10/100/1000 Mbps Copper 4x10/100/1000 Mbps Copper 4x10/100/1000 Mbps Copper 4x10/100/1000 Mbps Copper

SFP Network Interfaces N/A 4 (2x1G/10G dual rate SR 4 (2x1G/10G dual rate SR 4 (2x1G/10G dual rate SR
Fiber SFPs included in base Fiber SFPs included in base Fiber SFPs included in base
configuration) configuration) configuration)

I/O Support 1 serial port (RJ45) 1 serial port (DB9) 1 serial port (DB9) 1 serial port (DB9)

USB Ports 2, USB 2.0-compliant 1 4-pin, USB 2.0-compliant 1 4-pin, USB 2.0-compliant 1 4-pin, USB 2.0-compliant
and 1 5-pin micro-USB 2.0 and 1 5-pin micro-USB 2.0 and 1 5-pin micro-USB 2.0
management port (front), 2 management port (front), 2 management port (front), 2
9-pin USB 3.0-compliant (rear) 9-pin USB 3.0-compliant (rear) 9-pin USB 3.0-compliant (rear)

Video (VGA) 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15)

 Forescout Licensing and Sizing Guide 12

DVD-ROM N/A 1 1 1

Hard Drives 1 HDD 3 HDD (RAID-1+HS) 600 GB 3 HDD (RAID-1+HS) 600 GB 3 HDD (RAID-1+HS) 1.2 TB

Environmental Specifications 5110 5120 5140 5160

Power Supply 1 @ up to 60W 2 750W AC redundant power 2 750W AC redundant power 2 750W AC redundant power
100-240 VAC, 50~60Hz supply units, 100-240 VAC, supply units, 100-240 VAC, supply units, 100-240 VAC,
(external) 50~60Hz, auto-ranging 50~60Hz, auto-ranging 50~60Hz, auto-ranging

Power Consumption (max.) 45.3W 744W 744W 744W

Operating Temperature 5°C to 40°C (41°F to 104°F) 10°C to 35°C (50°F to 95°F) 10°C to 35°C (50°F to 95°F) 10°C to 35°C (50°F to 95°F)

Storage Temperature 0°C to 70°C (32°F to 158°F) -40°C to 65°C (-40°F to 149°F) -40°C to 65°C (-40°F to 149°F) -40°C to 65°C (-40°F to 149°F)

Heat Dissipation (max.) N/A 2891 BTU/hr 2891 BTU/hr 2891 BTU/hr

Humidity 20% to 90% Operating (10% to 80%) Operating (10% to 80%) Operating (10% to 80%)

Appliance Dimensions 11cm x 21.06cm x 4.45cm 70.51cm x 48.18cm x 4.26cm 70.51cm x 48.18cm x 4.26cm 70.51cm x 48.18cm x 4.26cm
(length, width, height) (7.13” x 8.29” x 1.75”) (27.76” x 18.97” x 1.68”) (27.76” x 18.97” x 1.68”) (27.76” x 18.97” x 1.68”)

Shipment Package 38.1cm x 30.48cm x 16.51cm 84.18cm x 62.87cm x 84.18cm x 62.87cm x 84.18cm x 62.87cm x
(length, width, height, weight) (15” x 12” x 6.5”) 5.9 lbs 27.94cm (33.14” X 24.75” X 27.94cm (33.14” X 24.75” X 27.94cm (33.14” X 24.75” X
11.0”) 61 lbs 11.0”) 61 lbs 11.0”) 61 lbs

Appliance dedicated to managing switch/WLAN devices

When a Forescout Appliance doesn’t manage any endpoints but only manages switch/WLAN devices, the maximum number of switch/WLAN devices the appliance can
manage is:

Performance Specifications 5120 5140 5160

Switch dedicated appliance Up to 700 managed switches3,6 Up to 1,900 managed switches3,6 Up to 1,900 managed switches3,6

Wireless dedicated appliance Up to 500 WLAN devices3 Up to 1,000 WLAN devices3 Up to 1,500 WLAN devices3

NetFlow dedicated appliance Up to 300,000 flows per second Up to 300,000 flows per second Up to 300,000 flows per second
 Forescout Licensing and Sizing Guide 13

Appliance dedicated to traffic monitoring

When a Forescout appliance doesn’t manage any endpoints but performs traffic monitoring only, the maximum bandwidth the appliance can manage is:

Performance Specifications 5120 5140 5160

Traffic Monitoring Up to 5 [Gb/s] 1250 [KPPS] Up to 10 [Gb/s] 2500 [KPPS] Up to 17 [Gb/s] 4250 [KPPS]

Physical eyeManage deployment

eyeManage Performance 5110 5120 5140 5160

Specifications

Managed Appliances N/A Up to 10 Up to 100 Up to 200

The maximum number of Forescout appliances that can be managed will vary based on factors including but not limited to network environment, product configuration and use cases.

