What’s New in FortiClient 5.4

Leave a reply

What’s New in FortiClient 5.4

The following is a list of new features and enhancements in FortiClient 5.4.

This document was written for FortiClient (Windows) 5.4.1. Not all features described in this document are supported for FortiClient (Mac OS X) 5.4.1.

FortiClient 5.4.1

The following is a list of new features in FortiClient version 5.4.1.

Endpoint control

FortiClient Telemetry

FortiClient Telemetry is the new name of the connection between FortiClient and FortiGate/EMS. You no longer register FortiClient endpoints to FortiGate/EMS, but connect FortiClient Telemetry to FortiGate/EMS. See FortiClient Telemetry Connection on page 51.

Endpoint compliance

FortiClient includes a Compliance tab that communicates whether FortiClient is connected to FortiGate or EMS and whether the endpoint is compliant.

When connected to FortiGate, the Compliance tab communicates whether FortiClient and the endpoint device are compliant with the compliance rules defined by FortiGate. Endpoint users can view the Compliance tab to review compliance rules and status. Endpoint users can also view information about steps required to remain compliant with the network access rules. See Compliance on page 54.

Picture of endpoint user

FortiClient can now display a small picture of the endpoint user on the Compliance tab. This feature is available when FortiClient is used with EMS, and the feature is enabled in EMS. When enabled, FortiClient uses the picture defined in the Windows operating system on the endpoint device. FortiClient displays no picture when no picture is found in the Windows operating system.

FortiClient Telemetry can also send the picture to FortiGate and EMS.

FortiGate endpoint control

FortiGate 5.4.1 has changed how it manages FortiClient endpoints. Now FortiGate is used to define the compliance rules for NAC in a FortiClient profile, and FortiClient helps to enforce the rules on endpoints. When you use FortiGate to create a FortiClient profile, you define the compliance rules, and you specify how to handle non-compliant FortiClient endpoints. Non-compliant endpoints can be blocked from network access, warned about non-compliance while maintaining network access, or automatically updated to maintain network access.

See About managed mode on page 25.

Improved installation process for FortiClient (Windows)

An upgrade schedule dialog box is displayed in advance when deploying FortiClient from EMS to endpoints running Windows operating system. If no FortiClient is installed on the endpoint, no reboot is required for the installation, and no upgrade schedule dialog box is displayed. The user can postpone the reboot for a maximum of 24 hours. Before the mandatory reboot occurs, a FortiClient dialog box is displayed with a 15 minute warning.

Vulnerability scan

The Vulnerability scan feature requires specific versions of products. If you are using FortiGate, FortiOS 5.4.1 is required. If you are using FortiClient EMS, version 1.0.1 is required.

Vulnerability scan enhancements

Vulnerability scan feature in FortiClient (Windows) can perform a full scan of the endpoint to find any OS,

Microsoft Office, browser and third-party vulnerabilities. FortiClient can then report the vulnerabilities to FortiAnalyzer and Central Management in FortiGate or FortiClient EMS, depending on whether FortiClient is connected to FortiGate or FortiClient EMS. See Vulnerability Scan on page 92.

Vulnerability auto-patching

FortiClient (Windows) supports automatic patching of vulnerabilities where FortiClient will initiate and apply any updates required to resolve detected vulnerabilities and return endpoints to a secure state. See Vulnerability Scan on page 92.

FortiSandbox support for removable media

Files on removable media can now be sent for on-demand FortiSandbox scanning. You can configure FortiSandbox to scan files on removable media by using FortiClient XML. For more information, see the FortiClient XML Reference.

Configurator tool

You can now use the FortiClient Configurator tool to add a Telemetry Gateway IP List to a custom FortiClient installer. See Custom FortiClient Installations on page 110.

FortiClient 5.4.0

The following is a list of new features in FortiClient version 5.4.0.

Antivirus

Advanced Persistent Threats

FortiClient 5.4.0 has enhanced capabilities for the detection of Advanced Persistent Threats (APT). There are two changes added in this respect:

l Botnet Command and Control Communications Detection l FortiSandbox integration (Windows only)

Botnet Communication Detection

Botnets running on compromised systems usually generate outbound network traffic directed towards Command and Control (C&C) servers of their respective owners. The servers may provide updates for the botnet, or commands on actions to execute locally, or on other accessible, remote systems. When the new botnet feature is enabled, FortiClient monitors and compares network traffic with a list of known Command and Control servers. Any such network traffic will be blocked.

