FortiGate 1500DT fast path architecture
The FortiGate 1500DT features two NP6 processors both connected to an integrated switch fabric. The FortiGate 1500DT has the same hardware configuration as the FortiGate 1500D, but with the addition of newer CPUs and a slightly different interface configuration.
The FortiGate 1500DT includes the following interfaces and NP6 processors:
- Eight SFP 1Gb interfaces (port1-port8), eight RJ-45 1Gb Ethernet interfaces (port17-24) and four RJ-45 10Gb Ethernet interfaces (port33-port36) share connections to the first NP6 processor.
- Eight SFP 1Gb interfaces (port9-port16), eight RJ-45 1Gb Ethernet ports (port25-32) and four SFP+ 10Gb interfaces (port37-port40) share connections to the second NP6 processor.
You can use the following get command to display the FortiGate 1500DT NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list
command to display this information.
get hardware npu np6 port-list Chip XAUI Ports Max Cross-chip Speed offloading ------ ---- ------- ----- ---------- np6_0 0 port1 1G Yes 0 port5 1G Yes 0 port17 1G Yes 0 port21 1G Yes 0 port33 10G Yes 1 port2 1G Yes 1 port6 1G Yes 1 port18 1G Yes 1 port22 1G Yes 1 port34 10G Yes 2 port3 1G Yes 2 port7 1G Yes 2 port19 1G Yes 2 port23 1G Yes 2 port35 10G Yes 3 port4 1G Yes 3 port8 1G Yes 3 port20 1G Yes 3 port24 1G Yes 3 port36 10G Yes ------ ---- ------- ----- ---------- np6_1 0 port9 1G Yes 0 port13 1G Yes 0 port25 1G Yes 0 port29 1G Yes 0 port37 10G Yes 1 port10 1G Yes 1 port14 1G Yes 1 port26 1G Yes 1 port30 1G Yes 1 port38 10G Yes 2 port11 1G Yes 2 port15 1G Yes 2 port27 1G Yes 2 port31 1G Yes 2 port39 10G Yes 3 port12 1G Yes 3 port16 1G Yes 3 port28 1G Yes 3 port32 1G Yes 3 port40 10G Yes ------ ---- ------- ----- ----------
Improving FortiGate 1500DT connections per second performance
On the FortiGate 1500DT, you can use the following command to potentially improve connections per second (CPS) performance:
config system npu
set np6-cps-optimization-mode {disable | enable}
end
Disabled by default, enabling this option can increase CPS performance by using more CPUs for interrupt processing. If your FortiGate 1500DT is processing very large numbers sessions with short life times, you can try enabling this feature to see if performance improves.
Enabling or disabling np6-cps-optimization-mode
requires a system restart. You should only change this setting during a maintenance window or quiet period.
A configuration change that causes a FortiGate to restart can disrupt the operation of an FGCP cluster. If possible, you should make this configuration change to the individual FortiGates before setting up the cluster. If the cluster is already operating, you should temporarily remove the secondary FortiGate(s) from the cluster, change the configuration of the individual FortiGates and then re-form the cluster. You can remove FortiGate(s) from a cluster using the Remove Device from HA cluster button on the System > HA GUI page. For more information, see Disconnecting a FortiGate. |