Category Archives: FortiOS 5.4 Handbook

The complete handbook for FortiOS 5.4

FortiGate-3000D fast path architecture

Leave a reply

FortiGate3000D fast path architecture

The FortiGate-3000D features 16 front panel SFP+ 10Gb interfaces connected to two NP6 processors through an

Integrated Switch Fabirc (ISF). The FortiGate-3000D has the following fastpath architecture:

l  8 SFP+ 10Gb interfaces, port1 through port8 share connections to the first NP6 processor (np6_0).

l  8 SFP+ 10Gb interfaces, port9 through port16 share connections to the second NP6 processor (np6_1).

CONSOLE

MGMT 1

1                   3                   5

SFP+

7                   9

11                 13                 15

 

STATUS ALARM HA

 

POWER

USB

MGMT 2

2                   4                   6

8                  10                 12

14                 16

 

 

Integrated Switch Fabric

FortiASIC NP6

FortiASIC NP6

 

 

 

 

 

 

 

 

Sys

System Bus

 

CP8

CPU

CP8

 

CP8                                                    CP8

 

You can use the following get command to display the FortiGate-3000D NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1 and the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

 

get hardware npu np6 port-list

Chip   XAUI Ports   Max   Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0  0    port1   10G   Yes

0    port6   10G   Yes

1    port2   10G   Yes

1    port5   10G   Yes

2    port3   10G   Yes

2    port8   10G   Yes

3    port4   10G   Yes

3    port7   10G   Yes

—— —- ——- —– ———- np6_1  0    port10  10G   Yes

0    port13  10G   Yes

1    port9   10G   Yes

1    port14  10G   Yes

2    port12  10G   Yes

 

2    port15  10G   Yes

3    port11  10G   Yes

3    port16  10G   Yes

—— —- ——- —– ———-

Pages: 1 2 3 4 5 6 7 8 9 10

FortiGate-1500DT fast path architecture

Leave a reply

FortiGate1500DT fast path architecture

The FortiGate-1500DT features two NP6 processors both connected to an integrated switch fabric. The FortiGate-1500DT has the same hardware configuration as the FortiGate-1500D, but with the addition of newer CPUs and DPDK technology that improves IPS performance.

The FortiGate-1500DT includes the following interfaces and NP6 processors:

  • Eight SFP 1Gb interfaces (port1-port8), eight RJ-45 Ethernet ports (port17-24) and four SFP+ 10Gb interfaces (port33-port36) share connections to the first NP6 processor.
  • Eight SFP 1Gb interfaces (port9-port16), eight RJ-45 Ethernet ports (port25-32) and four SFP+ 10Gb interfaces (port37-port40) share connections to the second NP6 processor.

 

 

Integrated Switch Fabric

FortiASIC NP6

FortiASIC NP6

 

 

 

 

 

 

 

Sys

System Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-1500DT NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip   XAUI Ports   Max   Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0  0    port1   1G    Yes

0    port5   1G    Yes

0    port17  1G    Yes

0    port21  1G    Yes

0    port33  10G   Yes

1    port2   1G    Yes

1    port6   1G    Yes

1    port18  1G    Yes

1    port22  1G    Yes

1    port34  10G   Yes

2    port3   1G    Yes

2    port7   1G    Yes

2    port19  1G    Yes

2    port23  1G    Yes

2    port35  10G   Yes

3    port4   1G    Yes

3    port8   1G    Yes

3    port20  1G    Yes

3    port24  1G    Yes

3    port36  10G   Yes

—— —- ——- —– ———- np6_1  0    port9   1G    Yes

0    port13  1G    Yes

0    port25  1G    Yes

0    port29  1G    Yes

0    port37  10G   Yes

1    port10  1G    Yes

1    port14  1G    Yes

1    port26  1G    Yes

1    port30  1G    Yes

1    port38  10G   Yes

2    port11  1G    Yes

2    port15  1G    Yes

2    port27  1G    Yes

2    port31  1G    Yes

2    port39  10G   Yes

3    port12  1G    Yes

3    port16  1G    Yes

3    port28  1G    Yes

3    port32  1G    Yes

3    port40  10G   Yes

—— —- ——- —– ———-

FortiGate-1500D fast path architecture

Leave a reply

FortiGate1500D fast path architecture

The FortiGate-1500D features two NP6 processors both connected to an integrated switch fabric.

