FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cserna_FTNT
Staff
Staff
Article Id 195362

Description
This article describes features related to hardware acceleration available on Fortinet devices.

Solution

ASICs (Application-Specific Integrated Circuit) offload processing from the FortiGate CPU kernel, Fortinet has the following types of ASICs :

Content processor (CP): works in content inspection, accelerates task that include proxy-based task, focus on application not in interface approach.

Network Processor (NP): operates on interface level in charge of: offload or acceleration for packet transmission, link aggregation, HA and IPSec phase2.

Security Processor (SP): bound to interfaces, works on: Offload for packet transmission, anomaly detection, IPS, antivirus on flow based antivirus.

System on a chip (SOC): integral solution, integrating all in a chip (Forti ASIC NP, Forti ASIC CP, General purpose CPU, memories and network interfaces) available for desktop devices.

Useful commands for hardware acceleration:

# get hardware status                                                                        <----- Know the CP available on the device.

# get hardware npu <np1, np2, np4, np6> port-list                         <----- Know ports associated to corresponding NP processor.

Enable or disable acceleration at firewall policy level:

# config firewall policy   
  
 edit 1
        set auto-asic-offload disable
    end

# config firewall policy6
    edit 1
        set auto-asic-offload disable
    end

# config firewall multicast-policy
    edit 1
        set auto-asic-offload disable
    end

 

Contributors