Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PIDDLAW
New Contributor III

100D ipsec tunnels NO NPU flag in diagnose vpn tunnel list M

using diagnose vpn tunnel list it seems none of my tunnels are being offloaded (accelerated)

100D has a cp8

Model name: FortiGate-100D
ASIC version: CP8

Does not seem to be accelerating any sessions ( none of the sessions show any NPU info)

does this need to be set using CLI commands like here

http://kb.fortinet.com/kb/documentLink.do?externalID=FD36203

 

I am trying to fix slow SSL vpn and slow IPSEC tunnels.

more info can be provided.

Just thought i might ask prior to calling support.

As it seems like NPU acceleration is completely disabled on this unit.

 

5 REPLIES 5
emnoc
Esteemed Contributor III

A FGT100D does not have a NPU.

 

try 

 

get hardware status

( it should show cp8 )

or 

 

get hardware npu ?

 

if the later fails,  you have no NPUs

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
PIDDLAW
New Contributor III

that explains it.

thanks

I see the cp8.

is there a command to see if it is enabled anywhere or being used to accelerate anything?

emnoc
Esteemed Contributor III

Yes the vpn tunnel statistics will give you a clue if acceleration is being enabled.

 

e.g

 

KENSFW09 # diag vpn ipsec status | grep -C 10 CP8 3des: 0 0 aes: 0 0 aria: 0 0 seed: 0 0 null: 0 0 md5: 0 0 sha1: 0 0 sha256: 0 0 sha384: 0 0 sha512: 0 0 CP8: null: 0 0 des: 0 0 3des: 0 0 aes: 193833 133997 aria: 0 0 seed: 0 0 null: 0 0 md5: 0 0 sha1: 0 0 sha256: 13428 138613

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
PIDDLAW
New Contributor III

thanks, i guess it is working.

was really confused by the documentation for a moment.

the acceleration has nothing to do with SSL vpn traffic, is that correct.

Is the documentation talking a bout ssl web traffiic or ssl cert inspection?

PIDDLAW
New Contributor III

this is the kb that got me started on this confusion.

 

Any FortiGate with a network processor (most models).

 

none of my sessions have a NPU INFO section.

http://kb.fortinet.com/kb/documentLink.do?externalID=FD36243

 

 

Labels
Top Kudoed Authors