  • Eight SFP 1Gb interfaces (port1-port8), eight RJ-45 Ethernet ports (port17-24) and four SFP+ 10Gb interfaces (port33-port36) share connections to the first NP6 processor.
  • Eight SFP 1Gb interfaces (port9-port16), eight RJ-45 Ethernet ports (port25-32) and four SFP+ 10Gb interfaces (port37-port40) share connections to the second NP6 processor.

FortiGate 1500D

CONSOLE

MGMT 1

       
     
       
     

 

1                        3                        5                        7

       
   
       
   

 

9                       11

13                      15                                   17                      19

21                      23                                   25                      27

29                      31

10G SFP+

33                      35                      37                      39

 

STATUS ALARM HA

POWER

 

USB MGMT

USB

MGMT 2

2                        4                        6                        8

10                      12

14                      16                                   18                      20

22                      24                                   26                      28

30                      32

34                      36                      38                      40

 

 

 

 

Integrated Switch Fabric

 

 

 

 

FortiASIC NP6

FortiASIC NP6

 

 

 

 

 

 

 

 

 

 

Sys

System Bus

 

 

 

 

 

CP8

CPU

CP8

 

 

 

 

 

You can use the following get command to display the FortiGate-1500D NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

 

get hardware npu np6 port-list

Chip   XAUI Ports            Max   Cross-chip

Speed offloading

—— —- ——-          —– ———- np6_0  0    port1            1G    Yes

0    port5            1G    Yes

0    port17           1G    Yes

0    port21           1G    Yes

0    port33           10G   Yes

1    port2            1G    Yes

1    port6            1G    Yes

1    port18           1G    Yes

1    port22           1G    Yes

 

 

 

 

1    port34           10G   Yes

2    port3            1G    Yes

2    port7            1G    Yes

2    port19           1G    Yes

2    port23           1G    Yes

2    port35           10G   Yes

3    port4            1G    Yes

3    port8            1G    Yes

3    port20           1G    Yes

3    port24           1G    Yes

3    port36           10G   Yes

—— —- ——-          —– ———- np6_1  0    port9            1G    Yes

0    port13           1G    Yes

0    port25           1G    Yes

0    port29           1G    Yes

0    port37           10G   Yes

1    port10           1G    Yes

1    port14           1G    Yes

1    port26           1G    Yes

1    port30           1G    Yes

1    port38           10G   Yes

2    port11           1G    Yes

2    port15           1G    Yes

2    port27           1G    Yes

2    port31           1G    Yes

2    port39           10G   Yes

3    port12           1G    Yes

3    port16           1G    Yes

3    port28           1G    Yes

3    port32           1G    Yes

3    port40           10G   Yes

—— —- ——-          —– ———-

FortiGate-1200D fast path architecture

Leave a reply

FortiGate-1200D fast path architecture

The FortiGate-1200D features two NP6 processors both connected to an integrated switch fabric.
Eight SFP 1Gb interfaces (port1-port8), eight RJ-45 Ethernet ports (port17-24) and two SFP+ 10Gb interfaces
(port33 and port34) share connections to the first NP6 processor.
Eight SFP 1Gb interfaces (port9-port16), eight RJ-45 Ethernet ports (port25-32) and two SFP+ 10Gb interfaces
(port35-port36) share connections to the second NP6 processor.

