Fortinet black logo

Hardware Acceleration

Home FortiGate / FortiOS 7.0.12 Hardware Acceleration
7.0.12
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.4.5
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.9
6.2.7
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
5.6.0

FIM-7941F fast path architecture

FIM-7941F fast path architecture

The FIM-7941F includes an integrated switch fabric (ISF) that connects the front panel interfaces and the chassis fabric backplane to the NP7 processors. The NP7 processors receive sessions from the FIM front panel data interfaces and the FPM front panel data interfaces over the fabric backplane. The NP7 processors use SLBC to distribute sessions to FPMs over the fabric backplane.

The FIM-7941F includes the following backplane communication channels:

  • Ten 400Gbps fabric backplane channel to distribute traffic to the FPMs.
  • Ten 50Gbps base backplane channel for base backplane communication with the FPMs.
  • One 1Tbps fabric backplane channel for fabric backplane communication with the other FIM.
  • One 50Gbps base backplane channel for base backplane communication with the other FIM.

The FIM-7941F features the following front panel interfaces:

  • Two 10/100/1000BASE-T RJ45 (MGMT1 and MGMT2) base channel management interfaces.
  • Eighteen 100/40 GigE QSFP28 (1 to 18) fabric channel data interfaces. Each of these interfaces can be split into four 25/10 GigE interfaces.
  • Two 400/100/40 GigE QSFP-DD (19 and 20) fabric channel data interfaces. Each of these interfaces can be split into four 100/25/10GigE interfaces or eight 25/10 GigE interfaces.
  • Two 100/40 GigE QSFP28 (M1 and M2) base channel management interfaces. Each of these interfaces can be split into four 25/10 GigE interfaces.
  • Two 25/10 GigE SFP28 (M1 and M2 ) base channel management interfaces.
FIM-7941F hardware architecture

FIM-7941F NP7 processors

Since FIM NP7 processors are used for SLBC load balancing:

  • They are not used for host protection engine (HPE) DoS protection. HPE is applied by the NP7 processors in the FPMs. For information about HPE, see NP7 Host Protection Engine (HPE).

  • You can't configure NP7 groups for FIM NP7 processors. NP7 groups can be configured for the NP7 processors in FPMs.

  • The output of the diagnose npu np7 port-list command shows that FIM NP7 processors are connected to all FIM-7941F interfaces and shows the maximum and default speeds of the interfaces. Sample output from the FIM CLI:

diagnose npu np7 port-list
Front Panel Port:
Name     Max_speed(Mbps) Dflt_speed(Mbps) NP_group        Switch_id SW_port_id SW_port_name
-------- --------------- ---------------  --------------- --------- ---------- ------------
1-P1     100000          100000           n/a             0         7          ce27
1-P1-2   25000           25000            n/a             0         8
1-P1-3   25000           25000            n/a             0         9
1-P1-4   25000           25000            n/a             0         10
1-P2     100000          100000           n/a             0         15         ce31
.
.
.

Changing the FIM-7941F 1 to 18, M1, and M2 interfaces

By default, the FIM-7941F 1 to 18 (P1 to P18) , M1, and M2 interfaces are configured as 100GigE QSFP28 interfaces. You can make the following changes to these interfaces:

  • Change the interface speed to 100G or 40G using the config system interface command.

  • Split one or more of the interfaces into four 25GigE interfaces.

  • Change the interface speed of one or more of the split interfaces to 10Gig.

Note

You should configure split interfaces on both FortiGate 7000Fs before forming an FGCP HA cluster. If you decide to change the split interface configuration after forming a cluster, you need to remove the secondary FortiGate 7000F from the cluster and change the split interface configuration on both FortiGate 7000Fs separately. After the FortiGate 7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions.

You can use the following command to split the P3 interface of the FIM-7941F in slot 1 and the P16 and M1 interfaces of the FIM-7941F in slot 2:

config system global

set split-port 1-P3 2-P16 2-M1

end

The FortiGate 7000F reboots and when it starts up:

  • Interface 1-P3 has been replaced by four 25GigE CR2 interfaces named 1-P3/1 to 1-P3/4.