Supported SFPs (relevant to appliance models: 5120, 5140, 5160)

Manufacturer SFP Model Details

Finisar FCLF8521P2BTL 1000BASE-T 100m Gen2 RJ-45 Copper SFP

Finisar FTLF1318P3BTL
1000BASE-LX 10km Industrial Temperature Gen 3 SFP Optical Transceiver
Finisar FTRJ1319P1BTL

Finisar FTLF8519P3BNL
1000BASE-SX 500m Extended Temperature SFP Optical Transceiver
Finisar FTLF8519P2BCL

Finisar FTLX1471D3BCV 10G/1G Dual Rate (10GBASE-LR and 1000BASE-LX) 10km SFP+ Optical Transceiver

Finisar FTLX8574D3BCV 10G/1G Dual Rate (10GBASE-SR and 1000BASE-SX) 400m Multimode Datacom SFP+ Optical Transceiver

Amphenol8 5715400038 Direct Attach 10G

 Forescout Licensing and Sizing Guide 14

4100 Series Physical Appliance Specifications (Forescout Flexx Licensing)

Forescout 4100 Series appliances operate in Flexx licensing mode starting in version 8.2.2 of the Forescout software. Note that these appliances are not validated for use in
high availability or failover scenarios.

Performance Specifications 4130 Environmental Specifications 4130

Devices2,3 Up to 300 1 @ up to 120W, 100-240 VAC,

Power Supply
50~60Hz (external)
Switch/WLAN devices3 Up to 7
Power Consumption (max.) 60W
802.1X Authentications per second 4
Up to 8
Operating Temperature -40°C to 50°C (-40°F to +122°F)
Traffic Monitoring Up to 200 [Mb/s]
Storage Temperature -40C ~+ 80 C
Captive Portal (capacity) Up to 7 HTTP logins/minute
Heat Dissipation (max.) N/A
OT Sensor Traffic Monitoring7 Up to 200 [Mb/s]
Humidity 10% to 90%
NetFlow 0
Appliance Dimensions (length, width, 28 cm x 21 cm x 8.05 cm (11.02” x
Hardware Specifications 4130 height, weight) 8.26” x 3.16”), 10.58 lbs

Form Factor Shelf / Desktop Shipment Package 37 cm x 32 cm x 17 cm (14.7” x 12.6”

(length, width, height, weight) x 6.7”) 12.34 lbs
Fixed Network Interfaces 6 x 10/100/1000 Mbps Ethernet

SFP Network Interfaces N/A

I/O Support 2 serial ports (RS-232/422/485)

USB Ports 6 USB 3.1

Video (VGA) 1 x HDMI, 1 x DisplayPort, 1 x DVI-I

DVD-ROM N/A

Hard Drives 1 HDD

 Forescout Licensing and Sizing Guide 15

Sizing CT and CEM Series Appliances (Per-Appliance Licensing)

This section is dedicated to Forescout virtual and physical appliances under the per-appliance licensing model.

Identify the load/performance required

To understand which size virtual and/or physical Forescout appliance(s) you need to deploy, use the requirements from the “Scoping Your Needs” section. Then use this section
to find physical and virtual appliance specifications of the Forescout CT and CEM Series appliances.

CT and CEM Series Appliance specifications

Appliance sizing recommendations are based on the following performance requirements:

• Managed endpoints
• Managed switch/wireless LAN devices
• Traffic monitoring (Gb/s) + captive portal (HTTP logins/minute)
• 802.1X (authentications/second)

Note: The hardware and virtual appliance specifications were tested using the test environment described in Appendix A. This test environment simulates a common customer
environment and includes typically used modules. Your environment may differ from our test environment due to different configuration settings, amounts of network traffic,
installed modules or other factors. Your observed performance will vary accordingly.

VCT and VCEM Virtual Appliance Specifications (Per-Appliance Licensing)

Forescout virtual appliances (VCT and VCEM series) operating in the per-appliance licensing mode are offered in several different sizes. This section provides specifications
for these virtual appliances. Forescout and eyeManage virtual appliances are supported on VMware ESXi, Hyper-V and KVM. The complete virtual appliance license package/
system will include Forescout virtual appliances, Forescout virtual eyeManage and the console. These function identically to physical components, with the exception of
licenses, which function differently in per-appliance licensing mode.

Note: In virtual environments, factors such as CPU type, hypervisor version, memory and network I/O options may impact virtual appliance performance1.

