FPM-7620E processing module
The FPM-7620E processing module is a high-performance worker module that processes sessions load balanced to it by FortiGate-7000 series interface (FIM) modules over the chassis fabric backplane. The FPM-7620E can be installed in any FortiGate-7000 series chassis in slots 3 and up.
The FPM-7620E includes two 80Gbps connections to the chassis fabric backplane and two 1Gbps connections to the base backplane. The FPM-7620E processes sessions using a dual CPU configuration, accelerates network traffic processing with 4 NP6 processors and accelerates content processing with 8 CP9 processors. The NP6 network processors are connected by the FIM switch fabric so all supported traffic types can be fast path accelerated by the NP6 processors.
The FPM-7620E includes the following hardware features:
- Two 80Gbps fabric backplane channels for load balanced sessions from the FIM modules installed in the chassis. l Two 1Gbps base backplane channels for management, heartbeat and session sync communication. l Dual CPUs for high performance operation. l Four NP6 processors to offload network processing from the CPUs. l Eight CP9 processors to offload content processing and SSL and IPsec encryption from the CPUs. FPM-7620E front panel
- Power button. l NMI switch (for troubleshooting as recommended by Fortinet Support). l Mounting hardware.
- LED status indicators.
4
FPM-7620E processing module Physical Description
Physical Description
| Dimensions | 1.2 x 11.34 x 14 in. (3.1 x 28.8 x 35.1 cm) (Height x Width x Depth) |
| Weight | 7.2 lb. (3.23 kg) |
| Operating Temperature | 32 to 104°F (0 to 40°C) |
| Storage Temperature | -31 to 158°F (-35 to 70°C) |
| Relative Humidity | 10% to 90% non-condensing |
Front Panel LEDs
| LED State | Description | |
| STATUS | Off | The FPM-7620E is powered off. |
| Green | The FPM-7620E is powered on and operating normally. | |
| Flashing Green | The FPM-7620E is starting up. | |
| ALARM | Red | Major alarm. |
| Amber | Minor alarm | |
| Off | No alarms | |
| POWER | Green | The FPM-7620E is powered on and operating normally. |
| Off | The FPM-7620E is powered off. | |
Turning the module on and off
You can use the front panel power button to turn the module power on or off. If the module is powered on, press the power switch to turn it off. If the module is turned off and installed in a chassis slot, press the power button to turn it on.
NMI switch FPM-7620E processing module
NMI switch
When working with Fortinet Support to troubleshoot problems with the FPM-7620E you can use the front panel non-maskable interrupt (NMI) switch to assist with troubleshooting. Pressing this switch causes the software to dump registers/backtraces to the console. After the data is dumped the board reboots. While the board is rebooting, traffic is temporarily blocked. The board should restart normally and traffic can resume once its up and running.
NP6 network processors – offloading load balancing and network traffic
The four FPM-7620E NP6 network processors combined with the FIM module integrated switch fabric (ISF) provide hardware acceleration by offloading load balancing from the FPM-7620E CPUs. The result is enhanced network performance provided by the NP6 processors plus the network processing load is removed from the CPU. The NP6 processor can also handle some CPU intensive tasks, like IPsec VPN encryption/decryption. Because of the integrated switch fabric, all sessions are fast-pathed and accelerated.
