Fortinet black logo

CLI Reference

Home FortiGate / FortiOS 7.0.0 CLI Reference

config system npu

7.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0
Copy Link
Copy Doc ID edd34da1-91dc-11eb-b70b-00505692583a:4620
Download PDF

config system npu

Note

This command is available for reference model(s) FortiGate 3000D, FortiGate 140E-POE, FortiGate 501E, FortiWiFi 61F. It is not available for FortiGate VM64.

Configure NPU attributes.

config system npu

Description: Configure NPU attributes.

set dedicated-management-cpu [enable|disable]

config port-cpu-map

Description: Configure NPU interface to CPU core mapping.

edit <interface>

set cpu-core {string}

next

end

set fastpath [disable|enable]

set capwap-offload [enable|disable]

set ipsec-enc-subengine-mask {user}

set ipsec-dec-subengine-mask {user}

set sw-np-bandwidth [0G|2G|...]

set strip-esp-padding [enable|disable]

set strip-clear-text-padding [enable|disable]

set ipsec-inbound-cache [enable|disable]

set sse-backpressure [enable|disable]

set rdp-offload [enable|disable]

set ipsec-over-vlink [enable|disable]

set uesp-offload [enable|disable]

set qos-mode [disable|priority|...]

config isf-np-queues

Description: Configure queues of switch port connected to NP6 XAUI on ingress path.

set cos0 {string}

set cos1 {string}

set cos2 {string}

set cos3 {string}

set cos4 {string}

set cos5 {string}

set cos6 {string}

set cos7 {string}

end

set mcast-session-accounting [tpe-based|session-based|...]

set ipsec-mtu-override [disable|enable]

set lag-out-port-select [disable|enable]

set session-denied-offload [disable|enable]

config priority-protocol

Description: Configure NPU priority protocol.

set bgp [enable|disable]

set slbc [enable|disable]

set bfd [enable|disable]

end

end

config system npu

Parameter

Description

Type

Size

Default

dedicated-management-cpu *

Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

option

-

disable

Option

Description

enable

Enable dedication of CPU #0 for management tasks.

disable

Disable dedication of CPU #0 for management tasks.

fastpath *

Enable/disable NP6 offloading (also called fast path).

option

-

enable

Option

Description

disable

Disable NP6 offloading (fast path).

enable

Enable NP6 offloading (fast path).

capwap-offload *

Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

option

-

enable

Option

Description

enable

Enable CAPWAP offload.

disable

Disable CAPWAP offload.

ipsec-enc-subengine-mask *

IPsec encryption subengine mask .

user

Not Specified

ipsec-dec-subengine-mask *

IPsec decryption subengine mask .

user

Not Specified

sw-np-bandwidth *

Bandwidth from switch to NP.

option

-

0G

Option

Description

0G

Default value. No bandwidth control.

2G

2Gbps.

4G

4Gbps.

5G

5Gbps.

6G

6Gbps.

strip-esp-padding *

Enable/disable stripping ESP padding.

option

-

disable

Option

Description

enable

Enable stripping ESP padding.

disable

Disable stripping ESP padding.

strip-clear-text-padding *

Enable/disable stripping clear text padding.

option

-

disable

Option

Description

enable

Enable stripping clear text padding.

disable

Disable stripping clear text padding.

ipsec-inbound-cache *

Enable/disable IPsec inbound cache for anti-replay.

option

-

enable

Option

Description

enable

Enable inbound cache always.

disable

Disable inbound cache when IPsec anti-replay is on.

sse-backpressure *

Enable/disable sse backpressure.

option

-

disable

Option

Description

enable

Enable sse backpressureg.

disable

Disable sse backpressureg.

rdp-offload *

Enable/disable rdp offload.

option

-

enable

Option

Description

enable

Enable reliable datagram protocol traffic offload.

disable

Disable reliable datagram protocol traffic offload.

ipsec-over-vlink *

Enable/disable IPSEC over vlink.

option

-

disable

Option

Description

enable

Enable IPSEC over vlink.

disable

Disable IPSEC over vlink.

uesp-offload *

Enable/disable UDP-encapsulated ESP offload .

option

-

disable

Option

Description

enable

Enable UDP-encapsulated ESP traffic offload.

disable

Disable UDP-encapsulated ESP traffic offload.

qos-mode *

QoS mode on switch and NP.

option

-

disable

Option

Description

disable

Disable QoS on switch and NP.

priority

Priority based.

round-robin

Round Robin Scheduler.

