Description
This article describes how to determine whether a specific session is offloaded and, if so, whether in one or both directions. This is also known as hardware acceleration or 'fastpath'.
Scope
Any FortiGate with a network processor (most models).
Solution
As mentioned the FortiGate Hardware Acceleration handbook, the npu_info section of a session entry answers the question of whether a session is offloaded to the network processor and if so, how (i.e., one or both directions).
For example:
diag system session list
...
npu info: flag=0x81/0x81, offload=4/4, ips_offload=0/0, epid=1/23, ipid=23/1, vlan=32779/0
Specifically, look at the 'offload' field. It follows this format: 'offload=(forward_direction)/(reverse_direction)'.
Each of the codes represents a different state:
0=Not offloaded.
1=NP1.
2=NP1A.
3=NP2.
4=NP4.
5=SP.
6=NPLite.
7=SP3.
8=NP6.
9=NP7.
flag 0x81 means regular traffic.
flag 0x82 means IPSec traffic.
With this info, it is possible to analyze if traffic is getting h/w acceleration both ways or only in one direction.
If traffic is not offloaded in any direction, it would appear as follows:
offload=0/0
If it is offloaded, then it will take the code of the NPU processor that the FortiGate unit is using.
For example: offload=4/4.
This way, it is possible to tell that traffic is hardware offloaded in both directions and is using an NP4 processor.
Related article:
Troubleshooting Tip: FortiGate session table information.