FortiSandbox Integration

FortiSandbox offers the capabilities to analyze new, previously unknown and undetected virus samples in realtime. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as are available on the FortiOS and FortiClient. If the file is not detected but is an executable file, it is run (sandboxed) in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behavior in the VM.

FortiClient integration with FortiSandbox allows users to submit files to FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they cannot be detected by the local, real-time scanning. Access to the downloaded file is blocked until the scanning result is returned.

As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time and on-demand AV scanning.

Enhanced Real-Time Protection Implementation

The Real-Time Protection (RTP) or on-access feature in FortiClient uses tight integration with Microsoft Windows to monitor files locally, or over a network file system, as they are being downloaded, saved, run, copied, renamed, opened, or written to. The FortiClient driver coupling with Windows has been re-written to use modern APIs provided by Microsoft. All basic features remain the same, with a few minor differences in behavior. Some noticeable performance enhancements could be observed in various use case scenarios.

Web Filtering

Web Browser Usage and Duration

If configured, FortiClient will record detailed information about the user’s web browser activities, such as:

l A history of websites visited by the user (as shown in regular web browser history) l An estimate of the duration or length of stay on the website.

These logs are sent to FortiAnalyzer, if configured. With FortiAnalyzer 5.4.0 or newer, the FortiClient logs sent from various endpoints may be viewed in FortiView.

VPN

Authorized Machine Detection

For enterprises where new computers may be brought into the organization by employees, FortiClient can be configured to check or identify the computer before allowing it to establish IPsec VPN or SSL VPN connections to the FortiGate. The administrator may configure restrictions with one or more of the following:

l Registry check: Ensure a specific registry path contains a predetermined value l File check: Verify the existence of a specific file at a specified location l Application check: Ensure that a specific application is installed and running

The verification criteria can be configured using advanced FortiClient XML configurations on the FortiGate or FortiClient Enterprise Management Server (EMS).

New SSL VPN Windows driver

The FortiClient SSL VPN driver pppop.sys was re-written to use the latest Microsoft recommended CoNDIS WAN driver model. The new driver is selected when FortiClient is installed on Windows 7 or newer. The SSL VPN driver included in the previous versions of FortiClient will still be maintained.

New IPsec VPN Windows drivers

FortiClient IPsec VPN drivers have been updated to support Microsoft Windows NDIS 6.3 specification. The new drivers are compatible with Microsoft Windows 8.1 or newer.

Support for DTLS

FortiClient SSL VPN connections to FortiGate now support Datagram Transport Layer Security (DTLS) by using User Datagram Protocol (UDP) as the transport protocol. Previously FortiClient SSL VPN connections supported only Transport Control Protocol (TCP). You can now use FortiGate to configure SSL VPN connections that use DTLS. You cannot use FortiClient to configure SSL VPN connections that use DTLS. When FortiClient endpoints use a DTLS-enabled SSL VPN connection with FortiGate, and FortiGate communicates DTLS support, FortiClient uses DTLS via UDP. If DTLS fails, FortiClient will fall back to use TLS to establish an SSL VPN connection.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Installation requirements

2 Replies

Installation requirements

The following table lists operating system support and the minimum system requirements.

Operating System Support Minimum System Requirements
l Microsoft Windows 7 (32-bit and 64-bit) l Microsoft Windows 8 (32-bit and 64-bit) l Microsoft Windows 8.1 (32-bit and 64-bit) l Microsoft Windows 10 (32-bit and 64-bit) l  Microsoft Internet Explorer version 8 or later l Microsoft Windows compatible computer with Intel

processor or equivalent

l  Compatible operating system and minimum

512MB RAM

l  600MB free hard disk space l Native Microsoft TCP/IP communication protocol l Native Microsoft PPP dialer for dial-up connections l Ethernet NIC for network connections l Wireless adapter for wireless network connections l Adobe Acrobat Reader for documentation l MSI installer 3.0 or later.
l Microsoft Windows Server 2008 R2 l Microsoft Windows Server 2012 l Microsoft Windows Server 2012 R2 l  Microsoft Internet Explorer version 8 or later l Microsoft Windows compatible computer with Intel

processor or equivalent

l  Compatible operating system and minimum

512MB RAM

l  600MB free hard disk space l Native Microsoft TCP/IP communication protocol l Native Microsoft PPP dialer for dial-up connections l Ethernet NIC for network connections l Wireless adapter for wireless network connections l Adobe Acrobat Reader for documentation l MSI installer 3.0 or later.

