beautypg.com

Fa2 interfaces and active-active ha performance, Base backplane gigabit communication, Fortigate-5005-dist security system – Fortinet FortiGate-5000 User Manual

Page 44

background image

FortiGate-5000 Series Introduction

44

01-30000-83466-20090108

Base backplane gigabit communication

FortiGate-5005FA2 security system

• Firewall and intrusion protection (IPS), when there is a reasonable percentage

of P2P packets.

• Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable

percentage of P2P packets.

• Firewall and IPSec VPN applications.

The following traffic scenarios should be handled by the normal (or non-
accelerated) FortiGate-5005FA2 interfaces:

• Session oriented traffic when the session lifetime is very short.
• Firewall and antivirus only applications.

Traffic will not be off-loaded to the FortiGate-5005FA2 accelerator module. The
result will be high CPU usage because of the high CPU requirement for
antivirus scanning.

FA2 interfaces and active-active HA performance

FortiOS v3.0 MR4 firmware can also use FA2 acceleration to improve
active-active HA load balancing performance. See the

FortiGate HA Overview

or

the

FortiGate HA Guide

for more information.

Base backplane gigabit communication

The FortiGate-5005FA2 base1 and base2 backplane gigabit interfaces can be
used for HA heartbeat communication between FortiGate-5005FA2 boards
installed in the same or in different FortiGate-5000 chassis. You can also
configure FortiGate-5005FA2 boards to use the base backplane interfaces for
data communication between FortiGate boards. To support base backplane
communications your FortiGate-5140 or FortiGate-5050 chassis must include one
or more FortiSwitch-5003 boards. FortiSwitch-5003 boards are installed in chassis
slots 1 and 2. The FortiGate-5020 chassis supports base backplane
communication with no additions or changes to the chassis.

For information about base backplane communication in FortiGate-5140 and
FortiGate-5050 chassis, see the

FortiGate-5000 Base Backplane Communication

Guide

. For information about the FortiSwitch-5003 board, see the

FortiSwitch-5003 Guide

.

FortiGate-5005-DIST security system

You can install FortiGate-5005FA2 boards as worker boards in a
FortiGate-5005-DIST security system. Worker boards apply FortiGate security
system functionality such as applying firewall policies, virus scanning, IPS and
routing to distributed traffic.

For complete information about the FortiGate-5005-DIST security system and the
role of worker boards, see the

FortiGate-5005-DIST Security System

Administration Guide

.

See also other documents in the category Fortinet Hardware: