Check the NP queue priority configuration after a firmware upgrade
After upgrading your FortiGate with NP7 processors to 7.2.4, you should verify that the NP queue priority configuration is either your intended configuration or matches the default configuration shown below. If you are upgrading from a FortiOS version that does not support the NP queue priority feature, the NP queue priority configuration after the firmware upgrade could be empty or incorrect.
The default NP queue priority configuration should result in optimal performance in most cases. An empty or incorrect NP queue priority configuration can affect performance or cause traffic disruptions. In the case of a hyperscale firewall VDOM, an empty NP queue priority configuration could cause BGP flapping or traffic interruptions when a lot of IP traffic and/or non-SYN TCP traffic is sent to the CPU.
Here is the default NP queue priority configuration:
config system npu config np-queues config ethernet-type edit "ARP" set type 806 set queue 9 next edit "HA-SESSYNC" set type 8892 set queue 11 next edit "HA-DEF" set type 8890 set queue 11 next edit "HC-DEF" set type 8891 set queue 11 next edit "L2EP-DEF" set type 8893 set queue 11 next edit "LACP" set type 8809 set queue 9 next end config ip-protocol edit "OSPF" set protocol 89 set queue 11 next edit "IGMP" set protocol 2 set queue 11 next edit "ICMP" set protocol 1 set queue 3 next end config ip-service edit "IKE" set protocol 17 set sport 500 set dport 500 set queue 11 next edit "BGP" set protocol 6 set sport 179 set dport 179 set queue 9 next edit "BFD-single-hop" set protocol 17 set sport 3784 set dport 3784 set queue 11 next edit "BFD-multiple-hop" set protocol 17 set sport 4784 set dport 4784 set queue 11 next edit "SLBC-management" set protocol 17 set dport 720 set queue 11 next edit "SLBC-1" set protocol 17 set sport 11133 set dport 11133 set queue 11 next edit "SLBC-2" set protocol 17 set sport 65435 set dport 65435 set queue 11 end