Fortigate – CP9 (Content Processor) Yetenekleri

The CP9 content processor provides the following services:
- Flow-based inspection (IPS, application control etc.) pattern matching acceleration with over 10Gbps throughput.
- IPS pre-scan.
- IPS signature correlation.
- Full match processors.
- High performance VPN bulk data engine.
- IPsec and SSL/TLS protocol processor.
- DES/3DES/AES128/192/256 in accordance with FIPS46-3/FIPS81/FIPS197.
- MD5/SHA-1/SHA256/384/512-96/128/192/256 with RFC1321 and FIPS180.
- HMAC in accordance with RFC2104/2403/2404 and FIPS198.
- ESN mode.
- GCM support for NSA “Suite B” (RFC6379/RFC6460) including GCM-128/256; GMAC-128/256.
- Key Exchange Processor that supports high performance IKE and RSA computation.
- Public key exponentiation engine with hardware CRT support.
- Primary checking for RSA key generation.
- Handshake accelerator with automatic key material generation.
- True Random Number generator.
- Elliptic Curve support for NSA “Suite B”.
- Sub public key engine (PKCE) to support up to 4096 bit operation directly (4k for DH and 8k for RSA with CRT).
- DLP fingerprint support.
- TTTD (Two-Thresholds-Two-Divisors) content chunking.
- Two thresholds and two divisors are configurableNP6Xlite (SOC4) and NP6lite (SOC3) processors include CP9X Lite and CP9 Lite processors that provide most CP9 functionality but at a lower capacity.

154 total views, 1 views today

Read More