Tag Archives: fortios 5.4.1 known issues

FortiGate-1000D fast path architecture

FortiGate1000D fast path architecture

The FortiGate-1000D includes two NP6 processors that are not connected by an integrated switch fabric (ISF). The NP6 processors are connected to network interfaces as follows:

Because the FortiGate-1000D does not have an ISF you cannot create Link Aggreg- ation Groups (LAGs) that include interfaces connected to both NP6 processors.

  • Eight 1Gb SFP interfaces (port17-port24), eight 1Gb RJ-45 Ethernet interfaces (port25-32) and one 10Gb SFP+ interface (portB) share connections to the first NP6 processor.
  • Eight 1Gb SFP interfaces (port1-port8), eight RJ-45 Ethernet interfaces (port9-16) and one 10Gb SFP+ interface (portA) share connections to the second NP6 processor.

FortiGate 1000D

MGMT 1

1                          3                          5                          7

9                        11

13                        15

10G SFP+ B

17                        19                        21                        23

25                        27                       29                        31

 

STATUS

USB                                  CONSOLE

ALARM                                                                           

HA POWER

USB MGMT

MGMT 2

2                          4                          6                          8

10                        12

14                        16                                                      A

18                        20                        22                        24

26                        28                       30                        32

FortiASIC NP6

FortiASIC NP6

System Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-1000D NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port17 1G   Yes

1   port18 1G   Yes

1   port19 1G   Yes

1   port20 1G   Yes

1   port21 1G   Yes

1   port22 1G   Yes

1   port23 1G   Yes

1   port24 1G   Yes

1   port27 1G   Yes

1   port28 1G   Yes

1   port25 1G   Yes

1   port26 1G   Yes

1   port31 1G   Yes

1   port32 1G   Yes

1   port29 1G   Yes

1   port30 1G   Yes

2   portB  10G  Yes

3

—— —- ——- —– ———- np6_1  0

1   port1 1G   Yes

1   port2 1G   Yes

1   port3 1G   Yes

1   port4 1G   Yes

1   port5 1G   Yes

1   port6 1G   Yes

1   port7 1G   Yes

1   port8 1G   Yes

1   port11 1G   Yes

1   port12 1G   Yes

1   port9 1G   Yes

1   port10 1G   Yes

1   port15 1G   Yes

1   port16 1G   Yes

1   port13 1G   Yes

1   port14 1G   Yes

2   portA 10G  Yes

3

FortiGate-900D fast path architecture

FortiGate900D fast path architecture

The FortiGate-900D includes two NP6 processors that are not connected by an integrated switch fabric (ISF). Without an ISF, traffic through a FortiGate-900D could experience lower latency than traffic through similar hardware with an ISF. The NP6 processors are connected to network interfaces as follows:

Because the FortiGate-900D does not have an ISF you cannot create Link Aggreg- ation Groups (LAGs) that include interfaces connected to both NP6 processors.

  • Eight 1Gb SFP interfaces (port17-port24), eight 1Gb RJ-45 Ethernet interfaces (port25-32) and one 10Gb SFP+ interface (portB) share connections to the first NP6 processor.
  • Eight 1Gb SFP interfaces (port1-port8), eight RJ-45 Ethernet interfaces (port9-16) and one 10Gb SFP+ interface (portA) share connections to the second NP6 processor.

 

MGMT  1

1                          3                          5                          7

9                        11

13                       15

10G SFP+

17                        19                        21                        23

25                       27

29                       31

 

FortiGate 900D

USB

CONSOLE

USB MGMT

MGMT  2

FortiASIC NP6

FortiASIC NP6

System Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-900D NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port17 1G   Yes

1   port18 1G   Yes

1   port19 1G   Yes

1   port20 1G   Yes

1   port21 1G   Yes

1   port22 1G   Yes

1   port23 1G   Yes

1   port24 1G   Yes

1   port27 1G   Yes

1   port28 1G   Yes

1   port25 1G   Yes

1   port26 1G   Yes

1   port31 1G   Yes

1   port32 1G   Yes

1   port29 1G   Yes

1   port30 1G   Yes

2   portB  10G  Yes

3

—— —- ——- —– ———- np6_1  0

1   port1 1G   Yes

1   port2 1G   Yes

1   port3 1G   Yes

1   port4 1G   Yes

1   port5 1G   Yes

1   port6 1G   Yes

1   port7 1G   Yes

1   port8 1G   Yes

1   port11 1G   Yes

1   port12 1G   Yes

1   port9 1G   Yes

1   port10 1G   Yes

1   port15 1G   Yes

1   port16 1G   Yes

1   port13 1G   Yes

1   port14 1G   Yes

2   portA 10G  Yes

3

FortiGate-800D fast path architecture

FortiGate800D fast path architecture

The FortiGate-800D includes one NP6 processor connected through an integrated switch fabric to all of the FortiGate-800D network interfaces. This hardware configuration supports NP6-accelerated fast path offloading for sessions between any of the FortiGate-800D interfaces.

