Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Hardware Acceleration

    Home FortiGate / FortiOS 6.0.18 Hardware Acceleration
    6.0.18
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.6
    6.4.5
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.9
    6.2.7
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    5.6.0

    FortiGate 3400E and 3401E fast path architecture

    FortiGate 3400E and 3401E fast path architecture

    The FortiGate 3400E and 3401E each include six NP6 processors (NP6_0 to NP6_5). All front panel data interfaces and all of the NP6 processors connect to the integrated switch fabric (ISF). All data traffic passes from the data interfaces through the ISF to the NP6 processors. Because of the ISF, all supported traffic passing between any two data interfaces can be offloaded by the NP6 processors. No special mapping is required for fast path offloading or aggregate interfaces. Data traffic processed by the CPU takes a dedicated data path through the ISF and an NP6 processor to the CPU.

    The FortiGate 3400E and 3401E models feature the following front panel interfaces:

    • Two 10/100/1000BASE-T Copper (MGMT1 and MGMT2).
    • Two 10/25 GigE SFP+/SFP28 (HA1 and HA2, not connected to the NP6 processors).
    • Twenty-two 1/10/25 GigE SFP/SFP+/SFP28 (1 to 22), interface groups: HA1 - HA2 - 1 - 2, 3 - 6, 7 - 10, 11 - 14, 15 - 18, and 19 - 22.Every time you change the speed of one of these interfaces from 25Gbps to 10Gbps or 1Gbps or from 10Gbps or 1Gbps to 25Gbps the speeds of the other interfaces in the group also change to that speed. When you enter the end command, the CLI confirms the range of interfaces affected by the change.
    • Four 100 GigE QSFP28 (23 to 26).
    Note

    The FortiGate-3400 and 3401 do not support auto-negotiation when setting interface speeds. Always set a specific interface speed. For example:

    config system interface

    edit port23

    set speed {40000full | 100Gfull}

    end

    The MGMT interfaces are not connected to the NP6 processors. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. You can also dedicate separate CPU resources for management traffic to further isolate management processing from data processing (see Dedicated management CPU).

    The HA interfaces are also not connected to the NP6 processors. To help provide better HA stability and resiliency, the HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing.

    The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.

    You can use the following get command to display the FortiGate 3400E or 3401E NP6 configuration. You can also use the diagnose npu np6 port-list command to display this information.

    get hardware npu np6 port-list
Chip                  XAUI Ports   Max     Cross-chip
                                   Speed   offloading
--------------------  ---- ------  ------- ----------
NP#0-5                0-3  port1   25000M  Yes
NP#0-5                0-3  port2   25000M  Yes
NP#0-5                0-3  port3   25000M  Yes
NP#0-5                0-3  port4   25000M  Yes
NP#0-5                0-3  port5   25000M  Yes
NP#0-5                0-3  port6   25000M  Yes
NP#0-5                0-3  port7   25000M  Yes
NP#0-5                0-3  port8   25000M  Yes
NP#0-5                0-3  port9   25000M  Yes
NP#0-5                0-3  port10  25000M  Yes
NP#0-5                0-3  port11  25000M  Yes
NP#0-5                0-3  port12  25000M  Yes
NP#0-5                0-3  port13  25000M  Yes
NP#0-5                0-3  port14  25000M  Yes
NP#0-5                0-3  port15  25000M  Yes
NP#0-5                0-3  port16  25000M  Yes
NP#0-5                0-3  port17  25000M  Yes
NP#0-5                0-3  port18  25000M  Yes
NP#0-5                0-3  port19  25000M  Yes
NP#0-5                0-3  port20  25000M  Yes
NP#0-5                0-3  port21  25000M  Yes
NP#0-5                0-3  port22  25000M  Yes
NP#0-5                0-3  port23  100000M Yes
NP#0-5                0-3  port24  100000M Yes
NP#0-5                0-3  port25  100000M Yes
NP#0-5                0-3  port26  100000M Yes
--------------------  ---- ------  ------- ----------
    Previous
    Next

