Accelerated Ips, Ssl Vpn, And Ipsec Vpn (Cp8 Content Processors) - Fortinet FortiGate-5001C Manual

Accelerated IPS, SSL VPN, and IPsec VPN (CP8 content processors)

Accelerated IPS, SSL VPN, and IPsec VPN (CP8 content
processors)
10
Figure 2: FortiGate-5001C NP4 to interface mapping
fabric1
FortiASIC
CP8
Traffic between interfaces that use the same NP4 processor experiences the highest
acceleration.
• The port1, fabric1 and base1 interfaces are connected to one NP4 processor.
• The port2, fabric2 and base2 interfaces are connected to the other NP4 processor.
For example, for maximum NP4 acceleration of traffic received on port1 the traffic must
exit the FortiGate-5001C board on fabric1. Also, for maximum acceleration of traffic
received on port2 the traffic must exit the FortiGate-5001C board on fabric2.
The FortiGate-5001C board includes two CP8 processors that provide the following
performance enhancements:
• Over 10Gbps throughput IPS content processor for packet content matching with
signatures
• High performance VPN bulk data engine
• IPSEC and SSL/TLS protocol processor
• DES/3DES/AES in accordance with FIPS46-3/FIPS81/FIPS197
• ARC4 in compliance with RC4
• MD5/SHA-1/SHA256 with RFC1321 and FIPS180
• HMAC in accordance with RFC2104/2403/2404 and FIPS198
• Key Exchange Processor support high performance IKE and RSA computation
• Public key exponentiation engine with hardware CRT support
• Primarily checking for RSA key generation
• Handshake accelerator with automatic key material generation
• Random Number generator compliance with ANSI X9.31
• Sub public key engine (PKCE) to support up to 4094 bit operation directly
• Message authentication module offers high performance cryptographic engine for
calculating SHA256/SHA1/MD5 of data up to 4G bytes (used by any application like
WAN opt.)
base1
Ethernet Switch
FortiASIC
NP4 NP4
CPU
FortiGate-5001C security system
fabric2
base2
System Bus
CP8
FortiGate-5001C Security System Guide
01-400-181221-20121130
http://docs.fortinet.com/