Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Hardware Acceleration

    Home FortiGate / FortiOS 7.2.13 Hardware Acceleration
    7.2.13
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.1
    7.0.0
    6.4.16
    6.2.17
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    5.6.0

    FortiGate 200G and 201G fast path architecture

    FortiGate 200G and 201G fast path architecture

    The FortiGate 200G and 201G use a SOC5 (also called the SP5) NP7Lite network processor and a separate SOC5 CP10 content processor. The SOC5 CPUs and integrated switch fabrics are not used. Instead, the FortiGate 200G and 201G architecture includes a separate CPU. All of the data interfaces (1 to 20 and X1 to X8) connect to the NP7Lite processor through the integrated switch fabric. All supported traffic passing between any two data interfaces can be offloaded by the NP7Lite processor. Data traffic to be processed by the CPU takes a dedicated data path through the ISF and the NP7Lite processor to the CPU. The FortiGate 200G and 201G support DoS policy hardware acceleration, see DoS policy hardware acceleration.

    The FortiGate 200G and 201G features the following front panel interfaces:

    • Two 10/100/1000BASE-T RJ45 (HA, MGMT) that are not connected to the NP7Lite.
    • Eight 10/100/1000BASE-T RJ45 (1 to 8).
    • Eight 5GigE/2.5GigE/1GigE/100M BASE-T RJ45 interfaces (9 to 16).
    • Eight 10/1 GigE SFP+/SFP (X1 to X8). X1 and X2 are FortiLink interfaces.
    • Four 1GigE SFP (17 to 20).

    The MGMT interface is not connected to the NP7Lite processor. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. You can also dedicate separate CPU resources for management traffic to further isolate management processing from data processing (see Improving GUI and CLI responsiveness (dedicated management CPU)).

    The HA interface is also not connected to the NP7Lite processor. To help provide better HA stability and resiliency, HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing.

    The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.

    You can use the command diagnose npu np7lite port-list to display the FortiGate 200G or 201G NP7Lite configuration.

    diagnose npu np7lite port-list 
Front Panel Port:

Name     Max_speed(Mbps) Dflt_speed(Mbps) SW_port_id SW_port_name
-------- --------------- ---------------- ---------- -----------
port1    1000            1000             29         0/29
port2    1000            1000             28         0/28
port3    1000            1000             31         0/31
port4    1000            1000             30         0/30
port5    1000            1000             25         0/25
port6    1000            1000             24         0/24
port7    1000            1000             27         0/27
port8    1000            1000             26         0/26
port9    5000            5000             22         0/22
port10   5000            5000             23         0/23
port11   5000            5000             20         0/20
port12   5000            5000             21         0/21
port13   5000            5000             18         0/18
port14   5000            5000             19         0/19
port15   5000            5000             16         0/16
port16   5000            5000             17         0/17
x1       10000           10000            15         0/15
x2       10000           10000            14         0/14
x3       10000           10000            13         0/13
x4       10000           10000            12         0/12
x5       10000           10000            8          0/8
x6       10000           10000            9          0/9
x7       10000           10000            10         0/10
x8       10000           10000            11         0/11
port17   1000            1000             7          0/7
port18   1000            1000             6          0/6
port19   1000            1000             5          0/5
port20   1000            1000             4          0/4
-------- --------------- ---------------- ---------- -----------

    The command output also shows the maximum speeds of each interface.

    The NP7Lite processor has a bandwidth capacity of 40 Gigabits. You can see from the command output that if all interfaces were operating at their maximum bandwidth the NP7Lite processor would not be able to offload all the traffic.

    Previous
    Next

    FortiGate 200G and 201G fast path architecture

    FortiGate 200G and 201G fast path architecture

    The FortiGate 200G and 201G use a SOC5 (also called the SP5) NP7Lite network processor and a separate SOC5 CP10 content processor. The SOC5 CPUs and integrated switch fabrics are not used. Instead, the FortiGate 200G and 201G architecture includes a separate CPU. All of the data interfaces (1 to 20 and X1 to X8) connect to the NP7Lite processor through the integrated switch fabric. All supported traffic passing between any two data interfaces can be offloaded by the NP7Lite processor. Data traffic to be processed by the CPU takes a dedicated data path through the ISF and the NP7Lite processor to the CPU. The FortiGate 200G and 201G support DoS policy hardware acceleration, see DoS policy hardware acceleration.

    The FortiGate 200G and 201G features the following front panel interfaces:

    • Two 10/100/1000BASE-T RJ45 (HA, MGMT) that are not connected to the NP7Lite.
    • Eight 10/100/1000BASE-T RJ45 (1 to 8).
    • Eight 5GigE/2.5GigE/1GigE/100M BASE-T RJ45 interfaces (9 to 16).
    • Eight 10/1 GigE SFP+/SFP (X1 to X8). X1 and X2 are FortiLink interfaces.
    • Four 1GigE SFP (17 to 20).

    The MGMT interface is not connected to the NP7Lite processor. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. You can also dedicate separate CPU resources for management traffic to further isolate management processing from data processing (see Improving GUI and CLI responsiveness (dedicated management CPU)).

    The HA interface is also not connected to the NP7Lite processor. To help provide better HA stability and resiliency, HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing.

    The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.

    You can use the command diagnose npu np7lite port-list to display the FortiGate 200G or 201G NP7Lite configuration.

    diagnose npu np7lite port-list 
Front Panel Port:

Name     Max_speed(Mbps) Dflt_speed(Mbps) SW_port_id SW_port_name
-------- --------------- ---------------- ---------- -----------
port1    1000            1000             29         0/29
port2    1000            1000             28         0/28
port3    1000            1000             31         0/31
port4    1000            1000             30         0/30
port5    1000            1000             25         0/25
port6    1000            1000             24         0/24
port7    1000            1000             27         0/27
port8    1000            1000             26         0/26
port9    5000            5000             22         0/22
port10   5000            5000             23         0/23
port11   5000            5000             20         0/20
port12   5000            5000             21         0/21
port13   5000            5000             18         0/18
port14   5000            5000             19         0/19
port15   5000            5000             16         0/16
port16   5000            5000             17         0/17
x1       10000           10000            15         0/15
x2       10000           10000            14         0/14
x3       10000           10000            13         0/13
x4       10000           10000            12         0/12
x5       10000           10000            8          0/8
x6       10000           10000            9          0/9
x7       10000           10000            10         0/10
x8       10000           10000            11         0/11
port17   1000            1000             7          0/7
port18   1000            1000             6          0/6
port19   1000            1000             5          0/5
port20   1000            1000             4          0/4
-------- --------------- ---------------- ---------- -----------

    The command output also shows the maximum speeds of each interface.

    The NP7Lite processor has a bandwidth capacity of 40 Gigabits. You can see from the command output that if all interfaces were operating at their maximum bandwidth the NP7Lite processor would not be able to offload all the traffic.

    Previous
    Next