config system npu

This command is available for model(s): FortiGate 1000D, FortiGate 1000F, FortiGate 1001F, FortiGate 100EF, FortiGate 100E, FortiGate 100F, FortiGate 101E, FortiGate 101F, FortiGate 1100E, FortiGate 1101E, FortiGate 140E-POE, FortiGate 140E, FortiGate 1500DT, FortiGate 1500D, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 201E, FortiGate 201F, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000D, FortiGate 3000F, FortiGate 3001F, FortiGate 300E, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3200F, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3500F, FortiGate 3501F, FortiGate 3600E, FortiGate 3601E, FortiGate 3700D, FortiGate 3700F, FortiGate 3701F, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 40F 3G4G, FortiGate 40F, FortiGate 4200F, FortiGate 4201F, FortiGate 4400F, FortiGate 4401F, FortiGate 5001E1, FortiGate 5001E, FortiGate 500E, FortiGate 501E, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 60E DSLJ, FortiGate 60E DSL, FortiGate 60E-POE, FortiGate 60E, FortiGate 60F, FortiGate 61E, FortiGate 61F, FortiGate 70F, FortiGate 71F, FortiGate 800D, FortiGate 80E-POE, FortiGate 80E, FortiGate 80F Bypass, FortiGate 80F-POE, FortiGate 80F, FortiGate 81E-POE, FortiGate 81E, FortiGate 81F-POE, FortiGate 81F, FortiGate 900D, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiGateRugged 70F 3G4G, FortiGateRugged 70F, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 60E DSLJ, FortiWiFi 60E DSL, FortiWiFi 60E, FortiWiFi 60F, FortiWiFi 61E, FortiWiFi 61F, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

It is not available for: FortiGate 90E, FortiGate 91E, FortiGate VM64.

Configure NPU attributes.