mcast-session-accounting *

Enable/disable traffic accounting for each multicast session through TAE counter.

option

-

tpe-based

Option

Description

tpe-based

Enable TPE-based multicast session accounting.

session-based

Enable session-based multicast session accounting.

disable

Disable multicast session accounting.

ipsec-mtu-override *

Enable/disable NP6 IPsec MTU override.

option

-

disable

Option

Description

disable

Disable NP6 IPsec MTU override.

enable

Enable NP6 IPsec MTU override.

lag-out-port-select *

Enable/disable LAG outgoing port selection based on incoming traffic port.

option

-

disable

Option

Description

disable

Disable LAG outgoing trunk in switch.

enable

Enable LAG outgoing trunk in switch.

session-denied-offload *

Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set.

option

-

disable

Option

Description

disable

Disable offloading of denied sessions.

enable

Enable offloading of denied sessions.

* This parameter may not exist in some models.

config port-cpu-map

Parameter

Description

Type

Size

Default

cpu-core

The CPU core to map to an interface.

string

Maximum length: 31

all

config isf-np-queues

Parameter

Description

Type

Size

Default

cos0

CoS profile name for CoS 0.

string

Maximum length: 35

cos1

CoS profile name for CoS 1.

string

Maximum length: 35

cos2

CoS profile name for CoS 2.

string

Maximum length: 35

cos3

CoS profile name for CoS 3.

string

Maximum length: 35

cos4

CoS profile name for CoS 4.

string

Maximum length: 35

cos5

CoS profile name for CoS 5.

string

Maximum length: 35

cos6

CoS profile name for CoS 6.

string

Maximum length: 35

cos7

CoS profile name for CoS 7.

string

Maximum length: 35

config priority-protocol

Parameter

Description

Type

Size

Default

bgp

Enable/disable NPU BGP priority protocol.

option

-

enable

Option

Description

enable

Enable NPU BGP priority protocol.

disable

Disable NPU BGP priority protocol.

slbc

Enable/disable NPU SLBC priority protocol.

option

-

enable

Option

Description

enable

Enable NPU SLBC priority protocol.

disable

Disable NPU SLBC priority protocol.

bfd

Enable/disable NPU BFD priority protocol.

option

-

enable

Option

Description

enable

Enable NPU BFD priority protocol.

disable

Disable NPU BFD priority protocol.
Previous
Next

config system npu

Note

This command is available for reference model(s) FortiGate 3000D, FortiGate 140E-POE, FortiGate 501E, FortiWiFi 61F. It is not available for FortiGate VM64.

Configure NPU attributes.

config system npu

Description: Configure NPU attributes.

set dedicated-management-cpu [enable|disable]

config port-cpu-map

Description: Configure NPU interface to CPU core mapping.

edit <interface>

set cpu-core {string}

next

end

set fastpath [disable|enable]

set capwap-offload [enable|disable]

set ipsec-enc-subengine-mask {user}

set ipsec-dec-subengine-mask {user}

set sw-np-bandwidth [0G|2G|...]

set strip-esp-padding [enable|disable]

set strip-clear-text-padding [enable|disable]

set ipsec-inbound-cache [enable|disable]

set sse-backpressure [enable|disable]

set rdp-offload [enable|disable]

set ipsec-over-vlink [enable|disable]

set uesp-offload [enable|disable]

set qos-mode [disable|priority|...]

config isf-np-queues

Description: Configure queues of switch port connected to NP6 XAUI on ingress path.

set cos0 {string}

set cos1 {string}

set cos2 {string}

set cos3 {string}

set cos4 {string}

set cos5 {string}

set cos6 {string}

set cos7 {string}

end

set mcast-session-accounting [tpe-based|session-based|...]

set ipsec-mtu-override [disable|enable]

set lag-out-port-select [disable|enable]

set session-denied-offload [disable|enable]

config priority-protocol

Description: Configure NPU priority protocol.

set bgp [enable|disable]

set slbc [enable|disable]

set bfd [enable|disable]

end

end

config system npu

Parameter

Description

Type

Size

Default

dedicated-management-cpu *

Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

option

-

disable

Option

Description

enable

Enable dedication of CPU #0 for management tasks.

disable

Disable dedication of CPU #0 for management tasks.

fastpath *

Enable/disable NP6 offloading (also called fast path).

option

-

enable

Option

Description

disable

Disable NP6 offloading (fast path).

enable

Enable NP6 offloading (fast path).

capwap-offload *

Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

option

-

enable

Option

Description

enable

Enable CAPWAP offload.

disable

Disable CAPWAP offload.

ipsec-enc-subengine-mask *

IPsec encryption subengine mask .

user

Not Specified

ipsec-dec-subengine-mask *

IPsec decryption subengine mask .

user

Not Specified

sw-np-bandwidth *

Bandwidth from switch to NP.

option

-

0G

Option

Description

0G

Default value. No bandwidth control.