Integrated Switch Fabric

FortiASIC NP6

System Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-800D NP6 configuration. The command output shows one NP6 named NP6_0. The output also shows all of the FortiGate-800D interfaces (ports) connected to NP6_0. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip   XAUI Ports   Max   Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0  0    port31  10G   Yes

1    wan1    1G    Yes

1    port1   1G    Yes

1    wan2    1G    Yes

1    port2   1G    Yes

1    port3   1G    Yes

1    port4   1G    Yes

1    port5   1G    Yes

1    port6   1G    Yes

1    port30  1G    Yes

1    port29  1G    Yes

1    port28  1G    Yes

1    port27  1G    Yes

1    port26  1G    Yes

1    port25  1G    Yes

1    port24  1G    Yes

1    port23  1G    Yes

2    port7   1G    Yes

2    port8   1G    Yes

2    port9   1G    Yes

2    port10  1G    Yes

2    port11  1G    Yes

2    port12  1G    Yes

2    port13  1G    Yes

2    port14  1G    Yes

2    port15  1G    Yes

2    port16  1G    Yes

2    port17  1G    Yes

2    port18  1G    Yes

2    port19  1G    Yes

2    port20  1G    Yes

2    port21  1G    Yes

2    port22  1G    Yes

3    port32  10G   Yes

—— —- ——- —– ———-

FortiGate-600D fast path architecture

FortiGate600D fast path architecture

The FortiGate-600D includes one NP6 processor connected to eight 1Gb SFP interfaces (port1-port8) and eight 1Gb RJ-45 Ethernet ports (port9-16) and two 10Gb SFP+ interfaces (port17 and port18).

You can use the following get command to display the FortiGate-600D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port10 1G   Yes

1   port9  1G   Yes

1   port12 1G   Yes

1   port11 1G   Yes

1   port14 1G   Yes

1   port13 1G   Yes

1   port16 1G   Yes

1   port15 1G   Yes

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2   port17 10G  Yes

3   port18 10G  Yes

—— —- ——- —– ———-

FortiGate-500D fast path architecture

FortiGate500D fast path architecture

The FortiGate-500D includes one NP6 processor connected to eight 1Gb SFP interfaces (port1-port8) and eight 1Gb RJ-45 Ethernet ports (port9-16).

FortiASIC NP6

CP8

CPU

CP8

 

You can use the following get command to display the FortiGate-500D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

 

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port10 1G   Yes

1   port9  1G   Yes

1   port12 1G   Yes

1   port11 1G   Yes

1   port14 1G   Yes

1   port13 1G   Yes

1   port16 1G   Yes

1   port15 1G   Yes

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2

3

—— —- ——- —– ———-

FortiGate-400D fast path architecture

FortiGate400D fast path architecture

The FortiGate-400D includes one NP6 processor connected to eight 1Gb SFP interfaces (port1-port8) and eight 1Gb RJ-45 Ethernet ports (port9-16).

FortiASIC NP6

CP8

CPU

CP8

 

You can use the following get command to display the FortiGate-400D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port10 1G   Yes

1   port9  1G   Yes

1   port12 1G   Yes

1   port11 1G   Yes

1   port14 1G   Yes

1   port13 1G   Yes

1   port16 1G   Yes

1   port15 1G   Yes

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2

3

—— —- ——- —– ———-

FortiGate-300D fast path architecture

FortiGate300D fast path architecture

The FortiGate-300D includes one NP6 processor connected to four 1Gb RJ-45 Ethernet ports (port1-4) and four 1Gb SFP interfaces (port5-port8).

FortiASIC NP6

CP8

CPU

CP8

You can use the following get command to display the FortiGate-300D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

 

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0  0

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2

3

—— —- ——- —– ———-

FortiGate NP6 architectures

FortiGate NP6 architectures

Many FortiGate models can offload some types of network traffic processing from main processing resources to specialized network processors. If your network has a significant volume of traffic that is suitable for offloading, this hardware acceleration can significantly improve your network throughput.