Description
This article describes how to disable offloading sessions to NPU (hardware acceleration) on FortiGate models that support hardware acceleration.
This method is used for troubleshooting purpose.
Related documents:
Solution
Some FortiGate models support hardware acceleration which come with a special processing unit known as NPU. Types of NPU you might see depends on the model: NP6, NP6XLite, NP6Lite, and NP7.
How to disable hardware acceleration depends on the NP processor:
For models with NP7 processors, you must disable hardware acceleration for individual firewall policies. For example:
# config firewall policy
edit 1
set auto-asic-offload disable
end
You can also disable hardware acceleration for individual IPsec VPN tunnels:
# config vpn ipsec phase1-interface
edit phase-1-name
set npu-offload disable
end
For model with NP6 and related processors you can disable offloading for all traffic:
# config system npu
set fastpath disable
end
For models with an NP6XLite processor you can also disable offloading for all traffic:
# config system np6xlite
edit np6xlite_0
set fastpath disable
end
fastpath is enabled by default. This command disables offloading for individual NP6XLite processors, in the example, np6xlite_0.
Alternatively, for NP6 and related processors you can use the following diagnose command to temporarily disable NP6 hardware acceleration.
Using this method, the hardware acceleration will be enabled again when you reboot the FortiGate.
Example command:
# diagnose npu <processor-name> fastpath disable <id>
'processor-name' can be np6, np6xlite, or np6lite.
'id' specify the ID of the NP6, NP6XLite, or NP6XLite processor for which to disable offloading.
