Hi, Everyone.
I have a plan to upgrade FortiGate firmware FortiOS 6.4.15 to 7.2.8.
The FortiGate is models on NP6 platform.
Before I'll do it, I have read the Document Library about FortiOS 7.2.8 in Fortinet official web page. and I found the Bug ID 1012518 in known issue.
Here is the citation from the Document Library.
https://docs.fortinet.com/document/fortigate/7.2.8/fortios-release-notes/236526
---
Some FortiGate models on NP6/NP6Lite/NP6xLite platforms experience unexpected behavior due to certain traffic conditions after upgrading to 7.2.8. Traffic may be interrupted momentarily.
Workaround: Users impacted by this issue can contact Fortinet Support to request a special build with a fix for this issue. Alternatively, users can disable the processing of traffic by the IPS engine’s nTurbo using the following command:
config ips global set np-accel-mode none end
---
I'm gonna do the workaround that using the command.
But When I use the workaround, I'm wondering if the FortiGate CPU performance gets high.
And I've read below documentation content about nTurbo offloads.
Here is the citation from the Document Library.
---
Firewall sessions that include proxy-based security profiles are never offloaded to network processors and are always processed by the FortiGate CPU.
---
Now The FortiGate is Proxy Mode.
All security profile is proxy mode and every firwall policies is too.
That means Firewall session that The FortiGate in FortiOS 6.4.15(Now I'm using) is processing by FortiGate CPU and
When I upgrade the Fortigate to FortiOS 7.2.8, CPU performance doesn't change too much?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi studentuser,
Your assumption is correct, if the CPU is already processing the traffic upgrading from 6.4.15 to 7.2.8 should not increase much (but might increase a little due new features) the CPU usage. Of course, we are assuming that configuration and traffic flow won't change after the upgrade.
For the correct upgrade, always use the upgrade path tool https://docs.fortinet.com/upgrade-tool/fortigate
Do not jump from 6.4.15 to 7.2.8 directly, follow the upgrade-tool suggestion.
Hi studentuser,
Your assumption is correct, if the CPU is already processing the traffic upgrading from 6.4.15 to 7.2.8 should not increase much (but might increase a little due new features) the CPU usage. Of course, we are assuming that configuration and traffic flow won't change after the upgrade.
For the correct upgrade, always use the upgrade path tool https://docs.fortinet.com/upgrade-tool/fortigate
Do not jump from 6.4.15 to 7.2.8 directly, follow the upgrade-tool suggestion.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.