Description
In NGFW mode, two policies are available:
Security policies do not allow disabling the session offloading to NPU (hardware acceleration).
Disabling hardware acceleration is one of the recommended steps while troubleshooting various network connectivity issues. In order to perform this on a profile based firewall, it is important to track which SSL Inspection & Authentication policy this secure firewall policy is hitting. Usually for the users that are not that familiar with the policy based mode, the policies look like the picture below:
It is not recommended to disable the auto-asic offload on this firewall policy, therefore a new policy should be created with the parameters that are troubleshooted and the policy should be edited in cli.
After the creation of this policy, edit in cli and "set auto-asic offload disable":
config firewall policy
edit 2
set auto-asic-offload disable
next
end
Another option would be to disable it globally, but it is a good practice to cause as less impact as possible:
config ips global
set np-accel-mode none
end
Note:
This command may impact existing traffic. Disabling it globally will make all traffic be handled by the CPU. Monitor the CPU usage so it is not high. More information: Technical Tip: Nturbo functions within FortiOS
To disable np-acceleration (nTurbo) on a policy level:
config firewall policy
edit 1
set np-acceleration disable
next
end
Note:
The option to disable np-acceleration is only available when FortiOS is in profile-based NGFW mode only. for differences between profile-based and policy-based modes the following article provides detailed information: Technical Tip: Profile-based policies vs Policy-based policies.
When trying to capture the packets on WebGUI, the user might get the below message. Use the below command 'auto-asic-offload' to disable the respective firewall policy.
'SSL inspection and Authentication' policy (firewall policy) allows the user to disable offloading:
config firewall policy
edit 1
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.