config system npu
    Description: Configure NPU attributes.
    set capwap-offload [enable|disable]
    set dedicated-management-affinity {string}
    set dedicated-management-cpu [enable|disable]
    set default-qos-type [policing|shaping|...]
    config dos-options
        Description: NPU DoS configurations.
        set npu-dos-meter-mode [global|local]
        set npu-dos-tpe-mode [enable|disable]
    end
    set double-level-mcast-offload [enable|disable]
    config dsw-dts-profile
        Description: Configure NPU DSW DTS profile.
        edit <profile-id>
            set min-limit {integer}
            set step {integer}
            set action [wait|drop|...]
        next
    end
    config dsw-queue-dts-profile
        Description: Configure NPU DSW Queue DTS profile.
        edit <name>
            set iport [eif0|eif1|...]
            set oport [eif0|eif1|...]
            set profile-id {integer}
            set queue-select {integer}
        next
    end
    set fastpath [disable|enable]
    config fp-anomaly
        Description: IPv4/IPv6 anomaly protection.
        set tcp-syn-fin [allow|drop|...]
        set tcp-fin-noack [allow|drop|...]
        set tcp-fin-only [allow|drop|...]
        set tcp-no-flag [allow|drop|...]
        set tcp-syn-data [allow|drop|...]
        set tcp-winnuke [allow|drop|...]
        set tcp-land [allow|drop|...]
        set udp-land [allow|drop|...]
        set icmp-land [allow|drop|...]
        set icmp-frag [allow|drop|...]
        set ipv4-land [allow|drop|...]
        set ipv4-proto-err [allow|drop|...]
        set ipv4-unknopt [allow|drop|...]
        set ipv4-optrr [allow|drop|...]
        set ipv4-optssrr [allow|drop|...]
        set ipv4-optlsrr [allow|drop|...]
        set ipv4-optstream [allow|drop|...]
        set ipv4-optsecurity [allow|drop|...]
        set ipv4-opttimestamp [allow|drop|...]
        set ipv4-csum-err [drop|trap-to-host]
        set tcp-csum-err [drop|trap-to-host]
        set udp-csum-err [drop|trap-to-host]
        set icmp-csum-err [drop|trap-to-host]
        set ipv6-land [allow|drop|...]
        set ipv6-proto-err [allow|drop|...]
        set ipv6-unknopt [allow|drop|...]
        set ipv6-saddr-err [allow|drop|...]
        set ipv6-daddr-err [allow|drop|...]
        set ipv6-optralert [allow|drop|...]
        set ipv6-optjumbo [allow|drop|...]
        set ipv6-opttunnel [allow|drop|...]
        set ipv6-opthomeaddr [allow|drop|...]
        set ipv6-optnsap [allow|drop|...]
        set ipv6-optendpid [allow|drop|...]
        set ipv6-optinvld [allow|drop|...]
    end
    set gtp-enhanced-cpu-range [0|1|...]
    set gtp-enhanced-mode [enable|disable]
    set gtp-support [enable|disable]
    set hash-tbl-spread [enable|disable]
    set host-shortcut-mode [bi-directional|host-shortcut]
    config hpe
        Description: Host protection engine configuration.
        set all-protocol {integer}
        set tcpsyn-max {integer}
        set tcpsyn-ack-max {integer}
        set tcpfin-rst-max {integer}
        set tcp-max {integer}
        set udp-max {integer}
        set icmp-max {integer}
        set sctp-max {integer}
        set esp-max {integer}
        set ip-frag-max {integer}
        set ip-others-max {integer}
        set arp-max {integer}
        set l2-others-max {integer}
        set high-priority {integer}
        set enable-shaper [disable|enable]
    end
    set htab-dedi-queue-nr {integer}
    set htab-msg-queue [data|idle|...]
    set htx-gtse-quota [100Mbps|200Mbps|...]
    set htx-icmp-csum-chk [drop|pass]
    set inbound-dscp-copy-port <interface1>, <interface2>, ...
    set intf-shaping-offload [enable|disable]
    config ip-reassembly
        Description: IP reassebmly engine configuration.
        set min-timeout {integer}
        set max-timeout {integer}
        set status [disable|enable]
    end
    set iph-rsvd-re-cksum [enable|disable]
    set ipsec-dec-subengine-mask {user}
    set ipsec-enc-subengine-mask {user}
    set ipsec-inbound-cache [enable|disable]
    set ipsec-mtu-override [disable|enable]
    set ipsec-ob-np-sel [rr|Packet|...]
    set ipsec-over-vlink [enable|disable]
    config isf-np-queues
        Description: Configure queues of switch port connected to NP6 XAUI on ingress path.
        set cos0 {string}
        set cos1 {string}
        set cos2 {string}
        set cos3 {string}
        set cos4 {string}
        set cos5 {string}
        set cos6 {string}
        set cos7 {string}
    end
    set lag-out-port-select [disable|enable]
    set max-session-timeout {integer}
    set mcast-session-accounting [tpe-based|session-based|...]
    set napi-break-interval {integer}
    config np-queues
        Description: Configure queue assignment on NP7.
        config profile
            Description: Configure a NP7 class profile.
            edit <id>
                set type [cos|dscp]
                set weight {integer}
                set cos0 [queue0|queue1|...]
                set cos1 [queue0|queue1|...]
                set cos2 [queue0|queue1|...]
                set cos3 [queue0|queue1|...]
                set cos4 [queue0|queue1|...]
                set cos5 [queue0|queue1|...]
                set cos6 [queue0|queue1|...]
                set cos7 [queue0|queue1|...]
                set dscp0 [queue0|queue1|...]
                set dscp1 [queue0|queue1|...]
                set dscp2 [queue0|queue1|...]
                set dscp3 [queue0|queue1|...]
                set dscp4 [queue0|queue1|...]
                set dscp5 [queue0|queue1|...]
                set dscp6 [queue0|queue1|...]
                set dscp7 [queue0|queue1|...]
                set dscp8 [queue0|queue1|...]
                set dscp9 [queue0|queue1|...]
                set dscp10 [queue0|queue1|...]
                set dscp11 [queue0|queue1|...]
                set dscp12 [queue0|queue1|...]
                set dscp13 [queue0|queue1|...]
                set dscp14 [queue0|queue1|...]
                set dscp15 [queue0|queue1|...]
                set dscp16 [queue0|queue1|...]
                set dscp17 [queue0|queue1|...]
                set dscp18 [queue0|queue1|...]
                set dscp19 [queue0|queue1|...]
                set dscp20 [queue0|queue1|...]
                set dscp21 [queue0|queue1|...]
                set dscp22 [queue0|queue1|...]
                set dscp23 [queue0|queue1|...]
                set dscp24 [queue0|queue1|...]
                set dscp25 [queue0|queue1|...]
                set dscp26 [queue0|queue1|...]
                set dscp27 [queue0|queue1|...]
                set dscp28 [queue0|queue1|...]
                set dscp29 [queue0|queue1|...]
                set dscp30 [queue0|queue1|...]
                set dscp31 [queue0|queue1|...]
                set dscp32 [queue0|queue1|...]
                set dscp33 [queue0|queue1|...]
                set dscp34 [queue0|queue1|...]
                set dscp35 [queue0|queue1|...]
                set dscp36 [queue0|queue1|...]
                set dscp37 [queue0|queue1|...]
                set dscp38 [queue0|queue1|...]
                set dscp39 [queue0|queue1|...]
                set dscp40 [queue0|queue1|...]
                set dscp41 [queue0|queue1|...]
                set dscp42 [queue0|queue1|...]
                set dscp43 [queue0|queue1|...]
                set dscp44 [queue0|queue1|...]
                set dscp45 [queue0|queue1|...]
                set dscp46 [queue0|queue1|...]
                set dscp47 [queue0|queue1|...]
                set dscp48 [queue0|queue1|...]
                set dscp49 [queue0|queue1|...]
                set dscp50 [queue0|queue1|...]
                set dscp51 [queue0|queue1|...]
                set dscp52 [queue0|queue1|...]
                set dscp53 [queue0|queue1|...]
                set dscp54 [queue0|queue1|...]
                set dscp55 [queue0|queue1|...]
                set dscp56 [queue0|queue1|...]
                set dscp57 [queue0|queue1|...]
                set dscp58 [queue0|queue1|...]
                set dscp59 [queue0|queue1|...]
                set dscp60 [queue0|queue1|...]
                set dscp61 [queue0|queue1|...]
                set dscp62 [queue0|queue1|...]
                set dscp63 [queue0|queue1|...]
            next
        end
        config ethernet-type
            Description: Configure a NP7 QoS Ethernet Type.
            edit <name>
                set type {ether-type}
                set queue {integer}
                set weight {integer}
            next
        end
        config ip-protocol
            Description: Configure a NP7 QoS IP Protocol.
            edit <name>
                set protocol {integer}
                set queue {integer}
                set weight {integer}
            next
        end
        config ip-service
            Description: Configure a NP7 QoS IP Service.
            edit <name>
                set protocol {integer}
                set sport {integer}
                set dport {integer}
                set queue {integer}
                set weight {integer}
            next
        end
        config scheduler
            Description: Configure a NP7 QoS Scheduler.
            edit <name>
                set mode [none|priority|...]
            next
        end
    end
    set np6-cps-optimization-mode [enable|disable]
    set npu-group-effective-scope {integer}
    set per-policy-accounting [disable|enable]
    set per-session-accounting [traffic-log-only|disable|...]
    set policy-offload-level [disable|dos-offload]
    config port-cpu-map
        Description: Configure NPU interface to CPU core mapping.
        edit <interface>
            set cpu-core {string}
        next
    end
    config port-npu-map
        Description: Configure port to NPU group mapping.
        edit <interface>
            set npu-group-index {integer}
        next
    end
    config port-path-option
        Description: Configure port using NPU or Intel-NIC.
        set ports-using-npu <interface-name1>, <interface-name2>, ...
    end
    config priority-protocol
        Description: Configure NPU priority protocol.
        set bgp [enable|disable]
        set slbc [enable|disable]
        set bfd [enable|disable]
    end
    set qos-mode [disable|priority|...]
    set qtm-buf-mode [6ch|4ch]
    set rdp-offload [enable|disable]
    set recover-np6-link [enable|disable]
    set session-acct-interval {integer}
    set session-denied-offload [disable|enable]
    set shaping-stats [disable|enable]
    set sse-backpressure [enable|disable]
    set strip-clear-text-padding [enable|disable]
    set strip-esp-padding [enable|disable]
    config sw-eh-hash
        Description: Configure switch enhanced hashing.
        set computation [xor16|xor8|...]
        set ip-protocol [include|exclude]
        set source-ip-upper-16 [include|exclude]
        set source-ip-lower-16 [include|exclude]
        set destination-ip-upper-16 [include|exclude]
        set destination-ip-lower-16 [include|exclude]
        set source-port [include|exclude]
        set destination-port [include|exclude]
        set netmask-length {integer}
    end
    set sw-np-bandwidth [0G|2G|...]
    config sw-tr-hash
        Description: Configure switch traditional hashing.
        set draco15 [enable|disable]
        set tcp-udp-port [include|exclude]
    end
    set switch-np-hash [src-ip|dst-ip|...]
    set uesp-offload [enable|disable]
    set ull-port-mode [10G|25G]
    set vlan-lookup-cache [enable|disable]
end

config system npu

Parameter

Description

Type

Size

Default

capwap-offload *

Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

option

enable

Option	Description
enable	Enable CAPWAP offload.
disable	Disable CAPWAP offload.

