NP7Lite processors
The NP7Lite processor is a lower capacity version of the NP7 processor that supports all NP7 processor features except hyperscale firewall (hardware sessions). The NP7Lite also does not include support for defrag/reassembly (DFR) to re-assemble fragmented packets. The NP7Lite max throughput is 40 Gbps, using one 40GigE interface.
NP7Lite processors can offload IPsec SHA3-256/384/512 encryption/decryption.
See FortiGate NP7Lite architectures for FortiGate models that include the NP7Lite processor.
The NP7Lite processor can support the following features, but these features are not available for entry level (branch) FortiGates such as the FortiGate 90G and 91G.
-
Extended sequence number (ESN) negotiation. If supported, this option can be configured in an IPsec phase 1 using the
esn {require | allow | disable}
option. -
Offloading more than 256 destinations for multicast replication. Supported by enabling the
config system npu
optiondouble-level-mcast-offload
(see double-level-mcast-offload {disable | enable}). -
Offloading mirrored SSL sessions (see Mirroring SSL traffic in policies).
-
Configuring one or more interfaces to support the DSCP copy feature. Supported by using the
inbound-dscp-copy-port
option of theconfig system npu
command (see inbound-dscp-copy-port <interface> [<interface>...]).
The NP7Lite processor is a component of the Fortinet SOC5 (also called the SP5). The SOC5 includes a CPU, the NP7Lite network processor, and a CP10 content processor.
The SOC5 also includes an integrated switch fabric (ISF) that connects all of the front panel network interfaces to the NP7Lite processor. The SOC5 ISF allows sessions passing between any FortiGate front panel interface pair to be offloaded by the NP7Lite processor. The SOC5 ISF also allows you to use the command config system virtual-switch
to create a virtual hardware switch that can include any front panel interface connected to the SOC5.
To add an interface to a hardware switch, its |
SOC5 architecture