FortiGate 3600E and 3601E fast path architecture
The FortiGate 3600E and 3601E models feature the following front panel interfaces:
- Two 10/100/1000BASE-T Copper (MGMT1 and MGMT2)
- Two 10/25 GigE SFP+/SFP28 (HA1 and HA2, not connected to the NP6 processors)
- Thirty 10/25 GigE SFP+/SFP28 (1 to 30) interface groups: HA1 - HA2 - 1 - 2, 3 - 6, 7 - 10, 11 - 14, 15 - 18, 19 - 22, 23 - 26, and 27 - 30
- Six 100 GigE QSFP28 (31 to 36)
The FortiGate-3600 and 3601 do not support auto-negotiation when setting interface speeds. Always set a specific interface speed. For example: config system interface edit port31 set speed {40000full | 100Gfull} end |
The FortiGate 3600E and 3601E each include six NP6 processors (NP6_0 to NP6_5). All front panel data interfaces and all of the NP6 processors connect to the integrated switch fabric (ISF). All data traffic passes from the data interfaces through the ISF to the NP6 processors. Because of the ISF, all supported traffic passing between any two data interfaces can be offloaded by the NP6 processors. No special mapping is required for fast path offloading or aggregate interfaces. Data traffic processed by the CPU takes a dedicated data path through the ISF and an NP6 processor to the CPU.
The MGMT interfaces are not connected to the NP6 processors. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. You can also dedicate separate CPU resources for management traffic to further isolate management processing from data processing (see Dedicated management CPU).
The HA interfaces are also not connected to the NP6 processors. To help provide better HA stability and resiliency, the HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing.
The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.
You can use the following command to display the FortiGate 3600E or 3601E NP6 configuration. You can also use the diagnose npu np6 port-list
command to display this information.
get hardware npu np6 port-list Chip XAUI Ports Max Cross-chip Speed offloading -------------------- ---- ------ ------- ---------- NP#0-5 0-3 port1 25000M Yes NP#0-5 0-3 port2 25000M Yes NP#0-5 0-3 port3 25000M Yes NP#0-5 0-3 port4 25000M Yes NP#0-5 0-3 port5 25000M Yes NP#0-5 0-3 port6 25000M Yes NP#0-5 0-3 port7 25000M Yes NP#0-5 0-3 port8 25000M Yes NP#0-5 0-3 port9 25000M Yes NP#0-5 0-3 port10 25000M Yes NP#0-5 0-3 port11 25000M Yes NP#0-5 0-3 port12 25000M Yes NP#0-5 0-3 port13 25000M Yes NP#0-5 0-3 port14 25000M Yes NP#0-5 0-3 port15 25000M Yes NP#0-5 0-3 port16 25000M Yes NP#0-5 0-3 port17 25000M Yes NP#0-5 0-3 port18 25000M Yes NP#0-5 0-3 port19 25000M Yes NP#0-5 0-3 port20 25000M Yes NP#0-5 0-3 port21 25000M Yes NP#0-5 0-3 port22 25000M Yes NP#0-5 0-3 port23 25000M Yes NP#0-5 0-3 port24 25000M Yes NP#0-5 0-3 port25 25000M Yes NP#0-5 0-3 port26 25000M Yes NP#0-5 0-3 port27 25000M Yes NP#0-5 0-3 port28 25000M Yes NP#0-5 0-3 port29 25000M Yes NP#0-5 0-3 port30 25000M Yes NP#0-5 0-3 port31 100000M Yes NP#0-5 0-3 port32 100000M Yes NP#0-5 0-3 port33 100000M Yes NP#0-5 0-3 port34 100000M Yes NP#0-5 0-3 port35 100000M Yes NP#0-5 0-3 port36 100000M Yes -------------------- ---- ------ ------- ----------
Interface groups and changing data interface speeds
FortiGate-3600E and 3601E front panel interfaces HA1, HA2, and 1 to 30 are divided into the following groups:
- ha1 - ha2 - port1 - port2
- port3 - port6
- port7 - port10
- port11 - port14
- port15 - port18
- port19 - port22
- port23 - port26
- port27 - port30
All of the interfaces in a group operate at the same speed. Changing the speed of an interface changes the speeds of all of the interfaces in the same group. For example, if you change the speed of port12 from 25Gbps to 10Gbps the speeds of port11 to port14 are also changed to 10Gbps.
Another example, port15 to port22 are operating at 25Gbps. If you want to install 10GigE transceivers in port15 to port22 to convert all of these data interfaces to connect to 10Gbps networks, you can enter the following from the CLI:
config system interface
edit port15
set speed 10000full
next
edit port19
set speed 10000full
end
Every time you change a data interface speed, when you enter the end
command, the CLI confirms the range of interfaces affected by the change. For example, if you change the speed of port7 the following message appears:
config system interface
edit port7
set speed 10000full
end
port7-port10 speed will be changed to 10000full due to hardware limit.
Do you want to continue? (y/n)