DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
Hardware Acceleration
Hardware acceleration
What's new for FortiOS 7.4.4
What's new for FortiOS 7.4.3
What's new for FortiOS 7.4.2
What's new for FortiOS 7.4.1
What's new for FortiOS 7.4.0
Content processors (CP9, CP9XLite, CP9Lite)
CP9 capabilities
CP8 capabilities
Determining the content processor in your FortiGate unit
Network processors (NP7, NP6, NP6XLite, and NP6Lite)
Accelerated sessions on FortiView All Sessions page
NP session offloading in HA active-active configuration
Configuring NP HMAC check offloading
Software switch interfaces and NP processors
Disabling NP offloading for firewall policies
Disabling NP offloading for individual IPsec VPN phase 1s
NP acceleration, virtual clustering, and VLAN MAC addresses
Determining the network processors installed in your FortiGate
NP hardware acceleration alters packet flow
NP7, NP6, NP6XLite, and NP6Lite traffic logging and monitoring
sFlow and NetFlow and hardware acceleration
Checking that traffic is offloaded by NP processors
Improving GUI and CLI responsiveness (dedicated management CPU)
Preventing packet ordering problems
Strict protocol header checking disables hardware acceleration
NTurbo and IPSA
NTurbo offloads flow-based processing
Disabling nTurbo for firewall policies
IPSA offloads flow-based pattern matching
NP7 acceleration
NP7 session fast path requirements
NP7 fastpath and EMAC VLANs
Mixing fast path and non-fast path traffic
Protocols that can be offloaded by NP7 processors
Tunneling protocols that can be offloaded by NP7 processors
Viewing your FortiGate NP7 processor configuration
NP7 performance optimized over KR links
Bandwidth control for NPU accelerated VDOM link interfaces
Controlling the maximum outgoing VLAN bandwidth
Per-session accounting for offloaded NP7 sessions
Enabling per-session accounting
Enabling multicast per-session accounting
Changing the per-session accounting interval
Increasing NP7 offloading capacity using link aggregation groups (LAGs)
NP7 processors and redundant interfaces
Mirroring packets offloaded by NP7 processors
Changing the policy offload level
DoS policy hardware acceleration
NP7 access control lists (ACLs)
Configuring inter-VDOM link acceleration with NP7 processors
Using VLANs to add more accelerated inter-VDOM links
Confirm that the traffic is accelerated
Reassembling and offloading fragmented packets
Configuring ISF load balancing
NP7 traffic shaping
Recording NP7 traffic shaping statistics
Disabling offloading IPsec Diffie-Hellman key exchange
Distributing HA session synchronization packets to multiple CPUs
Changing NP7 TCP session setup
NP7 diagnose commands
Changing the DVLAN mode for FortiGates with NP7 processors
NP7 packet sniffer
Tracing packet flow on FortiGates with NP7 processors
diagnose npu np7 (display NP7 information)
diagnose sys session list and no_ofld_reason field (NP7 session information)
NP7 Host Protection Engine (HPE)
NP7 HPE recommended configuration
NP7 HPE packet flow and host queues
NP7 HPE for individual traffic types
NP7 HPE and high priority traffic
Monitoring NP7 HPE activity
Displaying NP7 HPE configuration and status information
Configuring NP7 processors
config system npu-post
dedicated-management-cpu {disable | enable}
npu-group-effective-scope {0 | 1 | 2 | 3 | 255}
hash-config {src-dst-ip | 5-tuple | src-ip}
napi-break-interval
capwap-offload {disable | enable}
vxlan-offload {disable | enable}
default-qos-type {policing | shaping}
shaping-stats {disable | enable}
gtp-support {disable | enable}
per-session-accounting {disable | enable | traffic-log-only}
session-acct-interval
per-policy-accounting {disable | enable}
max-session-timeout
hash-tbl-spread (disable | enable}
vlan-lookup-cache {disable | enable}
ip-fragment-offload {disable | enable}
htx-icmp-csum-chk { drop | pass}
htab-msg-queue {data | idle | dedicated}
htab-dedi-queue-nr
qos-mode {disable | piority | round-robin}
inbound-dscp-copy-port
[
...]