Hardware Requirements:
• Maximum disk latency of 5ms
• Recommended I/O Read 200 MB/s or higher, I/O Write 200 MB/s or higher
• Minimum 2.0 Ghz CPU
• No CPU over commitment on virtual hosts
• CPUs and memory must be dedicated/reserved to the virtual appliance
• Additional disk space may be required to store local debug logs; virtual drives up to 2 TB are supported
 Forescout Licensing and Sizing Guide 16

Forescout virtual appliance specifications

Performance Specifications VCT-R9 VCT-100 VCT-1000 VCT-2000 VCT-4000 VCT-10000

Devices2,3 Up to 100 Up to 500 Up to 1,000 Up to 2,500 Up to 4,000 Up to 10,000

Switch/WLAN devices3 Up to 4 Up to 20 Up to 20 Up to 100 Up to 100 Up to 200

802.1X Authentications per Up to 5 Up to 10 Up to 10 Up to 42 (+2 Up to 42 (+2 Up to 86 (+4

second4 vCPUs and 4 GB vCPUs and 4 GB vCPUs and 4 GB
Memory)4 Memory)4 Memory)4

Traffic Monitoring5 Up to 100 [Mb/s] Up to 1 [Gb/s] 250 Up to 1 [Gb/s] 250 Up to 3 [Gb/s] 750 Up to 3 [Gb/s] 750 Up to 3 [Gb/s] 750
25 [KPPS] [KPPS] (requires [KPPS] (requires [KPPS] (requires [KPPS] (requires [KPPS] (requires
an additional 2 an additional 2 an additional 8 an additional 8 an additional 8
vCPUs and 4 GB vCPUs and 4 GB vCPUs and 12 GB vCPUs and 12 GB vCPUs and 12 GB
Memory)4 Memory)4 Memory)4 Memory)4 Memory)4

Traffic Monitoring specifications 5 HTTP logins/ 10 HTTP logins/ 10 HTTP logins/ 88 HTTP logins/ 88 HTTP logins/ 88 HTTP logins/
above deliver Captive portal minute minute minute minute minute minute
capacity for:

NetFlow 0 50,000 flows per 50,000 flows per 50,000 flows per 50,000 flows per 50,000 flows per
second second second second second

VM Specifications1 VCT-R9 VCT-100 VCT-1000 VCT-2000 VCT-4000 VCT-10000

vCPUs 4 vCPUs 6 vCPUs 6 vCPUs 10 vCPUs 10 vCPUs 14 vCPUs

Memory 12 GB (*) 14 GB 14 GB 24 GB 24 GB 32 GB

Minimum Hard Drive Storage 200 GB 200 GB 200 GB 200 GB 200 GB 200 GB

* For VCT-R appliance, a minimum of 8 GB is needed if using a version prior to 8.2.2.

 Forescout Licensing and Sizing Guide 17

Virtual appliance running eyeManage

eyeManage Performance
VCEM-05 VCEM-10 VCEM-25 VCEM-50 VCEM-100 VCEM-150 VCEM-200
Specifications

Forescout Appliances 5 10 25 50 100 150 200

VM Specifications VCEM-05 VCEM-10 VCEM-25 VCEM-50 VCEM-100 VCEM-150 VCEM-200

vCPUs 4 vCPUs 4 vCPUs 8 vCPUs 8 vCPUs 8 vCPUs 10 vCPUs 10 vCPUs

Memory 12 GB 24 GB 16 GB 16 GB 16 GB 24 GB 24 GB

Minimum Hard Drive Storage 200 GB 200 GB 200 GB 200 GB 200 GB 200 GB 200 GB

Virtual appliance dedicated to managing switch/WLAN devices

When a Forescout virtual appliance doesn’t manage endpoints but only manages switch/WLAN devices, the maximum number of switch/WLAN devices it can manage is:

Performance Specifications VCT-100 VCT-1000 VCT-2000 VCT-4000 VCT-10000

Up to 120 managed Up to 120 managed Up to 280 managed Up to 280 managed Up to 400 managed
Switch dedicated appliance
switches3.6 switches3.6 switches3.6 switches3.6 switches3.6

Up to 140 WLAN Up to 140 WLAN Up to 250 WLAN Up to 250 WLAN Up to 360 WLAN
Wireless dedicated appliance
devices3 devices3 devices3 devices3 devices3

Up to 300,000 flows per Up to 300,000 flows per Up to 300,000 flows per

NetFlow dedicated appliance 0 0
second second second

VM Specifications VCT-100 VCT-1000 VCT-2000 VCT-4000 VCT-10000

vCPUs 6 vCPUs 6 vCPUs 10 vCPUs 10 vCPUs 14 vCPUs

Memory 14 GB 14 GB 24 GB 24 GB 32 GB

Minimum Hard Drive Storage 200 GB 200 GB 200 GB 200 GB 200 GB

Note: Appliance capacity to manage switch/WLAN devices can vary depending on multiple factors, such as the actual number of endpoints connected to a device, the complexity of the policies
being run or the rates used by the plugin to poll devices.
 Forescout Licensing and Sizing Guide 18

CT and CEM Series Physical Appliance Specifications (Per-Appliance Licensing)

Forescout CT and CEM Series appliances operate in per-appliance licensing mode and are offered in different sizes. Note CT-R appliances will not support Forescout software
version 8.2.0 but a Limited Appliance option is available starting with the 8.2.1 release. The CT-series (Rev-30) will remain at the Forescout software version 8.2.2 thru the
product EOL.