dedicated-management-affinity *

Affinity setting for management daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).

string

Maximum length: 79

dedicated-management-cpu *

Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

option

disable

Option	Description
enable	Enable dedication of CPU #0 for management tasks.
disable	Disable dedication of CPU #0 for management tasks.

default-qos-type *

Set default QoS type.

option

shaping

Option	Description
policing	QoS type policing.
shaping	QoS type shaping.
policing-enhanced	Enhanced QoS type policing.

double-level-mcast-offload *

Enable double level mcast offload.

option

disable

Option	Description
enable	Enable double level mcast offload.
disable	Disable double level mcast offload.

fastpath *

Enable/disable NP6 offloading (also called fast path).

option

enable

Option	Description
disable	Disable NP6 offloading (fast path).
enable	Enable NP6 offloading (fast path).

gtp-enhanced-cpu-range *

GTP enhanced CPU range option.

option

Option	Description
0	Inspect GTPU packets by all CPUs.
1	Inspect GTPU packets by Master CPUs.
2	Inspect GTPU packets by Slave CPUs.

gtp-enhanced-mode *

Enable/disable GTP enhanced mode.

option

disable

Option	Description
enable	Enable GTP enhanced mode.
disable	Disable GTP enhanced mode.

gtp-support *

Enable/Disable NP7 GTP support

option

disable

Option	Description
enable	Enable NP7 GTP support
disable	Disable NP7 GTP support

hash-tbl-spread *

Enable/disable hash table entry spread.

option

enable

Option	Description
enable	Enable hash table entry spread.
disable	Disable hash table entry spread.

host-shortcut-mode *

Set NP6 host shortcut mode.

option

bi-directional

Option	Description
bi-directional	Offload TCP and IP Tunnel sessions in both directions between 10G and 1G interfaces (normal operation).
host-shortcut	Only offload TCP and IP Tunnel sessions received by 1G interfaces. Select if packets are dropped for offloaded traffic between 10G to 1G interfaces.

htab-dedi-queue-nr *

Set the number of dedicate queue for hash table messages.

integer

Minimum value: 1 Maximum value: 2

htab-msg-queue *

Set hash table message queue mode.

option

data

Option	Description
data	Use data queue.
idle	Use idle queue.
dedicated	Use dedicated queue.

htx-gtse-quota *

Configure HTX GTSE quota.

option

1Gbps

Option	Description
100Mbps	100Mbps.
200Mbps	200Mbps.
300Mbps	300Mbps.
400Mbps	400Mbps.
500Mbps	500Mbps.
600Mbps	600Mbps.
700Mbps	700Mbps.
800Mbps	800Mbps.
900Mbps	900Mbps.
1Gbps	1Gbps.
2Gbps	2Gbps.
4Gbps	4Gbps.
8Gbps	8Gbps.
10Gbps	10Gbps.

htx-icmp-csum-chk *

Set HTX icmp csum checking mode.

option

drop

Option	Description
drop	Drop bad icmp csum.
pass	Pass bad icmp csum.

inbound-dscp-copy-port <interface> *

Physical interfaces that support inbound-dscp-copy.

Physical interface name.

string

Maximum length: 15

intf-shaping-offload *

Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.

option

disable

Option	Description
enable	Enable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.
disable	Disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.

iph-rsvd-re-cksum *

Enable/disable IP checksum re-calculation for packets with iph.reserved bit set.

option

disable

Option	Description
enable	Enable IP checksum re-calculation for packets with iph.reserved bit set.
disable	Disable IP checksum re-calculation for packets with iph.reserved bit set.

ipsec-dec-subengine-mask *

IPsec decryption subengine mask.

user

Not Specified

ipsec-enc-subengine-mask *

IPsec encryption subengine mask.

user

Not Specified

ipsec-inbound-cache *

Enable/disable IPsec inbound cache for anti-replay.

option

enable

Option	Description
enable	Enable inbound cache always.
disable	Disable inbound cache when IPsec anti-replay is on.

ipsec-mtu-override *

Enable/disable NP6 IPsec MTU override.

option

disable

Option	Description
disable	Disable NP6 IPsec MTU override.
enable	Enable NP6 IPsec MTU override.

ipsec-ob-np-sel *

IPsec NP selection for OB SA offloading.

option

Option	Description
rr	Round Robin.
Packet	NPU of the first packet.
Hash	Hash.

ipsec-over-vlink *

Enable/disable IPsec over vlink.

option

disable

Option	Description
enable	Enable IPSEC over vlink.
disable	Disable IPSEC over vlink.

lag-out-port-select *

Enable/disable LAG outgoing port selection based on incoming traffic port.

option

disable

Option	Description
disable	Disable LAG outgoing trunk in switch.
enable	Enable LAG outgoing trunk in switch.

max-session-timeout *

Maximum time interval for refreshing NPU-offloaded sessions.

integer

Minimum value: 10 Maximum value: 1000

mcast-session-accounting *

Enable/disable traffic accounting for each multicast session through TAE counter.

option

tpe-based

Option	Description
tpe-based	Enable TPE-based multicast session accounting.
session-based	Enable session-based multicast session accounting.
disable	Disable multicast session accounting.

napi-break-interval *

NAPI break interval.

integer

Minimum value: 0 Maximum value: 65535

np6-cps-optimization-mode *

Enable/disable NP6 connection per second (CPS) optimization mode.

option

disable

Option	Description
enable	Enable NP6 connection per second (CPS) optimization mode.
disable	Disable NP6 connection per second (CPS) optimization mode.

npu-group-effective-scope *

npu-group-effective-scope defines under which npu-group cmds such as list/purge will be excecuted. Default scope is for all four HS-ok groups..

integer

Minimum value: 0 Maximum value: 255

255

per-policy-accounting *

Set per-policy accounting.

option

disable

Option	Description
disable	Disable per-policy hit count.
enable	Enable per-policy hit count

per-session-accounting *

Set per-session accounting.

option

traffic-log-only

Option	Description
traffic-log-only	Per-session accounting only for sessions with traffic logging
disable	Disable per-session accounting.
enable	Per-session accounting for all sessions.

policy-offload-level *

Configure firewall policy offload level.