double-level-mcast-offload {disable | enable}
qtm-buf-mode {6ch | 4ch}
ipsec-ob-np-sel {rr | packet | hash}
max-receive-unit
ull-port-mode {10G | 25G}
config port-npu-map
config port-path-option
config dos-options
config fp-anomaly
config ip-reassembly
config dsw-dts-profile
config dsw-queue-dts-profile
config np-queues (configuring NP7 queue protocol prioritization)
Default NP7 queue protocol prioritization configuration
config sw-eh-hash
config sw-tr-hash
FortiGate NP7 architectures
FortiGate 400F and 401F fast path architecture
FortiGate 600F and 601F fast path architecture
FortiGate 900G and 901G fast path architecture
FortiGate 1000F and 1001F fast path architecture
FortiGate 1800F and 1801F fast path architecture
FortiGate 2600F and 2601F fast path architecture
FortiGate 3000F and 3001F fast path architecture
FortiGate 3200F and 3201F fast path architecture
FortiGate 3500F and 3501F fast path architecture
FortiGate 3700F and 3701F fast path architecture
FortiGate 4200F and 4201F fast path architecture
FortiGate 4400F and 4401F fast path architecture
FortiGate 4800F and 4801F fast path architecture
FortiGate-7081F fast path architecture
FortiGate-7121F fast path architecture
FIM-7921F fast path architecture
FIM-7941F fast path architecture
FPM-7620F fast path architecture
NP6, NP6XLite, and NP6Lite acceleration
NP6 session fast path requirements
NP6XLite processors
NP6Lite processors
NP6 processors and traffic shaping
IPv4 interface-based traffic shaping
NP Direct
Viewing your FortiGate NP6, NP6XLite, or NP6Lite processor configuration
Disabling NP6, NP6XLite, and NP6Lite hardware acceleration (fastpath)
Optimizing NP6 performance by distributing traffic to XAUI links
Enabling bandwidth control between the ISF and NP6 XAUI ports to reduce the number of dropped egress packets
Increasing NP6 offloading capacity using link aggregation groups (LAGs)
NP6 processors and redundant interfaces
Configuring inter-VDOM link acceleration with NP6 processors
Using VLANs to add more accelerated inter-VDOM link interfaces
Confirm that the traffic is accelerated
IPv6 IPsec VPN over NPU VDOM links
Disabling offloading IPsec Diffie-Hellman key exchange
Supporting IPsec anti-replay protection
NP6 access control lists (ACLs)
NP6 HPE host protection engine
NP6 HPE packet flow and host queues
NP6 HPE configuration options
NP6 HPE and high priority traffic
Adjusting NP6 HPE BGP, SLBC, and BFD priorities
Monitoring NP6 HPE activity
Displaying NP6 HPE configuration and status information
Configuring individual NP6 processors
Per-session accounting for offloaded NP6, NP6XLite, and NP6Lite sessions
Multicast per-session accounting
Configuring NP6 session timeouts
Configure the number of IPsec engines NP6 processors use
Stripping clear text padding and IPsec session ESP padding
Disable NP6 and NP6XLite CAPWAP offloading
Optionally disable NP6 offloading of traffic passing between 10Gbps and 1Gbps interfaces
Performance reduction for NP6 processors with 1Gbps interfaces
Offloading RDP traffic
NP6 session drift
Enhanced load balancing for LAG interfaces for NP6 platforms
Optimizing FortiGate 3960E and 3980E IPsec VPN performance
FortiGate 3960E and 3980E support for high throughput traffic streams
Recalculating packet checksums if the iph.reserved bit is set to 0
NP6 IPsec engine status monitoring
Interface to CPU mapping
Reducing the amount of dropped egress packets on LAG interfaces
Allowing offloaded IPsec packets that exceed the interface MTU
Offloading traffic denied by a firewall policy to reduce CPU usage
Configuring the QoS mode for NP6-accelerated traffic
Recovering from an internal link failure
Offloading UDP-encapsulated ESP traffic
NP6 get and diagnose commands
get hardware npu np6
diagnose npu np6
diagnose npu np6 npu-feature (verify enabled NP6 features)
diagnose npu np6xlite npu-feature (verify enabled NP6Lite features)
diagnose npu np6lite npu-feature (verify enabled NP6Lite features)
diagnose sys session/session6 list (view offloaded sessions)
diagnose sys session list no_ofld_reason field
diagnose npu np6 session-stats
(number of NP6 IPv4 and IPv6 sessions)
diagnose npu np6 ipsec-stats (NP6 IPsec statistics)
diagnose npu np6 sse-stats
(number of NP6 sessions and dropped sessions)
