Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    7.0.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config system npu

    config system npu

    Note

    This command is available for reference model(s) FortiGate 3000D, FortiGate 140E-POE, FortiGate 501E, FortiWiFi 61F. It is not available for FortiGate VM64.

    Configure NPU attributes.

    config system npu

    Description: Configure NPU attributes.

    set dedicated-management-cpu [enable|disable]

    config port-cpu-map

    Description: Configure NPU interface to CPU core mapping.

    edit <interface>

    set cpu-core {string}

    next

    end

    set fastpath [disable|enable]

    set capwap-offload [enable|disable]

    set ipsec-enc-subengine-mask {user}

    set ipsec-dec-subengine-mask {user}

    set sw-np-bandwidth [0G|2G|...]

    set strip-esp-padding [enable|disable]

    set strip-clear-text-padding [enable|disable]

    set ipsec-inbound-cache [enable|disable]

    set sse-backpressure [enable|disable]

    set rdp-offload [enable|disable]

    set ipsec-over-vlink [enable|disable]

    set uesp-offload [enable|disable]

    set qos-mode [disable|priority|...]

    config isf-np-queues

    Description: Configure queues of switch port connected to NP6 XAUI on ingress path.

    set cos0 {string}

    set cos1 {string}

    set cos2 {string}

    set cos3 {string}

    set cos4 {string}

    set cos5 {string}

    set cos6 {string}

    set cos7 {string}

    end

    set mcast-session-accounting [tpe-based|session-based|...]

    set ipsec-mtu-override [disable|enable]

    set lag-out-port-select [disable|enable]

    set session-denied-offload [disable|enable]

    config priority-protocol

    Description: Configure NPU priority protocol.

    set bgp [enable|disable]

    set slbc [enable|disable]

    set bfd [enable|disable]

    end

    end

    config system npu

    Parameter

    Description

    Type

    Size

    Default

    dedicated-management-cpu *

    Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

    option

    -

    disable

    Option

    Description

    enable

    Enable dedication of CPU #0 for management tasks.

    disable

    Disable dedication of CPU #0 for management tasks.

    fastpath *

    Enable/disable NP6 offloading (also called fast path).

    option

    -

    enable

    Option

    Description

    disable

    Disable NP6 offloading (fast path).

    enable

    Enable NP6 offloading (fast path).

    capwap-offload *

    Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

    option

    -

    enable

    Option

    Description

    enable

    Enable CAPWAP offload.

    disable

    Disable CAPWAP offload.

    ipsec-enc-subengine-mask *

    IPsec encryption subengine mask .

    user

    Not Specified

    ipsec-dec-subengine-mask *

    IPsec decryption subengine mask .

    user

    Not Specified

    sw-np-bandwidth *

    Bandwidth from switch to NP.

    option

    -

    0G

    Option

    Description

    0G

    Default value. No bandwidth control.

    2G

    2Gbps.

    4G

    4Gbps.

    5G

    5Gbps.

    6G

    6Gbps.

    strip-esp-padding *

    Enable/disable stripping ESP padding.

    option

    -

    disable

    Option

    Description

    enable

    Enable stripping ESP padding.

    disable

    Disable stripping ESP padding.

    strip-clear-text-padding *

    Enable/disable stripping clear text padding.

    option

    -

    disable

    Option

    Description

    enable

    Enable stripping clear text padding.

    disable

    Disable stripping clear text padding.

    ipsec-inbound-cache *

    Enable/disable IPsec inbound cache for anti-replay.

    option

    -

    enable

    Option

    Description

    enable

    Enable inbound cache always.

    disable

    Disable inbound cache when IPsec anti-replay is on.

    sse-backpressure *

    Enable/disable sse backpressure.

    option

    -

    disable

    Option

    Description

    enable

    Enable sse backpressureg.

    disable

    Disable sse backpressureg.

    rdp-offload *

    Enable/disable rdp offload.

    option

    -

    enable

    Option

    Description

    enable

    Enable reliable datagram protocol traffic offload.

    disable

    Disable reliable datagram protocol traffic offload.

    ipsec-over-vlink *

    Enable/disable IPSEC over vlink.

    option

    -

    disable

    Option

    Description

    enable

    Enable IPSEC over vlink.

    disable

    Disable IPSEC over vlink.

    uesp-offload *

    Enable/disable UDP-encapsulated ESP offload .

    option

    -

    disable

    Option

    Description

    enable

    Enable UDP-encapsulated ESP traffic offload.

    disable

    Disable UDP-encapsulated ESP traffic offload.

    qos-mode *

    QoS mode on switch and NP.

    option

    -

    disable

    Option

    Description

    disable

    Disable QoS on switch and NP.

    priority

    Priority based.

    round-robin

    Round Robin Scheduler.

    mcast-session-accounting *

    Enable/disable traffic accounting for each multicast session through TAE counter.

    option

    -

    tpe-based

    Option

    Description

    tpe-based

    Enable TPE-based multicast session accounting.