Forescout appliance (Rev-50)

Performance Specifications CT-R CT-100 CT-1000 CT-2000 CT-4000 CT-10000

Devices3 Up to 100 Up to 500 Up to 1,000 Up to 2,500 Up to 4,000 Up to 10,000

Switch/WLAN devices3 Up to 4 Up to 10 Up to 20 Up to 50 Up to 80 Up to 200

Traffic Monitoring Up to 100 [Mb/s] Rev-50: Up to 1 [Gb/s] Up to 2 [Gb/s] Up to 4 [Gb/s]1 Up to 6 [Gb/s]1

25 [KPPS] Up to 500 [Mb/s] 250 [KPPS] 500 [KPPS] 1000 [KPPS] 2000 [KPPS]
125 [KPPS]
*Rev-40 and below: *Rev-40 and below:
up to 200 MB/s up to 500 MB/s

OT Sensor Traffic Monitoring N/A Up to 500 [Mb/s] Up to 500 [Mb/s] Up to 500 [Mb/s] Up to 500 [Mb/s] Up to 500 [Mb/s]
(only supported on Rev-50)7

NetFlow maximum flows 0 Up to 50,000 Up to 50,000 Up to 50,000 Up to 50,000 Up to 50,000

per second *(only supported on
rev-50)

Hardware Specifications CT-R CT-100 CT-1000 CT-2000 CT-4000 CT-10000

1U desktop (steel
Chassis 1U 19” rack mount 1U 19” rack mount 1U 19” rack mount 1U 19” rack mount 1U 19” rack mount
slim line case)

6 Copper 8 Copper 8 Copper 8 Copper 8 Copper

4 Copper + 4 Fiber 4 Copper + 4 Fiber

Network Port Options10 4 Copper
4 Copper + 2 Fiber 4 Copper + 4 Fiber 4 Copper + 4 Fiber
6 Copper + 2 Fiber 6 Copper + 2 Fiber
10G 10G

I/O Support 1 serial port (RJ45) 1 serial port (DB9) 1 serial port (DB9) 1 serial port (DB9) 1 serial port (DB9) 1 serial port (DB9)
 Forescout Licensing and Sizing Guide 19

2 back-panel USB 2 back-panel USB 2 back-panel USB 2 back-panel USB 2 back-panel USB
2 USB
USB Ports 2.0 + 1 front-panel 2.0 + 1 front panel 2.0 + 1 front panel 2.0 + 1 front panel 2.0 + 1 front panel
2.0-compliant
USB 2.0 USB 2.0 USB 2.0 USB 2.0 USB 2.0

Video (VGA) 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15)

DVD-ROM N/A 1 1 1 1 1

Hard Drives 1 HDD 3 HDD (RAID1+HS) 3 HDD (RAID1+HS) 3 HDD (RAID1+HS) 3 HDD (RAID1+HS) 3 HDD (RAID1+HS)

Environmental
CT-R CT-100 CT-1000 CT-2000 CT-4000 CT-10000
Specifications

Power Supply 1 @ up to 60W 2 @ up to 750W 2 @ up to 750W 2 @ up to 750W 2 @ up to 750W 2 @ up to 750W

100-240 VAC, 100-240 VAC 100-240 VAC 100-240 VAC 100-240 VAC 100-240 VAC
50~60Hz 50~60Hz 50~60Hz 50~60Hz 50~60Hz 50~60Hz
(External)

Power Consumption (max) 45.3W 744W 744W 744W 744W 744W

Operating Temperature 5°C to 40°C (41°F 10°C to 35°C (50°F 10°C to 35°C (50°F 10°C to 35°C (50°F 10°C to 35°C (50°F 10°C to 35°C (50°F
to 104°F) to 95°F) at 10% to 95°F) at 10% to 95°F) at 10% to 95°F) at 10% to 95°F) at 10%
to 80% relative to 80% relative to 80% relative to 80% relative to 80% relative
humidity, 26°C humidity, 26°C humidity humidity humidity
max. dew point. max. dew point.

