Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
adhawan
Staff
Staff

Created on ‎11-17-2022 10:18 PM Edited on ‎03-07-2024 01:56 AM By Moderator

Article Id 230215

Technical Tip: Status of SSL VPN acceleration

Description This article describes how to determine whether a specific session of SSL VPN is offloaded or not.
Scope FortiGate/FortiOS 7.2.0 and earlier versions.
Solution

To view the status of SSL VPN acceleration, use the following command:

 

get vpn status ssl hw-acceleration-status

 

The output will display:

 

get vpn status ssl hw-acceleration-status
Acceleration hardware detected: kxp=on cipher=on -> which means that the hardware acceleration is enabled.

 

Otherwise: No acceleration hardware is detected.

 

It is also possible to disable offloading using CLI for troubleshooting purposes.

 

For example:

 

CLI:

 

config system global
    set sslvpn-cipher-hardware-acceleration disable
    set sslvpn-kxp-hardware-acceleration disable
end

 


By default, SSL VPN hardware acceleration is enabled.

 

Note: From FortiOS v7.2.1 and later versions, SSL VPN Hardware acceleration has been removed.

 

Related document:

Troubleshooting Tip: Android device SSL VPN Connection Failed with two factor authentication enabled
1838
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.