    session-based

    Enable session-based multicast session accounting.

    disable

    Disable multicast session accounting.

    ipsec-mtu-override *

    Enable/disable NP6 IPsec MTU override.

    option

    -

    disable

    Option

    Description

    disable

    Disable NP6 IPsec MTU override.

    enable

    Enable NP6 IPsec MTU override.

    lag-out-port-select *

    Enable/disable LAG outgoing port selection based on incoming traffic port.

    option

    -

    disable

    Option

    Description

    disable

    Disable LAG outgoing trunk in switch.

    enable

    Enable LAG outgoing trunk in switch.

    session-denied-offload *

    Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set.

    option

    -

    disable

    Option

    Description

    disable

    Disable offloading of denied sessions.

    enable

    Enable offloading of denied sessions.

    * This parameter may not exist in some models.

    config port-cpu-map

    Parameter

    Description

    Type

    Size

    Default

    cpu-core

    The CPU core to map to an interface.

    string

    Maximum length: 31

    all

    config isf-np-queues

    Parameter

    Description

    Type

    Size

    Default

    cos0

    CoS profile name for CoS 0.

    string

    Maximum length: 35

    cos1

    CoS profile name for CoS 1.

    string

    Maximum length: 35

    cos2

    CoS profile name for CoS 2.

    string

    Maximum length: 35

    cos3

    CoS profile name for CoS 3.

    string

    Maximum length: 35

    cos4

    CoS profile name for CoS 4.

    string

    Maximum length: 35

    cos5

    CoS profile name for CoS 5.

    string

    Maximum length: 35

    cos6

    CoS profile name for CoS 6.

    string

    Maximum length: 35

    cos7

    CoS profile name for CoS 7.

    string

    Maximum length: 35

    config priority-protocol

    Parameter

    Description

    Type

    Size

    Default

    bgp

    Enable/disable NPU BGP priority protocol.

    option

    -

    enable

    Option

    Description

    enable

    Enable NPU BGP priority protocol.

    disable

    Disable NPU BGP priority protocol.

    slbc

    Enable/disable NPU SLBC priority protocol.

    option

    -

    enable

    Option

    Description

    enable

    Enable NPU SLBC priority protocol.

    disable

    Disable NPU SLBC priority protocol.

    bfd

    Enable/disable NPU BFD priority protocol.

    option

    -

    enable

    Option

    Description

    enable

    Enable NPU BFD priority protocol.

    disable

    Disable NPU BFD priority protocol.
    Previous
    Next

    config system npu

    config system npu

    Note

    This command is available for reference model(s) FortiGate 3000D, FortiGate 140E-POE, FortiGate 501E, FortiWiFi 61F. It is not available for FortiGate VM64.

    Configure NPU attributes.

    config system npu

    Description: Configure NPU attributes.

    set dedicated-management-cpu [enable|disable]

    config port-cpu-map

    Description: Configure NPU interface to CPU core mapping.

    edit <interface>

    set cpu-core {string}

    next

    end

    set fastpath [disable|enable]

    set capwap-offload [enable|disable]

    set ipsec-enc-subengine-mask {user}

    set ipsec-dec-subengine-mask {user}

    set sw-np-bandwidth [0G|2G|...]

    set strip-esp-padding [enable|disable]

    set strip-clear-text-padding [enable|disable]

    set ipsec-inbound-cache [enable|disable]

    set sse-backpressure [enable|disable]

    set rdp-offload [enable|disable]

    set ipsec-over-vlink [enable|disable]

    set uesp-offload [enable|disable]

    set qos-mode [disable|priority|...]

    config isf-np-queues

    Description: Configure queues of switch port connected to NP6 XAUI on ingress path.

    set cos0 {string}

    set cos1 {string}

    set cos2 {string}

    set cos3 {string}

    set cos4 {string}

    set cos5 {string}

    set cos6 {string}

    set cos7 {string}

    end

    set mcast-session-accounting [tpe-based|session-based|...]

    set ipsec-mtu-override [disable|enable]

    set lag-out-port-select [disable|enable]

    set session-denied-offload [disable|enable]

    config priority-protocol

    Description: Configure NPU priority protocol.

    set bgp [enable|disable]

    set slbc [enable|disable]

    set bfd [enable|disable]

    end

    end

    config system npu

    Parameter

    Description

    Type

    Size

    Default

    dedicated-management-cpu *

    Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

    option

    -

    disable

    Option

    Description

    enable

    Enable dedication of CPU #0 for management tasks.

    disable

    Disable dedication of CPU #0 for management tasks.

    fastpath *

    Enable/disable NP6 offloading (also called fast path).

    option

    -

    enable

    Option

    Description

    disable

    Disable NP6 offloading (fast path).

    enable

    Enable NP6 offloading (fast path).

    capwap-offload *

    Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

    option

    -

    enable

    Option

    Description

    enable

    Enable CAPWAP offload.

    disable

    Disable CAPWAP offload.

    ipsec-enc-subengine-mask *

    IPsec encryption subengine mask .

    user

    Not Specified

    ipsec-dec-subengine-mask *

    IPsec decryption subengine mask .

    user

    Not Specified

    sw-np-bandwidth *

    Bandwidth from switch to NP.

    option

    -

    0G

    Option

    Description

    0G

    Default value. No bandwidth control.

