Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jackie_T
Staff & Editor
Staff & Editor

Created on ‎11-22-2022 08:09 PM Edited on ‎07-15-2025 06:05 AM By Moderator

Article Id 230607

Troubleshooting Tip: Explaining the NPU Offload field in FortiOS sessions

Description

This article explains how to interpret the NPU Offload field in FortiOS session lists.
Scope FortiOS 6.2.x, 6.4.x, 7.0.x, 7.2.x.
Solution

The term 'NPU Offload' refers to traffic and and processes offloading to a special processing unit known as Network Processing Unit. This is a process known as Hardware Acceleration that helps reducing the CPU work load by allow the NPU to handle several processes including traffic inspection. It also allows for faster and more secure traffic handling by a dedicated chip that is built of different modules each for specific function.

 

The following is an example output for a session list captured in FortiOS:

 

diagnose sys session list

session info: proto=6 proto_state=01 duration=600125 expire=3585 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3

origin-shaper=

reply-shaper=

per_ip_shaper=

class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255

state=log may_dirty npu f00

statistic(bytes/packets/allow_err): org=1406688/22871/1 reply=1406629/22870/1 tuples=2

tx speed(Bps/kbps): 2/0 rx speed(Bps/kbps): 2/0

orgin->sink: org pre->post, reply pre->post dev=9->17/17->9 gwy=0.0.0.0/0.0.0.0

hook=pre dir=org act=noop 10.218.3.68:10608->10.228.3.115:179(0.0.0.0:0)

hook=post dir=reply act=noop 10.228.3.115:179->10.218.3.68:10608(0.0.0.0:0)

pos/(before,after) 0/(0,0), 0/(0,0)

src_mac=02:09:65:3a:0d:01  dst_mac=00:09:0f:09:00:03

misc=0 policy_id=1 pol_uuid_idx=14726 auth_info=0 chk_client_info=0 vd=0:1

serial=00000123 tos=ff/ff app_list=0 app=0 url_cat=0

rpdb_link_id=00000000 ngfwid=n/a

npu_state=0x4000c00 ofld-O ofld-R

npu info: flag=0x81/0x81, offload=9/9, ips_offload=0/0, epid=136/128, ipid=128/136, vlan=0x0000/0x0000

vlifid=128/136, vtag_in=0x0000/0x0000 in_npu=1/1, out_npu=1/1, fwd_en=0/0, qid=4/4

 

The offload field here shows a value of 9/9. This indicates the forward direction and reverse direction, respectively.

 

See the following table to identify what each possible number value means:

 

Jackie_T_0-1669173039050.png

 

Hardware acceleration detailed information and architecture for different FortiGate models and NPU chips can be found in the following guide Hardware acceleration - FortiGate 7.6.3.
Labels:
7477
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.