using diagnose vpn tunnel list it seems none of my tunnels are being offloaded (accelerated)
100D has a cp8
Model name: FortiGate-100D
ASIC version: CP8
Does not seem to be accelerating any sessions ( none of the sessions show any NPU info)
does this need to be set using CLI commands like here
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36203
I am trying to fix slow SSL vpn and slow IPSEC tunnels.
more info can be provided.
Just thought i might ask prior to calling support.
As it seems like NPU acceleration is completely disabled on this unit.
A FGT100D does not have a NPU.
try
get hardware status
( it should show cp8 )
or
get hardware npu ?
if the later fails, you have no NPUs
PCNSE
NSE
StrongSwan
that explains it.
thanks
I see the cp8.
is there a command to see if it is enabled anywhere or being used to accelerate anything?
Yes the vpn tunnel statistics will give you a clue if acceleration is being enabled.
e.g
KENSFW09 # diag vpn ipsec status | grep -C 10 CP8 3des: 0 0 aes: 0 0 aria: 0 0 seed: 0 0 null: 0 0 md5: 0 0 sha1: 0 0 sha256: 0 0 sha384: 0 0 sha512: 0 0 CP8: null: 0 0 des: 0 0 3des: 0 0 aes: 193833 133997 aria: 0 0 seed: 0 0 null: 0 0 md5: 0 0 sha1: 0 0 sha256: 13428 138613
PCNSE
NSE
StrongSwan
thanks, i guess it is working.
was really confused by the documentation for a moment.
the acceleration has nothing to do with SSL vpn traffic, is that correct.
Is the documentation talking a bout ssl web traffiic or ssl cert inspection?
this is the kb that got me started on this confusion.
Any FortiGate with a network processor (most models).
none of my sessions have a NPU INFO section.
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36243
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.