Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.2.13
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Hardware Acceleration

    Home FortiGate / FortiOS 7.2.13 Hardware Acceleration
    7.2.13
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.1
    7.0.0
    6.4.16
    6.2.17
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    5.6.0

    NP processors and IPsec anti-replay protection

    NP processors and IPsec anti-replay protection

    IPsec Anti-replay protection protects IPsec tunnel traffic by making sure that replayed packets cannot be used to subvert tunnel security. Anti-replay protection can introduce packet reordering issues, as the very nature of anti-replay is that the right packet arrives in the correct sequence for the appropriate security control (decryption) to be applied.

    NP7, NP7Lite, NP6XLite, and NP6Lite processors include a packet ordering engine that works in conjunction with IPsec functions to control anti-replay and packet ordering issues. This is inherent to the functions of these processors, and therefore IPsec anti-replay can be enabled on FortiGate models with NP7, NP7Lite, NP6XLite, and NP6Lite processors.

    NP6 processors do not have an integrated packet ordering function. Each NP6 operates multiple crypto engines to provide high crypto performance, and this can cause packet ordering issues with large packet size variations. For more information, see Supporting IPsec anti-replay protection.

    Previous
    Next

    NP processors and IPsec anti-replay protection

    NP processors and IPsec anti-replay protection

    IPsec Anti-replay protection protects IPsec tunnel traffic by making sure that replayed packets cannot be used to subvert tunnel security. Anti-replay protection can introduce packet reordering issues, as the very nature of anti-replay is that the right packet arrives in the correct sequence for the appropriate security control (decryption) to be applied.

    NP7, NP7Lite, NP6XLite, and NP6Lite processors include a packet ordering engine that works in conjunction with IPsec functions to control anti-replay and packet ordering issues. This is inherent to the functions of these processors, and therefore IPsec anti-replay can be enabled on FortiGate models with NP7, NP7Lite, NP6XLite, and NP6Lite processors.

    NP6 processors do not have an integrated packet ordering function. Each NP6 operates multiple crypto engines to provide high crypto performance, and this can cause packet ordering issues with large packet size variations. For more information, see Supporting IPsec anti-replay protection.

    Previous
    Next