Description

This article describes features related to hardware acceleration available on Fortinet devices.

Scope

FortiGate.

Solution

ASICs (Application-Specific Integrated Circuit) offload processing from the FortiGate CPU kernel, Fortinet has the following types of ASICs :

• Content processor (CP): works in content inspection, where flow-based tasks are accelerated, focusing on the application, not on the interface approach.
• Network Processor (NP): operates on the interface level in charge of: offload or acceleration for packet transmission, link aggregation, HA and IPSec phase2.
• Security Processor (SP): bound to interfaces, works on: Offload for packet transmission, anomaly detection, IPS, antivirus on flow-based antivirus.
• System on a chip (SOC): integral solution, integrating all in a chip (Forti ASIC NP, Forti ASIC CP, General purpose CPU, memories and network interfaces) available for desktop devices.

Useful commands for hardware acceleration:

get hardware status                                                                        <----- Know the CP available on the device

get hardware npu <np1, np2, np4, np6> port-list                         <----- Know ports associated to corresponding NP processor.

Enable or disable acceleration at the firewall policy level:

config firewall policy   

    edit 1
        set auto-asic-offload disable
    end

config firewall policy6
    edit 1
        set auto-asic-offload disable
    end

config firewall multicast-policy
    edit 1
        set auto-asic-offload disable
    end

Related document:

FortiOS Hardware acceleration guide