Fa2 Interfaces And Active-Active Ha Performance; Base Backplane Gigabit Communication; Fortigate-5005-Dist Security System - Fortinet FortiGate FortiGate-5005FA2 Security System Manual
Fortinet fortigate fortigate-5005fa2: user guide
Hide thumbs
Also See for FortiGate FortiGate-5005FA2:
- Introduction manual (77 pages) ,
- Introductions manual (39 pages)
Table of Contents
Advertisement
Base backplane gigabit communication
FA2 interfaces and active-active HA performance
Base backplane gigabit communication
FortiGate-5005-DIST security system
8
•
Session Oriented Traffic with long session lifetime, such as FTP sessions.
Packet size does not affect performance for traffic with long session lifetime.
For long sessions, processing that would otherwise be handled by the
FortiGate-5005FA2 CPUs is off-loaded to the acceleration module.
•
Firewall and intrusion protection (IPS), when there is a reasonable percentage
of P2P packets.
•
Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable
percentage of P2P packets.
•
Firewall and IPSec VPN applications.
The following traffic scenarios should be handled by the normal (or non-
accelerated) FortiGate-5005FA2 interfaces:
•
Session oriented traffic when the session lifetime is very short.
•
Firewall and antivirus only applications.
Traffic will not be off-loaded to the FortiGate-5005FA2 accelerator module. The
result will be high CPU usage because of the high CPU requirement for
antivirus scanning.
FortiOS v3.0 MR4 firmware can also use FA2 acceleration to improve
active-active HA load balancing performance. See the
the
FortiGate HA Guide
for more information.
The FortiGate-5005FA2 base1 and base2 backplane gigabit interfaces can be
used for HA heartbeat communication between FortiGate-5005FA2 modules
installed in the same or in different FortiGate-5000 chassis. You can also
configure FortiGate-5005FA2 modules to use the base backplane interfaces for
data communication between FortiGate modules. To support base backplane
communications your FortiGate-5140 or FortiGate-5050 chassis must include one
or more FortiSwitch-5003 modules. FortiSwitch-5003 modules are installed in
chassis slots 1 and 2. The FortiGate-5020 chassis supports base backplane
communication with no additions or changes to the chassis.
For information about base backplane communication in FortiGate-5140 and
FortiGate-5050 chassis, see the
Guide. For information about the FortiSwitch-5003 module, see the
FortiSwitch-5003
Guide.
You can install FortiGate-5005FA2 modules as worker modules in a
FortiGate-5005-DIST security system. Worker modules apply FortiGate security
system functionality such as applying firewall policies, virus scanning, IPS and
routing to distributed traffic.
For complete information about the FortiGate-5005-DIST security system and the
role of worker modules, see the
Administration
Guide.
FortiGate-5005FA2 security system
FortiGate HA Overview
FortiGate-5000 Base Backplane Communication
FortiGate-5005-DIST Security System
FortiGate-5005FA2 Security System Guide
or
01-30000-0377-20070201
Advertisement
Table of Contents