option

disable

Option	Description
disable	Disable policy offloading
dos-offload	Only enable DoS policy offloading

qos-mode *

QoS mode on switch and NP.

option

disable

Option	Description
disable	Disable QoS on switch and NP.
priority	Priority based.
round-robin	Round Robin Scheduler.

qtm-buf-mode *

QTM channel configuration for packet buffer.

option

6ch

Option	Description
6ch	6 DRAM channels for packet buffer.
4ch	4 DRAM channels for packet buffer.

rdp-offload *

Enable/disable RDP offload.

option

enable

Option	Description
enable	Enable reliable datagram protocol traffic offload.
disable	Disable reliable datagram protocol traffic offload.

recover-np6-link *

Enable/disable internal link failure check and recovery after boot up.

option

disable

Option	Description
enable	Enable internal link failure check and recovery after boot up.
disable	Disable internal link failure check and recovery after boot up.

session-acct-interval *

Session accounting update interval.

integer

Minimum value: 1 Maximum value: 10

session-denied-offload *

Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set.

option

disable

Option	Description
disable	Disable offloading of denied sessions.
enable	Enable offloading of denied sessions.

shaping-stats *

Enable/disable NP7 traffic shaping statistics.

option

disable

Option	Description
disable	Disable NP7 traffic shaping statistics.
enable	Enable NP7 traffic shaping statistics.

sse-backpressure *

Enable/disable SSE backpressure.

option

disable

Option	Description
enable	Enable SSE backpressureg.
disable	Disable SSE backpressureg.

strip-clear-text-padding *

Enable/disable stripping clear text padding.

option

disable

Option	Description
enable	Enable stripping clear text padding.
disable	Disable stripping clear text padding.

strip-esp-padding *

Enable/disable stripping ESP padding.

option

disable

Option	Description
enable	Enable stripping ESP padding.
disable	Disable stripping ESP padding.

sw-np-bandwidth *

Bandwidth from switch to NP.

option

Option	Description
0G	Default value. No bandwidth control.
2G	2Gbps.
4G	4Gbps.
5G	5Gbps.
6G	6Gbps.
7G	7Gbps.
8G	8Gbps.
9G	9Gbps.

switch-np-hash *

Switch-NP trunk port selection Criteria.

option

src-dst-ip

Option	Description
src-ip	Source IP address.
dst-ip	Destination IP address.
src-dst-ip	Source+dest IP address.

uesp-offload *

Enable/disable UDP-encapsulated ESP offload.

option

disable

Option	Description
enable	Enable UDP-encapsulated ESP traffic offload.
disable	Disable UDP-encapsulated ESP traffic offload.

ull-port-mode *

Set ULL port's speed to 10G/25G.

option

10G

Option	Description
10G	10G speed setting for ULL ports.
25G	25G speed setting for ULL ports.

vlan-lookup-cache *

Enable/disable vlan lookup cache.

option

enable

Option	Description
enable	Enable VLAN lookup cache.
disable	Disable VLAN lookup cache.

* This parameter may not exist in some models.

config dos-options

Parameter

Description

Type

Size

Default

npu-dos-meter-mode

Set DoS meter NPU offloading mode.

option

global

Option	Description
global	Install DoS meter to all NPs.
local	Install DoS meter only to the NP assigned to the traffic.

npu-dos-tpe-mode

Enable/disable insertion of DoS meter ID to session table.

option

enable

Option	Description
enable	Enable insertion of DoS meter ID to session table.
disable	Disable insertion of DoS meter ID to session table.

config dsw-dts-profile

Parameter

Description

Type

Size

Default

profile-id

Set NPU DSW DTS profile profile id.

integer

Minimum value: 1 Maximum value: 32

min-limit

Set NPU DSW DTS profile min-limt.

integer

Minimum value: 32 Maximum value: 2048

step

Set NPU DSW DTS profile step.

integer

Minimum value: 0 Maximum value: 64

action

Set NPU DSW DTS profile action.

option

wait

Option	Description
wait	DSW DTS profile WAIT indefinitely.
drop	DSW DTS profile DROP immediately.
drop_tmr_0	DSW DTS profile DROP after interval #0 time-out.
drop_tmr_1	DSW DTS profile DROP after interval #1 time-out.
enque	DSW DTS profile ENQUE immediately.
enque_0	DSW DTS profile ENQUE after interval #0 time-out.
enque_1	DSW DTS profile ENQUE after interval #1 time-out.

config dsw-queue-dts-profile

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 35

iport

Set NPU DSW DTS in port.

option

eif0

Option	Description
eif0	DSW IPORT EIF0.
eif1	DSW IPORT EIF1.
eif2	DSW IPORT EIF2.
eif3	DSW IPORT EIF3.
eif4	DSW IPORT EIF4.
eif5	DSW IPORT EIF5.
eif6	DSW IPORT EIF6.
eif7	DSW IPORT EIF7.
htx0	DSW IPORT HTX0.
htx1	DSW IPORT HTX1.
sse0	DSW IPORT SSE0.
sse1	DSW IPORT SSE1.
sse2	DSW IPORT SSE2.
sse3	DSW IPORT SSE3.
rlt	DSW IPORT RLT.
dfr	DSW IPORT DFR.
ipseci	DSW IPORT IPSECI.
ipseco	DSW IPORT IPSECO.
ipti	DSW IPORT IPTI.
ipto	DSW IPORT IPTO.
vep0	DSW IPORT VEP0.
vep2	DSW IPORT VEP2.
vep4	DSW IPORT VEP4.
vep6	DSW IPORT VEP6.
ivs	DSW IPORT IVS.
l2ti1	DSW IPORT L2TI1.
l2to	DSW IPORT L2TO.
l2ti0	DSW IPORT L2TI0.
ple	DSW IPORT PLE.
spath	DSW IPORT SPATH.
qtm	DSW IPORT QTM.

oport

Set NPU DSW DTS out port.