Firmware images and tools

Operating System Support Minimum System Requirements
l Mac OS X v10.8 Mountain Lion l Mac OS X v10.9 Mavericks l Mac OS X v10.10 Yosemite l Mac OS X v10.11 El Capitan l Apple Mac computer with an Intel processor l 256MB of RAM l 20MB of hard disk drive (HDD) space l TCP/IP communication protocol l Ethernet NIC for network connections l Wireless adapter for wireless network connections

Windows XP (32-bit) is supported when FortiClient software updates are disabled. You can disable FortiClient software updates by using EMS or FortiClient XML. Signature updates remain supported when FortiClient software updates are disabled.

Firmware images and tools

Microsoft Windows

The following files are available in the firmware image file folder:

  • 4.xx.xxxx.exe

Standard installer for Microsoft Windows (32-bit).

  • 4.xx.xxxx.zip
    • zip package containing FortiClient.msi and language transforms for Microsoft Windows (32-bit). Some properties of the MSI package can be customized with FortiClient Configurator tool.
  • 4.xx.xxxx_x64.exe

Standard installer for Microsoft Windows (64-bit).

  • 4.xx.xxxx_x64.zip
    • zip package containing FortiClient.msi and language transforms for Microsoft Windows (64-bit). Some properties of the MSI package can be customized with FortiClient Configurator tool.
  • 4.xx.xxxx.zip
    • zip package containing miscellaneous tools including the FortiClient Configurator tool and VPN Automation files:

The following tools and files are available in the FortiClientTools_5.4.xx.xxxx.zip file:

  • FortiClientConfigurator

An installer repackaging tool that is used to create customized installation packages.

  • FortiClientVirusCleaner A virus cleaner.
  • OnlineInstaller

This file downloads and installs the latest FortiClient file from the public FDS.

  • SSLVPNcmdline

Firmware images and tools

Command line SSL VPN client.

  • SupportUtils

Includes diagnostic, uninstallation, and reinstallation tools. l VPNAutomation

  • VPN automation tool.

When creating a custom FortiClient 5.4 installer by using the FortiClient Configurator tool, you can choose which features to install. You can also select to enable or disable software updates, configure SSO, and rebrand FortiClient.

Mac OS X

The following files are available in the firmware image file folder:

  • 4.x.xxx_macosx.dmg Standard installer or Mac OS X.
  • 4.x.xxx_macosx.tar

FortiClient includes various utility tools and files to help with installations.

The following tools and files are available in the FortiClientTools .tar file:

  • OnlineInstaller

This file downloads and installs the latest FortiClient file from the public FDS.

  • FortiClientConfigurator

An installer repackaging tool that is used to create customized installation packages.

  • RebrandingResources

Rebranding resources used by the FortiClient Configurator tool.

When creating a custom FortiClient 5.4.1 installer by using the FortiClient Repackager tool, you can choose to install Everything, VPN Only, or SSO only. You can also select to enable or disable software updates and rebrand

FortiClient.

FortiClient 5.4 cannot use FortiClient version 5.0 licenses. To use FortiClient Configurator, you need to use the FortiClient version 5.4 license file.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Fortinet Product Support For FortiClient

Leave a reply

Fortinet product support for FortiClient

The following Fortinet products work together to support FortiClient in managed mode:

l FortiClient EMS l FortiManager l FortiGate l FortiAnalyzer l FortiSandbox Fortinet product support for FortiClient

FortiClient EMS

FortiClient EMS runs on a Windows server. EMS deploys FortiClient (Windows) and profiles to endpoints, and the endpoints can connect FortiClient Telemetry to FortiGate or EMS. When FortiClient endpoints are connected to FortiGate or EMS, you can use EMS to monitor FortiClient endpoints in real time.

For information on EMS, see the FortiClient EMS Administration Guide, available in the Fortinet Document

Library.

FortiManager

FortiManager provides central FortiClient management for FortiGate devices that are managed by FortiManager. In FortiManager, you can create one or more FortiClient profiles that you can assign to multiple FortiGate devices. You can also import FortiClient profiles from one FortiGate device and assign the FortiClient profile to other FortiGate devices. When FortiClient endpoints are connected to managed FortiGate devices, you can use FortiManager to monitor FortiClient endpoints from multiple FortiGate devices.

For information on FortiManager, see the FortiManagerAdministration Guide, available in the Fortinet Document Library.