6
FPM-7620E processing module Accelerated IPS, SSL VPN, and IPsec VPN (CP9 content processors)
Accelerated IPS, SSL VPN, and IPsec VPN (CP9 content processors)
The FPM-7620E includes eight CP9 processors that provide the following performance enhancements:
- Flow-based inspection (IPS, application control etc.) pattern matching acceleration with over 10Gbps throughput l IPS pre-scan l IPS signature correlation l Full match processors
- High performance VPN bulk data engine l IPsec and SSL/TLS protocol processor l DES/3DES/AES128/192/256 in accordance with FIPS46-3/FIPS81/FIPS197 l MD5/SHA-1/SHA256/384/512-96/128/192/256 with RFC1321 and FIPS180 l HMAC in accordance with RFC2104/2403/2404 and FIPS198 l ESN mode
- GCM support for NSA “Suite B” (RFC6379/RFC6460) including GCM-128/256; GMAC-128/256
- Key Exchange Processor that supports high performance IKE and RSA computation l Public key exponentiation engine with hardware CRT support l Primary checking for RSA key generation l Handshake accelerator with automatic key material generation l True Random Number generator l Elliptic Curve support for NSA “Suite B” l Sub public key engine (PKCE) to support up to 4096 bit operation directly (4k for DH and 8k for RSA with CRT)
- DLP fingerprint support l TTTD (Two-Thresholds-Two-Divisors) content chunking l Two thresholds and two divisors are configurable
FPM-7620E mounting components
Hardware installation
This chapter describes installing a FPM-7620E processing module into a FortiGate-7000 chassis.
FPM-7620E mounting components
To install a FPM-7620E you slide the module into slot 3 or up in the front of an FortiGate-7000 series chassis and then use the mounting components to lock the module into place in the slot. When locked into place and positioned correctly the module front panel is flush with the chassis front panel. The module is also connected to the chassis backplane.
To position the module correctly you must use the mounting components shown below for the right of the FPM7620E front panel. The mounting components on the left of the front panel are the same but reversed. The FPM7620E mounting components align the module in the chassis slot and are used to insert and eject the module from the slot.
Open Closed
(when open the latch slides up about 2 mm)
The FPM-7620E handles align the module in the chassis slot and are used to insert and eject the module from the slot. The latches activate micro switches that turn on or turn off power to the module. When both latches are raised the module cannot receive power. When the latches are fully closed if the module is fully inserted into a chassis slot the module can receive power.
Inserting a FPM-7620E module into a chassis
This section describes how to install a FPM-7620E module into a FortiGate-7000 series chassis slot 3 or up.
You must carefully slide the module all the way into the chassis slot, close the handles to seat the module into the slot, and tighten the retention screws to make sure the module is fully engaged with the backplane and secured. You must also make sure that the sliding latches are fully closed by gently pushing them down. The handles must be closed, the retention screws tightened and the latches fully closed for the module to get power and start up. If the module is not receiving power all LEDs remain off.
FPM-7620Es are hot swappable. The procedure for inserting a FPM-7620E into a chassis slot is the same whether or not the chassis is powered on.
To insert a FPM-7620E into a chassis slot
Do not carry the FPM-7620E by holding the handles or retention screws. When inserting or removing the FPM-7620E from a chassis slot, handle the module by the front panel. The handles are not designed for carrying the board. If the handles become bent or damaged the FPM-7620E may not align correctly in the chassis slot.
To complete this procedure, you need: l A FPM-7620E
- A FortiGate-7000 chassis with an empty hub/switch slot
- An electrostatic discharge (ESD) preventive wrist strap with connection cord
FPM-7620Es must be protected from static discharge and physical shock. Only handle or work with FPM-7620Es at a static-free workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling FPM-7620Es. Attach the ESD wrist strap to your wrist and to an ESD socket or to a bare metal surface on the chassis or frame. (An ESD wrist strap is not visible in the photographs below because they were taken in an ESD safe lab environment.)
Inserting a FPM-7620E module into a chassis
- Remove the FPM-7620E module from its packaging. Align the module with the chassis slot and slide the module part way into the slot.
In the photograph the FPM-7620E is being installed into chassis slot 4 of a FortiGate-7040E chassis.
- Unlock the left and right handles by pushing the handle latches up about 2 mm until the handles pop open.
Fully open both handles before sliding the module into the chassis to avoid damaging the handle mechanism.
Damaging the handles may prevent the module from connecting to power.
- Carefully slide the module into the slot until the handles engage with the sides of the chassis slot, partially closing the them.
Insert the module by applying moderate force to the front faceplate (not the handles) to slide the module into the slot. The module should glide smoothly into the chassis slot. If you encounter any resistance while sliding the module in, the module could be aligned incorrectly. Pull the module back out and try inserting it again.
