FortiGate NP4 architectures

FortiGate3950B and FortiGate-3951B — load balance mode

Adding one or more FMC-XG2 modules to your FortiGate-3950B allows you to enable load balance mode. This feature allows you increased flexibility in how you use the interfaces on the FortiGate unit. The FortiGate-3951B is similar to the FortiGate-3950B, except it trades one FMC slot for four FSM slots. The network interfaces available on each model are identical.

When enabled, traffic between any two interfaces (excluding management and console) is accelerated whether they are the six interfaces on the FortiGate-3950B itself, or on any installed FMC modules. Traffic is not limited to entering and leaving the FortiGate unit in specific interface groupings to benefit from NP4 and SP2 acceleration. You can use any pair of interfaces.

Security acceleration in this mode is limited, however. Only IPS scanning is accelerated in load balance mode.

 

The FortiGate-3950B in load balance mode

FMC

FMFCMCF20

FMC1

ACTIVE

FMC3

SERVICE

1 / 2

3 / 4

5 / 6

7 / 8

9 / 10

11 / 12

13 / 14

15 / 16

17 / 18

19 / 20

 

FMCCXG2

FFMMCCC20

FMC4

FMC2

ACTIVE SERVICE

1 (SFP +)       2 (SFP +)

ACTIVE

SERVICE

1 / 2                  3 / 4                  5 / 6                  7 / 8                    9 / 10              11 / 12              13 / 14              15 / 16              17 / 18              19 / 20

 

FortiGate 3950B

CONSOLE

MGMT 1

1                      3                     5 (SFP+)

SWIITCH

FMC

FMC5

I/O

STATUS ALARM HA POWER

USB MGMT

USB

MGMT 2

2                      4                     6 (SFP+)

1       5       9       13     17      21

2       6       10     14     18     22

3       7       11     15     19     23

4       8       12     16     20     24

Integrated Switch Fabric

FortiASIC SP2

FortiASIC NP4

System Bus

CP7

CPU

To enable this feature, issue this CLI command.

config system global

set sp-load-balance enable end

The FortiGate unit will then restart.

 

To return to the default mode, issue this CLI command.

config system global

set sp-load-balance disable end

 

 

FortiGate5001C

The FortiGate-5001C board includes two NP4 processors connected to an integrated switch fabric:

  • The port1, fabric1, and base1 interfaces are connected to one NP4 processor.
  • The port2, fabric2, and base2 interfaces are connected to the other NP4 processor.

fabric1

fabric2

base1

base2

Integrated Switch Fabric

FortiASIC NP4

FortiASIC NP4

System Bus

CP7

CPU


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in FortiOS 5.4 Handbook and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.