Fortinet black logo

Hardware Acceleration

FortiGate 1500D fast path architecture

FortiGate 1500D fast path architecture

The FortiGate 1500D features two NP6 processors both connected to an integrated switch fabric.

  • Eight SFP 1Gb interfaces (port1-port8), eight RJ-45 1Gb Ethernet interfaces (port17-24) and four SFP+ 10Gb interfaces (port33-port36) share connections to the first NP6 processor.
  • Eight SFP 1Gb interfaces (port9-port16), eight RJ-45 1Gb Ethernet interfaces (port25-32) and four SFP+ 10Gb interfaces (port37-port40) share connections to the second NP6 processor.

You can use the following get command to display the FortiGate 1500D NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list
Chip   XAUI Ports            Max   Cross-chip 
                             Speed offloading 
------ ---- -------          ----- ---------- 
np6_0  0    port1            1G    Yes        
       0    port5            1G    Yes        
       0    port17           1G    Yes        
       0    port21           1G    Yes        
       0    port33           10G   Yes        
       1    port2            1G    Yes        
       1    port6            1G    Yes        
       1    port18           1G    Yes        
       1    port22           1G    Yes        
       1    port34           10G   Yes        
       2    port3            1G    Yes        
       2    port7            1G    Yes        
       2    port19           1G    Yes        
       2    port23           1G    Yes        
       2    port35           10G   Yes        
       3    port4            1G    Yes        
       3    port8            1G    Yes        
       3    port20           1G    Yes        
       3    port24           1G    Yes        
       3    port36           10G   Yes        
------ ---- -------          ----- ---------- 
np6_1  0    port9            1G    Yes        
       0    port13           1G    Yes        
       0    port25           1G    Yes        
       0    port29           1G    Yes        
       0    port37           10G   Yes        
       1    port10           1G    Yes        
       1    port14           1G    Yes        
       1    port26           1G    Yes        
       1    port30           1G    Yes        
       1    port38           10G   Yes        
       2    port11           1G    Yes        
       2    port15           1G    Yes        
       2    port27           1G    Yes        
       2    port31           1G    Yes        
       2    port39           10G   Yes        
       3    port12           1G    Yes        
       3    port16           1G    Yes        
       3    port28           1G    Yes        
       3    port32           1G    Yes        
       3    port40           10G   Yes        
------ ---- -------          ----- ----------

Improving FortiGate 1500D connections per second performance

On the FortiGate 1500D, you can use the following command to potentially improve connections per second (CPS) performance:

config system npu

set np6-cps-optimization-mode {disable | enable}

end

Disabled by default, enabling this option can increase CPS performance by using more CPUs for interrupt processing. If your FortiGate 1500D is processing very large numbers sessions with short life times, you can try enabling this feature to see if performance improves.

Enabling or disabling np6-cps-optimization-mode requires a system restart. You should only change this setting during a maintenance window or quiet period.

Note

A configuration change that causes a FortiGate to restart can disrupt the operation of an FGCP cluster. If possible, you should make this configuration change to the individual FortiGates before setting up the cluster. If the cluster is already operating, you should temporarily remove the secondary FortiGate(s) from the cluster, change the configuration of the individual FortiGates and then re-form the cluster. You can remove FortiGate(s) from a cluster using the Remove Device from HA cluster button on the System > HA GUI page. For more information, see Disconnecting a FortiGate.

FortiGate 1500D fast path architecture

The FortiGate 1500D features two NP6 processors both connected to an integrated switch fabric.

  • Eight SFP 1Gb interfaces (port1-port8), eight RJ-45 1Gb Ethernet interfaces (port17-24) and four SFP+ 10Gb interfaces (port33-port36) share connections to the first NP6 processor.
  • Eight SFP 1Gb interfaces (port9-port16), eight RJ-45 1Gb Ethernet interfaces (port25-32) and four SFP+ 10Gb interfaces (port37-port40) share connections to the second NP6 processor.

You can use the following get command to display the FortiGate 1500D NP6 configuration. The command output shows two NP6s named NP6_0 and NP6_1. The output also shows the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.

get hardware npu np6 port-list
Chip   XAUI Ports            Max   Cross-chip 
                             Speed offloading 
------ ---- -------          ----- ---------- 
np6_0  0    port1            1G    Yes        
       0    port5            1G    Yes        
       0    port17           1G    Yes        
       0    port21           1G    Yes        
       0    port33           10G   Yes        
       1    port2            1G    Yes        
       1    port6            1G    Yes        
       1    port18           1G    Yes        
       1    port22           1G    Yes        
       1    port34           10G   Yes        
       2    port3            1G    Yes        
       2    port7            1G    Yes        
       2    port19           1G    Yes        
       2    port23           1G    Yes        
       2    port35           10G   Yes        
       3    port4            1G    Yes        
       3    port8            1G    Yes        
       3    port20           1G    Yes        
       3    port24           1G    Yes        
       3    port36           10G   Yes        
------ ---- -------          ----- ---------- 
np6_1  0    port9            1G    Yes        
       0    port13           1G    Yes        
       0    port25           1G    Yes        
       0    port29           1G    Yes        
       0    port37           10G   Yes        
       1    port10           1G    Yes        
       1    port14           1G    Yes        
       1    port26           1G    Yes        
       1    port30           1G    Yes        
       1    port38           10G   Yes        
       2    port11           1G    Yes        
       2    port15           1G    Yes        
       2    port27           1G    Yes        
       2    port31           1G    Yes        
       2    port39           10G   Yes        
       3    port12           1G    Yes        
       3    port16           1G    Yes        
       3    port28           1G    Yes        
       3    port32           1G    Yes        
       3    port40           10G   Yes        
------ ---- -------          ----- ----------

Improving FortiGate 1500D connections per second performance

On the FortiGate 1500D, you can use the following command to potentially improve connections per second (CPS) performance:

config system npu

set np6-cps-optimization-mode {disable | enable}

end

Disabled by default, enabling this option can increase CPS performance by using more CPUs for interrupt processing. If your FortiGate 1500D is processing very large numbers sessions with short life times, you can try enabling this feature to see if performance improves.

Enabling or disabling np6-cps-optimization-mode requires a system restart. You should only change this setting during a maintenance window or quiet period.

Note

A configuration change that causes a FortiGate to restart can disrupt the operation of an FGCP cluster. If possible, you should make this configuration change to the individual FortiGates before setting up the cluster. If the cluster is already operating, you should temporarily remove the secondary FortiGate(s) from the cluster, change the configuration of the individual FortiGates and then re-form the cluster. You can remove FortiGate(s) from a cluster using the Remove Device from HA cluster button on the System > HA GUI page. For more information, see Disconnecting a FortiGate.