Licensing

FortiGate

FortiGate provides network security. FortiGate devices define compliance rules for NAC (network access control) for connected FortiClient endpoints, and FortiClient communicates the compliance rules to endpoints. FortiGate devices communicate between FortiClient endpoints, EMS, and FortiManager, when FortiManager is used.

For information on FortiGate, see the FortiOS Handbook, available in the Fortinet Document Library.

FortiAnalyzer

FortiAnalyzer can receive logs from FortiClient endpoints that are connected to FortiGate or EMS, and you can use FortiAnalyzer to analyze the logs and run reports. FortiAnalyzer receives logs directly from FortiClient. However, in FortiAnalyzer, you view FortiClient logs under the device to which the FortiClient endpoint is connected. For example, when FortiClient endpoints are connected to FortiGate devices, you must add the FortiGate devices to FortiAnalyzer to view FortiClient logs for the FortiClient endpoints that are connected to FortiGates.

For information on FortiAnalyzer, see the FortiAnalyzerAdministration Guide, available in the Fortinet Document Library.

FortiSandbox

FortiSandbox offers the capabilities to analyze new, previously unknown, and undetected virus samples in realtime. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as are available on FortiOS and FortiClient. If the file is not detected but is an executable file, it is run in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behavior in the VM.

FortiClient integration with FortiSandbox allows users to submit files from removable media or the network to FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they cannot be detected by the local, real-time scanning. Access to the downloaded file can be blocked until the scanning result is returned.

As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time and on-demand AV scanning.

For more information, see the FortiSandbox Administration Guide, available in the Fortinet Document Library.

Licensing

FortiClient managed mode requires a license. In managed mode, FortiClient licensing is applied to FortiGate or EMS.

Installation requirements

FortiClient licenses for FortiGate

FortiGate 30 series and higher models include a FortiClient license for ten (10) free, connected FortiClient endpoints. For additional connected endpoints, you must purchase a FortiClient license subscription. Contact your Fortinet sales representative for information about FortiClient licenses.

FortiClient licenses for EMS

EMS includes a FortiClient license for ten (10) free, connected FortiClient endpoints for evaluation. For additional connected endpoints, you must purchase a FortiClient license subscription. Contact your Fortinet sales representative for information about FortiClient licenses.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

FortiClient 5.4.1 Administration Guide

Leave a reply

Introduction

FortiClient is an all-in-one comprehensive endpoint security solution that extends the power of Fortinet’s Advanced Threat Protection (ATP) to end user devices. As the endpoint is the ultimate destination for malware that is seeking credentials, network access, and sensitive information, ensuring that your endpoint security combines strong prevention with detection and mitigation is critical.

Standalone FortiClient (Free) Managed FortiClient (Licensed)
Installation Options l Complete: All Endpoint Security and VPN components will be installed.

l VPN Only: only VPN components (IPsec and

SSL) will be installed.

 Installation Options l Complete: All Endpoint Security and VPN components will be installed.

l VPN Only: only VPN components (IPsec and

SSL) will be installed. l Create a custom FortiClient installer using the FortiClient Configurator tool.
Threat Protection l Real-time Antivirus Protection l Antirootkit/Antimalware l Grayware Blocking (Adware/Riskware) Threat Protection l Real-time Antivirus Protection l FortiSandbox support l Antirootkit/Antimalware l Grayware Blocking (Adware/Riskware) l Cloud-Based Behavior Scanning
Web Content l Web Filtering l YouTube Education Filter Web Content l Web Filtering l YouTube Education Filter

This document was written for FortiClient (Windows) 5.4.1. Not all features described in this document are supported for FortiClient (Mac OS X) 5.4.1.

FortiClient modes and features

FortiClient offers two licensing modes: Standalone mode and Managed mode. The standalone mode is free, and the managed mode is licensed. In managed mode, FortiClient is used with FortiGate, FortiClient Enterprise Management Server (EMS), or both FortiGate and EMS.

The following table provides a feature comparison between standalone FortiClient (free version) and managed FortiClient (licensed version).

