Fortinet white logo
Fortinet white logo

Hardware Acceleration

FortiGate 1500DT fast path architecture

FortiGate 1500DT fast path architecture

The FortiGate 1500DT features two NP6 processors both connected to an integrated switch fabric. The FortiGate 1500DT has the same hardware configuration as the FortiGate 1500D, but with the addition of newer CPUs and a slightly different interface configuration.

The FortiGate 1500DT includes the following interfaces and NP6 processors:

  • Eight SFP 1Gb interfaces (port1-port8), eight RJ-45 1Gb Ethernet interfaces (port17-24) and four RJ-45 10Gb Ethernet interfaces (port33-port36) share connections to the first NP6 processor.
  • Eight SFP 1Gb interfaces (port9-port16), eight RJ-45 1Gb Ethernet ports (port25-32) and four SFP+ 10Gb interfaces (port37-port40) share connections to the second NP6 processor.

You can use the following get command to display the FortiGate 1500DT NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list 
Chip   XAUI Ports   Max   Cross-chip 
                    Speed offloading 
------ ---- ------- ----- ---------- 
np6_0  0    port1   1G    Yes        
       0    port5   1G    Yes        
       0    port17  1G    Yes        
       0    port21  1G    Yes        
       0    port33  10G   Yes        
       1    port2   1G    Yes        
       1    port6   1G    Yes        
       1    port18  1G    Yes        
       1    port22  1G    Yes        
       1    port34  10G   Yes        
       2    port3   1G    Yes        
       2    port7   1G    Yes        
       2    port19  1G    Yes        
       2    port23  1G    Yes        
       2    port35  10G   Yes        
       3    port4   1G    Yes        
       3    port8   1G    Yes        
       3    port20  1G    Yes        
       3    port24  1G    Yes        
       3    port36  10G   Yes        
------ ---- ------- ----- ---------- 
np6_1  0    port9   1G    Yes        
       0    port13  1G    Yes        
       0    port25  1G    Yes        
       0    port29  1G    Yes        
       0    port37  10G   Yes        
       1    port10  1G    Yes        
       1    port14  1G    Yes        
       1    port26  1G    Yes        
       1    port30  1G    Yes        
       1    port38  10G   Yes        
       2    port11  1G    Yes        
       2    port15  1G    Yes        
       2    port27  1G    Yes        
       2    port31  1G    Yes        
       2    port39  10G   Yes        
       3    port12  1G    Yes        
       3    port16  1G    Yes        
       3    port28  1G    Yes        
       3    port32  1G    Yes        
       3    port40  10G   Yes        
------ ---- ------- ----- ----------

Improving FortiGate 1500DT connections per second performance

On the FortiGate 1500DT, you can use the following command to potentially improve connections per second (CPS) performance:

config system npu

set np6-cps-optimization-mode {disable | enable}

end

Disabled by default, enabling this option can increase CPS performance by using more CPUs for interrupt processing. If your FortiGate 1500DT is processing very large numbers sessions with short life times, you can try enabling this feature to see if performance improves.

Enabling or disabling np6-cps-optimization-mode requires a system restart. You should only change this setting during a maintenance window or quiet period.

Note

A configuration change that causes a FortiGate to restart can disrupt the operation of an FGCP cluster. If possible, you should make this configuration change to the individual FortiGates before setting up the cluster. If the cluster is already operating, you should temporarily remove the secondary FortiGate(s) from the cluster, change the configuration of the individual FortiGates and then re-form the cluster. You can remove FortiGate(s) from a cluster using the Remove Device from HA cluster button on the System > HA GUI page. For more information, see Disconnecting a FortiGate.

FortiGate 1500DT fast path architecture

FortiGate 1500DT fast path architecture

The FortiGate 1500DT features two NP6 processors both connected to an integrated switch fabric. The FortiGate 1500DT has the same hardware configuration as the FortiGate 1500D, but with the addition of newer CPUs and a slightly different interface configuration.

The FortiGate 1500DT includes the following interfaces and NP6 processors:

  • Eight SFP 1Gb interfaces (port1-port8), eight RJ-45 1Gb Ethernet interfaces (port17-24) and four RJ-45 10Gb Ethernet interfaces (port33-port36) share connections to the first NP6 processor.
  • Eight SFP 1Gb interfaces (port9-port16), eight RJ-45 1Gb Ethernet ports (port25-32) and four SFP+ 10Gb interfaces (port37-port40) share connections to the second NP6 processor.

You can use the following get command to display the FortiGate 1500DT NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list 
Chip   XAUI Ports   Max   Cross-chip 
                    Speed offloading 
------ ---- ------- ----- ---------- 
np6_0  0    port1   1G    Yes        
       0    port5   1G    Yes        
       0    port17  1G    Yes        
       0    port21  1G    Yes        
       0    port33  10G   Yes        
       1    port2   1G    Yes        
       1    port6   1G    Yes        
       1    port18  1G    Yes        
       1    port22  1G    Yes        
       1    port34  10G   Yes        
       2    port3   1G    Yes        
       2    port7   1G    Yes        
       2    port19  1G    Yes        
       2    port23  1G    Yes        
       2    port35  10G   Yes        
       3    port4   1G    Yes        
       3    port8   1G    Yes        
       3    port20  1G    Yes        
       3    port24  1G    Yes        
       3    port36  10G   Yes        
------ ---- ------- ----- ---------- 
np6_1  0    port9   1G    Yes        
       0    port13  1G    Yes        
       0    port25  1G    Yes        
       0    port29  1G    Yes        
       0    port37  10G   Yes        
       1    port10  1G    Yes        
       1    port14  1G    Yes        
       1    port26  1G    Yes        
       1    port30  1G    Yes        
       1    port38  10G   Yes        
       2    port11  1G    Yes        
       2    port15  1G    Yes        
       2    port27  1G    Yes        
       2    port31  1G    Yes        
       2    port39  10G   Yes        
       3    port12  1G    Yes        
       3    port16  1G    Yes        
       3    port28  1G    Yes        
       3    port32  1G    Yes        
       3    port40  10G   Yes        
------ ---- ------- ----- ----------

Improving FortiGate 1500DT connections per second performance

On the FortiGate 1500DT, you can use the following command to potentially improve connections per second (CPS) performance:

config system npu

set np6-cps-optimization-mode {disable | enable}

end

Disabled by default, enabling this option can increase CPS performance by using more CPUs for interrupt processing. If your FortiGate 1500DT is processing very large numbers sessions with short life times, you can try enabling this feature to see if performance improves.

Enabling or disabling np6-cps-optimization-mode requires a system restart. You should only change this setting during a maintenance window or quiet period.

Note

A configuration change that causes a FortiGate to restart can disrupt the operation of an FGCP cluster. If possible, you should make this configuration change to the individual FortiGates before setting up the cluster. If the cluster is already operating, you should temporarily remove the secondary FortiGate(s) from the cluster, change the configuration of the individual FortiGates and then re-form the cluster. You can remove FortiGate(s) from a cluster using the Remove Device from HA cluster button on the System > HA GUI page. For more information, see Disconnecting a FortiGate.