Storage Temperature 0°C to 70 °C (32°F –40°C to 65°C –40°C to 65°C –40°C to 65°C –40°C to 65°C –40°C to 65°C
to 158°F) (-40°F to 149°F) (-40°F to 149°F) (-40°F to 149°F) (-40°F to 149°F) (-40°F to 149°F)
with a max. temp. with a max. temp. with a max. temp. with a max. temp. with a max. temp.
gradation of 20°C gradation of 20°C gradation of 20°C gradation of 20°C gradation of 20°C
(68°F) per hour (68°F) per hour (68°F) per hour (68°F) per hour (68°F) per hour

Heat Dissipation (max) N/A 2891 BTU/Hr 2891 BTU/Hr 2891 BTU/Hr 2891 BTU/Hr 2891 BTU/Hr
 Forescout Licensing and Sizing Guide 20

Humidity 20%-90% 20% to 80% (non- 20% to 80% (non- 10°C to 35°C (50°F 10°C to 35°C (50°F 10°C to 35°C (50°F
condensing) at condensing) at to 95°F) at 10% to 95°F) at 10% to 95°F) at 10%
a max. wet bulb a max. wet bulb to 80% relative to 80% relative to 80% relative
temp. of 29°C temp. of 29°C humidity (RH), humidity (RH), humidity (RH),
(84.2°F) (84.2°F) 26°C (78.8°F) 26°C (78.8°F) 26°C (78.8°F)
max. dew point max. dew point max. dew point

Appliance Dimensions 18.11cm x 70.05cm x 70.05cm x 70.05cm x 70.05cm x 70.05cm x

(length, width, height) 21.06cm x 4.45cm 48.23cm x 4.28cm 48.23cm x 4.28cm 48.23cm x 4.28cm 48.23cm x 4.28cm 48.23cm x 4.28cm
(7.13” x 8.29” x (27.57” x 18.98” (27.57” x 18.98” (27.57” x 18.98” (27.57” x 18.98” (27.57” x 18.98”
1.75”) 1.68”) 1.68”) 1.68”) 1.68”) 1.68”)

38.1cm x 30.48cm 84.18cm x 62.87cm 84.18cm x 62.87cm 84.18cm x 62.87cm 84.18cm x 62.87cm 84.18cm x 62.87cm
Shipment Package
x 16.51cm x 27.94cm (33.14” x x 27.94cm (33.14” x x 27.94cm (33.14” x x 27.94cm (33.14” x x 27.94cm (33.14” x
(length, width, height,
(15” x 12” x 6.5”) 24.75” x 11.0”) 24.75” x 11.0”) 24.75” x 11.0”) 24.75” x 11.0”) 24.75” x 11.0”)
weight)
5.9 lbs 61 lbs 61 lbs 61 lbs 61 lbs 61 lbs

*For CT-100 (rev-40 and below), specification updates for NetFlow and traffic monitoring are relevant starting with version 8.2.2.
In addition, starting with the 8.2.2 version, it is not recommended to run the eyeSegment module on these revisions. Also, exercise caution when deciding to run any eyeExtend modules or third-party
integrations that were not previously running. Appliance performance should be monitored via Appliance Resource Utilization Policy (part of health monitoring policies) to verify that the CT-100 or
CT-1000 appliance has not reached high resource utilization.

For details about Forescout health monitoring policies, refer to the Forescout Administration Guide.

Verify an appliance’s model and revision by running the Forescout CLI command fstool model. For details, refer to the Forescout CLI Commands Reference Guide.

Appliance dedicated to managing switch/WLAN devices

When a Forescout appliance doesn’t manage any endpoints but only manages switch/WLAN devices, the max. switch/WLAN devices the appliance can manage is:

Performance Specifications CT-R CT-100 CT-1000 CT-2000 CT-4000 CT-10000

Switch dedicated appliance max. managed switches3,6 5 25 300 500 1,000 1,500

Wireless dedicated appliance max. WLAN devices3 4 20 100 150 200 1,000

NetFlow max. flows per second 0 Up to 50,000 Up to 50,000 Up to 50,000 Up to 50,000 Up to 50,000
 Forescout Licensing and Sizing Guide 21

Physical appliance running eyeManage (Rev-50)

eyeManage Performance
CEM-05 CEM-10 CEM-25 CEM-50
Specifications

Forescout Appliances 5 10 25 50

Hardware Specifications CEM-05 CEM-10 CEM-25 CEM-50

Network Ports–Copper (RJ-45) 10/100/1000 Mbps 10/100/1000 Mbps 10/100/1000 Mbps 10/100/1000 Mbps

I/O Support 1 serial port (DB9) 1 serial port (DB9) 1 serial port (DB9) 1 serial port (DB9)

2 back-panel, USB 2.0+ 1 2 back-panel USB 2.0 + 1 2 back-panel USB 2.0 + 1 2 back-panel USB 2.0 + 1
USB Ports
front-panel USB 2.0 front-panel USB 2.0 front-panel USB 2.0 front-panel USB 2.0

Video (VGA) 1 (DB15) 1 (DB15) 1 (DB15) 1 (DB15)

CD-ROM 1 1 1 1

Hard Drives 3 HDD (RAID-1+HS) 3 HDD (RAID-1+HS) 3 HDD (RAID-1+HS) 3 HDD (RAID-1+HS)

Power Supply 2 750W 100-240 VAC, 2 750W 100-240 VAC, 2 750W 100-240 VAC, 2 750W 100-240 VAC,
50~60Hz 50~60Hz 50~60Hz 50~60Hz

Environmental Specifications CEM-05 CEM-10 CEM-25 CEM-50

Power Consumption (max) 744W 744W 744W 744W

Operating Temperature 10°C to 35°C (50°F to 10°C to 35°C (50°F to 10°C to 35°C (50°F to 10°C to 35°C (50°F to
95°F) at 10% to 80% 95°F) at 10% to 80% 95°F) at 10% to 80% 95°F) at 10% to 80%
relative humidity, 26°C max. relative humidity, 26°C max. relative humidity relative humidity
dew point. dew point.

