FortiGate NP4 architectures

Leave a reply

FortiGate3140B — load balance mode

The FortiGate-3140B load balance mode allows you increased flexibility in how you use the interfaces on the FortiGate unit. When enabled, traffic between any two interfaces (excluding management and console) is accelerated. Traffic is not limited to entering and leaving the FortiGate unit in specific interface groupings to benefit from NP4 and SP2 acceleration. You can use any pair of interfaces.

Security acceleration in this mode is limited, however. Only IPS scanning is accelerated in load balance mode.

 

FortiGate  3140B

FSM1

FSM3

CONSOLE

MGMT 1

10G SFP+

1                    3                    5                       7

9                     11                   13

15                  17

S HUT  DO W N

FSM2

FSM4

STATUS ALARM HA POWER

NP4-1      NP4-2

USB

MGMT 2

2                    4                    6                       8

10                   12                   14

10G SFP+            

19                    20

16                   18                                                             

 

Integrated Switch Fabric

FortiASIC NP4

FortiASIC SP2

System Bus

CP7

CPU

 

To enable this feature, issue this CLI command.

config system global

set sp-load-balance enable end

The FortiGate unit will then restart.

 

To return to the default mode, issue this CLI command.

config system global

set sp-load-balance disable end

 

FortiGate3240C

The FortiGate-3240C features two NP4 processors:

  • The 10Gb interfaces, port1 through port6, and the 1Gb interfaces, port13 through port20, share connections to one NP4 processor.
  • The 10Gb interfaces, port7 through port12, and the 1Gb interfaces, port21 through port28, share connections to the other NP4 processor.

In addition to the ports being divided between the two NP4 processors, they are further divided between the two connections to each processor. Each NP4 can process 20 Gb of network traffic per second and each of two connections to each NP4 can move 10Gb of data to the processor per second, so the ideal configuration would have no more than 10 Gb of network traffic to each connection of each NP4 at any time.

MGMT                               1                         3

10G SFP+

5                         7

9                        11

13                       15                       17                       19                                21                       23                       25                       27

 

STATUS ALARM HA

POWER

AUX

2                         4                         6

8                        10                       12

14                       16                       18                       20

22                       24                       26                       28

Integrated Switch Fabric

A_0           A_1               B_0           B_1       10 Gb

FortiASIC NP4

FortiASIC NP4

20 Gb

System Bus

CP8

CPU


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6
This entry was posted in FortiOS 5.4 Handbook and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.