IPSA offloads flow-based pattern matching
IPS Acceleration (IPSA) offloads enhanced pattern matching operations required for flow-based content processing to CP8 and CP9 Content Processors. IPSA offloads enhanced pattern matching for NTurbo firewall sessions and firewall sessions that are not offloaded to NP processors. When IPSA is turned on, flow-based pattern databases are compiled and downloaded to the content processors from the IPS engine and IPS database. Flow-based pattern matching requests are redirected to the CP hardware reducing the load on the FortiGate CPU and accelerating pattern matching.
IF IPSA is supported on your FortiGate, you can use the following command to configure it:
config ips global
set cp-accel-mode {advanced | basic | none}
end
basic
offloads basic pattern matching.
advanced
offloads more types of pattern matching resulting in higher throughput than basic mode. advanced
is only available on FortiGate models with two or more CP8s or one or more CP9s.
If the cp-accel-mode
option is not available, then your FortiGate does not support IPSA.
On FortiGates with one CP8, the default cp-accel-mode
is basic
. Setting the mode to advanced
does not change the types of pattern matching that are offloaded.
On FortiGates with two or more CP8s or one or more CP9s, the default cp-accel-mode
is advanced
. You can set the mode to basic
to offload fewer types of pattern matching.