FortiGate-5001FA2 Security System Guide
8 01-30000-0379-20080606
Base backplane gigabit communication FortiGate-5001FA2 security system
• Session Oriented Traffic with long session lifetime, such as FTP sessions.
Packet size does not affect performance for traffic with long session lifetime.
For long sessions, processing that would otherwise be handled by the
FortiGate-5001FA2 CPUs is off-loaded to the acceleration module.
• Firewall and intrusion protection (IPS), when there is a reasonable percentage
of P2P packets.
• Firewall, intrusion protection (IPS), and antivirus, when there is a reasonable
percentage of P2P packets.
• Firewall and IPSec VPN applications.
The following traffic scenarios should be handled by the normal (or non-
accelerated) FortiGate-5001FA2 interfaces:
• Session oriented traffic when the session lifetime is very short.
• Firewall and antivirus only applications.
Traffic will not be off-loaded to the FortiGate-5001FA2 accelerator module. The
result will be high CPU usage because of the high CPU requirement for
antivirus scanning.
FA2 interfaces and active-active HA performance
FortiOS v3.0 MR4 firmware can also use FA2 acceleration to improve
active-active HA load balancing performance. See the FortiGate HA Overview or
the FortiGate HA Guide for more information.
Base backplane gigabit communication
The FortiGate-5001FA2 port9 and port10 base backplane gigabit interfaces can
be used for HA heartbeat communication between FortiGate-5001FA2 boards
installed in the same or in different FortiGate-5000 chassis. You can also
configure FortiGate-5001FA2 boards to use the base backplane interfaces for
data communication between FortiGate boards. To support base backplane
communications your FortiGate-5140 or 5050 chassis must include one or more
FortiSwitch-5003 boards. FortiSwitch-5003 boards are installed in chassis slots 1
and 2. The FortiGate-5020 chassis supports base backplane communication with
no additions or changes to the chassis.
For information about base backplane communication in FortiGate-5140 and
FortiGate-5050 chassis, see the FortiGate-5000 Base Backplane Communication
Guide. For information about the FortiSwitch-5003 board, see the
FortiSwitch-5003 Guide.