FortiClient modes and features

Standalone FortiClient (Free) Managed FortiClient (Licensed)
VPN l SSL VPN l IPsec VPN

l Client Certificate Support l X.509 Certificate Support l Elliptical Curve Certificate Support l Two-Factor Authentication

 VPN l SSL VPN l IPsec VPN

l Client Certificate Support l X.509 Certificate Support l Elliptical Curve Certificate Support l Two-Factor Authentication
Logging l VPN, Antivirus, Web Security, and Update

Logging l View logs locally

 Logging l VPN, Application Firewall, Antivirus, Web

Filter, Update, and Vulnerability Scan

Logging l View logs locally
  Network Access Compliance l Compliance l Define and enforce enterprise security policies when FortiClient used with FortiGate.
  Application Control l Application Firewall l Block Specific Application Traffic
  Vulnerability Management l Vulnerability Scan l Link to FortiGuard with information on the impact and recommended actions

l Receive remediation instructions for addressing endpoint vulnerabilities, including access to software patches
  Central Management l Centralized Client Management and monitoring

l Centralized configuration provisioning and deployment
  Central Logging l Upload logs to FortiAnalyzer or

FortiManager. FortiClient must connect to FortiGate or EMS to upload logs to FortiAnalyzer or FortiManager.

 

Fortinet product support for FortiClient

Standalone mode

In standalone mode, FortiClient is not connected to a FortiGate or EMS. In this mode, FortiClient is free both for private individuals and commercial businesses to use; no license is required. See Standalone FortiClient on page 24.

Support for FortiClient in standalone mode is provided on the Fortinet Forums (forum.fortinet.com). Phone support is not provided.

Managed mode

Companies with large installations of FortiClient usually need a means to manage their endpoints. EMS can be used to provision and centrally manage FortiClient endpoints, and FortiGate can be used with FortiClient endpoints for network security. Each FortiClient endpoint can register to a FortiGate or an EMS. In this mode, FortiClient licensing is applied to the FortiGate or EMS. No separate license is required on FortiClient itself. See Managed FortiClient on page 25.

FortiClient banner and modes

If FortiClient (full version or VPN only) is running in standalone mode and not connected to a FortiGate or EMS, a single banner at the bottom of the FortiClient console is displayed. When FortiClient is running in managed mode and connected to a FortiGate or EMS, the banner is hidden by default. Similarly, when you create a FortiClient installer by using FortiClient Configurator (Windows) or Repackager (OS X), no banner is displayed by default.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

FortiGate-1000D fast path architecture

Leave a reply

FortiGate1000D fast path architecture

The FortiGate-1000D includes two NP6 processors that are not connected by an integrated switch fabric (ISF). The NP6 processors are connected to network interfaces as follows:

Because the FortiGate-1000D does not have an ISF you cannot create Link Aggreg- ation Groups (LAGs) that include interfaces connected to both NP6 processors.

  • Eight 1Gb SFP interfaces (port17-port24), eight 1Gb RJ-45 Ethernet interfaces (port25-32) and one 10Gb SFP+ interface (portB) share connections to the first NP6 processor.
  • Eight 1Gb SFP interfaces (port1-port8), eight RJ-45 Ethernet interfaces (port9-16) and one 10Gb SFP+ interface (portA) share connections to the second NP6 processor.

FortiGate 1000D

MGMT 1

1                          3                          5                          7

9                        11

13                        15

10G SFP+ B

17                        19                        21                        23

25                        27                       29                        31

 

STATUS

USB                                  CONSOLE

ALARM                                                                           

HA POWER

USB MGMT

MGMT 2

2                          4                          6                          8

10                        12

14                        16                                                      A

18                        20                        22                        24

26                        28                       30                        32

FortiASIC NP6

FortiASIC NP6

System Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-1000D NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port17 1G   Yes

1   port18 1G   Yes

1   port19 1G   Yes

1   port20 1G   Yes

1   port21 1G   Yes

1   port22 1G   Yes

1   port23 1G   Yes

1   port24 1G   Yes

1   port27 1G   Yes

1   port28 1G   Yes

1   port25 1G   Yes

1   port26 1G   Yes

1   port31 1G   Yes

1   port32 1G   Yes

1   port29 1G   Yes

1   port30 1G   Yes

2   portB  10G  Yes

3

—— —- ——- —– ———- np6_1  0

1   port1 1G   Yes

1   port2 1G   Yes

1   port3 1G   Yes

1   port4 1G   Yes

1   port5 1G   Yes

1   port6 1G   Yes

1   port7 1G   Yes

1   port8 1G   Yes

1   port11 1G   Yes

1   port12 1G   Yes

1   port9 1G   Yes

1   port10 1G   Yes

1   port15 1G   Yes

1   port16 1G   Yes

1   port13 1G   Yes

1   port14 1G   Yes

2   portA 10G  Yes

3


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

FortiGate-900D fast path architecture

Leave a reply

FortiGate900D fast path architecture

The FortiGate-900D includes two NP6 processors that are not connected by an integrated switch fabric (ISF). Without an ISF, traffic through a FortiGate-900D could experience lower latency than traffic through similar hardware with an ISF. The NP6 processors are connected to network interfaces as follows:

Because the FortiGate-900D does not have an ISF you cannot create Link Aggreg- ation Groups (LAGs) that include interfaces connected to both NP6 processors.

