Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

Hardware Acceleration

Download PDF
Copy Link

Change log

Date

Change description

May 10, 2022

New sections:

Previous versions of this document incorrectly stated that NP6 processors support offloading DoS policy sessions. This has been corrected throughout the document as required.

Changes to config hpe and the HPE section of Configuring individual NP6 processors.

April 8, 2022

Corrections to FortiGate 400E Bypass fast path architecture. Added information about NP6 processor support of DoS protection and offloading DoS policies.

April 6, 2022

New sections:

March 1, 2022

Renamed the section: Configuring NP7 queue protocol prioritization. New section Default NP7 queue protocol prioritization configuration.

Corrections to Disabling NP offloading for firewall policies and Disabling nTurbo for firewall policies.

December 16, 2021

Moved information about improving CPS performance to sections describing the following FortiGate models that support this feature:

Updated the following sections to add information about splitting interfaces:

December 3, 2021

Corrections to FortiGate 80F, 81F, and 80F Bypass fast path architecture.

Changes to policy-offload-level {disable | dos-offload | full-offload}.

Correction to Disabling NP offloading for firewall policies.

New section Disabling nTurbo for firewall policies.

Removed the incorrect section "Disabling CP offloading for firewall policies".

September 17, 2021

Added more information about the NP6XLite processor to Network processors (NP7, NP6, NP6XLite, NP6Lite, and NP4) and NP6XLite processors.

More information added to NP6 session drift.

Updates to the following sections:

September 3, 2021

Fixes to NP6 session drift. Removed the information about CP9 support for a true random number generator and entropy source from CP9, CP9XLite, and CP9Lite capabilities.

August 12, 2021

New section: NP acceleration, virtual clustering, and VLAN MAC addresses.

August 5, 2021

Updated NTurbo offloads flow-based processing to clarify that NTurbo also applies to IPsec VPN sessions.

Corrected errors in the section FortiGate 100F and 101F fast path architecture.

June 22, 2021

Included NP7 in the statement "Maximum frame size for NP2, NP4, NP6, and NP7 processors is 9216 bytes." in the section Network processors (NP7, NP6, NP6XLite, NP6Lite, and NP4).

Corrected integrated switch fabric information in the following sections:

June 9, 2021

New sections:

New options added to config hpe.

April 12, 2021

Added a bullet point about NP7 support for offloading, including IPsec traffic, over a loopback interface to NP7 session fast path requirements.

New sections:

Improved the information in Supporting IPsec anti-replay protection.

Corrected the output of the get hardware npu np6 port-list command in FortiGate 3600E and 3601E fast path architecture.

February 26, 2021

Added protocol 97 (ETHERIP or EoIP) to Protocols that can be offloaded by NP7 processors. Improved integration with the Hyperscale Firewall Guide.

Added information about the following new command options, see Configuring NP7 processors for details.

config system npu

set gtp-support {disable | enable}

config tcp-timeout-profile

config udp-timeout-profile

config dsw-dts-profile

config dsw-queue-dts-profile

config np-queues

end

February 2, 2021

Removed NP7 hyperscale firewall content. A new standalone Hyperscale Firewall Guide is now available.

Updated the architecture sections for most E and F models to include more information about management/HA and data processing separation. For example, see the following:

New section: FortiGate 2600F and 2601F fast path architecture.

Corrected names of encryption and authentication algorithms in NP7 session fast path requirements.

December 10, 2020

Corrected the get hardware npu np6 port-list command output in FortiGate 1100E and 1101E fast path architecture.

New section: Protocols that can be offloaded by NP7 processors.

November 23, 2020

More information and corrections about SOC4 (NP6XLite and CP9XLite) and SOC3 (NP6Lite and CP9Lite).

October 23, 2020

FortiGate-4400F/4401F changes:

October 16, 2020

Misc. changes and fixes.

September 30, 2020

Added bypass interface information to FortiGate 800D fast path architecture. Minor improvements to the bypass interface information in FortiGate 2500E fast path architecture.

New section: FortiGate 80F, 81F, and 80F Bypass fast path architecture.

Moved NP7 port mapping to individual sections in FortiGate NP7 architectures.