diagnose npu np6 dce
(number of dropped NP6 packets)
diagnose hardware deviceinfo nic
(number of packets dropped by an interface)
diagnose npu np6 synproxy-stats (NP6 SYN-proxied sessions and unacknowledged SYNs)
FortiGate NP6 architectures
FortiGate 300E and 301E fast path architecture
FortiGate 400E and 401E fast path architecture
FortiGate 400E Bypass fast path architecture
FortiGate 500E and 501E fast path architecture
FortiGate 600E and 601E fast path architecture
FortiGate 800D fast path architecture
FortiGate 900D fast path architecture
FortiGate 1000D fast path architecture
FortiGate 1100E and 1101E fast path architecture
FortiGate 2000E fast path architecture
FortiGate 2200E and 2201E fast path architecture
FortiGate 2500E fast path architecture
FortiGate 3000D fast path architecture
FortiGate 3100D fast path architecture
FortiGate 3200D fast path architecture
FortiGate 3300E and 3301E fast path architecture
FortiGate 3400E and 3401E fast path architecture
FortiGate 3600E and 3601E fast path architecture
FortiGate 3700D fast path architecture
FortiGate 3960E fast path architecture
FortiGate 3980E fast path architecture
FortiGate-5001E and 5001E1 fast path architecture
FortiController-5902D fast path architecture
FortiGate 6000F series
FortiGate-7030E fast path architecture
FortiGate-7040E fast path architecture
FortiGate-7060E fast path architecture
FIM-7901E fast path architecture
FIM-7904E fast path architecture
FIM-7910E fast path architecture
FIM-7920E fast path architecture
FPM-7620E fast path architecture
FPM-7630E fast path architecture
FortiGate NP6XLite architectures
FortiGate 40F fast path architecture
FortiGate 60F and 61F fast path architecture
FortiGate Rugged 60F fast path architecture
FortiGate 70F and 71F fast path architecture
FortiGate Rugged 70F fast path architecture
FortiGate 80F, 81F, and 80F Bypass fast path architecture
FortiGate 100F and 101F fast path architecture
FortiGate 200F and 201F fast path architecture
FortiGate NP6Lite architectures
FortiGate 200E and 201E fast path architecture
Change log
Home
FortiGate / FortiOS 7.4.4
Hardware Acceleration
7.4.4
7.6.0
7.4.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.4.5
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.9
6.2.7
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
5.6.0
ipsec-ob-np-sel {rr | packet | hash}
ipsec-ob-np-sel {rr | packet | hash}
For future use.
Previous
Next
ipsec-ob-np-sel {rr | packet | hash}
ipsec-ob-np-sel {rr | packet | hash}
For future use.
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Hardware acceleration
What's new for FortiOS 7.4.4
What's new for FortiOS 7.4.3
What's new for FortiOS 7.4.2
What's new for FortiOS 7.4.1
What's new for FortiOS 7.4.0
Content processors (CP9, CP9XLite, CP9Lite)
CP9 capabilities
CP8 capabilities
Determining the content processor in your FortiGate unit
Network processors (NP7, NP6, NP6XLite, and NP6Lite)
Accelerated sessions on FortiView All Sessions page
NP session offloading in HA active-active configuration
Configuring NP HMAC check offloading
Software switch interfaces and NP processors
Disabling NP offloading for firewall policies
Disabling NP offloading for individual IPsec VPN phase 1s
NP acceleration, virtual clustering, and VLAN MAC addresses
Determining the network processors installed in your FortiGate
NP hardware acceleration alters packet flow
NP7, NP6, NP6XLite, and NP6Lite traffic logging and monitoring
sFlow and NetFlow and hardware acceleration
Checking that traffic is offloaded by NP processors
Improving GUI and CLI responsiveness (dedicated management CPU)
Preventing packet ordering problems
Strict protocol header checking disables hardware acceleration
NTurbo and IPSA
NTurbo offloads flow-based processing
Disabling nTurbo for firewall policies
IPSA offloads flow-based pattern matching
NP7 acceleration
NP7 session fast path requirements
NP7 fastpath and EMAC VLANs
Mixing fast path and non-fast path traffic
Protocols that can be offloaded by NP7 processors
Tunneling protocols that can be offloaded by NP7 processors
Viewing your FortiGate NP7 processor configuration
NP7 performance optimized over KR links
Bandwidth control for NPU accelerated VDOM link interfaces
Controlling the maximum outgoing VLAN bandwidth
