FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
maulishshah
Staff
Staff
Article Id 360560
Description This article describes what configuration changes are required to distribute IPSEC traffic across multiple CPU cores. 
Scope FortiGate VM.
Solution

For VM configuration, it is necessary to follow the following configuration.

First, understand what would be rx-ring parameters set.
Then, it is necessary to configure the ring-rx parameter on the physical interface where the tunnel was built.
Later, assign the CPU affinity mask.

Lastly, the final configuration would look like, supposing a tunnel built on physical interface port2:

 

config system interface
    edit "port2"
        set ring-rx 1024
        set ring-tx 1024
end

 

config system affinity-packet-redistribution
    edit 1
        set interface "port2"
        set rxqid 255
        set round-robin enable
        set affinity-cpumask "0xF"
<- This will change based on the requirement.
    next
end