    FortiGate 3400E and 3401E fast path architecture

    FortiGate 3400E and 3401E fast path architecture

    The FortiGate 3400E and 3401E each include six NP6 processors (NP6_0 to NP6_5). All front panel data interfaces and all of the NP6 processors connect to the integrated switch fabric (ISF). All data traffic passes from the data interfaces through the ISF to the NP6 processors. Because of the ISF, all supported traffic passing between any two data interfaces can be offloaded by the NP6 processors. No special mapping is required for fast path offloading or aggregate interfaces. Data traffic processed by the CPU takes a dedicated data path through the ISF and an NP6 processor to the CPU.

    The FortiGate 3400E and 3401E models feature the following front panel interfaces:

    • Two 10/100/1000BASE-T Copper (MGMT1 and MGMT2).
    • Two 10/25 GigE SFP+/SFP28 (HA1 and HA2, not connected to the NP6 processors).
    • Twenty-two 1/10/25 GigE SFP/SFP+/SFP28 (1 to 22), interface groups: HA1 - HA2 - 1 - 2, 3 - 6, 7 - 10, 11 - 14, 15 - 18, and 19 - 22.Every time you change the speed of one of these interfaces from 25Gbps to 10Gbps or 1Gbps or from 10Gbps or 1Gbps to 25Gbps the speeds of the other interfaces in the group also change to that speed. When you enter the end command, the CLI confirms the range of interfaces affected by the change.
    • Four 100 GigE QSFP28 (23 to 26).
    Note

    The FortiGate-3400 and 3401 do not support auto-negotiation when setting interface speeds. Always set a specific interface speed. For example:

    config system interface

    edit port23

    set speed {40000full | 100Gfull}

    end

    The MGMT interfaces are not connected to the NP6 processors. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. You can also dedicate separate CPU resources for management traffic to further isolate management processing from data processing (see Dedicated management CPU).

    The HA interfaces are also not connected to the NP6 processors. To help provide better HA stability and resiliency, the HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing.

    The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.

    You can use the following get command to display the FortiGate 3400E or 3401E NP6 configuration. You can also use the diagnose npu np6 port-list command to display this information.

    get hardware npu np6 port-list
Chip                  XAUI Ports   Max     Cross-chip
                                   Speed   offloading
--------------------  ---- ------  ------- ----------
NP#0-5                0-3  port1   25000M  Yes
NP#0-5                0-3  port2   25000M  Yes
NP#0-5                0-3  port3   25000M  Yes
NP#0-5                0-3  port4   25000M  Yes
NP#0-5                0-3  port5   25000M  Yes
NP#0-5                0-3  port6   25000M  Yes
NP#0-5                0-3  port7   25000M  Yes
NP#0-5                0-3  port8   25000M  Yes
NP#0-5                0-3  port9   25000M  Yes
NP#0-5                0-3  port10  25000M  Yes
NP#0-5                0-3  port11  25000M  Yes
NP#0-5                0-3  port12  25000M  Yes
NP#0-5                0-3  port13  25000M  Yes
NP#0-5                0-3  port14  25000M  Yes
NP#0-5                0-3  port15  25000M  Yes
NP#0-5                0-3  port16  25000M  Yes
NP#0-5                0-3  port17  25000M  Yes
NP#0-5                0-3  port18  25000M  Yes
NP#0-5                0-3  port19  25000M  Yes
NP#0-5                0-3  port20  25000M  Yes
NP#0-5                0-3  port21  25000M  Yes
NP#0-5                0-3  port22  25000M  Yes
NP#0-5                0-3  port23  100000M Yes
NP#0-5                0-3  port24  100000M Yes
NP#0-5                0-3  port25  100000M Yes
NP#0-5                0-3  port26  100000M Yes
--------------------  ---- ------  ------- ----------
    Previous
    Next