    2G

    2Gbps.

    4G

    4Gbps.

    5G

    5Gbps.

    6G

    6Gbps.

    strip-esp-padding *

    Enable/disable stripping ESP padding.

    option

    -

    disable

    Option

    Description

    enable

    Enable stripping ESP padding.

    disable

    Disable stripping ESP padding.

    strip-clear-text-padding *

    Enable/disable stripping clear text padding.

    option

    -

    disable

    Option

    Description

    enable

    Enable stripping clear text padding.

    disable

    Disable stripping clear text padding.

    ipsec-inbound-cache *

    Enable/disable IPsec inbound cache for anti-replay.

    option

    -

    enable

    Option

    Description

    enable

    Enable inbound cache always.

    disable

    Disable inbound cache when IPsec anti-replay is on.

    sse-backpressure *

    Enable/disable sse backpressure.

    option

    -

    disable

    Option

    Description

    enable

    Enable sse backpressureg.

    disable

    Disable sse backpressureg.

    rdp-offload *

    Enable/disable rdp offload.

    option

    -

    enable

    Option

    Description

    enable

    Enable reliable datagram protocol traffic offload.

    disable

    Disable reliable datagram protocol traffic offload.

    ipsec-over-vlink *

    Enable/disable IPSEC over vlink.

    option

    -

    disable

    Option

    Description

    enable

    Enable IPSEC over vlink.

    disable

    Disable IPSEC over vlink.

    uesp-offload *

    Enable/disable UDP-encapsulated ESP offload .

    option

    -

    disable

    Option

    Description

    enable

    Enable UDP-encapsulated ESP traffic offload.

    disable

    Disable UDP-encapsulated ESP traffic offload.

    qos-mode *

    QoS mode on switch and NP.

    option

    -

    disable

    Option

    Description

    disable

    Disable QoS on switch and NP.

    priority

    Priority based.

    round-robin

    Round Robin Scheduler.

    mcast-session-accounting *

    Enable/disable traffic accounting for each multicast session through TAE counter.

    option

    -

    tpe-based

    Option

    Description

    tpe-based

    Enable TPE-based multicast session accounting.

    session-based

    Enable session-based multicast session accounting.

    disable

    Disable multicast session accounting.

    ipsec-mtu-override *

    Enable/disable NP6 IPsec MTU override.

    option

    -

    disable

    Option

    Description

    disable

    Disable NP6 IPsec MTU override.

    enable

    Enable NP6 IPsec MTU override.

    lag-out-port-select *

    Enable/disable LAG outgoing port selection based on incoming traffic port.

    option

    -

    disable

    Option

    Description

    disable

    Disable LAG outgoing trunk in switch.

    enable

    Enable LAG outgoing trunk in switch.

    session-denied-offload *

    Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set.

    option

    -

    disable

    Option

    Description

    disable

    Disable offloading of denied sessions.

    enable

    Enable offloading of denied sessions.

    * This parameter may not exist in some models.

    config port-cpu-map

    Parameter

    Description

    Type

    Size

    Default

    cpu-core

    The CPU core to map to an interface.

    string

    Maximum length: 31

    all

    config isf-np-queues

    Parameter

    Description

    Type

    Size

    Default

    cos0

    CoS profile name for CoS 0.

    string

    Maximum length: 35

    cos1

    CoS profile name for CoS 1.

    string

    Maximum length: 35

    cos2

    CoS profile name for CoS 2.

    string

    Maximum length: 35

    cos3

    CoS profile name for CoS 3.

    string

    Maximum length: 35

    cos4

    CoS profile name for CoS 4.

    string

    Maximum length: 35

    cos5

    CoS profile name for CoS 5.

    string

    Maximum length: 35

    cos6

    CoS profile name for CoS 6.

    string

    Maximum length: 35

    cos7

    CoS profile name for CoS 7.

    string

    Maximum length: 35

    config priority-protocol

    Parameter

    Description

    Type

    Size

    Default

    bgp

    Enable/disable NPU BGP priority protocol.

    option

    -

    enable

    Option

    Description

    enable

    Enable NPU BGP priority protocol.

    disable

    Disable NPU BGP priority protocol.

    slbc

    Enable/disable NPU SLBC priority protocol.

    option

    -

    enable

    Option

    Description

    enable

    Enable NPU SLBC priority protocol.

    disable

    Disable NPU SLBC priority protocol.

    bfd

    Enable/disable NPU BFD priority protocol.

    option

    -

    enable

    Option

    Description

    enable

    Enable NPU BFD priority protocol.

    disable

    Disable NPU BFD priority protocol.
    Previous
    Next