option

eif0

Option	Description
eif0	DSW OPORT EIF0.
eif1	DSW OPORT EIF1.
eif2	DSW OPORT EIF2.
eif3	DSW OPORT EIF3.
eif4	DSW OPORT EIF4.
eif5	DSW OPORT EIF5.
eif6	DSW OPORT EIF6.
eif7	DSW OPORT EIF7.
hrx	DSW OPORT HRX.
sse0	DSW OPORT SSE0.
sse1	DSW OPORT SSE1.
sse2	DSW OPORT SSE2.
sse3	DSW OPORT SSE3.
rlt	DSW OPORT RLT.
dfr	DSW OPORT DFR.
ipseci	DSW OPORT IPSECI.
ipseco	DSW OPORT IPSECO.
ipti	DSW OPORT IPTI.
ipto	DSW OPORT IPTO.
vep0	DSW OPORT VEP0.
vep2	DSW OPORT VEP2.
vep4	DSW OPORT VEP4.
vep6	DSW OPORT VEP6.
ivs	DSW OPORT IVS.
l2ti1	DSW OPORT L2TI1.
l2to	DSW OPORT L2TO.
l2ti0	DSW OPORT L2TI0.
ple	DSW OPORT PLE.
sync	DSW OPORT SYNK.
nss	DSW OPORT NSS.
tsk	DSW OPORT TSK.
qtm	DSW OPORT QTM.

profile-id

Set NPU DSW DTS profile ID.

integer

Minimum value: 1 Maximum value: 32

queue-select

Set NPU DSW DTS queue ID select.

integer

Minimum value: 0 Maximum value: 4095

config fp-anomaly

Parameter

Description

Type

Size

Default

tcp-syn-fin *

TCP SYN flood SYN/FIN flag set anomalies.

option

allow

Option	Description
allow	Allow TCP packets with syn_fin flag set to pass.
drop	Drop TCP packets with syn_fin flag set.
trap-to-host	Forward TCP packets with syn_fin flag set to FortiOS.

tcp-fin-noack *

TCP SYN flood with FIN flag set without ACK setting anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets with FIN flag set without ack setting to pass.
drop	Drop TCP packets with FIN flag set without ack setting.
trap-to-host	Forward TCP packets with FIN flag set without ack setting to FortiOS.

tcp-fin-only *

TCP SYN flood with only FIN flag set anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets with FIN flag set only to pass.
drop	Drop TCP packets with FIN flag set only.
trap-to-host	Forward TCP packets with FIN flag set only to FortiOS.

tcp-no-flag *

TCP SYN flood with no flag set anomalies.

option

allow

Option	Description
allow	Allow TCP packets without flag set to pass.
drop	Drop TCP packets without flag set.
trap-to-host	Forward TCP packets without flag set to FortiOS.

tcp-syn-data *

TCP SYN flood packets with data anomalies.

option

allow

Option	Description
allow	Allow TCP syn packets with data to pass.
drop	Drop TCP syn packets with data.
trap-to-host	Forward TCP syn packets with data to FortiOS.

tcp-winnuke *

TCP WinNuke anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets winnuke attack to pass.
drop	Drop TCP packets winnuke attack.
trap-to-host	Forward TCP packets winnuke attack to FortiOS.

tcp-land *

TCP land anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP land attack to pass.
drop	Drop TCP land attack.
trap-to-host	Forward TCP land attack to FortiOS.

udp-land *

UDP land anomalies.

option

trap-to-host

Option	Description
allow	Allow UDP land attack to pass.
drop	Drop UDP land attack.
trap-to-host	Forward UDP land attack to FortiOS.

icmp-land *

ICMP land anomalies.

option

trap-to-host

Option	Description
allow	Allow ICMP land attack to pass.
drop	Drop ICMP land attack.
trap-to-host	Forward ICMP land attack to FortiOS.

icmp-frag *

Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies.

option

allow

Option	Description
allow	Allow L3 fragment packet with L4 protocol as ICMP attack to pass.
drop	Drop L3 fragment packet with L4 protocol as ICMP attack.
trap-to-host	Forward L3 fragment packet with L4 protocol as ICMP attack to FortiOS.

ipv4-land *

Land anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 land attack to pass.
drop	Drop IPv4 land attack.
trap-to-host	Forward IPv4 land attack to FortiOS.

ipv4-proto-err *

Invalid layer 4 protocol anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 invalid L4 protocol to pass.
drop	Drop IPv4 invalid L4 protocol.
trap-to-host	Forward IPv4 invalid L4 protocol to FortiOS.

ipv4-unknopt *

Unknown option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with unknown options to pass.
drop	Drop IPv4 with unknown options.
trap-to-host	Forward IPv4 with unknown options to FortiOS.

ipv4-optrr *

Record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with record route option to pass.
drop	Drop IPv4 with record route option.
trap-to-host	Forward IPv4 with record route option to FortiOS.

ipv4-optssrr *

Strict source record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with strict source record route option to pass.
drop	Drop IPv4 with strict source record route option.
trap-to-host	Forward IPv4 with strict source record route option to FortiOS.

ipv4-optlsrr *

Loose source record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with loose source record route option to pass.
drop	Drop IPv4 with loose source record route option.
trap-to-host	Forward IPv4 with loose source record route option to FortiOS.

ipv4-optstream *

Stream option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with stream option to pass.
drop	Drop IPv4 with stream option.
trap-to-host	Forward IPv4 with stream option to FortiOS.

ipv4-optsecurity *

Security option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with security option to pass.
drop	Drop IPv4 with security option.
trap-to-host	Forward IPv4 with security option to FortiOS.

ipv4-opttimestamp *

Timestamp option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with timestamp option to pass.
drop	Drop IPv4 with timestamp option.
trap-to-host	Forward IPv4 with timestamp option to FortiOS.

ipv4-csum-err

Invalid IPv4 IP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid IP checksum.
trap-to-host	Forward IPv4 invalid IP checksum to main CPU for processing.

tcp-csum-err

Invalid IPv4 TCP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid TCP checksum.
trap-to-host	Forward IPv4 invalid TCP checksum to main CPU for processing.

udp-csum-err

Invalid IPv4 UDP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid UDP checksum.
trap-to-host	Forward IPv4 invalid UDP checksum to main CPU for processing.

icmp-csum-err

Invalid IPv4 ICMP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid ICMP checksum.
trap-to-host	Forward IPv4 invalid ICMP checksum to main CPU for processing.

ipv6-land *

Land anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 land attack to pass.
drop	Drop IPv6 land attack.
trap-to-host	Forward IPv6 land attack to FortiOS.

ipv6-proto-err *

Layer 4 invalid protocol anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 L4 invalid protocol to pass.
drop	Drop IPv6 L4 invalid protocol.
trap-to-host	Forward IPv6 L4 invalid protocol to FortiOS.

ipv6-unknopt *

Unknown option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with unknown options to pass.
drop	Drop IPv6 with unknown options.
trap-to-host	Forward IPv6 with unknown options to FortiOS.

ipv6-saddr-err *

Source address as multicast anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with source address as multicast to pass.
drop	Drop IPv6 with source address as multicast.
trap-to-host	Forward IPv6 with source address as multicast to FortiOS.

