FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 275148
Description This article helps to understand the performance acceleration with reference to sFlow and NetFlow.
Scope FortiGate.

Any traffic received on FortiGate is accelerated with the current Network Processors (NP7, NP6, NP6XLite, and NP6Lite).

When this is enabled the performance increases by offloading that packet.


Any FortiGate interface, including physical interfaces, VLAN interfaces, and aggregate interfaces, can have sFlow agents attached to it. 


The issue with sFlow is that it disables hardware acceleration for traffic on the interfaces it was enabled on FortiGates with Network Processor (NP) acceleration chips. And then all the traffic is processed by CPU and not by NP, in turn lowering the overall network performance.


In the below screenshot, can see that the CPU is 100% as all the traffic is passed by the CPU:




So, to improve the network performance, and to still use the functionality of the sFlow use Netflow.

Configuring NetFlow has no impact on offloading of sessions and it supports NP7, NP6, NP6XLite, and NP6Lite offloading.


Related articles:

Technical Tip: How to configure sFlow

Technical Tip: How to Configure Netflow