  • Interface 2-P16 has been replaced by four 25GigE CR2 interfaces named 2-P16/1 to 2-P16/4.

  • Interface 2-M1 has been replaced by four 25GigE CR2 interfaces named 2-M1/1 to 2-M1/4.

You can use the config system interface command to change the speeds of each of the split interfaces. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.

For example, to change the speed of the 2-P16/3 interface to 10Gig:

config system interface

edit 2-P16/3

set speed 10000full

end

Changing the FIM-7941F 19 and 20 interfaces

By default, the FIM-7941F 19 and 20 (P19 and P20) interfaces are configured as 400GigE QSFP-DD interfaces. You can make the following changes to one or both of these interfaces:

  • Change the interface speed to 400G, 100G, or 40G using the config system interface command.

  • Split the interface into four 100GigE CR2 interfaces.

  • Split the interface into four 25GigE CR or 10GigE SR interfaces.

All of these operations, except changing the interface speed using the config system interface command, require a system restart. Fortinet recommends that you perform these operations during a maintenance window and plan the changes to avoid traffic disruption.

Note

You should configure split interfaces on both FortiGate 7000Fs before forming an FGCP HA cluster. If you decide to change the split interface configuration after forming a cluster, you need to remove the secondary FortiGate 7000F from the cluster and change the split interface configuration on both FortiGate 7000Fs separately. After the FortiGate 7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions.

Splitting the P19 or P20 interfaces into four 100GigE CR2 interfaces

You can use the following command to split the P19 or P20 interfaces into four 100GigE CR2 interfaces. To split P19 of the FIM-7941F in slot 1 (1-P19) and P20 of the FIM-7941F in slot 2 (2-P20) enter the following command:

config system global

set split-port 1-P19 2-P20

end

The FortiGate 7000F reboots and when it starts up:

  • Interface 1-P19 has been replaced by four 100GigE CR2 interfaces named 1-P19/1 to 1-P19/4.

  • Interface 2-P20 has been replaced by four 100GigE CR2 interfaces named 2-P20/1 to 2-P20/4.

Splitting the P19 or P20 interfaces into four 25GigE CR or 10GigE SR interfaces

You can use the following command to split the P19 or P20 interfaces into four 25GigE CR interfaces. The following command converts the interface into a 100GigE QSFP28 interface then splits this interface into four 25 GigE CR interfaces. To split P19 of the FIM-7941F in slot 1 (1-P19) and P20 of the FIM-7941F in slot 2 (2-P20) enter the following command:

config system global

set qsfpdd-100g-port 1-P19 2-P20

set split-port 1-P19 2-P20

end

The FortiGate 7000F reboots and when it starts up:

  • Interface 1-P19 has been replaced by four 25GigE CR interfaces named 1-P19/1 to 1-P19/4.

  • Interface 2-P20 has been replaced by four 25GigE CR interfaces named 2-P20/1 to 2-P20/4.

If you want some or all of these interfaces to operate as 10GigE SR interfaces you can use the config system interface command to change the interface speed. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.

Splitting the FIM-7941F P19 and P20 interfaces into eight 25GigE CR or 10GigE SR interfaces

You can use the following command to split the P19 or P20 interface of the FIM-7941F into eight 25GigE CR interfaces. To split P20 of the FIM-7941F in slot 1 (1-P20) and P19 of the FIM-7941F in slot 2 (2-P19) enter the following command:

config system global

set split-port 1-P20 2-P19

set qsfpdd-split8-port 1-P20 2-P19

end

Note

You must set both split-port and qsfpdd-split8-port.

The FortiGate 7000F dreboots and when it starts up:

The 1-P20 interface is converted into eight 25GigE CR interfaces named 1-P20/1 to 1-P20/8.

The 2-P19 interface is converted into eight 25GigE CR interfaces named 2-P19/1 to 2-P19/8.