ipv6-daddr-err *

Destination address as unspecified or loopback address anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with destination address as unspecified or loopback address to pass.
drop	Drop IPv6 with destination address as unspecified or loopback address.
trap-to-host	Forward IPv6 with destination address as unspecified or loopback address to FortiOS.

ipv6-optralert *

Router alert option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with router alert option to pass.
drop	Drop IPv6 with router alert option.
trap-to-host	Forward IPv6 with router alert option to FortiOS.

ipv6-optjumbo *

Jumbo options anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with jumbo option to pass.
drop	Drop IPv6 with jumbo option.
trap-to-host	Forward IPv6 with jumbo option to FortiOS.

ipv6-opttunnel *

Tunnel encapsulation limit option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with tunnel encapsulation limit to pass.
drop	Drop IPv6 with tunnel encapsulation limit.
trap-to-host	Forward IPv6 with tunnel encapsulation limit to FortiOS.

ipv6-opthomeaddr *

Home address option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with home address option to pass.
drop	Drop IPv6 with home address option.
trap-to-host	Forward IPv6 with home address option to FortiOS.

ipv6-optnsap *

Network service access point address option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with network service access point address option to pass.
drop	Drop IPv6 with network service access point address option.
trap-to-host	Forward IPv6 with network service access point address option to FortiOS.

ipv6-optendpid *

End point identification anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with end point identification option to pass.
drop	Drop IPv6 with end point identification option.
trap-to-host	Forward IPv6 with end point identification option to FortiOS.

ipv6-optinvld *

Invalid option anomalies.Invalid option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with invalid option to pass.
drop	Drop IPv6 with invalid option.
trap-to-host	Forward IPv6 with invalid option to FortiOS.

* This parameter may not exist in some models.

config hpe

Parameter

Description

Type

Size

Default

all-protocol

Maximum packet rate of each host queue except high priority traffic, set 0 to disable.

integer

Minimum value: 0 Maximum value: 32000000

400000

tcpsyn-max

Maximum TCP SYN packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcpsyn-ack-max

Maximum TCP carries SYN and ACK flags packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcpfin-rst-max

Maximum TCP carries FIN or RST flags packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcp-max

Maximum TCP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

udp-max

Maximum UDP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

icmp-max

Maximum ICMP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

sctp-max

Maximum SCTP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

esp-max

Maximum ESP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

ip-frag-max

Maximum fragmented IP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

ip-others-max

Maximum IP packet rate for other packets.

integer

Minimum value: 1000 Maximum value: 32000000

5000

arp-max

Maximum ARP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

l2-others-max

Maximum L2 packet rate for L2 packets that are not ARP packets.

integer

Minimum value: 1000 Maximum value: 32000000

5000

high-priority

Maximum packet rate for high priority traffic packets.

integer

Minimum value: 1000 Maximum value: 32000000

400000

enable-shaper

Enable/Disable NPU Host Protection Engine (HPE) for packet type shaper.

option

disable

Option	Description
disable	Disable NPU HPE shaping based on packet type.
enable	Enable NPU HPE shaping based on packet type.

config ip-reassembly

Parameter

Description

Type

Size

Default

min-timeout

Minimum timeout value for IP reassembly (5 us - 600,000,000 us).

integer

Minimum value: 5 Maximum value: 600000000

max-timeout

Maximum timeout value for IP reassembly (5 us - 600,000,000 us).

integer

Minimum value: 5 Maximum value: 600000000

200000

status

Set IP reassembly processing status.

option

disable

Option	Description
disable	Disable IP reassembly.
enable	Enable IP reassembly.

config isf-np-queues

Parameter	Description	Type	Size
cos0	CoS profile name for CoS 0.	string	Maximum length: 35
cos1	CoS profile name for CoS 1.	string	Maximum length: 35
cos2	CoS profile name for CoS 2.	string	Maximum length: 35
cos3	CoS profile name for CoS 3.	string	Maximum length: 35
cos4	CoS profile name for CoS 4.	string	Maximum length: 35
cos5	CoS profile name for CoS 5.	string	Maximum length: 35
cos6	CoS profile name for CoS 6.	string	Maximum length: 35
cos7	CoS profile name for CoS 7.	string	Maximum length: 35

config profile

Parameter

Description

Type

Size

Default

Profile ID.

integer

Minimum value: 0 Maximum value: 255

type

Profile type.

option

cos

Option	Description
cos	VLAN priority.
dscp	IP differentiated services code point.

weight

Class weight.