Storage Temperature –40°C to 65°C (-40°F to –40°C to 65°C (-40°F to –40°C to 65°C (-40°F to –40°C to 65°C (-40°F to
149°F) max. temp. gradation 149°F) max. temp. gradation 149°F) max. temp. gradation 149°F) max. temp. gradation
of 20°C per hour of 20°C per hour of 20°C per hour of 20°C per hour

Cooling Requirement 2891 BTU/Hr 2891 BTU/Hr 2891 BTU/Hr 2891 BTU/Hr
 Forescout Licensing and Sizing Guide 22

Humidity 20% to 80% (non-condensing) 20% to 80% (non-condensing) 10°C to 35°C (50°F to 10°C to 35°C (50°F to
at a max. wet bulb temp. of at a max. wet bulb temp. of 95°F) at 10% to 80% relative 95°F) at 10% to 80% relative
29°C (84.2°F) 29°C (84.2°F) humidity humidity

Chassis 1U 19” rack mount 1U 19” rack mount 1U 19” rack mount 1U 19” rack mount

Appliance Dimensions (length, 70.05cm x 48.23cm x 4.28cm 70.05cm x 48.23cm x 4.28cm 70.05cm x 48.23cm x 4.28cm 70.05cm x 48.23cm x 4.28cm
width, height) (27.57” x 18.98” x 1.68”) (27.57” x 18.98” x 1.68”) (27.57” x 18.98” x 1.68”) (27.57” x 18.98” x 1.68”)

Shipment Package (length, width, 84.18cm x 62.87cm x 27.94cm 84.18cm x 62.87cm x 27.94cm 84.18cm x 62.87cm x 27.94cm 84.18cm x 62.87cm x 27.94cm
height, weight) (33.14” x 24.75” x 11.0”) (33.14” x 24.75” x 11.0”) (33.14” x 24.75” x 11.0”) (33.14” x 24.75” x 11.0”)
61 lbs 61 lbs 61 lbs 61 lbs

Physical eyeManage specifications – continued

Performance Specifications CEM-100 CEM-150 CEM-200

Forescout Appliances 100 150 200

Hardware Specifications CEM-100 CEM-150 CEM-200

Network Ports–Copper (RJ-45) 8 10/100/1000 Mbps 8 10/100/1000 Mbps 8 10/100/1000 Mbps

I/O Support 1 serial port (DB9) 1 serial port (DB9) 1 serial port (DB9)

2 back-panel, USB 2.0 + 1 front-panel 2 back-panel USB 2.0 + 1 front-panel 2 back-panel USB 2.0 + 1 front-panel
USB Ports
USB 2.0 USB 2.0 USB 2.0

Video (VGA) 1 (DB15) 1 (DB15) 1 (DB15)

CD-ROM 1 1 1

Hard Drives 3 HDD (RAID-1+HS) 3 HDD (RAID-1+HS) 3 HDD (RAID-1+HS)

Power Supply 2 750W 100-240 VAC, 50~60Hz 2 750W 100-240 VAC, 50~60Hz 2 750W 100-240 VAC, 50~60Hz
 Forescout Licensing and Sizing Guide 23

Environmental Specifications CEM-100 CEM-150 CEM-200

Power Consumption (max) 744W 744W 744W

Operating Temperature 10°C to 35°C (50°F to 95°F) at 10°C to 35°C (50°F to 95°F) at 10°C to 35°C (50°F to 95°F) at
10% to 80% relative humidity 10% to 80% relative humidity 10% to 80% relative humidity

Storage Temperature –40°C to 65°C (-40°F to 149°F) with a –40°C to 65°C (-40°F to 149°F) with a –40°C to 65°C (-40°F to 149°F) with a
max. temp. gradation of 20°C per hour max. temp. gradation of 20°C per hour max. temp. gradation of 20°C per hour

Cooling Requirement 2891 BTU/Hr 2891 BTU/Hr 2891 BTU/Hr

10°C to 35°C at 10% to 80% relative 10°C to 35°C at 10% to 80% relative 10°C to 35°C at 10% to 80% relative
Humidity
humidity, 26°C (78.8°F) max. dew point humidity, 26°C (78.8°F) max. dew point humidity, 26°C (78.8°F) max. dew point

