Fortinet black logo

Hardware Acceleration

Home FortiGate / FortiOS 7.0.14 Hardware Acceleration
7.0.14
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.4.5
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.9
6.2.7
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
5.6.0

FortiGate 90G and 91G fast path architecture

FortiGate 90G and 91G fast path architecture

The FortiGate 90G and 91G includes the SOC5 (also called the SP5) and uses the SOC5 CPU, NP7Lite processor, and CP10 content processor. The SOC5 ISF connects all of the FortiGate 90G and 91G front panel data interfaces to the NP7Lite processor.

The FortiGate 90G and 91G features the following front panel interfaces:

  • Two 10 GigE SFP+ interfaces (SFP+1 and SFP+2) connect to the SOC5 integrated switch fabric through a shared media connector.
  • Two 10GigE/5GigE/2.5GigE/1GigE/100M BASE-T RJ45 interfaces (WAN1 and WAN2) connect to the SOC5 integrated switch fabric through a shared media connector.
  • Eight 10/100/1000BASE-T RJ45 (1-6, A, and B) connected to the SOC5 integrated switch fabric. A and B are FortiLink interfaces.

Interfaces SFP1 and WAN1 and SFP2 and WAN2 are shared SFP or Ethernet interfaces. Only one of each of these interface pairs can be connected to a network. This allows you to, for example, connect SFP1 to an SFP switch and WAN2 to 10/100/1000BASE-T Copper switch.

The SOC5 includes an integrated switch fabric (ISF) that connects all of the front panel network interfaces to the NP7Lite processor. The SOC5 ISF allows sessions passing between any FortiGate front panel interface pair to be offloaded by the NP7Lite processor. The SOC5 ISF also allows you to use the command config system virtual-switch to create a virtual hardware switch that can include any front panel interface connected to the SOC5.

Note

To add an interface to a hardware switch, its mode must be set to static and the interface can't be used in any other configuration. For example, you can't have a firewall policy that references the interface.

You can use the command diagnose npu np7lite port-list to display the FortiGate 90G or 91G NP7Lite configuration.

diagnose npu np7lite port-list 
Front Panel Port:

Name     Max_speed(Mbps) Dflt_speed(Mbps) NP_lane PHY_address 
-------- --------------- ---------------- ------- -----------
wan1     10000           10000            8       0xb
wan2     10000           10000            12      0x9
port1    1000            1000             5       0x11
port2    1000            1000             4       0x10
port3    1000            1000             7       0x13
port4    1000            1000             6       0x12
port5    1000            1000             1       0x15
port6    1000            1000             0       0x14
a        1000            1000             3       0x17
b        1000            1000             2       0x16
-------- --------------- ---------------- ------- -----------

The command output also shows the maximum speeds of each interface.

Previous
Next

FortiGate 90G and 91G fast path architecture

The FortiGate 90G and 91G includes the SOC5 (also called the SP5) and uses the SOC5 CPU, NP7Lite processor, and CP10 content processor. The SOC5 ISF connects all of the FortiGate 90G and 91G front panel data interfaces to the NP7Lite processor.

The FortiGate 90G and 91G features the following front panel interfaces:

  • Two 10 GigE SFP+ interfaces (SFP+1 and SFP+2) connect to the SOC5 integrated switch fabric through a shared media connector.
  • Two 10GigE/5GigE/2.5GigE/1GigE/100M BASE-T RJ45 interfaces (WAN1 and WAN2) connect to the SOC5 integrated switch fabric through a shared media connector.
  • Eight 10/100/1000BASE-T RJ45 (1-6, A, and B) connected to the SOC5 integrated switch fabric. A and B are FortiLink interfaces.

Interfaces SFP1 and WAN1 and SFP2 and WAN2 are shared SFP or Ethernet interfaces. Only one of each of these interface pairs can be connected to a network. This allows you to, for example, connect SFP1 to an SFP switch and WAN2 to 10/100/1000BASE-T Copper switch.

The SOC5 includes an integrated switch fabric (ISF) that connects all of the front panel network interfaces to the NP7Lite processor. The SOC5 ISF allows sessions passing between any FortiGate front panel interface pair to be offloaded by the NP7Lite processor. The SOC5 ISF also allows you to use the command config system virtual-switch to create a virtual hardware switch that can include any front panel interface connected to the SOC5.

Note

To add an interface to a hardware switch, its mode must be set to static and the interface can't be used in any other configuration. For example, you can't have a firewall policy that references the interface.

You can use the command diagnose npu np7lite port-list to display the FortiGate 90G or 91G NP7Lite configuration.

diagnose npu np7lite port-list 
Front Panel Port:

Name     Max_speed(Mbps) Dflt_speed(Mbps) NP_lane PHY_address 
-------- --------------- ---------------- ------- -----------
wan1     10000           10000            8       0xb
wan2     10000           10000            12      0x9
port1    1000            1000             5       0x11
port2    1000            1000             4       0x10
port3    1000            1000             7       0x13
port4    1000            1000             6       0x12
port5    1000            1000             1       0x15
port6    1000            1000             0       0x14
a        1000            1000             3       0x17
b        1000            1000             2       0x16
-------- --------------- ---------------- ------- -----------

The command output also shows the maximum speeds of each interface.

Previous
Next