2G

2Gbps.

4G

4Gbps.

5G

5Gbps.

6G

6Gbps.

strip-esp-padding *

Enable/disable stripping ESP padding.

option

-

disable

Option

Description

enable

Enable stripping ESP padding.

disable

Disable stripping ESP padding.

strip-clear-text-padding *

Enable/disable stripping clear text padding.

option

-

disable

Option

Description

enable

Enable stripping clear text padding.

disable

Disable stripping clear text padding.

ipsec-inbound-cache *

Enable/disable IPsec inbound cache for anti-replay.

option

-

enable

Option

Description

enable

Enable inbound cache always.

disable

Disable inbound cache when IPsec anti-replay is on.

sse-backpressure *

Enable/disable sse backpressure.

option

-

disable

Option

Description

enable

Enable sse backpressureg.

disable

Disable sse backpressureg.

rdp-offload *

Enable/disable rdp offload.

option

-

enable

Option

Description

enable

Enable reliable datagram protocol traffic offload.

disable

Disable reliable datagram protocol traffic offload.

ipsec-over-vlink *

Enable/disable IPSEC over vlink.

option

-

disable

Option

Description

enable

Enable IPSEC over vlink.

disable

Disable IPSEC over vlink.

uesp-offload *

Enable/disable UDP-encapsulated ESP offload .

option

-

disable

Option

Description

enable

Enable UDP-encapsulated ESP traffic offload.

disable

Disable UDP-encapsulated ESP traffic offload.

qos-mode *

QoS mode on switch and NP.

option

-

disable

Option

Description

disable

Disable QoS on switch and NP.

priority

Priority based.

round-robin

Round Robin Scheduler.

mcast-session-accounting *

Enable/disable traffic accounting for each multicast session through TAE counter.

option

-

tpe-based

Option

Description

tpe-based

Enable TPE-based multicast session accounting.

session-based

Enable session-based multicast session accounting.

disable

Disable multicast session accounting.

ipsec-mtu-override *

Enable/disable NP6 IPsec MTU override.

option

-

disable

Option

Description

disable

Disable NP6 IPsec MTU override.

enable

Enable NP6 IPsec MTU override.

lag-out-port-select *

Enable/disable LAG outgoing port selection based on incoming traffic port.

option

-

disable

Option

Description

disable

Disable LAG outgoing trunk in switch.

enable

Enable LAG outgoing trunk in switch.

session-denied-offload *

Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set.

option

-

disable

Option

Description

disable

Disable offloading of denied sessions.

enable

Enable offloading of denied sessions.

* This parameter may not exist in some models.

config port-cpu-map

Parameter

Description

Type

Size

Default

cpu-core

The CPU core to map to an interface.

string

Maximum length: 31

all

config isf-np-queues

Parameter

Description

Type

Size

Default

cos0

CoS profile name for CoS 0.

string

Maximum length: 35

cos1

CoS profile name for CoS 1.

string

Maximum length: 35

cos2

CoS profile name for CoS 2.

string

Maximum length: 35

cos3

CoS profile name for CoS 3.

string

Maximum length: 35

cos4

CoS profile name for CoS 4.

string

Maximum length: 35

cos5

CoS profile name for CoS 5.

string

Maximum length: 35

cos6

CoS profile name for CoS 6.

string

Maximum length: 35

cos7

CoS profile name for CoS 7.

string

Maximum length: 35

config priority-protocol

Parameter

Description

Type

Size

Default

bgp

Enable/disable NPU BGP priority protocol.

option

-

enable

Option

Description

enable

Enable NPU BGP priority protocol.

disable

Disable NPU BGP priority protocol.

slbc

Enable/disable NPU SLBC priority protocol.

option

-

enable

Option

Description

enable

Enable NPU SLBC priority protocol.

disable

Disable NPU SLBC priority protocol.

bfd

Enable/disable NPU BFD priority protocol.

option

-

enable

Option

Description

enable

Enable NPU BFD priority protocol.

disable

Disable NPU BFD priority protocol.
Previous
Next