Per-session accounting for offloaded NP7 sessions
Enabling per-session accounting
Enabling multicast per-session accounting
Changing the per-session accounting interval
Increasing NP7 offloading capacity using link aggregation groups (LAGs)
NP7 processors and redundant interfaces
Mirroring packets offloaded by NP7 processors
Changing the policy offload level
DoS policy hardware acceleration
NP7 access control lists (ACLs)
Configuring inter-VDOM link acceleration with NP7 processors
Using VLANs to add more accelerated inter-VDOM links
Confirm that the traffic is accelerated
Reassembling and offloading fragmented packets
Configuring ISF load balancing
NP7 traffic shaping
Recording NP7 traffic shaping statistics
Disabling offloading IPsec Diffie-Hellman key exchange
Distributing HA session synchronization packets to multiple CPUs
Changing NP7 TCP session setup
NP7 diagnose commands
Changing the DVLAN mode for FortiGates with NP7 processors
NP7 packet sniffer
Tracing packet flow on FortiGates with NP7 processors
diagnose npu np7 (display NP7 information)
diagnose sys session list and no_ofld_reason field (NP7 session information)
NP7 Host Protection Engine (HPE)
NP7 HPE recommended configuration
NP7 HPE packet flow and host queues
NP7 HPE for individual traffic types
NP7 HPE and high priority traffic
Monitoring NP7 HPE activity
Displaying NP7 HPE configuration and status information
Configuring NP7 processors
config system npu-post
dedicated-management-cpu {disable | enable}
npu-group-effective-scope {0 | 1 | 2 | 3 | 255}
hash-config {src-dst-ip | 5-tuple | src-ip}
napi-break-interval
capwap-offload {disable | enable}
vxlan-offload {disable | enable}
default-qos-type {policing | shaping}
shaping-stats {disable | enable}
gtp-support {disable | enable}
per-session-accounting {disable | enable | traffic-log-only}
session-acct-interval
per-policy-accounting {disable | enable}
max-session-timeout
hash-tbl-spread (disable | enable}
vlan-lookup-cache {disable | enable}
ip-fragment-offload {disable | enable}
htx-icmp-csum-chk { drop | pass}
htab-msg-queue {data | idle | dedicated}
htab-dedi-queue-nr
qos-mode {disable | piority | round-robin}
inbound-dscp-copy-port
[
...]
double-level-mcast-offload {disable | enable}
qtm-buf-mode {6ch | 4ch}
ipsec-ob-np-sel {rr | packet | hash}
max-receive-unit
ull-port-mode {10G | 25G}
config port-npu-map
config port-path-option
config dos-options
config fp-anomaly
config ip-reassembly
config dsw-dts-profile
config dsw-queue-dts-profile
config np-queues (configuring NP7 queue protocol prioritization)
Default NP7 queue protocol prioritization configuration
config sw-eh-hash
config sw-tr-hash
FortiGate NP7 architectures
FortiGate 400F and 401F fast path architecture
FortiGate 600F and 601F fast path architecture
FortiGate 900G and 901G fast path architecture
FortiGate 1000F and 1001F fast path architecture
FortiGate 1800F and 1801F fast path architecture
FortiGate 2600F and 2601F fast path architecture
FortiGate 3000F and 3001F fast path architecture
FortiGate 3200F and 3201F fast path architecture
FortiGate 3500F and 3501F fast path architecture
FortiGate 3700F and 3701F fast path architecture
FortiGate 4200F and 4201F fast path architecture
FortiGate 4400F and 4401F fast path architecture
FortiGate 4800F and 4801F fast path architecture
FortiGate-7081F fast path architecture
FortiGate-7121F fast path architecture
FIM-7921F fast path architecture
FIM-7941F fast path architecture
FPM-7620F fast path architecture
NP6, NP6XLite, and NP6Lite acceleration
NP6 session fast path requirements
NP6XLite processors
NP6Lite processors
NP6 processors and traffic shaping
IPv4 interface-based traffic shaping
NP Direct
Viewing your FortiGate NP6, NP6XLite, or NP6Lite processor configuration
Disabling NP6, NP6XLite, and NP6Lite hardware acceleration (fastpath)
Optimizing NP6 performance by distributing traffic to XAUI links
Enabling bandwidth control between the ISF and NP6 XAUI ports to reduce the number of dropped egress packets
Increasing NP6 offloading capacity using link aggregation groups (LAGs)
NP6 processors and redundant interfaces
Configuring inter-VDOM link acceleration with NP6 processors
Using VLANs to add more accelerated inter-VDOM link interfaces