integer

Minimum value: 0 Maximum value: 15

cos0

Queue number of CoS 0.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos1

Queue number of CoS 1.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos2

Queue number of CoS 2.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos3

Queue number of CoS 3.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos4

Queue number of CoS 4.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos5

Queue number of CoS 5.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos6

Queue number of CoS 6.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos7

Queue number of CoS 7.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp0

Queue number of DSCP 0.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp1

Queue number of DSCP 1.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp2

Queue number of DSCP 2.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp3

Queue number of DSCP 3.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp4

Queue number of DSCP 4.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp5

Queue number of DSCP 5.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp6

Queue number of DSCP 6.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp7

Queue number of DSCP 7.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp8

Queue number of DSCP 8.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp9

Queue number of DSCP 9.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp10

Queue number of DSCP 10.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp11

Queue number of DSCP 11.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp12

Queue number of DSCP 12.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp13

Queue number of DSCP 13.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp14

Queue number of DSCP 14.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp15

Queue number of DSCP 15.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp16

Queue number of DSCP 16.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp17

Queue number of DSCP 17.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp18

Queue number of DSCP 18.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp19

Queue number of DSCP 19.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp20

Queue number of DSCP 20.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp21

Queue number of DSCP 21.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp22

Queue number of DSCP 22.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp23

Queue number of DSCP 23.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp24

Queue number of DSCP 24.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp25

Queue number of DSCP 25.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp26

Queue number of DSCP 26.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp27

Queue number of DSCP 27.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp28

Queue number of DSCP 28.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp29

Queue number of DSCP 29.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp30

Queue number of DSCP 30.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp31

Queue number of DSCP 31.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp32

Queue number of DSCP 32.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp33

Queue number of DSCP 33.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp34

Queue number of DSCP 34.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp35

Queue number of DSCP 35.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp36

Queue number of DSCP 36.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp37

Queue number of DSCP 37.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp38

Queue number of DSCP 38.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp39

Queue number of DSCP 39.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp40

Queue number of DSCP 40.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp41

Queue number of DSCP 41.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp42

Queue number of DSCP 42.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp43

Queue number of DSCP 43.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp44

Queue number of DSCP 44.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp45

Queue number of DSCP 45.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp46

Queue number of DSCP 46.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp47

Queue number of DSCP 47.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp48

Queue number of DSCP 48.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp49

Queue number of DSCP 49.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp50

Queue number of DSCP 50.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp51

Queue number of DSCP 51.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp52

Queue number of DSCP 52.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp53

Queue number of DSCP 53.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp54

Queue number of DSCP 54.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp55

Queue number of DSCP 55.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp56

Queue number of DSCP 56.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp57

Queue number of DSCP 57.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp58

Queue number of DSCP 58.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp59

Queue number of DSCP 59.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp60

Queue number of DSCP 60.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp61

Queue number of DSCP 61.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp62

Queue number of DSCP 62.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp63

Queue number of DSCP 63.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

config ethernet-type

Parameter	Description	Type	Size	Default
name	Ethernet Type Name.	string	Maximum length: 35
type	Ethernet Type.	ether-type	Not Specified	0
queue	Queue Number.	integer	Minimum value: 0 Maximum value: 11	0
weight	Class Weight.	integer	Minimum value: 0 Maximum value: 15	15

config ip-protocol

Parameter	Description	Type	Size	Default
name	IP Protocol Name.	string	Maximum length: 35
protocol	IP Protocol.	integer	Minimum value: 0 Maximum value: 255	0
queue	Queue Number.	integer	Minimum value: 0 Maximum value: 11	0
weight	Class Weight.	integer	Minimum value: 0 Maximum value: 15	14

config ip-service

Parameter	Description	Type	Size	Default
name	IP service name.	string	Maximum length: 35
protocol	IP protocol.	integer	Minimum value: 0 Maximum value: 255	0
sport	Source port.	integer	Minimum value: 0 Maximum value: 65535	0
dport	Destination port.	integer	Minimum value: 0 Maximum value: 65535	0
queue	Queue number.	integer	Minimum value: 0 Maximum value: 11	0
weight	Class weight.	integer	Minimum value: 0 Maximum value: 15	13

config scheduler

Parameter

Description

Type

Size

Default

name

Scheduler name.

string

Maximum length: 35

mode

Scheduler mode.

option

none

Option	Description
none	Disable QoS on NP7.
priority	Priority Based.
round-robin	Round Robin Scheduler.

config port-cpu-map

Parameter	Description	Type	Size	Default
interface	The interface to map to a CPU core.	string	Maximum length: 15
cpu-core	The CPU core to map to an interface.	string	Maximum length: 31	all

config port-npu-map

Parameter	Description	Type	Size	Default
interface	Set NPU interface port for NPU group mapping.	string	Maximum length: 15
npu-group-index	Mapping NPU group index.	integer	Minimum value: 0 Maximum value: 4294967295	0

config port-path-option

Parameter

Description

Type

Size

Default

ports-using-npu <interface-name>

Set ha/aux ports to handle traffic with NPU (otherise traffic goes to Intel-NIC and then CPU).

Available interfaces for NPU path.

string

Maximum length: 15

config priority-protocol

Parameter

Description

Type

Size

Default

bgp

Enable/disable NPU BGP priority protocol.

option

enable

Option	Description
enable	Enable NPU BGP priority protocol.
disable	Disable NPU BGP priority protocol.

slbc

Enable/disable NPU SLBC priority protocol.

option

enable

Option	Description
enable	Enable NPU SLBC priority protocol.
disable	Disable NPU SLBC priority protocol.

bfd

Enable/disable NPU BFD priority protocol.

option

enable

Option	Description
enable	Enable NPU BFD priority protocol.
disable	Disable NPU BFD priority protocol.

config sw-eh-hash

Parameter

Description

Type

Size

Default

computation

Set hashing computation.

option

xor16

Option	Description
xor16	Use XOR operator to make 16 bits hash.
xor8	Use XOR operator to make 8 bits hash.
xor4	Use XOR operator to make 4 bits hash.
crc16	Use CRC-16-CCITT polynomial to make 16 bits hash.

ip-protocol

Include/exclude IP protocol.

option

include

Option	Description
include	Include IP protocol.
exclude	Exclude IP protocol.

source-ip-upper-16

Include/exclude source IP address upper 16 bits.

option

include

Option	Description
include	Include source IP address upper 16 bits.
exclude	Exclude source IP address upper 16 bits.

source-ip-lower-16

Include/exclude source IP address lower 16 bits.

option

include

Option	Description
include	Include source IP address lower 16 bits.
exclude	Exclude source IP address lower 16 bits.

destination-ip-upper-16

Include/exclude destination IP address upper 16 bits.

option

include

Option	Description
include	Include destination IP address upper 16 bits.
exclude	Exclude destination IP address upper 16 bits.

destination-ip-lower-16

Include/exclude destination IP address lower 16 bits.

option

include

Option	Description
include	Include destination IP address lower 16 bits.
exclude	Exclude destination IP address lower 16 bits.

source-port

Include/exclude source port if TCP/UDP.

option

include

Option	Description
include	Include source port if TCP/UDP.
exclude	Exclude source port if TCP/UDP.

destination-port

Include/exclude destination port if TCP/UDP.

option

include

Option	Description
include	Include destination port if TCP/UDP.
exclude	Exclude destination port if TCP/UDP.

netmask-length

Network mask length.

integer

Minimum value: 17 Maximum value: 32

config sw-tr-hash

Parameter

Description

Type

Size

Default

draco15

Enable/disable DRACO15 hashing.

option

enable

Option	Description
enable	Enable using DRACO15 hashing for unicast trunk traffic.
disable	Enable using DRACO15 hashing for unicast trunk traffic.

tcp-udp-port

Include/exclude TCP/UDP source and destination port for unicast trunk traffic.

option

exclude

Option	Description
include	Include TCP/UDP source and destination port for unicast trunk traffic.
exclude	Exclude TCP/UDP source and destination port for unicast trunk traffic.

config system npu

It is not available for: FortiGate 90E, FortiGate 91E, FortiGate VM64.

