Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Hyperscale Firewall Guide

Getting started with NP7 hyperscale firewall features

This section provides an overview of FortiOS NP7 hyperscale firewall support. Hyperscale firewall features include:

  • NP7 hardware session setup takes place entirely on the NP7 policy and NAT engine (called the Session Search Engine or SSE) without any involvement of the system bus or CPU. Hardware session setup is also called hardware policy offload.
  • IPv4 and NAT64 firewall policies includes support for carrier-grade NAT (CGNAT) features.
  • Hardware logging (syslog and IPFIX) offloads syslog or NetFlow messages for all offloaded sessions.
  • Hardware session synchronization supports HA session sync for hyperscale firewall HA clusters.
  • Hyperscale firewall features are enabled per VDOM.
    • Hyperscale firewall VDOMs only support hyperscale firewall policies.
    • Hyperscale firewall VDOMs do not support UTM or NGFW firewall features.
    • Hyperscale firewall VDOMs do not support Central NAT.
    • You must use a special naming convention when creating a hyperscale firewall VDOM, see Creating hyperscale firewall VDOMs for details.

Getting started with NP7 hyperscale firewall features

This section provides an overview of FortiOS NP7 hyperscale firewall support. Hyperscale firewall features include:

  • NP7 hardware session setup takes place entirely on the NP7 policy and NAT engine (called the Session Search Engine or SSE) without any involvement of the system bus or CPU. Hardware session setup is also called hardware policy offload.
  • IPv4 and NAT64 firewall policies includes support for carrier-grade NAT (CGNAT) features.
  • Hardware logging (syslog and IPFIX) offloads syslog or NetFlow messages for all offloaded sessions.
  • Hardware session synchronization supports HA session sync for hyperscale firewall HA clusters.
  • Hyperscale firewall features are enabled per VDOM.
    • Hyperscale firewall VDOMs only support hyperscale firewall policies.
    • Hyperscale firewall VDOMs do not support UTM or NGFW firewall features.
    • Hyperscale firewall VDOMs do not support Central NAT.
    • You must use a special naming convention when creating a hyperscale firewall VDOM, see Creating hyperscale firewall VDOMs for details.