CONSOLE

MGMT 1

1 3 5 7

9 11 13 15

17 19

10G SFP+
21 23 25 27 29 31 33 35
STATUS ALARM HA
POWER
USB MGMT USB

MGMT 2

2 4 6 8

10 12 14 16

18 20

22 24

26 28 30 32

34 36

Integrated Switch Fabric

FortiASIC NP6

FortiASIC NP6

Sy tem Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-1200D NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list
Chip XAUI Ports Max Cross-chip
Speed offloading
—— —- ——- —– ———- np6_0 0 port33 10G Yes
1 port34 10G Yes
2 port1 1G Yes
2 port3 1G Yes
2 port5 1G Yes
2 port7 1G Yes
2 port17 1G Yes
2 port19 1G Yes
2 port21 1G Yes
2 port23 1G Yes
3 port2 1G Yes
3 port4 1G Yes
3 port6 1G Yes
3 port8 1G Yes
3 port18 1G Yes
3 port20 1G Yes
3 port22 1G Yes
3 port24 1G Yes
—— —- ——- —– ———- np6_1 0 port35 10G Yes
1 port36 10G Yes
2 port9 1G Yes
2 port11 1G Yes
2 port13 1G Yes
2 port15 1G Yes
2 port25 1G Yes
2 port27 1G Yes
2 port29 1G Yes
2 port31 1G Yes
3 port10 1G Yes
3 port12 1G Yes
3 port14 1G Yes
3 port16 1G Yes
3 port26 1G Yes
3 port28 1G Yes
3 port30 1G Yes
3 port32 1G Yes
—— —- ——- —– ———-

FortiGate-1000D fast path architecture

Leave a reply

FortiGate1000D fast path architecture

The FortiGate-1000D includes two NP6 processors that are not connected by an integrated switch fabric (ISF). The NP6 processors are connected to network interfaces as follows:

Because the FortiGate-1000D does not have an ISF you cannot create Link Aggreg- ation Groups (LAGs) that include interfaces connected to both NP6 processors.

  • Eight 1Gb SFP interfaces (port17-port24), eight 1Gb RJ-45 Ethernet interfaces (port25-32) and one 10Gb SFP+ interface (portB) share connections to the first NP6 processor.
  • Eight 1Gb SFP interfaces (port1-port8), eight RJ-45 Ethernet interfaces (port9-16) and one 10Gb SFP+ interface (portA) share connections to the second NP6 processor.

FortiGate 1000D

MGMT 1

1                          3                          5                          7

9                        11

13                        15

10G SFP+ B

17                        19                        21                        23

25                        27                       29                        31

 

STATUS

USB                                  CONSOLE

ALARM                                                                           

HA POWER

USB MGMT

MGMT 2

2                          4                          6                          8

10                        12

14                        16                                                      A

18                        20                        22                        24

26                        28                       30                        32

FortiASIC NP6

FortiASIC NP6

System Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-1000D NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port17 1G   Yes

1   port18 1G   Yes

1   port19 1G   Yes

1   port20 1G   Yes

1   port21 1G   Yes

1   port22 1G   Yes

1   port23 1G   Yes

1   port24 1G   Yes

1   port27 1G   Yes

1   port28 1G   Yes

1   port25 1G   Yes

1   port26 1G   Yes

1   port31 1G   Yes

1   port32 1G   Yes

1   port29 1G   Yes

1   port30 1G   Yes

2   portB  10G  Yes

3

—— —- ——- —– ———- np6_1  0

1   port1 1G   Yes

1   port2 1G   Yes

1   port3 1G   Yes

1   port4 1G   Yes

1   port5 1G   Yes

1   port6 1G   Yes

1   port7 1G   Yes

1   port8 1G   Yes

1   port11 1G   Yes

1   port12 1G   Yes

1   port9 1G   Yes

1   port10 1G   Yes

1   port15 1G   Yes

1   port16 1G   Yes

1   port13 1G   Yes

1   port14 1G   Yes

2   portA 10G  Yes

3

FortiGate-900D fast path architecture

Leave a reply

FortiGate900D fast path architecture

The FortiGate-900D includes two NP6 processors that are not connected by an integrated switch fabric (ISF). Without an ISF, traffic through a FortiGate-900D could experience lower latency than traffic through similar hardware with an ISF. The NP6 processors are connected to network interfaces as follows:

Because the FortiGate-900D does not have an ISF you cannot create Link Aggreg- ation Groups (LAGs) that include interfaces connected to both NP6 processors.

  • Eight 1Gb SFP interfaces (port17-port24), eight 1Gb RJ-45 Ethernet interfaces (port25-32) and one 10Gb SFP+ interface (portB) share connections to the first NP6 processor.
  • Eight 1Gb SFP interfaces (port1-port8), eight RJ-45 Ethernet interfaces (port9-16) and one 10Gb SFP+ interface (portA) share connections to the second NP6 processor.

