FortiGate–500D fast path architecture

The FortiGate-500D includes one NP6 processor connected to eight 1Gb SFP interfaces (port1-port8) and eight 1Gb RJ-45 Ethernet ports (port9-16).

FortiASIC NP6

CP8

CPU

CP8

You can use the following get command to display the FortiGate-500D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port10 1G   Yes

1   port9  1G   Yes

1   port12 1G   Yes

1   port11 1G   Yes

1   port14 1G   Yes

1   port13 1G   Yes

1   port16 1G   Yes

1   port15 1G   Yes

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2

3

—— —- ——- —– ———-

FortiGate–400D fast path architecture

The FortiGate-400D includes one NP6 processor connected to eight 1Gb SFP interfaces (port1-port8) and eight 1Gb RJ-45 Ethernet ports (port9-16).

FortiASIC NP6

CP8

CPU

CP8

You can use the following get command to display the FortiGate-400D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port10 1G   Yes

1   port9  1G   Yes

1   port12 1G   Yes

1   port11 1G   Yes

1   port14 1G   Yes

1   port13 1G   Yes

1   port16 1G   Yes

1   port15 1G   Yes

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2

3

—— —- ——- —– ———-

FortiGate–300D fast path architecture

The FortiGate-300D includes one NP6 processor connected to four 1Gb RJ-45 Ethernet ports (port1-4) and four 1Gb SFP interfaces (port5-port8).

FortiASIC NP6

CP8

CPU

CP8

You can use the following get command to display the FortiGate-300D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0  0

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2

3

—— —- ——- —– ———-

FortiGate NP6 architectures

Many FortiGate models can offload some types of network traffic processing from main processing resources to specialized network processors. If your network has a significant volume of traffic that is suitable for offloading, this hardware acceleration can significantly improve your network throughput.

Chapter 12 – Hardware Acceleration

This FortiOS Handbook chapter contains the following sections:

• Hardware acceleration overview describes the capabilities of FortiGate content processors (CPs), security processors (SPs) and network processors (NPs). This chapter also describes how to determine the hardware acceleration components installed in your FortiGate unit and contains some configuration details and examples.
• NP6 Acceleration describes the FortiGate NP6 network processor.
• FortiGate NP6 architectures contains details about the network processing architectures of FortiGate units that contain NP6 processors.
• NP4 Acceleration describes the FortiGate NP4 network processor.
• FortiGate NP4 architectures contains details about the network processing architectures of FortiGate units that contain NP4 processors.

Whats New in Hardware Acceleration for FortiOS 5.4

NP6 diagnose commands and get command changes (288738)

You can use the get hardware npu np6 command to display information about the NP6 processors in your FortiGate and the sessions they are processing. This command contains a subset of the options available from the diagnose npu np6 command. The command syntax is:

get hardware npu np6 {dce <np6-id> | ipsec-stats | port-list | session-stats <np6-id> |

sse-stats <np6-id> | synproxy-stats}

<np6-id> identifies the NP6 processor. 0 is np6_0, 1 is np6_1 and so on. dce show NP6 non-zero sub-engine drop counters for the selected NP6. ipsec-stats show overall NP6 IPsec offloading statistics.

port-list show the mapping between the FortiGate’s physical ports and its NP6 processors.

session-stats show NP6 session offloading statistics counters for the selected NP6.

sse-stats show hardware session statistics counters.

synproxy-stats show overall NP6 synproxy statistics for TCP connections identified as being syn proxy DoS

attacks.