Description

This article explains FortiGate CP9 capabilities.

Scope

FortiGate.

Solution

The FortiGate CP9 content processor provides the following services:

• Flow-based inspection (IPS, application control, etc.) pattern-matching acceleration with over 10Gbps throughput.
• IPS pre-scan.
• IPS signature correlation.
• Full match processors.
• High-performance VPN bulk data engine.
• IPsec and SSL/TLS protocol processor.
• DES/3DES/AES128/192/256 following FIPS46-3/FIPS81/FIPS197.
• MD5/SHA-1/SHA256/384/512-96/128/192/256 with RFC1321 and FIPS180.
• HMAC following RFC2104/2403/2404 and FIPS198.
• ESN mode.
• GCM support for NSA "Suite B" (RFC6379/RFC6460) including GCM-128/256; GMAC-128/256.
• Key Exchange Processor that supports high-performance IKE and RSA computation.
• Public key exponentiation engine with hardware CRT support.
• Primary checking for RSA key generation.
• Handshake accelerator with automatic key material generation.
• True Random Number generator.
• Elliptic Curve support for NSA "Suite B".
• Sub-public key engine (PKCE) to support up to 4096-bit operation directly (4k for DH and 8k for RSA with CRT).
• DLP fingerprint support.
• TTTD (Two-Thresholds-Two-Divisors) content chunking.
• Two thresholds and two divisors are configurable NP6Xlite (SOC4) and NP6lite (SOC3) processors including CP9X Lite and CP9 Lite processors that provide most CP9 functionality but at a lower capacity.
  
  

To check the content processor in the FortiGate appliance, use the CLI command get hardware status.

Example:

FG-FortiCloud # get hardware status
Model name: FortiGate-1200D
ASIC version: CP8 <--
ASIC SRAM: 64M
CPU: Intel(R) Xeon(R) CPU E5-1620 v2 @ 3.70GHz
Number of CPUs: 8
RAM: 16064 MB
Compact Flash: 15331 MB /dev/sda
Hard disk: 114473 MB /dev/sdb