If you want some or all of these interfaces to operate as 10GigE SR interfaces you can use the config system interface command to change the interface speed. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.

Previous
Next

FIM-7941F fast path architecture

The FIM-7941F includes an integrated switch fabric (ISF) that connects the front panel interfaces and the chassis fabric backplane to the NP7 processors. The NP7 processors receive sessions from the FIM front panel data interfaces and the FPM front panel data interfaces over the fabric backplane. The NP7 processors use SLBC to distribute sessions to FPMs over the fabric backplane.

The FIM-7941F includes the following backplane communication channels:

  • Ten 400Gbps fabric backplane channel to distribute traffic to the FPMs.
  • Ten 50Gbps base backplane channel for base backplane communication with the FPMs.
  • One 1Tbps fabric backplane channel for fabric backplane communication with the other FIM.
  • One 50Gbps base backplane channel for base backplane communication with the other FIM.

The FIM-7941F features the following front panel interfaces:

  • Two 10/100/1000BASE-T RJ45 (MGMT1 and MGMT2) base channel management interfaces.
  • Eighteen 100/40 GigE QSFP28 (1 to 18) fabric channel data interfaces. Each of these interfaces can be split into four 25/10 GigE interfaces.
  • Two 400/100/40 GigE QSFP-DD (19 and 20) fabric channel data interfaces. Each of these interfaces can be split into four 100/25/10GigE interfaces or eight 25/10 GigE interfaces.
  • Two 100/40 GigE QSFP28 (M1 and M2) base channel management interfaces. Each of these interfaces can be split into four 25/10 GigE interfaces.
  • Two 25/10 GigE SFP28 (M1 and M2 ) base channel management interfaces.
FIM-7941F hardware architecture

FIM-7941F NP7 processors

Since FIM NP7 processors are used for SLBC load balancing:

  • They are not used for host protection engine (HPE) DoS protection. HPE is applied by the NP7 processors in the FPMs. For information about HPE, see NP7 Host Protection Engine (HPE).

  • You can't configure NP7 groups for FIM NP7 processors. NP7 groups can be configured for the NP7 processors in FPMs.

  • The output of the diagnose npu np7 port-list command shows that FIM NP7 processors are connected to all FIM-7941F interfaces and shows the maximum and default speeds of the interfaces. Sample output from the FIM CLI:

diagnose npu np7 port-list
Front Panel Port:
Name     Max_speed(Mbps) Dflt_speed(Mbps) NP_group        Switch_id SW_port_id SW_port_name
-------- --------------- ---------------  --------------- --------- ---------- ------------
1-P1     100000          100000           n/a             0         7          ce27
1-P1-2   25000           25000            n/a             0         8
1-P1-3   25000           25000            n/a             0         9
1-P1-4   25000           25000            n/a             0         10
1-P2     100000          100000           n/a             0         15         ce31
.
.
.

Changing the FIM-7941F 1 to 18, M1, and M2 interfaces

By default, the FIM-7941F 1 to 18 (P1 to P18) , M1, and M2 interfaces are configured as 100GigE QSFP28 interfaces. You can make the following changes to these interfaces:

  • Change the interface speed to 100G or 40G using the config system interface command.

  • Split one or more of the interfaces into four 25GigE interfaces.

  • Change the interface speed of one or more of the split interfaces to 10Gig.

Note

You should configure split interfaces on both FortiGate 7000Fs before forming an FGCP HA cluster. If you decide to change the split interface configuration after forming a cluster, you need to remove the secondary FortiGate 7000F from the cluster and change the split interface configuration on both FortiGate 7000Fs separately. After the FortiGate 7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions.

You can use the following command to split the P3 interface of the FIM-7941F in slot 1 and the P16 and M1 interfaces of the FIM-7941F in slot 2:

config system global

set split-port 1-P3 2-P16 2-M1

end

The FortiGate 7000F reboots and when it starts up:

  • Interface 1-P3 has been replaced by four 25GigE CR2 interfaces named 1-P3/1 to 1-P3/4.

