Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Vbharath_FTNT
Staff
Staff

Created on ‎10-09-2023 07:20 AM

Article Id 278048

Technical Tip: How to Disable hardware accleration for Proxy SSL inspection

Description This article describes how to disable hardware acceleration for Proxy SSL inspection.
Scope Any supported version of FortiGate.
Solution

When proxy inspection is used on a FortiGate unit, SSL jobs can be offloaded to hardware - CP8/9 or SOC. In some cases, it may be necessary to disable hardware acceleration for proxy SSL inspection.


Proxy SSL hardware acceleration can be disabled using the following CLI configuration:

 

config firewall ssl setting
   set kxp-queue-threshold 0
   set ssl-queue-threshold 0
end

 

Note: When hardware acceleration for Proxy SSL is disabled, SSL inspection is done by the CPU. This can result in higher CPU utilization depending on the amount of traffic on the unit. It is recommended to disable this setting only for troubleshooting purposes.
559
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.