FortiOS 5.6 Online Help Link FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link

Home > Online Help

> Chapter 6 - FortiGate-7000 > FortiGate-7000 overview > FPM-7620E processing module

FPM-7620E processing module

The FPM-7620E processing module is a high-performance worker module that processes sessions load balanced to it by FortiGate-7000 series interface (FIM) modules over the chassis fabric backplane. The FPM-7620E can be installed in any FortiGate-7000 series chassis in slots 3 and up.

The FPM-7620E includes two 80Gbps connections to the chassis fabric backplane and two 1Gbps connections to the base backplane. The FPM-7620E processes sessions using a dual CPU configuration, accelerates network traffic processing with 4 NP6 processors and accelerates content processing with 8 CP9 processors. The NP6 network processors are connected by the FIM switch fabric so all supported traffic types can be fast path accelerated by the NP6 processors.

The FPM-7620E includes the following hardware features:

  • Two 80Gbps fabric backplane channels for load balanced sessions from the FIM modules installed in the chassis.
  • Two 1Gbps base backplane channels for management, heartbeat and session sync communication.
  • Dual CPUs for high performance operation.
  • Four NP6 processors to offload network processing from the CPUs.
  • Eight CP9 processors to offload content processing and SSL and IPsec encryption from the CPUs.
FPM-7620E front panel

  • Power button.
  • NMI switch (for troubleshooting as recommended by Fortinet Support).
  • Mounting hardware.
  • LED status indicators.

NP6 network processors - offloading load balancing and network traffic

The four FPM-7620E NP6 network processors combined with the FIM module integrated switch fabric (ISF) provide hardware acceleration by offloading load balancing from the FPM-7620E CPUs. The result is enhanced network performance provided by the NP6 processors plus the network processing load is removed from the CPU. The NP6 processor can also handle some CPU intensive tasks, like IPsec VPN encryption/decryption. Because of the integrated switch fabric, all sessions are fast-pathed and accelerated.

FPM-7620E hardware architecture

 

Accelerated IPS, SSL VPN, and IPsec VPN (CP9 content processors)

The (Undefined variable: 5000.ProductName5000) includes eight CP9 processors that provide the following performance enhancements:

  • Flow-based inspection (IPS, application control etc.) pattern matching acceleration with over 10Gbps throughput
  • IPS pre-scan
  • IPS signature correlation
  • Full match processors
  • High performance VPN bulk data engine
  • IPsec and SSL/TLS protocol processor
  • DES/3DES/AES128/192/256 in accordance with FIPS46-3/FIPS81/FIPS197
  • MD5/SHA-1/SHA256/384/512-96/128/192/256 with RFC1321 and FIPS180
  • HMAC in accordance with RFC2104/2403/2404 and FIPS198
  • ESN mode
  • GCM support for NSA "Suite B" (RFC6379/RFC6460) including GCM-128/256; GMAC-128/256
  • Key Exchange Processor that supports high performance IKE and RSA computation
  • Public key exponentiation engine with hardware CRT support
  • Primary checking for RSA key generation
  • Handshake accelerator with automatic key material generation
  • True Random Number generator
  • Elliptic Curve support for NSA "Suite B"
  • Sub public key engine (PKCE) to support up to 4096 bit operation directly (4k for DH and 8k for RSA with CRT)
  • DLP fingerprint support
  • TTTD (Two-Thresholds-Two-Divisors) content chunking
  • Two thresholds and two divisors are configurable