FG 100D HW design acceleration

Hi everyone,

I have a question regarding FG100 HW platform and its CP8 processor. The FG is running OS ver 5.2.8, using AppCntrl & IPS on the most security polices. CPU goes to 70%, when traffic passing the FG (hits 1 policy) reaches 150Mbps.

I checked diagnose sys top and it came out that was ipsengine to consume 99%. If another traffic goes through another policy (2nd policy), it is affected by oveloaded CPU and ping responses goes to 1000-2000ms.

My question is, if ping traffic shouldnt be offloaded by ASIC and not processed by overloaded CPU? If I turn down the AppCtrl & IPS should it help ?

Ive read the HW accel doc for Fortigate and CP8 content processor should provide IPS signature matching acceleration

Thank you in advance.