Fortinet black logo

Hardware Acceleration

Home FortiGate / FortiOS 7.0.14 Hardware Acceleration
7.0.14
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.4.5
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.9
6.2.7
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
5.6.0

FortiGate 120G and 121G fast path architecture

FortiGate 120G and 121G fast path architecture

The FortiGate 120G and 121G includes the SOC5 (also called the SP5) and uses the SOC5 CPU, NP7Lite processor, and CP10 content processor. The SOC5 ISF connects all of the FortiGate 120G and 121G front panel data interfaces to the NP7Lite processor.

The FortiGate 120G and 121G features the following front panel interfaces:

  • Two 10/100/1000BASE-T Copper (HA, MGMT) connected to the SOC5 CPU.
  • Sixteen 10/100/1000BASE-T Copper (1 - 16) connected to the SOC5 integrated switch fabric.
  • Four 10 GigE SFP+ interfaces (X1 to X4) connected to the SOC5 integrated switch fabric. These are FortiLink interfaces.
  • Eight 1 GigE SFP (17 to 24) connected to the SOC5 integrated switch fabric.

The SOC5 includes an integrated switch fabric (ISF) that connects all of the front panel data interfaces to the NP7Lite processor. The SOC5 ISF allows sessions passing between any FortiGate front panel data interface pair to be offloaded by the NP7Lite processor. The SOC5 ISF also allows you to use the command config system virtual-switch to create a virtual hardware switch that can include any front panel interface connected to the SOC5.

Note

To add an interface to a hardware switch, its mode must be set to static and the interface can't be used in any other configuration. For example, you can't have a firewall policy that references the interface.

The MGMT interface is not connected to the NP7Lite processor. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. You can also dedicate separate CPU resources for management traffic to further isolate management processing from data processing (see Improving GUI and CLI responsiveness (dedicated management CPU)).

The HA interface is also not connected to the NP7Lite processor. To help provide better HA stability and resiliency, HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing.

The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.

You can use the command diagnose npu np7lite port-list to display the FortiGate 120G or 121G NP7Lite configuration.

diagnose npu np7lite port-list 
Front Panel Port:

Name     Max_speed(Mbps) Dflt_speed(Mbps) SW_port_id SW_port_name
-------- --------------- ---------------- ---------- -----------
port1    1000            1000             12         ge5
port2    1000            1000             13         ge4
port3    1000            1000             10         ge7
port4    1000            1000             11         ge6
port5    1000            1000             8          ge9
port6    1000            1000             9          ge8
port7    1000            1000             6          ge11
port8    1000            1000             7          ge10
port9    1000            1000             19         ge13
port10   1000            1000             18         ge12
port11   1000            1000             21         ge15
port12   1000            1000             20         ge14
port13   1000            1000             23         ge17
port14   1000            1000             22         ge16
port15   1000            1000             25         ge19
port16   1000            1000             24         ge18
x1       10000           10000            29         xe3
x2       10000           10000            30         xe4
x3       10000           10000            27         xe1
x4       10000           10000            28         xe2
port17   1000            1000             2          ge0
port18   1000            1000             3          ge1
port19   1000            1000             4          ge2
port20   1000            1000             5          ge3
port21   1000            1000             14         ge20
port22   1000            1000             15         ge21
port23   1000            1000             16         ge22
port24   1000            1000             17         ge23
-------- --------------- ---------------- ---------- -----------

The command output also shows the maximum speeds of each interface.

The NP7Lite processor has a bandwidth capacity of 40 Gigabits. You can see from the command output that if all interfaces were operating at their maximum bandwidth the NP7Lite processor would not be able to offload all the traffic.

Previous
Next

FortiGate 120G and 121G fast path architecture

The FortiGate 120G and 121G includes the SOC5 (also called the SP5) and uses the SOC5 CPU, NP7Lite processor, and CP10 content processor. The SOC5 ISF connects all of the FortiGate 120G and 121G front panel data interfaces to the NP7Lite processor.

The FortiGate 120G and 121G features the following front panel interfaces:

  • Two 10/100/1000BASE-T Copper (HA, MGMT) connected to the SOC5 CPU.
  • Sixteen 10/100/1000BASE-T Copper (1 - 16) connected to the SOC5 integrated switch fabric.
  • Four 10 GigE SFP+ interfaces (X1 to X4) connected to the SOC5 integrated switch fabric. These are FortiLink interfaces.
  • Eight 1 GigE SFP (17 to 24) connected to the SOC5 integrated switch fabric.

The SOC5 includes an integrated switch fabric (ISF) that connects all of the front panel data interfaces to the NP7Lite processor. The SOC5 ISF allows sessions passing between any FortiGate front panel data interface pair to be offloaded by the NP7Lite processor. The SOC5 ISF also allows you to use the command config system virtual-switch to create a virtual hardware switch that can include any front panel interface connected to the SOC5.

Note

To add an interface to a hardware switch, its mode must be set to static and the interface can't be used in any other configuration. For example, you can't have a firewall policy that references the interface.

The MGMT interface is not connected to the NP7Lite processor. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. You can also dedicate separate CPU resources for management traffic to further isolate management processing from data processing (see Improving GUI and CLI responsiveness (dedicated management CPU)).

The HA interface is also not connected to the NP7Lite processor. To help provide better HA stability and resiliency, HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing.

The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.

You can use the command diagnose npu np7lite port-list to display the FortiGate 120G or 121G NP7Lite configuration.

diagnose npu np7lite port-list 
Front Panel Port:

Name     Max_speed(Mbps) Dflt_speed(Mbps) SW_port_id SW_port_name
-------- --------------- ---------------- ---------- -----------
port1    1000            1000             12         ge5
port2    1000            1000             13         ge4
port3    1000            1000             10         ge7
port4    1000            1000             11         ge6
port5    1000            1000             8          ge9
port6    1000            1000             9          ge8
port7    1000            1000             6          ge11
port8    1000            1000             7          ge10
port9    1000            1000             19         ge13
port10   1000            1000             18         ge12
port11   1000            1000             21         ge15
port12   1000            1000             20         ge14
port13   1000            1000             23         ge17
port14   1000            1000             22         ge16
port15   1000            1000             25         ge19
port16   1000            1000             24         ge18
x1       10000           10000            29         xe3
x2       10000           10000            30         xe4
x3       10000           10000            27         xe1
x4       10000           10000            28         xe2
port17   1000            1000             2          ge0
port18   1000            1000             3          ge1
port19   1000            1000             4          ge2
port20   1000            1000             5          ge3
port21   1000            1000             14         ge20
port22   1000            1000             15         ge21
port23   1000            1000             16         ge22
port24   1000            1000             17         ge23
-------- --------------- ---------------- ---------- -----------

The command output also shows the maximum speeds of each interface.

The NP7Lite processor has a bandwidth capacity of 40 Gigabits. You can see from the command output that if all interfaces were operating at their maximum bandwidth the NP7Lite processor would not be able to offload all the traffic.

Previous
Next