Confirm that the traffic is accelerated
IPv6 IPsec VPN over NPU VDOM links
Disabling offloading IPsec Diffie-Hellman key exchange
Supporting IPsec anti-replay protection
NP6 access control lists (ACLs)
NP6 HPE host protection engine
NP6 HPE packet flow and host queues
NP6 HPE configuration options
NP6 HPE and high priority traffic
Adjusting NP6 HPE BGP, SLBC, and BFD priorities
Monitoring NP6 HPE activity
Displaying NP6 HPE configuration and status information
Configuring individual NP6 processors
Per-session accounting for offloaded NP6, NP6XLite, and NP6Lite sessions
Multicast per-session accounting
Configuring NP6 session timeouts
Configure the number of IPsec engines NP6 processors use
Stripping clear text padding and IPsec session ESP padding
Disable NP6 and NP6XLite CAPWAP offloading
Optionally disable NP6 offloading of traffic passing between 10Gbps and 1Gbps interfaces
Performance reduction for NP6 processors with 1Gbps interfaces
Offloading RDP traffic
NP6 session drift
Enhanced load balancing for LAG interfaces for NP6 platforms
Optimizing FortiGate 3960E and 3980E IPsec VPN performance
FortiGate 3960E and 3980E support for high throughput traffic streams
Recalculating packet checksums if the iph.reserved bit is set to 0
NP6 IPsec engine status monitoring
Interface to CPU mapping
Reducing the amount of dropped egress packets on LAG interfaces
Allowing offloaded IPsec packets that exceed the interface MTU
Offloading traffic denied by a firewall policy to reduce CPU usage
Configuring the QoS mode for NP6-accelerated traffic
Recovering from an internal link failure
Offloading UDP-encapsulated ESP traffic
NP6 get and diagnose commands
get hardware npu np6
diagnose npu np6
diagnose npu np6 npu-feature (verify enabled NP6 features)
diagnose npu np6xlite npu-feature (verify enabled NP6Lite features)
diagnose npu np6lite npu-feature (verify enabled NP6Lite features)
diagnose sys session/session6 list (view offloaded sessions)
diagnose sys session list no_ofld_reason field
diagnose npu np6 session-stats
(number of NP6 IPv4 and IPv6 sessions)
diagnose npu np6 ipsec-stats (NP6 IPsec statistics)
diagnose npu np6 sse-stats
(number of NP6 sessions and dropped sessions)
diagnose npu np6 dce
(number of dropped NP6 packets)
diagnose hardware deviceinfo nic
(number of packets dropped by an interface)
diagnose npu np6 synproxy-stats (NP6 SYN-proxied sessions and unacknowledged SYNs)
FortiGate NP6 architectures
FortiGate 300E and 301E fast path architecture
FortiGate 400E and 401E fast path architecture
FortiGate 400E Bypass fast path architecture
FortiGate 500E and 501E fast path architecture
FortiGate 600E and 601E fast path architecture
FortiGate 800D fast path architecture
FortiGate 900D fast path architecture
FortiGate 1000D fast path architecture
FortiGate 1100E and 1101E fast path architecture
FortiGate 2000E fast path architecture
FortiGate 2200E and 2201E fast path architecture
FortiGate 2500E fast path architecture
FortiGate 3000D fast path architecture
FortiGate 3100D fast path architecture
FortiGate 3200D fast path architecture
FortiGate 3300E and 3301E fast path architecture
FortiGate 3400E and 3401E fast path architecture
FortiGate 3600E and 3601E fast path architecture
FortiGate 3700D fast path architecture
FortiGate 3960E fast path architecture
FortiGate 3980E fast path architecture
FortiGate-5001E and 5001E1 fast path architecture
FortiController-5902D fast path architecture
FortiGate 6000F series
FortiGate-7030E fast path architecture
FortiGate-7040E fast path architecture
FortiGate-7060E fast path architecture
FIM-7901E fast path architecture
FIM-7904E fast path architecture
FIM-7910E fast path architecture
FIM-7920E fast path architecture
FPM-7620E fast path architecture
FPM-7630E fast path architecture
FortiGate NP6XLite architectures
FortiGate 40F fast path architecture
FortiGate 60F and 61F fast path architecture
FortiGate Rugged 60F fast path architecture
FortiGate 70F and 71F fast path architecture
FortiGate Rugged 70F fast path architecture
FortiGate 80F, 81F, and 80F Bypass fast path architecture
FortiGate 100F and 101F fast path architecture
FortiGate 200F and 201F fast path architecture
FortiGate NP6Lite architectures
FortiGate 200E and 201E fast path architecture
Change log
