FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sparta_FTNT
Staff
Staff
Description
This article explains how this feature can be configured on FortiGate models with multiple CPU cores. Besides it improves the urlfilter daemon performance.

Enhancements are done by implementing a URL filter daemon as a multi-process daemon and making CPU affinity configurable for a URL filter daemon.
Also It is now possible to dedicate certain CPUs to run a URL filter daemon.


Useful links:

Fortinet Documentation
https://docs.fortinet.com/document/fortigate/6.2.1/new-features/519101/expanding-fabric-family

Solution
To configure the CPU affinity using the CLI:
#config system global
set url-filter-affinity <0xstring> (hexadecimal value up to 256 bits in the format of
xxxxxxxxxxxxxxxx)
set url-filter-count <integer,1-10>
end
The lowest bitmask is CPU0. If the bitmask is 1, this means the process can run on this CPU core.

For example, set url-filter-affinity 0x03 <0x03=00000011> means the URL filter will only run on core0 and core1.
For the url-filter-count, the maximum URL filter process count is CPU num+9/10, up to 10.
For example, for a FortiGate 1500D with 12 cores, set url-filtercount 2. for a FortiGate with less than 11 CPU cores, only set url-filtercount 1, which is the default value.


Contributors