Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
totsuka
Staff
Staff

Created on ‎12-29-2025 08:04 AM

Article Id 424449

Technical Tip: IPsec tunnel will get stuck and drop packets due to 'engine_status = 00000000' in np6Xlite register

Description

This article describes how to troubleshoot and use a workaround or fix for scenarios where IPsec VPN traffic unexpectedly stops.
Scope NP6, NP6xlite, SOC4 model.
Solution

Troubleshooting:

 

Execute the following CLI command several times and confirm that the output continues to show '00000000'.

diagnose npu np6xlite register 0 | grep engine_status
engine_status =00000000 [16:23]

 

Cause:

 

If the value continues to show '00000000', the IPsec Engine will hang due to NP buffer limitation.

 

  1. Workaround:

 

Disable NPU offloading.

 

config firewall policy
    edit <policy_name>
        set auto-asic-offload disable
end

  1. Fix:

 

Upgrade to one of the following versions for a fix:

  • 7.4.10.
  • 7.6.5.
  • 8.0.0.
46
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.