Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Hardware Acceleration

Change log

Date

Change description

May 9, 2022

New sections:

Previous versions of this document incorrectly stated that NP6 processors support offloading DoS policy sessions. This has been corrected throughout the document as required.

Changes to NP7 Host Protection Engine (HPE) and the HPE section of Configuring individual NP6 processors.

April 8, 2022

New sections:

Added information about NP6 processor support of DoS protection and offloading DoS policies.

March 2, 2022

Renamed the section: Configuring NP7 queue protocol prioritization. New section Default NP7 queue protocol prioritization configuration. Correction to Disabling NP offloading for firewall policies and Disabling nTurbo for firewall policies.

December 16, 2021

Moved information about improving CPS performance to sections describing the following FortiGate models that support this feature:

Updated the following sections to add information about splitting interfaces:

Corrected the default setting and added more information to vlan-lookup-cache {disable | enable}.

December 2, 2021

Corrections to FortiGate 80F, 81F, and 80F Bypass fast path architecture.

Changes to policy-offload-level {disable | dos-offload | full-offload}.

Correction to Disabling NP offloading for firewall policies.

New section Disabling nTurbo for firewall policies.

Removed the incorrect section "Disabling CP offloading for firewall policies".

October 29, 2021

Misc. fixes.

October 15, 2021

New sections:

September 30, 2021

New section: FortiGate 3500F and 3501F fast path architecture.

September 17, 2021

More information added to NP6 session drift.

September 9, 2021

Added more information about the NP6XLite processor to Network processors (NP7, NP6, NP6XLite, NP6Lite, and NP4) and NP6XLite processors. This content continues to be under development. If you have comments about it, contact techdoc@fortinet.com.

Updates to the following sections:

September 3, 2021

New and improved content:

August 5, 2021

Updated NTurbo offloads flow-based processing to clarify that NTurbo also applies to IPsec VPN sessions.

Corrected errors in the section FortiGate 100F and 101F fast path architecture.

July 9, 2021

FortiOS 6.4.6 document release. FortiOS 6.4.6 includes support for FortiGates with NP7 processors and for NP7 hyperscale firewall features. See What's new for FortiGates with NP7 processors for FortiOS 6.4.6.

Updated NP6 session fast path requirements to list support for offloading UDP traffic with a destination port of 4500 (ESP-in-UDP traffic). New section: Offloading UDP-encapsulated ESP traffic.

Added a note about NP6 processors not offloading sessions between two EMAC VLANs on NPU inter-VDOM link interfaces to Using VLANs to add more accelerated inter-VDOM link interfaces.

June 22, 2021

Corrected integrated switch fabric information in the following sections:

June 16, 2021

Added more information about bypass mode to:

April 12, 2021

Improved the information in Supporting IPsec anti-replay protection.

New section: FPM-7630E fast path architecture.

Corrected the output of the get hardware npu np6 port-list command in FortiGate 3600E and 3601E fast path architecture.

March 1, 2021

Corrected the get hardware npu np6 port-list command output in FortiGate 1100E and 1101E fast path architecture.

Updated the architecture sections for most E and F models to include more information about management/HA and data processing separation. For example, see the following:

December 18, 2020

New section: FortiGate 200F and 201F fast path architecture.

December 10, 2020

New section: FortiGate 80F, 81F, and 80F Bypass fast path architecture. More information about NetFlow support added to sFlow and NetFlow and hardware acceleration. Corrected the get hardware npu np6 port-list command output in FortiGate 1100E and 1101E fast path architecture.

New sections:

November 23, 2020

More information and corrections about SOC4 (NP6XLite and CP9XLite) and SOC3 (NP6Lite and CP9Lite).

October 19, 2020

Added bypass interface information to FortiGate 800D fast path architecture. Minor improvements to the bypass interface information in FortiGate 2500E fast path architecture. Other misc. changes and fixes.

September 14, 2020

Improved information about how for NP7 and many more recent NP6 fast path architectures the HA interfaces are not connected to the NP7 or NP6 processors. Information about bypass mode added to FortiGate 2500E fast path architecture. Corrected the output of the diagnose npu np6 port-list command in FortiGate 3960E fast path architecture.

Hardware architectures changed:

August 25, 2020

New section: FortiGate 100E and 101E fast path architecture.

Added a note about NP6 processors and traffic shaping counters to NP6 processors and traffic shaping.

Information about setting interface speeds added to FortiGate 3400E and 3401E fast path architecture and FortiGate 3600E and 3601E fast path architecture.

August 21, 2020

Added NP6XLite content.

July 8, 2020

Corrected the get hardware npu np6 port-list output in FortiGate 3400E and 3401E fast path architecture.

Added information about interface groups for the following models:

Added a note about ESP in UDP sessions (UDP port 4500) not been offloaded by NP6 processors to NP6 session fast path requirements.

Corrections to Dedicated management CPU.

Changes to Disabling NP6, NP6XLite, and NP6Lite hardware acceleration (fastpath).

May 21, 2020

New sections:

April 3, 2020

Improvements to the information about the HPE in Configuring individual NP6 processors.

New sections:

March 31, 2019

FortiOS 6.4 document release.

