Fortinet black logo

Hardware Acceleration

Home FortiGate / FortiOS 6.2.9 Hardware Acceleration

FortiGate 200E and 201E fast path architecture

6.2.9
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.4.5
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.9
6.2.7
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
5.6.0
Copy Link
Copy Doc ID 3b8f5ff2-ff89-11eb-8f3f-00505692583a:854455
Download PDF

FortiGate 200E and 201E fast path architecture

The FortiGate 200E and 201E features the following front panel interfaces:

  • Two 10/100/1000BASE-T Copper interfaces (MGMT and HA , not connected to the NP6Lite processors)
  • Sixteen 10/100/1000BASE-T Copper interfaces (wan1, wan2, 1 to 14)
  • Four 1GE SFP interfaces (15 to 18)

The FortiGate 200E and 201E include two SOC3 NP6Lite processors. The SOC3 CPUs and CP9Lite processors are not used. Instead, the FortiGate 200E and 201E architecture includes separate CPU resources and a standard CP9 processor. Because this model does not include a switch fabric, you cannot create Link Aggregation Groups (LAGs) or redundant interfaces between interfaces connected to different NP6Lites. As well, traffic will only be offloaded if it enters and exits the FortiGate on interfaces connected to the same NP6Lite.

The NP6Lites are connected to network interfaces as follows:

  • NP6Lite_0 is connected to six 1GE RJ-45 interfaces (9 to 14) and four 1GE SFP interfaces (15 to 18).
  • NP6Lite_1 is connected to ten 1GE RJ45 interfaces (wan1, wan2, 1 to 8).

The following diagram also shows the RGMII and QSGMII port connections between the NP6Lite processors and the front panel interfaces. Both RGMII and QSGMII interfaces operate at 1000Mbps. However, QSGMII interfaces can also negotiate to operate at lower speeds: 10, 100, and 1000Mbps. To connect the FortiGate 200E to networks with speeds lower than 1000Mbps use the QSGMII interfaces (port1-8 and port11-18).

All data traffic passes from the data interfaces through to the NP6Lite processors. Data traffic to be processed by the CPU takes a dedicated data path through the ISF and an NP6Lite processor to the CPU.

The MGMT interface is not connected to the NP6Lite processors. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. The HA interface is also not connected to the NP6Lite processors. To help provide better HA stability and resiliency, HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing. The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.

You can use the following get command to display the FortiGate 200E or 201E NP6Lite configuration. You can also use the diagnose npu np6lite port-list command to display this information.

get hardware npu np6lite port-list 
Chip   XAUI Ports            Max   Cross-chip 
                             Speed offloading 
------ ---- -------          ----- ---------- 
np6lite_0
       2    port9            1000M          NO
       1    port10           1000M          NO
       4    port11           1000M          NO
       3    port12           1000M          NO
       6    port13           1000M          NO
       5    port14           1000M          NO
       9    port15           1000M          NO
       10   port16           1000M          NO
       8    port17           1000M          NO
       7    port18           1000M          NO
np6lite_1
       2    wan1             1000M          NO
       1    wan2             1000M          NO
       4    port1            1000M          NO
       3    port2            1000M          NO
       6    port3            1000M          NO
       5    port4            1000M          NO
       8    port5            1000M          NO
       7    port6            1000M          NO
       10   port7            1000M          NO
       9    port8            1000M          NO

Previous
Next

FortiGate 200E and 201E fast path architecture

The FortiGate 200E and 201E features the following front panel interfaces:

  • Two 10/100/1000BASE-T Copper interfaces (MGMT and HA , not connected to the NP6Lite processors)
  • Sixteen 10/100/1000BASE-T Copper interfaces (wan1, wan2, 1 to 14)
  • Four 1GE SFP interfaces (15 to 18)

The FortiGate 200E and 201E include two SOC3 NP6Lite processors. The SOC3 CPUs and CP9Lite processors are not used. Instead, the FortiGate 200E and 201E architecture includes separate CPU resources and a standard CP9 processor. Because this model does not include a switch fabric, you cannot create Link Aggregation Groups (LAGs) or redundant interfaces between interfaces connected to different NP6Lites. As well, traffic will only be offloaded if it enters and exits the FortiGate on interfaces connected to the same NP6Lite.

The NP6Lites are connected to network interfaces as follows:

  • NP6Lite_0 is connected to six 1GE RJ-45 interfaces (9 to 14) and four 1GE SFP interfaces (15 to 18).
  • NP6Lite_1 is connected to ten 1GE RJ45 interfaces (wan1, wan2, 1 to 8).

The following diagram also shows the RGMII and QSGMII port connections between the NP6Lite processors and the front panel interfaces. Both RGMII and QSGMII interfaces operate at 1000Mbps. However, QSGMII interfaces can also negotiate to operate at lower speeds: 10, 100, and 1000Mbps. To connect the FortiGate 200E to networks with speeds lower than 1000Mbps use the QSGMII interfaces (port1-8 and port11-18).

All data traffic passes from the data interfaces through to the NP6Lite processors. Data traffic to be processed by the CPU takes a dedicated data path through the ISF and an NP6Lite processor to the CPU.

The MGMT interface is not connected to the NP6Lite processors. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. The HA interface is also not connected to the NP6Lite processors. To help provide better HA stability and resiliency, HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing. The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.

You can use the following get command to display the FortiGate 200E or 201E NP6Lite configuration. You can also use the diagnose npu np6lite port-list command to display this information.

get hardware npu np6lite port-list 
Chip   XAUI Ports            Max   Cross-chip 
                             Speed offloading 
------ ---- -------          ----- ---------- 
np6lite_0
       2    port9            1000M          NO
       1    port10           1000M          NO
       4    port11           1000M          NO
       3    port12           1000M          NO
       6    port13           1000M          NO
       5    port14           1000M          NO
       9    port15           1000M          NO
       10   port16           1000M          NO
       8    port17           1000M          NO
       7    port18           1000M          NO
np6lite_1
       2    wan1             1000M          NO
       1    wan2             1000M          NO
       4    port1            1000M          NO
       3    port2            1000M          NO
       6    port3            1000M          NO
       5    port4            1000M          NO
       8    port5            1000M          NO
       7    port6            1000M          NO
       10   port7            1000M          NO
       9    port8            1000M          NO

Previous
Next