unless you're doing something crazy and constantly killing the flows with a billion sessions with maxed traffic i would agree with you.

we have a 201f cluster with a 2gb primary line, smaller backup, 500 or so devices behind it, 100+ users behind it, and about 100+ active at any one time IPSEC tunnels and we have all security features on but we do not use DPI just basic certificate inspection and it's rare to see the device dashboard show CPU usage or more than a few percent. before this we had the same setup with 200e and we only upgraded since the deal on the new devices was a good one rather than renewing at the time but we had no "need" to upgrade and the 200e series performed exactly the same from our perspective.

so in short i think if you can get a 101f or 201f it's likely you'll be fine. and if you do have a complex setup that does tax the device it's very likely that there is a couple of safe and trusted flows that will be responsible for the majority of the impact that you can exempt or apply a less intense policy to if needed in order to manage performance.