FortiGate NP4 architectures

Leave a reply

FortiGate3600C

 

The FortiGate-3600C features three NP4 processors:

  • The 10Gb interfaces, port1-port4, and the 1Gb interfaces, port13-port17, share connections to one NP4 processor.
  • The 10Gb interfaces, port5-port8, and the 1Gb interfaces, port18-port22 share connections to the second NP4 processor.
  • The 10Gb interfaces, port9-port12, and the 1Gb interfaces, port23-port28 share connections to the third NP4 processor.

FortiGate 3600C

USB

MGMT                        HA

CONSOLE

10G-SFP+

1                  3                  5                  7                  9                 11                                                                                                                                                                            13                15                17                19

21                23                25                27

STATUS ALARM

HA POWER

FAN

USB MGMT

2                  4                  6                  8                 10                12

14                16                18                20

22                24                26                28

Integrated Switch Fabric

FortiASIC NP4

FortiASIC NP4

FortiASIC NP4

System Bus

CP8

CPU

 

XAUI interfaces

Each NP4 processor connects to the integrated switch fabric through two XAUI interfaces: XAUI0 and XAUI1. On each NP4 processor all of the odd numbered interfaces use XAU0 and all of the even numbered interfaces use XAUI1:

NPU1

XAUI0 = port1,port3,port13, port15, port17

XAUI1 = port2, port4, port14, port16

NPU2

XAUI0 = port5, port7, port18, port20, port22

XAUI1 = port6, port8, port19, port21

NPU3

XAUI0 = port9, port11, port23, port25, port27

XAUI1 = port10, port12, port24, port26, port28

Usually you do not have to be concerned about the XAUI interface mapping. However, if an NP4 interface is processing a very high amount of traffic you should distribute that traffic among both of the XAUI interfaces connected to it. So if you have a very high volume of traffic flowing between two networks you should connect both networks to the same NP4 processor but to different XAUI links. So between even and an odd numbered FortiGate-3600C ports. For example, you could connect one network to port5 and the other network to port6. In this configuration, the second NP4 processor would handle traffic acceleration and both XAUI interfaces would be processing traffic.

 

FortiGate3950B and FortiGate-3951B

The FortiGate-3950B features one NP4 processor. The 1Gb SPF interfaces, port1, port2, port3, port4, and the 10Gb SPF+ interfaces, port5, port6, share connections to one NP4 processor. The FortiGate-3951B is similar to the FortiGate-3950B, except it trades one FMC slot for four FSM slots. The network interfaces available on each model are identical.

You can add additional FMC interface modules. The diagram below shows a FortiGate-3950B with three modules installed: an FMC-XG2, an FMC-F20, and an FMC-C20.

  • The FMC-XG2 has one SP2 processor. The 10Gb SPF+ interfaces, port1 and port2, share connections to the processor.
  • The FMC-F20 has one NP4 processor and the twenty 1Gb SPF interfaces, port1 through port20, share connections to the NP4 processor.
  • The FMC-C20 has one NP4 processor and the twenty 10/100/1000 interfaces, port1 through port20, share connections to the NP4 processor.

FMC

FMFCMCF20

FMC1

ACTIVE

FMC3

SERVICE

1 / 2

3 / 4

5 / 6

7 / 8

9 / 10

11 / 12

13 / 14

15 / 16

17 / 18

19 / 20

 

FMCCXG2

FFMMCCC20

FMC4

FMC2

ACTIVE SERVICE

1 (SFP +)       2 (SFP +)

ACTIVE

SERVICE

1 / 2                  3 / 4                  5 / 6                  7 / 8                    9 / 10              11 / 12              13 / 14              15 / 16              17 / 18              19 / 20

FortiGate 3950B

CONSOLE

MGMT 1

1                      3                     5 (SFP+)

SWIITCH

FMC

FMC5

I/O

STATUS ALARM HA POWER

USB MGMT

USB

MGMT 2

2                      4                     6 (SFP+)

1       5       9       13     17      21

2       6       10     14     18     22

3       7       11     15     19     23

4       8       12     16     20     24

Integrated Switch Fabric

FortiASIC SP2

FortiASIC NP4

FortiASIC NP4

FortiASIC NP4

System Bus

CP7

CPU

Pages: 1 2 3 4 5 6
This entry was posted in FortiOS 5.4 Handbook and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.