 

MGMT  1

1                          3                          5                          7

9                        11

13                       15

10G SFP+

17                        19                        21                        23

25                       27

29                       31

 

FortiGate 900D

USB

CONSOLE

USB MGMT

MGMT  2

FortiASIC NP6

FortiASIC NP6

System Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-900D NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port17 1G   Yes

1   port18 1G   Yes

1   port19 1G   Yes

1   port20 1G   Yes

1   port21 1G   Yes

1   port22 1G   Yes

1   port23 1G   Yes

1   port24 1G   Yes

1   port27 1G   Yes

1   port28 1G   Yes

1   port25 1G   Yes

1   port26 1G   Yes

1   port31 1G   Yes

1   port32 1G   Yes

1   port29 1G   Yes

1   port30 1G   Yes

2   portB  10G  Yes

3

—— —- ——- —– ———- np6_1  0

1   port1 1G   Yes

1   port2 1G   Yes

1   port3 1G   Yes

1   port4 1G   Yes

1   port5 1G   Yes

1   port6 1G   Yes

1   port7 1G   Yes

1   port8 1G   Yes

1   port11 1G   Yes

1   port12 1G   Yes

1   port9 1G   Yes

1   port10 1G   Yes

1   port15 1G   Yes

1   port16 1G   Yes

1   port13 1G   Yes

1   port14 1G   Yes

2   portA 10G  Yes

3

FortiGate-800D fast path architecture

Leave a reply

FortiGate800D fast path architecture

The FortiGate-800D includes one NP6 processor connected through an integrated switch fabric to all of the FortiGate-800D network interfaces. This hardware configuration supports NP6-accelerated fast path offloading for sessions between any of the FortiGate-800D interfaces.

Integrated Switch Fabric

FortiASIC NP6

System Bus

CP8

CPU

CP8

You can use the following get command to display the FortiGate-800D NP6 configuration. The command output shows one NP6 named NP6_0. The output also shows all of the FortiGate-800D interfaces (ports) connected to NP6_0. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip   XAUI Ports   Max   Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0  0    port31  10G   Yes

1    wan1    1G    Yes

1    port1   1G    Yes

1    wan2    1G    Yes

1    port2   1G    Yes

1    port3   1G    Yes

1    port4   1G    Yes

1    port5   1G    Yes

1    port6   1G    Yes

1    port30  1G    Yes

1    port29  1G    Yes

1    port28  1G    Yes

1    port27  1G    Yes

1    port26  1G    Yes

1    port25  1G    Yes

1    port24  1G    Yes

1    port23  1G    Yes

2    port7   1G    Yes

2    port8   1G    Yes

2    port9   1G    Yes

2    port10  1G    Yes

2    port11  1G    Yes

2    port12  1G    Yes

2    port13  1G    Yes

2    port14  1G    Yes

2    port15  1G    Yes

2    port16  1G    Yes

2    port17  1G    Yes

2    port18  1G    Yes

2    port19  1G    Yes

2    port20  1G    Yes

2    port21  1G    Yes

2    port22  1G    Yes

3    port32  10G   Yes

—— —- ——- —– ———-

FortiGate-600D fast path architecture

Leave a reply

FortiGate600D fast path architecture

The FortiGate-600D includes one NP6 processor connected to eight 1Gb SFP interfaces (port1-port8) and eight 1Gb RJ-45 Ethernet ports (port9-16) and two 10Gb SFP+ interfaces (port17 and port18).

You can use the following get command to display the FortiGate-600D NP6 configuration. The command output shows one NP6 named NP6_0 and the interfaces (ports) connected to it. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list

Chip  XAUI Ports  Max  Cross-chip

Speed offloading

—— —- ——- —– ———- np6_0 0

1   port10 1G   Yes

1   port9  1G   Yes

1   port12 1G   Yes

1   port11 1G   Yes

1   port14 1G   Yes

1   port13 1G   Yes

1   port16 1G   Yes

1   port15 1G   Yes

1   port5  1G   Yes

1   port7  1G   Yes

1   port8  1G   Yes

1   port6  1G   Yes

1   port3  1G   Yes

1   port4  1G   Yes

1   port1  1G   Yes

1   port2  1G   Yes

2   port17 10G  Yes

3   port18 10G  Yes

—— —- ——- —– ———-