September 14, 2020

Improved information about how for NP7 and many more recent NP6 fast path architectures the HA interfaces are not connected to the NP7 or NP6 processors. New section: FortiGate 1800F and 1801F fast path architecture. Information about bypass mode added to FortiGate 2500E fast path architecture. Corrected the output of the diagnose npu np6 port-list command in FortiGate 3960E fast path architecture.

Hardware architectures changed:

August 25, 2020

Added NP6XLite content.

Hardware architectures added:

Added a note about NP6 processors and traffic shaping counters to NP6 processors and traffic shaping.

Information about setting interface speeds added to FortiGate 3400E and 3401E fast path architecture and FortiGate 3600E and 3601E fast path architecture.

July 7, 2020

Minor fixes to the NP7 content.

July 6, 2020

NP7 content added. The NP7 features described in this document are supported by the FortiGate-4200F and 4201F running FortiOS 6.2.3 build 6560.

Corrected the get hardware npu np6 port-list output in FortiGate 3400E and 3401E fast path architecture.

Added information about interface groups for the following models:

Added a note about ESP in UDP sessions (UDP port 4500) not been offloaded by NP6 processors to NP6 session fast path requirements.

Corrections to Dedicated management CPU.

Changes to Disabling NP6, NP6XLite, and NP6Lite hardware acceleration (fastpath).

May 13, 2020

FortiOS 6.2.4 document release. New feature: NTurbo support for DoS policies, see NTurbo offloads flow-based processing.

April 3, 2020

New and improved sections:

March 17, 2020

NP6 hardware architectures added:

Changes to the following sections to enhance information about interface, NP6, and XAUI mapping and about the HA interfaces.

Misc edits and fixes throughout.

2019-08-06

Added the following topics:

  • FortiGate-1100E and 1101E fast path architecture.
  • Improving LAG performance on some FortiGate models.

2019-06-05

Updated Configuring individual NP6 processors topic to add link to NP6 anomaly error codes KB article.

2019-04-08

Rearranged some topics and general cleanup.

Deleted FortiGate models not supported by this FortiOS version.

2019-04-02

Added the following topics:

  • Access control lists (ACL).
  • FortiGate-400E and 401E fast path architecture.

2019-03-28

FortiOS 6.2 document release.

Change log

Date

Change description

May 10, 2022

New sections:

Previous versions of this document incorrectly stated that NP6 processors support offloading DoS policy sessions. This has been corrected throughout the document as required.

Changes to config hpe and the HPE section of Configuring individual NP6 processors.

April 8, 2022

Corrections to FortiGate 400E Bypass fast path architecture. Added information about NP6 processor support of DoS protection and offloading DoS policies.

April 6, 2022

New sections:

March 1, 2022

Renamed the section: Configuring NP7 queue protocol prioritization. New section Default NP7 queue protocol prioritization configuration.

Corrections to Disabling NP offloading for firewall policies and Disabling nTurbo for firewall policies.

December 16, 2021

Moved information about improving CPS performance to sections describing the following FortiGate models that support this feature:

Updated the following sections to add information about splitting interfaces:

December 3, 2021

Corrections to FortiGate 80F, 81F, and 80F Bypass fast path architecture.

Changes to policy-offload-level {disable | dos-offload | full-offload}.

Correction to Disabling NP offloading for firewall policies.

New section Disabling nTurbo for firewall policies.

Removed the incorrect section "Disabling CP offloading for firewall policies".

September 17, 2021

Added more information about the NP6XLite processor to Network processors (NP7, NP6, NP6XLite, NP6Lite, and NP4) and NP6XLite processors.

More information added to NP6 session drift.

Updates to the following sections:

September 3, 2021

Fixes to NP6 session drift. Removed the information about CP9 support for a true random number generator and entropy source from CP9, CP9XLite, and CP9Lite capabilities.

August 12, 2021

New section: NP acceleration, virtual clustering, and VLAN MAC addresses.

August 5, 2021

Updated NTurbo offloads flow-based processing to clarify that NTurbo also applies to IPsec VPN sessions.

Corrected errors in the section FortiGate 100F and 101F fast path architecture.

June 22, 2021

Included NP7 in the statement "Maximum frame size for NP2, NP4, NP6, and NP7 processors is 9216 bytes." in the section Network processors (NP7, NP6, NP6XLite, NP6Lite, and NP4).

