Base backplane gigabit communication

FortiGate-5001FA2 security system

Session Oriented Traffic with long session lifetime, such as FTP sessions.

Packet size does not affect performance for traffic with long session lifetime. For long sessions, processing that would otherwise be handled by the FortiGate-5001FA2 CPUs is off-loaded to the acceleration module.

Firewall and intrusion protection (IPS), when there is a reasonable percentage of P2P packets.

Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable percentage of P2P packets.

Firewall and IPSec VPN applications.

The following traffic scenarios should be handled by the normal (or non- accelerated) FortiGate-5001FA2 interfaces:

Session oriented traffic when the session lifetime is very short.

Firewall and antivirus only applications.

Traffic will not be off-loaded to the FortiGate-5001FA2 accelerator module. The result will be high CPU usage because of the high CPU requirement for antivirus scanning.

FA2 interfaces and active-active HA performance

FortiOS v3.0 MR4 firmware can also use FA2 acceleration to improve active-active HA load balancing performance. See the FortiGate HA Overview or the FortiGate HA Guide for more information.

Base backplane gigabit communication

The FortiGate-5001FA2 port9 and port10 base backplane gigabit interfaces can be used for HA heartbeat communication between FortiGate-5001FA2 boards installed in the same or in different FortiGate-5000 chassis. You can also configure FortiGate-5001FA2 boards to use the base backplane interfaces for data communication between FortiGate boards. To support base backplane communications your FortiGate-5140 or 5050 chassis must include one or more FortiSwitch-5003 boards. FortiSwitch-5003 boards are installed in chassis slots 1 and 2. The FortiGate-5020 chassis supports base backplane communication with no additions or changes to the chassis.

For information about base backplane communication in FortiGate-5140 and FortiGate-5050 chassis, see the FortiGate-5000 Base Backplane Communication Guide. For information about the FortiSwitch-5003 board, see the FortiSwitch-5003 Guide.

 

FortiGate-5001FA2 Security System Guide

8

01-30000-0379-20080606

Page 8
Image 8
Fortinet FortiGate-5001FA2 manual Base backplane gigabit communication, FA2 interfaces and active-active HA performance