Inserting a FPM-7620E module into a chassis
- Push both handles closed and close the latches.
Closing the handles draws the module into place in the chassis slot and into full contact with the chassis backplane. The module front panel should be in contact with the chassis front panel and the latches should drop down and lock into place. You should gently push the latches down to make sure they lock. The module will not receive power until the latches are fully locked.
- Tighten both retention screws to secure the module in the chassis.
You can tighten the retention screws by hand with a Phillips screwdriver. If you use a power screwdriver the tightening torque needs to be adjusted between 3 In-lb to 4 In-lb (0.4 N-m to 0.48 N-m).
As the latches are locked, power is supplied to the module. If the chassis is powered on during insertion the status LED flashes green as the module starts up. Once the board has started up and is operating correctly, the front panel LEDs are lit for normal operation.
Normal LED operation
| LED | State | |
| Status | Green | |
| Alarm | Off | |
| Power | Green |
Shutting down and removing a FPM-7620E board from a chassis
Shutting down and removing a FPM-7620E board from a chassis
To avoid potential hardware problems, always shut down the FPM-7620E operating system properly before removing the FPM-7620E from a chassis slot or before powering down the chassis.
Disconnect all cables from the FPM-7620E module, including all network cables and USB cables or keys.
FPM-7620Es are hot swappable. The procedure for removing a FPM-7620E from a chassis slot is the same whether or not the chassis is powered on.
To remove a FPM-7620E board from a chassis slot
Do not carry the FPM-7620E by holding the handles or retention screws. When inserting or removing the FPM-7620E from a chassis slot, handle the module by the front panel. The handles are not designed for carrying the board. If the handles become bent or damaged theFPM-7620E may not align correctly in the chassis slot.
To complete this procedure, you need:
l A FortiGate-7000 chassis with a FPM-7620E module installed l An electrostatic discharge (ESD) preventive wrist strap with connection cord
FPM-7620Es must be protected from static discharge and physical shock. Only handle or work with FPM-7620Es at a static-free workstation. Always wear a grounded electrostatic discharge (ESD) preventive wrist strap when handling FPM-7620Es. (An ESD wrist strap is not visible in the photographs below because they were taken in an
ESD safe lab environment.)
Shutting down and removing board from
- Fully loosen the retention screws.
You must fully loosen the screws or the handles may be damaged when used to eject the board from the chassis slot.
- Unlock the left and right handles by pushing the latches up about 2 mm until the handles pop open.
Shutting down and removing a FPM-7620E board from a chassis
- Fully open the handles to eject the module from the chassis.
You need to open the handles with moderate force to eject the module from the chassis.
- Hold the module front panel sides and slide it part way out of the slot. Then grasp the module by the sides and carefully slide it out of the slot.
Troubleshooting
Troubleshooting
This section describes some common troubleshooting topics:
FPM-7620E does not startup
Positioning of FPM-7620E handles and a few other causes may prevent a FPM-7620E from starting up correctly.
Latches and handles not fully closed
If the latches or handles are damaged or positioned incorrectly the FPM-7620E may not start up. Make sure the latches are fully closed and the handles are correctly aligned, fully inserted and locked and the retention screws are tightened.
Firmware problem
If the FPM-7620E is receiving power and the latches are handles are fully closed, and you have restarted the chassis and the FPM-7620E still does not start up, the problem could be with FortiOS. Connect to the FPM7620E console and try cycling the power to the board. If the BIOS starts up, interrupt the BIOS startup and install a new firmware image.
If this does not solve the problem, contact Fortinet Technical Support.
FPM-7620E status LED is flashing during system operation
Normally, the FPM-7620E Status LED is off when the FPM-7620E is operating normally. If this LED starts flashing while the module is operating, a fault condition may exist. At the same time the FPM-7620E may stop processing traffic.
To resolve the problem you can try removing and reinserting the FPM-7620E in the chassis slot. Reloading the firmware may also help.
If this does not solve the problem there may have been a hardware failure or other problem. Contact Fortinet Technical Support for assistance.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!