  • Interface 2-P16 has been replaced by four 25GigE CR2 interfaces named 2-P16/1 to 2-P16/4.

  • Interface 2-M1 has been replaced by four 25GigE CR2 interfaces named 2-M1/1 to 2-M1/4.

You can use the config system interface command to change the speeds of each of the split interfaces. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.

For example, to change the speed of the 2-P16/3 interface to 10Gig:

config system interface

edit 2-P16/3

set speed 10000full

end

Changing the FIM-7941F 19 and 20 interfaces

By default, the FIM-7941F 19 and 20 (P19 and P20) interfaces are configured as 400GigE QSFP-DD interfaces. You can make the following changes to one or both of these interfaces:

  • Change the interface speed to 400G, 100G, or 40G using the config system interface command.

  • Split the interface into four 100GigE CR2 interfaces.

  • Split the interface into four 25GigE CR or 10GigE SR interfaces.

All of these operations, except changing the interface speed using the config system interface command, require a system restart. Fortinet recommends that you perform these operations during a maintenance window and plan the changes to avoid traffic disruption.

Note

You should configure split interfaces on both FortiGate 7000Fs before forming an FGCP HA cluster. If you decide to change the split interface configuration after forming a cluster, you need to remove the secondary FortiGate 7000F from the cluster and change the split interface configuration on both FortiGate 7000Fs separately. After the FortiGate 7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions.

Splitting the P19 or P20 interfaces into four 100GigE CR2 interfaces

You can use the following command to split the P19 or P20 interfaces into four 100GigE CR2 interfaces. To split P19 of the FIM-7941F in slot 1 (1-P19) and P20 of the FIM-7941F in slot 2 (2-P20) enter the following command:

config system global

set split-port 1-P19 2-P20

end

The FortiGate 7000F reboots and when it starts up:

  • Interface 1-P19 has been replaced by four 100GigE CR2 interfaces named 1-P19/1 to 1-P19/4.

  • Interface 2-P20 has been replaced by four 100GigE CR2 interfaces named 2-P20/1 to 2-P20/4.

Splitting the P19 or P20 interfaces into four 25GigE CR or 10GigE SR interfaces

You can use the following command to split the P19 or P20 interfaces into four 25GigE CR interfaces. The following command converts the interface into a 100GigE QSFP28 interface then splits this interface into four 25 GigE CR interfaces. To split P19 of the FIM-7941F in slot 1 (1-P19) and P20 of the FIM-7941F in slot 2 (2-P20) enter the following command:

config system global

set qsfpdd-100g-port 1-P19 2-P20

set split-port 1-P19 2-P20

end

The FortiGate 7000F reboots and when it starts up:

  • Interface 1-P19 has been replaced by four 25GigE CR interfaces named 1-P19/1 to 1-P19/4.

  • Interface 2-P20 has been replaced by four 25GigE CR interfaces named 2-P20/1 to 2-P20/4.

If you want some or all of these interfaces to operate as 10GigE SR interfaces you can use the config system interface command to change the interface speed. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.

Splitting the FIM-7941F P19 and P20 interfaces into eight 25GigE CR or 10GigE SR interfaces

You can use the following command to split the P19 or P20 interface of the FIM-7941F into eight 25GigE CR interfaces. To split P20 of the FIM-7941F in slot 1 (1-P20) and P19 of the FIM-7941F in slot 2 (2-P19) enter the following command:

config system global

set split-port 1-P20 2-P19

set qsfpdd-split8-port 1-P20 2-P19

end

Note

You must set both split-port and qsfpdd-split8-port.

The FortiGate 7000F dreboots and when it starts up:

The 1-P20 interface is converted into eight 25GigE CR interfaces named 1-P20/1 to 1-P20/8.

The 2-P19 interface is converted into eight 25GigE CR interfaces named 2-P19/1 to 2-P19/8.

If you want some or all of these interfaces to operate as 10GigE SR interfaces you can use the config system interface command to change the interface speed. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.

Previous
Next