Fortinet black logo

Hyperscale Firewall Guide

Hyperscale firewall GUI changes

Hyperscale firewall GUI changes

When hyperscale firewall features are enabled for your FortiGate or for a VDOM, the GUI has the following changes:

Hyperscale firewall policies

Only hyperscale firewall policies are available.

Note

If you are upgrading your hyperscale firewall configuration from FortiOS 6.2.5 to 6.2.6 you must re-configure all of your hyperscale firewall policies using the new 6.2.6 hyperscale firewall policies.

Hyperscale firewall policy options

Hyperscale firewall policies have similar options to normal firewall policies for selecting traffic for which to offload session setup. Hyperscale firewall policies do not support UTM or NGFW features.

CGNAT features in IPv4 and NAT64 firewall policies

IPv4 and NAT64 Hyperscale firewall policies allow you to configure carrier grade NAT (CGNAT) options.

Hardware logging in a firewall policy

You can also add hardware logging to a Hyperscale firewall policy.

CGN resource allocation IP pools

CGN resource allocation IP pools are available for adding carrier grade NAT features to an IPv4 or NAT64 hyperscale firewall policy. Go to Policy & Objects > IP Pools, Select Create New > IP Pool, and set Type to CGN Resource Allocation. You can also create CGN IP pool groups by going to Create New > CGN IP Pool Group.

Hyperscale hardware logging servers

You can set up multiple hyperscale hardware logging servers and add them to server groups. This is a global feature. If multiple VDOMs are enabled, all VDOMs can use these globally configured servers. To configure hardware logging, go to Log & Report > Hyperscale SPU Offload Log Settings.

Hyperscale firewall GUI changes

When hyperscale firewall features are enabled for your FortiGate or for a VDOM, the GUI has the following changes:

Hyperscale firewall policies

Only hyperscale firewall policies are available.

Note

If you are upgrading your hyperscale firewall configuration from FortiOS 6.2.5 to 6.2.6 you must re-configure all of your hyperscale firewall policies using the new 6.2.6 hyperscale firewall policies.

Hyperscale firewall policy options

Hyperscale firewall policies have similar options to normal firewall policies for selecting traffic for which to offload session setup. Hyperscale firewall policies do not support UTM or NGFW features.

CGNAT features in IPv4 and NAT64 firewall policies

IPv4 and NAT64 Hyperscale firewall policies allow you to configure carrier grade NAT (CGNAT) options.

Hardware logging in a firewall policy

You can also add hardware logging to a Hyperscale firewall policy.

CGN resource allocation IP pools

CGN resource allocation IP pools are available for adding carrier grade NAT features to an IPv4 or NAT64 hyperscale firewall policy. Go to Policy & Objects > IP Pools, Select Create New > IP Pool, and set Type to CGN Resource Allocation. You can also create CGN IP pool groups by going to Create New > CGN IP Pool Group.

Hyperscale hardware logging servers

You can set up multiple hyperscale hardware logging servers and add them to server groups. This is a global feature. If multiple VDOMs are enabled, all VDOMs can use these globally configured servers. To configure hardware logging, go to Log & Report > Hyperscale SPU Offload Log Settings.