Chassis 1U 19” rack mount 1U 19” rack mount 1U 19” rack mount

Appliance Dimensions (length, width, 70.05cm x 48.23cm x 4.28cm 70.05cm x 48.23cm x 4.28cm 70.05cm x 48.23cm x 4.28cm
height) (27.57” x 18.98” 1.68”) (27.57” x 18.98” 1.68”) (27.57” x 18.98” 1.68”)

Shipment Package 96.52cm x 60.96cm x 28.58cm 96.52cm x 60.96cm x 28.58cm 96.52cm x 60.96cm x 28.58cm
(length, width, height, weight) (38.0” x 24.0” x 11.25”) (38.0” x 24.0” x 11.25”) (38.0” x 24.0” x 11.25”)
66 lbs 66 lbs 66 lbs

The maximum number of Forescout appliances that can be managed will vary based on several factors, including but not limited to network environment, product configuration and use cases.
 Forescout Licensing and Sizing Guide 24

Appendix A - Test Environment for Appliances

The specifications in this document are based on Forescout’s in-depth performance testing using an environment that simulates common customer environments along with
Forescout modules and plugins that are typically used. Your environment may differ from our test environment due to different configuration settings, amounts of network
traffic, installed modules and other factors. Your observed performance will vary accordingly.

• Forescout version used: Version 8.3

• Performance was measured using default configurations values
• Endpoints: Windows endpoints were inspected with Remote Inspection. (SecureConnector™ is also supported and delivers the same performance.)
• Switch/WLAN devices: 50 endpoints connected to each switch/WLAN device (simulated with 500 MAC and 50 ARP addresses). Inspection was done with either CLI or
SNMP for switch devices and SNMP for WLAN devices.
• The switch devices and the connected endpoints were managed by the same appliance
• Packet engine, including HTTP redirections using real-world network traffic
• 802.1X is tested for EAP-TLS
• The Forescout best practices policy set was used (Proset 6.3). In addition, testing included policies that checked for the following:
• The presence of a specific file name on an endpoint
• MD5: If a file has been altered using MD5
• Microsoft vulnerability: The presence of a specific vulnerability
• NetBIOS: If the domain is X and the hostname is Y
• Registry: If a key is present
• Script: Run a script on an endpoint and return results
• Shared Folders: List an endpoint’s shared folders
• Username: Whether a user is logged on with a certain username
• The results for the virtual appliances were tested using a 2.7GHz CPU
 Forescout Licensing and Sizing Guide 25

Appendix B - Bandwidth Utilization

Forescout introduces new traffic onto the network, and different scenarios will create different bandwidth demands. Estimates for the various Forescout components include:

5120 5140 5160

High Availability Throughput: Direct (cabled) connection 7 Mbps on TX (Transmit) 27.5 Mbps on TX 75 Mbps on TX
between appliance and HA appliance 1 Mbps on RX (Receive) 1.2 Mbps on RX 1 Mbps on RX

Network Throughput to eyeManage: Communication 82.7 Kbps on write (to EM) 122 Kbps on write (to EM) 206 Kbps on write (to EM)
between Forescout appliance and eyeManage (EM) appliance 1.8 Kbps on read (from EM) 2.88 Kbps on read (from EM) 1.5 Kbps on read (from EM)

Inter-Appliance Throughput (IAC): Communication between 4bps on average: numbers may differ on configuration change events
multiple Forescout appliances

Forescout Appliance to Endpoint Communication

Different policies (which differ by customer) will achieve different results. We used a Forescout Professional Services default set of policies (Proset 6.3). Remote inspection (RI)
data was measured using the default setting for WMI/RPC (max. observed). This measures the recheck interval bandwidth, which is a more realistic scenario to consider than a
one-off check at the beginning, versus the bandwidth anticipated at the point of initial policy inspection.

Max (Kbps) Average (Kbps)

Remote Inspection sent from endpoint side (1 endpoint) 72.5 0.25

Remote Inspection sent from appliance side (500 endpoints) 160 3

SecureConnector sent from endpoint side (1 endpoint) 52.5 0.32

SecureConnector sent from appliance side (500 endpoints) 326 51.5

Forescout Appliance to Switch Communication

The bandwidth calculations below were generated from tests on a Cisco switch using Simple Network Management Protocol (SNMP). We don’t expect major differences in
SNMP bandwidth between switch models and vendors. An exception is Juniper switches, which use Netconf over secure shell (SSH) instead of SNMP – a method that could
increase latency and bandwidth usage. We used a basic configuration for the Cisco switches, not including 802.1X, for these bandwidth calculations. Bandwidth data shown is
per switch; doubling the number of switches will double the bandwidth. Two configurations were tested:
 Forescout Licensing and Sizing Guide 26

