beautypg.com

Fa2 interfaces and active-active ha performance, Base backplane gigabit communication – Fortinet FortiGate 5001FA2-LENC User Manual

Page 8

background image

FortiGate-5001FA2-LENC Security System Guide

8

01-30000-76602-20080606

Base backplane gigabit communication

FortiGate-5001FA2-LENC security system

• Session Oriented Traffic with long session lifetime, such as FTP sessions.

Packet size does not affect performance for traffic with long session lifetime.
For long sessions, processing that would otherwise be handled by the
FortiGate-5001FA2-LENC CPUs is off-loaded to the acceleration module.

• Firewall and intrusion protection (IPS), when there is a reasonable percentage

of P2P packets.

• Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable

percentage of P2P packets.

• Firewall and IPSec VPN applications.

The following traffic scenarios should be handled by the normal (or non-
accelerated) FortiGate-5001FA2-LENC interfaces:

• Session oriented traffic when the session lifetime is very short.
• Firewall and antivirus only applications.

Traffic will not be off-loaded to the FortiGate-5001FA2-LENC accelerator
module. The result will be high CPU usage because of the high CPU
requirement for antivirus scanning.

FA2 interfaces and active-active HA performance

FortiOS v3.0 MR4 firmware can also use FA2 acceleration to improve
active-active HA load balancing performance. See the

FortiGate HA Overview

or

the

FortiGate HA Guide

for more information.

Base backplane gigabit communication

The FortiGate-5001FA2-LENC port9 and port10 base backplane gigabit interfaces
can be used for HA heartbeat communication between FortiGate-5001FA2-LENC
boards installed in the same or in different FortiGate-5000 chassis. You can also
configure FortiGate-5001FA2-LENC boards to use the base backplane interfaces
for data communication between FortiGate boards. To support base backplane
communications your FortiGate-5140 or 5050 chassis must include one or more
FortiSwitch-5003 boards. FortiSwitch-5003 boards are installed in chassis slots 1
and 2. The FortiGate-5020 chassis supports base backplane communication with
no additions or changes to the chassis.

For information about base backplane communication in FortiGate-5140 and
FortiGate-5050 chassis, see the

FortiGate-5000 Base Backplane Communication

Guide

. For information about the FortiSwitch-5003 board, see the

FortiSwitch-5003 Guide

.

See also other documents in the category Fortinet Hardware: