The optimal way to set up the NP7 HPE is to set the
all-protocol option to a maximum packet rate threshold that protects the FortiGate CPU from excessive traffic. If
all-protocolis set to a value other than 0, the number of host packets received for all traffic of all packet types that the HPE shapes is controlled by the
all-protocol threshold. By default
all-protocol is set to 400000. This default threshold is designed to work well for most FortiGates and most networks.
You can use HPE monitoring to verify how many packets the HPE is actually dropping and adjust the
all-protocol threshold. See Monitoring NP7 HPE activity. You can also use the
diagnose npu np7 monitor-hpe command to monitor HPE activity without dropping packets. See Monitor HPE activity without dropping packets.
If you set
all-protocol to 0, you can configure thresholds for individual traffic types, see NP7 HPE for individual traffic types.
The HPE also includes an overflow option for high-priority traffic, see NP7 HPE and high priority traffic.