Corrected integrated switch fabric information in the following sections:

June 9, 2021

New sections:

New options added to config hpe.

April 12, 2021

Added a bullet point about NP7 support for offloading, including IPsec traffic, over a loopback interface to NP7 session fast path requirements.

New sections:

Improved the information in Supporting IPsec anti-replay protection.

Corrected the output of the get hardware npu np6 port-list command in FortiGate 3600E and 3601E fast path architecture.

February 26, 2021

Added protocol 97 (ETHERIP or EoIP) to Protocols that can be offloaded by NP7 processors. Improved integration with the Hyperscale Firewall Guide.

Added information about the following new command options, see Configuring NP7 processors for details.

config system npu

set gtp-support {disable | enable}

config tcp-timeout-profile

config udp-timeout-profile

config dsw-dts-profile

config dsw-queue-dts-profile

config np-queues

end

February 2, 2021

Removed NP7 hyperscale firewall content. A new standalone Hyperscale Firewall Guide is now available.

Updated the architecture sections for most E and F models to include more information about management/HA and data processing separation. For example, see the following:

New section: FortiGate 2600F and 2601F fast path architecture.

Corrected names of encryption and authentication algorithms in NP7 session fast path requirements.

December 10, 2020

Corrected the get hardware npu np6 port-list command output in FortiGate 1100E and 1101E fast path architecture.

New section: Protocols that can be offloaded by NP7 processors.

November 23, 2020

More information and corrections about SOC4 (NP6XLite and CP9XLite) and SOC3 (NP6Lite and CP9Lite).

October 23, 2020

FortiGate-4400F/4401F changes:

October 16, 2020

Misc. changes and fixes.

September 30, 2020

Added bypass interface information to FortiGate 800D fast path architecture. Minor improvements to the bypass interface information in FortiGate 2500E fast path architecture.

New section: FortiGate 80F, 81F, and 80F Bypass fast path architecture.

Moved NP7 port mapping to individual sections in FortiGate NP7 architectures.

September 14, 2020

Improved information about how for NP7 and many more recent NP6 fast path architectures the HA interfaces are not connected to the NP7 or NP6 processors. New section: FortiGate 1800F and 1801F fast path architecture. Information about bypass mode added to FortiGate 2500E fast path architecture. Corrected the output of the diagnose npu np6 port-list command in FortiGate 3960E fast path architecture.

Hardware architectures changed:

August 25, 2020

Added NP6XLite content.

Hardware architectures added:

Added a note about NP6 processors and traffic shaping counters to NP6 processors and traffic shaping.

Information about setting interface speeds added to FortiGate 3400E and 3401E fast path architecture and FortiGate 3600E and 3601E fast path architecture.

July 7, 2020

Minor fixes to the NP7 content.

July 6, 2020

NP7 content added. The NP7 features described in this document are supported by the FortiGate-4200F and 4201F running FortiOS 6.2.3 build 6560.

Corrected the get hardware npu np6 port-list output in FortiGate 3400E and 3401E fast path architecture.

Added information about interface groups for the following models:

Added a note about ESP in UDP sessions (UDP port 4500) not been offloaded by NP6 processors to NP6 session fast path requirements.

Corrections to Dedicated management CPU.

Changes to Disabling NP6, NP6XLite, and NP6Lite hardware acceleration (fastpath).

May 13, 2020

FortiOS 6.2.4 document release. New feature: NTurbo support for DoS policies, see NTurbo offloads flow-based processing.

April 3, 2020

New and improved sections:

March 17, 2020

NP6 hardware architectures added:

Changes to the following sections to enhance information about interface, NP6, and XAUI mapping and about the HA interfaces.

Misc edits and fixes throughout.

2019-08-06

Added the following topics:

  • FortiGate-1100E and 1101E fast path architecture.
  • Improving LAG performance on some FortiGate models.

2019-06-05

Updated Configuring individual NP6 processors topic to add link to NP6 anomaly error codes KB article.

2019-04-08

Rearranged some topics and general cleanup.

Deleted FortiGate models not supported by this FortiOS version.

2019-04-02

Added the following topics:

  • Access control lists (ACL).
  • FortiGate-400E and 401E fast path architecture.

2019-03-28

FortiOS 6.2 document release.