Packet flow: FortiGates with NP6 processors first packet of a new session

Packet flow: FortiGates with NP6 processors first packet of a new session

On a FortiGate with NP6 processors the first packet in a new session is handled the same way as on a FortiGate with no NP6 processors. Except that some processes, such as DoS, ACL, IP integrity checking, and IPsec VPN decryption are accelerated by the NP6 processor.

packet-flow-overview-np6

Network processors (NP6)

FortiASIC network processors work at the interface level to accelerate traffic by offloading sessions from the main CPU. Current FortiGate models contain NP6 network processors. Older FortiGate models include NP4 and older network processors.

NP6 processors can offload most IPv4 and IPv6 traffic, IPsec VPN encryption, CAPWAP traffic, and multicast traffic. The NP6 has a capacity of 40 Gbps through 4 x 10 Gbps interfaces or 3 x 10 Gbps and 16 x 1 Gbps interfaces.

Sessions that require proxy-based UTM/NGFW (including proxy-based virus scanning, web filtering, and so on) are not fast pathed and must be processed by the CPU.

Sessions that require flow-based UTM/NGFW (including IPS, application control, flow-based virus scanning and so on) can be offloaded to NP4 or NP6 network processors if the FortiGate supports NTurbo.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website