MAC modulation

MAC Entries 100 1,000 2,500 5,000 7,500 10,000

Bandwidth [in Bp/s] 386.5253 1043.269 2105.472 4068.643 6051.582 18134.55

MAC and ARP modulation

MAC Entries 100 1,000 2,500 5,000 7,500 10,000

ARP Entries 100 1,000 2,500 5,000 7,500 10,000

Total Bandwidth [in Bp/s] 388.7203 1135.404 2674.648 5004.851 7387.724 19078.59

• Latency: Even with very high MAC and ARP count the switch responded in the order of tens of milliseconds, on average 41ms.
• Test cycle: Up to 40 seconds with 10,000 MACs and 10,000 ARPs. Support for a 60-second polling rate is not recommended with additional entries or larger switches and
routers.
• Note on scale: A larger MAC or ARP table will consume more bandwidth but does not scale linearly with the number of entries.

[1] Forescout eyeExtend products are not included as part of the VM specification. In order to run eyeExtend products on virtual appliances, it is required to allocate more hardware resources to the VM depending on the product required and usage.
[2] Device count, as determined by Forescout appliance, is the number of devices known to the appliance by either their MAC address and/or their IP address. Devices may be detected by the appliance when on site or off site, or they may be made known to the
appliance via third-party integrations. A device may be counted more than once if it uses multiple IP addresses and/or multiple MAC addresses. Devices include user endpoints, network infrastructure devices, non-user devices and virtual machines.
Device information is retained in the appliance from initial discovery until such time the information is purged, based on aging preferences set in the product.
[3] Each Forescout appliance, physical or virtual, is licensed for a specified device count. However, the maximum number of devices manageable will vary based on several factors, including but not limited to network environment, product configuration and use
cases. It is recommended to manage the switch devices and the connected endpoints with the same appliance to achieve optimal performance. The recommended maximum number of switches that an appliance can manage assumes that 50 endpoints connect
to a switch on average. In cases where the average switch device has more endpoints connected to it, such as stacked switch devices, the overall number of managed switch devices will be lower (example: if the average switch device has 100 endpoints connected
to it, each switch device will be accounted as two switches).
[4] Performance shown in the table is for 802.1X EAP-TLS authentications without Fast Reconnect.
[5] The maximum bandwidth per E1000/ Hyper-V Network Adapter vNIC is 750Mb/s using 1G interface, and up to four (4) E1000/ Hyper-V Network Adapter vNICs are supported on a single virtual appliance to obtain 3Gb/s aggregate monitoring bandwidth. Support
for VMXNET3 interfaces is available for the VCT-2000/4000/10000: The maximum bandwidth per VMXNET3 vNIC is 1Gb/s using 10G interface, and up to two (2) VMXNET3 vNICs are supported on a single virtual appliance to obtain 2Gb/s aggregate monitoring
bandwidth. Support for Hyper-V Network Adapter is available for the VCT-2000/4000/10000: The maximum bandwidth per interface is 1.2Gb/s using a 10G interface, and up to three (3) Hyper-V Network Adapters are supported on a single virtual appliance to obtain
3.6Gb/s aggregate monitoring bandwidth. HTTP login is done by injecting HTTP redirect into an endpoint’s browser session and authenticating it using Active Directory.
[6] The appliance should be manually configured to a fixed number of subprocesses to work as a dedicated switch appliance. The number of subprocesses should be set to 10 for a small virtual appliance, to 15 for medium virtual appliance, to 20 for the large virtual
appliance and for the 5120 physical appliance and to 50 for the 5140/5160. The number of subprocesses should be set to 10 for VCT-100/VCT-1000, to 15 for VCT-2000/VCT-4000 to 20 for VCT- 10000. Instructions for configuring the number of subprocesses can
be found in the Switch Plugin manual, under section “Determining the Number of Sub-Processes to Run.”
[7] To avoid monitoring issues when using the Forescout appliance as both an OT Sensor and for traffic monitoring, do not configure the same port to perform both functions.
[8] This SFP option is not available for purchase through Forescout
[9] Forescout 8.2 is supported on the VCT-R.
[10] Copper ports are 10/100/1000 RJ-45. Fiber ports are 1Gb/s, 1000Base-SX SFP; Fiber 10G ports are 10Gb/s, 10Gbase-SR SFP+.

Forescout Technologies, Inc. Toll-Free (US) 1-866-377-8771 © 2021 Forescout Technologies, Inc. All rights reserved. Forescout Technologies, Inc. is a Delaware corporation. A list of our trademarks and patents is available at
190 West Tasman Drive Tel (Intl) +1-408-213-3191 https://www.Forescout.com/company/legal/intellectual-property-patents-trademarks. Other brands, products, or service names may be trademarks or service marks of their
San Jose, CA 95134 USA Support 1-708-237-6591 respective owners. Version 03_21