Created on
09-21-2023
08:33 AM
Edited on
08-01-2025
07:11 AM
By
Stephen_G
Description | This article describes the performance acceleration concerning sFlow and NetFlow. |
Scope | FortiGate. |
Solution |
Any traffic received on FortiGate is accelerated with the current Network Processors (NP7, NP7Lite, NP6, NP6XLite, and NP6Lite). When this is enabled, the performance increases by offloading that packet.
Any FortiGate interface, including physical interfaces, VLAN interfaces, and aggregate interfaces, can have sFlow agents attached to it.
The issue with sFlow is that it disables hardware acceleration for traffic on the interfaces it was enabled on FortiGates with Network Processor (NP) acceleration chips. And then all the traffic is processed by the CPU and not by NP, in turn lowering the overall network performance.
In the below screenshot, it is possible to see that the CPU is 100% as all the traffic is passed by the CPU:
Sessions not offloaded to NPUs due to sFlow-enabled interfaces have the 'no_ofld_reason' as 'sflow' in the session table. For example:
session info: proto=6 proto_state=01 duration=891 expire=3599 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
So, to improve the network performance, and to still use the functionality of the sFlow, use Netflow. Configuring NetFlow has no impact on offloading of sessions, and it supports NP7, NP7Lite, NP6, NP6XLite, and NP6Lite offloading.
Related articles: Technical Tip: How to configure sFlow Technical Tip: How to Configure Netflow sFlow and NetFlow and hardware acceleration | FortiGate / FortiOS 7.6.3 | Fortinet Document Library |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.