FortiGate–800D fast path architecture

The FortiGate-800D includes one NP6 processor connected through an integrated switch fabric to all of the FortiGate-800D network interfaces. This hardware configuration supports NP6-accelerated fast path offloading for sessions between any of the FortiGate-800D interfaces.

Integrated Switch Fabric

FortiASIC NP6

System Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-800D NP6 configuration. The command output shows one NP6 named NP6_0. The output also shows all of the FortiGate-800D interfaces (ports) connected to NP6_0. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip   XAUI Ports   Max   Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0  0    port31  10G   Yes

1    wan1    1G    Yes

1    port1   1G    Yes

1    wan2    1G    Yes

1    port2   1G    Yes

1    port3   1G    Yes

1    port4   1G    Yes

1    port5   1G    Yes

1    port6   1G    Yes

1    port30  1G    Yes

1    port29  1G    Yes

1    port28  1G    Yes

1    port27  1G    Yes

1    port26  1G    Yes

1    port25  1G    Yes

1    port24  1G    Yes

1    port23  1G    Yes

2    port7   1G    Yes

2    port8   1G    Yes

2    port9   1G    Yes

2    port10  1G    Yes

2    port11  1G    Yes

2    port12  1G    Yes

2    port13  1G    Yes

2    port14  1G    Yes

2    port15  1G    Yes

2    port16  1G    Yes

2    port17  1G    Yes

2    port18  1G    Yes

2    port19  1G    Yes

2    port20  1G    Yes

2    port21  1G    Yes

2    port22  1G    Yes

3    port32  10G   Yes

—— —- ——- —– ———-

FortiGate–600D fast path architecture

The FortiGate-600D includes one NP6 processor connected to eight 1Gb SFP interfaces (port1-port8) and eight 1Gb RJ-45 Ethernet ports (port9-16) and two 10Gb SFP+ interfaces (port17 and port18).

You can use the following get command to display the FortiGate-600D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port10 1G   Yes

1   port9  1G   Yes

1   port12 1G   Yes

1   port11 1G   Yes

1   port14 1G   Yes

1   port13 1G   Yes

1   port16 1G   Yes

1   port15 1G   Yes

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2   port17 10G  Yes

3   port18 10G  Yes

—— —- ——- —– ———-

FortiGate–500D fast path architecture

The FortiGate-500D includes one NP6 processor connected to eight 1Gb SFP interfaces (port1-port8) and eight 1Gb RJ-45 Ethernet ports (port9-16).

FortiASIC NP6

CP8

CPU

CP8

 

You can use the following get command to display the FortiGate-500D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

 

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port10 1G   Yes

1   port9  1G   Yes

1   port12 1G   Yes

1   port11 1G   Yes

1   port14 1G   Yes

1   port13 1G   Yes

1   port16 1G   Yes

1   port15 1G   Yes

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2

3

—— —- ——- —– ———-

FortiGate–400D fast path architecture

The FortiGate-400D includes one NP6 processor connected to eight 1Gb SFP interfaces (port1-port8) and eight 1Gb RJ-45 Ethernet ports (port9-16).

FortiASIC NP6

CP8

CPU

CP8

 

You can use the following get command to display the FortiGate-400D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port10 1G   Yes

1   port9  1G   Yes

1   port12 1G   Yes

1   port11 1G   Yes

1   port14 1G   Yes

1   port13 1G   Yes

1   port16 1G   Yes

1   port15 1G   Yes

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2

3

—— —- ——- —– ———-

FortiGate–300D fast path architecture

The FortiGate-300D includes one NP6 processor connected to four 1Gb RJ-45 Ethernet ports (port1-4) and four 1Gb SFP interfaces (port5-port8).

FortiASIC NP6

CP8

CPU

CP8

You can use the following get command to display the FortiGate-300D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

 

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0  0

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2

3

—— —- ——- —– ———-

FortiGate NP6 architectures

Many FortiGate models can offload some types of network traffic processing from main processing resources to specialized network processors. If your network has a significant volume of traffic that is suitable for offloading, this hardware acceleration can significantly improve your network throughput.

Chapter 12 – Hardware Acceleration

This FortiOS Handbook chapter contains the following sections:

• Hardware acceleration overview describes the capabilities of FortiGate content processors (CPs), security processors (SPs) and network processors (NPs). This chapter also describes how to determine the hardware acceleration components installed in your FortiGate unit and contains some configuration details and examples.
• NP6 Acceleration describes the FortiGate NP6 network processor.
• FortiGate NP6 architectures contains details about the network processing architectures of FortiGate units that contain NP6 processors.
• NP4 Acceleration describes the FortiGate NP4 network processor.
• FortiGate NP4 architectures contains details about the network processing architectures of FortiGate units that contain NP4 processors.

 

Whats New in Hardware Acceleration for FortiOS 5.4

 

NP6 diagnose commands and get command changes (288738)

You can use the get hardware npu np6 command to display information about the NP6 processors in your FortiGate and the sessions they are processing. This command contains a subset of the options available from the diagnose npu np6 command. The command syntax is:

 

get hardware npu np6 {dce <np6-id> | ipsec-stats | port-list | session-stats <np6-id> |

sse-stats <np6-id> | synproxy-stats}

 

<np6-id> identifies the NP6 processor. 0 is np6_0, 1 is np6_1 and so on. dce show NP6 non-zero sub-engine drop counters for the selected NP6. ipsec-stats show overall NP6 IPsec offloading statistics.

port-list show the mapping between the FortiGate’s physical ports and its NP6 processors.

 

session-stats show NP6 session offloading statistics counters for the selected NP6.

 

sse-stats show hardware session statistics counters.

 

synproxy-stats show overall NP6 synproxy statistics for TCP connections identified as being syn proxy DoS

attacks.