Change log

Date

Change description

May 9, 2022

New sections:

Previous versions of this document incorrectly stated that NP6 processors support offloading DoS policy sessions. This has been corrected throughout the document as required.

Changes to NP7 Host Protection Engine (HPE) and the HPE section of Configuring individual NP6 processors.

April 8, 2022

New sections:

Added information about NP6 processor support of DoS protection and offloading DoS policies.

March 2, 2022

Renamed the section: Configuring NP7 queue protocol prioritization. New section Default NP7 queue protocol prioritization configuration. Correction to Disabling NP offloading for firewall policies and Disabling nTurbo for firewall policies.

December 16, 2021

Moved information about improving CPS performance to sections describing the following FortiGate models that support this feature:

Updated the following sections to add information about splitting interfaces:

Corrected the default setting and added more information to vlan-lookup-cache {disable | enable}.

December 2, 2021

Corrections to FortiGate 80F, 81F, and 80F Bypass fast path architecture.

Changes to policy-offload-level {disable | dos-offload | full-offload}.

Correction to Disabling NP offloading for firewall policies.

New section Disabling nTurbo for firewall policies.

Removed the incorrect section "Disabling CP offloading for firewall policies".

October 29, 2021

Misc. fixes.

October 15, 2021

New sections:

September 30, 2021

New section: FortiGate 3500F and 3501F fast path architecture.

September 17, 2021

More information added to NP6 session drift.

September 9, 2021

Added more information about the NP6XLite processor to Network processors (NP7, NP6, NP6XLite, NP6Lite, and NP4) and NP6XLite processors. This content continues to be under development. If you have comments about it, contact techdoc@fortinet.com.

Updates to the following sections:

September 3, 2021

New and improved content:

August 5, 2021

Updated NTurbo offloads flow-based processing to clarify that NTurbo also applies to IPsec VPN sessions.

Corrected errors in the section FortiGate 100F and 101F fast path architecture.

July 9, 2021

FortiOS 6.4.6 document release. FortiOS 6.4.6 includes support for FortiGates with NP7 processors and for NP7 hyperscale firewall features. See What's new for FortiGates with NP7 processors for FortiOS 6.4.6.

Updated NP6 session fast path requirements to list support for offloading UDP traffic with a destination port of 4500 (ESP-in-UDP traffic). New section: Offloading UDP-encapsulated ESP traffic.

Added a note about NP6 processors not offloading sessions between two EMAC VLANs on NPU inter-VDOM link interfaces to Using VLANs to add more accelerated inter-VDOM link interfaces.

June 22, 2021

Corrected integrated switch fabric information in the following sections:

June 16, 2021

Added more information about bypass mode to:

April 12, 2021

Improved the information in Supporting IPsec anti-replay protection.

New section: FPM-7630E fast path architecture.

Corrected the output of the get hardware npu np6 port-list command in FortiGate 3600E and 3601E fast path architecture.

March 1, 2021

Corrected the get hardware npu np6 port-list command output in FortiGate 1100E and 1101E fast path architecture.

Updated the architecture sections for most E and F models to include more information about management/HA and data processing separation. For example, see the following:

December 18, 2020

New section: FortiGate 200F and 201F fast path architecture.

December 10, 2020

New section: FortiGate 80F, 81F, and 80F Bypass fast path architecture. More information about NetFlow support added to sFlow and NetFlow and hardware acceleration. Corrected the get hardware npu np6 port-list command output in FortiGate 1100E and 1101E fast path architecture.

New sections:

November 23, 2020

More information and corrections about SOC4 (NP6XLite and CP9XLite) and SOC3 (NP6Lite and CP9Lite).

October 19, 2020

Added bypass interface information to FortiGate 800D fast path architecture. Minor improvements to the bypass interface information in FortiGate 2500E fast path architecture. Other misc. changes and fixes.

September 14, 2020

Improved information about how for NP7 and many more recent NP6 fast path architectures the HA interfaces are not connected to the NP7 or NP6 processors. Information about bypass mode added to FortiGate 2500E fast path architecture. Corrected the output of the diagnose npu np6 port-list command in FortiGate 3960E fast path architecture.

Hardware architectures changed:

August 25, 2020

New section: FortiGate 100E and 101E fast path architecture.

Added a note about NP6 processors and traffic shaping counters to NP6 processors and traffic shaping.

Information about setting interface speeds added to FortiGate 3400E and 3401E fast path architecture and FortiGate 3600E and 3601E fast path architecture.

August 21, 2020

Added NP6XLite content.

July 8, 2020

Corrected the get hardware npu np6 port-list output in FortiGate 3400E and 3401E fast path architecture.

Added information about interface groups for the following models:

Added a note about ESP in UDP sessions (UDP port 4500) not been offloaded by NP6 processors to NP6 session fast path requirements.

Corrections to Dedicated management CPU.

Changes to Disabling NP6, NP6XLite, and NP6Lite hardware acceleration (fastpath).

May 21, 2020

New sections:

April 3, 2020

Improvements to the information about the HPE in Configuring individual NP6 processors.

New sections:

March 31, 2019

FortiOS 6.4 document release.