Content processors (CP4, CP5, CP6 and CP8)
All FortiGate units contain FortiASIC Content Processors (CPs) that accelerate many common resource intensive security related processes. CPs work at the system level with tasks being offloaded to them as determined by the main CPU. Capabilities of the CPs vary by model. Newer FortiGate units include CP8 processors. Older CP versions still in use in currently operating FortiGate models include the CP4, CP5, and CP6.
CP8 capabilities
The CP8 content processor provides the following services:
• IPS signature matching acceleration
• High performance VPN bulk data engine
• IPSEC and SSL/TLS protocol processor
• DES/3DES/AES in accordance with FIPS46-3/FIPS81/FIPS197
• ARC4 in compliance with RC4
• MD5/SHA-1/SHA256 with RFC1321 and FIPS180
• HMAC in accordance with RFC2104/2403/2404 and FIPS198
• Key Exchange Processor support high performance IKE and RSA computation
• Public key exponentiation engine with hardware CRT support
• Primarily checking for RSA key generation
• Handshake accelerator with automatic key material generation
• Random Number generator compliance with ANSI X9.31
• Sub public key engine (PKCE) to support up to 4094 bit operation directly
• Message authentication module offers high performance cryptographic engine for calculating SHA256/SHA1/MD5 of data up to 4G bytes (used by many applications)
• PCI express Gen 2 four lanes interface
• Cascade Interface for chip expansion
CP6 capabilities
• Dual content processors
• FIPS-compliant DES/3DES/AES encryption and decryption
• SHA-1 and MD5 HMAC with RFC1321 and FIPS180
• HMAC in accordance with RFC2104/2403/2404 and FIPS198
• IPsec protocol processor
• High performance IPsec engine
• Random Number generator compliance with ANSI X9.31
• Key exchange processor for high performance IKE and RSA computation
• Script Processor
• SSL/TLS protocol processor for SSL content scanning and SSL acceleration
CP5 capabilities
• FIPS-compliant DES/3DES/AES encryption and decryption
• SHA-1 and MD5 HMAC with RFC1321/2104/2403/2404 and FIPS180/FIPS198
• IPsec protocol processor
• High performance IPSEC Engine
• Random Number generator compliant with ANSI X9.31
• Public Key Crypto Engine supports high performance IKE and RSA computation
• Script Processor
CP4 capabilities
• FIPS-compliant DES/3DES/AES encryption and decryption
• SHA-1 and MD5 HMAC
• IPSEC protocol processor
• Random Number generator
• Public Key Crypto Engine
• Content processing engine
• ANSI X9.31 and PKCS#1 certificate support