Fortinet black logo

FortiGate-7000 Handbook

Home FortiGate-7000 5.4.9 FortiGate-7000 Handbook

FPM-7620E processing module

5.4.9
6.2.3
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.4.9
Copy Link
Copy Doc ID 13098487-2a56-11e9-94bf-00505692583a:805156
Download PDF

FPM-7620E processing module

The FPM-7620E processing module is a high-performance worker module that processes sessions load balanced to it by FortiGate-7000 series interface (FIM) modules over the chassis fabric backplane. The FPM-7620E can be installed in any FortiGate-7000 series chassis in slots 3 and up.

The FPM-7620E includes two 80Gbps connections to the chassis fabric backplane and two 1Gbps connections to the base backplane. The FPM-7620E processes sessions using a dual CPU configuration, accelerates network traffic processing with 4 NP6 processors and accelerates content processing with 8 CP9 processors. The NP6 network processors are connected by the FIM switch fabric so all supported traffic types can be fast path accelerated by the NP6 processors.

The FPM-7620E includes the following hardware features:

  • Two 80Gbps fabric backplane channels for load balanced sessions from the FIMs installed in the chassis.
  • Two 1Gbps base backplane channels for management, heartbeat and session sync communication.
  • Dual CPUs for high performance operation.
  • Four NP6 processors to offload network processing from the CPUs.
  • Eight CP9 processors to offload content processing and SSL and IPsec encryption from the CPUs.
FPM-7620E front panel

  • Power button.
  • NMI switch (for troubleshooting as recommended by Fortinet Support).
  • Mounting hardware.
  • LED status indicators.

NP6 network processors - offloading load balancing and network traffic

In a FortiGate-7000 chassis, FPM-7620E NP6 network processors combined with the FortiGate Interface Module (FIM) Integrated Switch Fabric (ISF) provide hardware acceleration by offloading sessions from the FPM-7620E CPUs. The result is enhanced network performance provided by the NP6 processors plus the removal of network processing load from the FPM-7620 CPUs. The NP6 processors can also handle some CPU-intensive tasks, like IPsec VPN encryption/decryption. Because of the ISF in each FIM, all sessions are fast-pathed and accelerated.

FPM-7620E hardware architecture

Accelerated IPS, SSL VPN, and IPsec VPN (CP9 content processors)

The FPM-7620E includes eight CP9 processors that provide the following performance enhancements:

  • Flow-based inspection (IPS, application control etc.) pattern matching acceleration with over 10Gbps throughput
  • IPS pre-scan
  • IPS signature correlation
  • Full match processors
  • High performance VPN bulk data engine
  • IPsec and SSL/TLS protocol processor
  • DES/3DES/AES128/192/256 in accordance with FIPS46-3/FIPS81/FIPS197
  • MD5/SHA-1/SHA256/384/512-96/128/192/256 with RFC1321 and FIPS180
  • HMAC in accordance with RFC2104/2403/2404 and FIPS198
  • ESN mode
  • GCM support for NSA "Suite B" (RFC6379/RFC6460) including GCM-128/256; GMAC-128/256
  • Key Exchange Processor that supports high performance IKE and RSA computation
  • Public key exponentiation engine with hardware CRT support
  • Primary checking for RSA key generation
  • Handshake accelerator with automatic key material generation
  • True Random Number generator
  • Elliptic Curve support for NSA "Suite B"
  • Sub public key engine (PKCE) to support up to 4096 bit operation directly (4k for DH and 8k for RSA with CRT)
  • DLP fingerprint support
  • TTTD (Two-Thresholds-Two-Divisors) content chunking
  • Two thresholds and two divisors are configurable
Previous
Next

FPM-7620E processing module

The FPM-7620E processing module is a high-performance worker module that processes sessions load balanced to it by FortiGate-7000 series interface (FIM) modules over the chassis fabric backplane. The FPM-7620E can be installed in any FortiGate-7000 series chassis in slots 3 and up.

The FPM-7620E includes two 80Gbps connections to the chassis fabric backplane and two 1Gbps connections to the base backplane. The FPM-7620E processes sessions using a dual CPU configuration, accelerates network traffic processing with 4 NP6 processors and accelerates content processing with 8 CP9 processors. The NP6 network processors are connected by the FIM switch fabric so all supported traffic types can be fast path accelerated by the NP6 processors.

The FPM-7620E includes the following hardware features:

  • Two 80Gbps fabric backplane channels for load balanced sessions from the FIMs installed in the chassis.
  • Two 1Gbps base backplane channels for management, heartbeat and session sync communication.
  • Dual CPUs for high performance operation.
  • Four NP6 processors to offload network processing from the CPUs.
  • Eight CP9 processors to offload content processing and SSL and IPsec encryption from the CPUs.
FPM-7620E front panel

  • Power button.
  • NMI switch (for troubleshooting as recommended by Fortinet Support).
  • Mounting hardware.
  • LED status indicators.

NP6 network processors - offloading load balancing and network traffic

In a FortiGate-7000 chassis, FPM-7620E NP6 network processors combined with the FortiGate Interface Module (FIM) Integrated Switch Fabric (ISF) provide hardware acceleration by offloading sessions from the FPM-7620E CPUs. The result is enhanced network performance provided by the NP6 processors plus the removal of network processing load from the FPM-7620 CPUs. The NP6 processors can also handle some CPU-intensive tasks, like IPsec VPN encryption/decryption. Because of the ISF in each FIM, all sessions are fast-pathed and accelerated.

FPM-7620E hardware architecture

Accelerated IPS, SSL VPN, and IPsec VPN (CP9 content processors)

The FPM-7620E includes eight CP9 processors that provide the following performance enhancements:

  • Flow-based inspection (IPS, application control etc.) pattern matching acceleration with over 10Gbps throughput
  • IPS pre-scan
  • IPS signature correlation
  • Full match processors
  • High performance VPN bulk data engine
  • IPsec and SSL/TLS protocol processor
  • DES/3DES/AES128/192/256 in accordance with FIPS46-3/FIPS81/FIPS197
  • MD5/SHA-1/SHA256/384/512-96/128/192/256 with RFC1321 and FIPS180
  • HMAC in accordance with RFC2104/2403/2404 and FIPS198
  • ESN mode
  • GCM support for NSA "Suite B" (RFC6379/RFC6460) including GCM-128/256; GMAC-128/256
  • Key Exchange Processor that supports high performance IKE and RSA computation
  • Public key exponentiation engine with hardware CRT support
  • Primary checking for RSA key generation
  • Handshake accelerator with automatic key material generation
  • True Random Number generator
  • Elliptic Curve support for NSA "Suite B"
  • Sub public key engine (PKCE) to support up to 4096 bit operation directly (4k for DH and 8k for RSA with CRT)
  • DLP fingerprint support
  • TTTD (Two-Thresholds-Two-Divisors) content chunking
  • Two thresholds and two divisors are configurable
Previous
Next