  • Eight 1Gb SFP interfaces (port17-port24), eight 1Gb RJ-45 Ethernet interfaces (port25-32) and one 10Gb SFP+ interface (portB) share connections to the first NP6 processor.
  • Eight 1Gb SFP interfaces (port1-port8), eight RJ-45 Ethernet interfaces (port9-16) and one 10Gb SFP+ interface (portA) share connections to the second NP6 processor.

 

MGMT  1

1                          3                          5                          7

9                        11

13                       15

10G SFP+

17                        19                        21                        23

25                       27

29                       31

 

FortiGate 900D

USB

CONSOLE

USB MGMT

MGMT  2

FortiASIC NP6

FortiASIC NP6

System Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-900D NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port17 1G   Yes

1   port18 1G   Yes

1   port19 1G   Yes

1   port20 1G   Yes

1   port21 1G   Yes

1   port22 1G   Yes

1   port23 1G   Yes

1   port24 1G   Yes

1   port27 1G   Yes

1   port28 1G   Yes

1   port25 1G   Yes

1   port26 1G   Yes

1   port31 1G   Yes

1   port32 1G   Yes

1   port29 1G   Yes

1   port30 1G   Yes

2   portB  10G  Yes

3

—— —- ——- —– ———- np6_1  0

1   port1 1G   Yes

1   port2 1G   Yes

1   port3 1G   Yes

1   port4 1G   Yes

1   port5 1G   Yes

1   port6 1G   Yes

1   port7 1G   Yes

1   port8 1G   Yes

1   port11 1G   Yes

1   port12 1G   Yes

1   port9 1G   Yes

1   port10 1G   Yes

1   port15 1G   Yes

1   port16 1G   Yes

1   port13 1G   Yes

1   port14 1G   Yes

2   portA 10G  Yes

3


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

FortiGate-800D fast path architecture

Leave a reply

FortiGate800D fast path architecture

The FortiGate-800D includes one NP6 processor connected through an integrated switch fabric to all of the FortiGate-800D network interfaces. This hardware configuration supports NP6-accelerated fast path offloading for sessions between any of the FortiGate-800D interfaces.

Integrated Switch Fabric

FortiASIC NP6

System Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-800D NP6 configuration. The command output shows one NP6 named NP6_0. The output also shows all of the FortiGate-800D interfaces (ports) connected to NP6_0. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip   XAUI Ports   Max   Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0  0    port31  10G   Yes

1    wan1    1G    Yes

1    port1   1G    Yes

1    wan2    1G    Yes

1    port2   1G    Yes

1    port3   1G    Yes

1    port4   1G    Yes

1    port5   1G    Yes

1    port6   1G    Yes

1    port30  1G    Yes

1    port29  1G    Yes

1    port28  1G    Yes

1    port27  1G    Yes

1    port26  1G    Yes

1    port25  1G    Yes

1    port24  1G    Yes

1    port23  1G    Yes

2    port7   1G    Yes

2    port8   1G    Yes

2    port9   1G    Yes

2    port10  1G    Yes

2    port11  1G    Yes

2    port12  1G    Yes

2    port13  1G    Yes

2    port14  1G    Yes

2    port15  1G    Yes

2    port16  1G    Yes

2    port17  1G    Yes

2    port18  1G    Yes

2    port19  1G    Yes

2    port20  1G    Yes

2    port21  1G    Yes

2    port22  1G    Yes

3    port32  10G   Yes

—— —- ——- —– ———-


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

FortiGate-600D fast path architecture

Leave a reply

FortiGate600D fast path architecture

The FortiGate-600D includes one NP6 processor connected to eight 1Gb SFP interfaces (port1-port8) and eight 1Gb RJ-45 Ethernet ports (port9-16) and two 10Gb SFP+ interfaces (port17 and port18).

You can use the following get command to display the FortiGate-600D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port10 1G   Yes

1   port9  1G   Yes

1   port12 1G   Yes

1   port11 1G   Yes

1   port14 1G   Yes

1   port13 1G   Yes

1   port16 1G   Yes

1   port15 1G   Yes

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2   port17 10G  Yes

3   port18 10G  Yes

—— —- ——- —– ———-


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!