Configure NPU attributes.

config system npu
    Description: Configure NPU attributes.
    set capwap-offload [enable|disable]
    set dedicated-management-affinity {string}
    set dedicated-management-cpu [enable|disable]
    set default-qos-type [policing|shaping|...]
    config dos-options
        Description: NPU DoS configurations.
        set npu-dos-meter-mode [global|local]
        set npu-dos-tpe-mode [enable|disable]
    end
    set double-level-mcast-offload [enable|disable]
    config dsw-dts-profile
        Description: Configure NPU DSW DTS profile.
        edit <profile-id>
            set min-limit {integer}
            set step {integer}
            set action [wait|drop|...]
        next
    end
    config dsw-queue-dts-profile
        Description: Configure NPU DSW Queue DTS profile.
        edit <name>
            set iport [eif0|eif1|...]
            set oport [eif0|eif1|...]
            set profile-id {integer}
            set queue-select {integer}
        next
    end
    set fastpath [disable|enable]
    config fp-anomaly
        Description: IPv4/IPv6 anomaly protection.
        set tcp-syn-fin [allow|drop|...]
        set tcp-fin-noack [allow|drop|...]
        set tcp-fin-only [allow|drop|...]
        set tcp-no-flag [allow|drop|...]
        set tcp-syn-data [allow|drop|...]
        set tcp-winnuke [allow|drop|...]
        set tcp-land [allow|drop|...]
        set udp-land [allow|drop|...]
        set icmp-land [allow|drop|...]
        set icmp-frag [allow|drop|...]
        set ipv4-land [allow|drop|...]
        set ipv4-proto-err [allow|drop|...]
        set ipv4-unknopt [allow|drop|...]
        set ipv4-optrr [allow|drop|...]
        set ipv4-optssrr [allow|drop|...]
        set ipv4-optlsrr [allow|drop|...]
        set ipv4-optstream [allow|drop|...]
        set ipv4-optsecurity [allow|drop|...]
        set ipv4-opttimestamp [allow|drop|...]
        set ipv4-csum-err [drop|trap-to-host]
        set tcp-csum-err [drop|trap-to-host]
        set udp-csum-err [drop|trap-to-host]
        set icmp-csum-err [drop|trap-to-host]
        set ipv6-land [allow|drop|...]
        set ipv6-proto-err [allow|drop|...]
        set ipv6-unknopt [allow|drop|...]
        set ipv6-saddr-err [allow|drop|...]
        set ipv6-daddr-err [allow|drop|...]
        set ipv6-optralert [allow|drop|...]
        set ipv6-optjumbo [allow|drop|...]
        set ipv6-opttunnel [allow|drop|...]
        set ipv6-opthomeaddr [allow|drop|...]
        set ipv6-optnsap [allow|drop|...]
        set ipv6-optendpid [allow|drop|...]
        set ipv6-optinvld [allow|drop|...]
    end
    set gtp-enhanced-cpu-range [0|1|...]
    set gtp-enhanced-mode [enable|disable]
    set gtp-support [enable|disable]
    set hash-tbl-spread [enable|disable]
    set host-shortcut-mode [bi-directional|host-shortcut]
    config hpe
        Description: Host protection engine configuration.
        set all-protocol {integer}
        set tcpsyn-max {integer}
        set tcpsyn-ack-max {integer}
        set tcpfin-rst-max {integer}
        set tcp-max {integer}
        set udp-max {integer}
        set icmp-max {integer}
        set sctp-max {integer}
        set esp-max {integer}
        set ip-frag-max {integer}
        set ip-others-max {integer}
        set arp-max {integer}
        set l2-others-max {integer}
        set high-priority {integer}
        set enable-shaper [disable|enable]
    end
    set htab-dedi-queue-nr {integer}
    set htab-msg-queue [data|idle|...]
    set htx-gtse-quota [100Mbps|200Mbps|...]
    set htx-icmp-csum-chk [drop|pass]
    set inbound-dscp-copy-port <interface1>, <interface2>, ...
    set intf-shaping-offload [enable|disable]
    config ip-reassembly
        Description: IP reassebmly engine configuration.
        set min-timeout {integer}
        set max-timeout {integer}
        set status [disable|enable]
    end
    set iph-rsvd-re-cksum [enable|disable]
    set ipsec-dec-subengine-mask {user}
    set ipsec-enc-subengine-mask {user}
    set ipsec-inbound-cache [enable|disable]
    set ipsec-mtu-override [disable|enable]
    set ipsec-ob-np-sel [rr|Packet|...]
    set ipsec-over-vlink [enable|disable]
    config isf-np-queues
        Description: Configure queues of switch port connected to NP6 XAUI on ingress path.
        set cos0 {string}
        set cos1 {string}
        set cos2 {string}
        set cos3 {string}
        set cos4 {string}
        set cos5 {string}
        set cos6 {string}
        set cos7 {string}
    end
    set lag-out-port-select [disable|enable]
    set max-session-timeout {integer}
    set mcast-session-accounting [tpe-based|session-based|...]
    set napi-break-interval {integer}
    config np-queues
        Description: Configure queue assignment on NP7.
        config profile
            Description: Configure a NP7 class profile.
            edit <id>
                set type [cos|dscp]
                set weight {integer}
                set cos0 [queue0|queue1|...]
                set cos1 [queue0|queue1|...]
                set cos2 [queue0|queue1|...]
                set cos3 [queue0|queue1|...]
                set cos4 [queue0|queue1|...]
                set cos5 [queue0|queue1|...]
                set cos6 [queue0|queue1|...]
                set cos7 [queue0|queue1|...]
                set dscp0 [queue0|queue1|...]
                set dscp1 [queue0|queue1|...]
                set dscp2 [queue0|queue1|...]
                set dscp3 [queue0|queue1|...]
                set dscp4 [queue0|queue1|...]
                set dscp5 [queue0|queue1|...]
                set dscp6 [queue0|queue1|...]
                set dscp7 [queue0|queue1|...]
                set dscp8 [queue0|queue1|...]
                set dscp9 [queue0|queue1|...]
                set dscp10 [queue0|queue1|...]
                set dscp11 [queue0|queue1|...]
                set dscp12 [queue0|queue1|...]
                set dscp13 [queue0|queue1|...]
                set dscp14 [queue0|queue1|...]
                set dscp15 [queue0|queue1|...]
                set dscp16 [queue0|queue1|...]
                set dscp17 [queue0|queue1|...]
                set dscp18 [queue0|queue1|...]
                set dscp19 [queue0|queue1|...]
                set dscp20 [queue0|queue1|...]
                set dscp21 [queue0|queue1|...]
                set dscp22 [queue0|queue1|...]
                set dscp23 [queue0|queue1|...]
                set dscp24 [queue0|queue1|...]
                set dscp25 [queue0|queue1|...]
                set dscp26 [queue0|queue1|...]
                set dscp27 [queue0|queue1|...]
                set dscp28 [queue0|queue1|...]
                set dscp29 [queue0|queue1|...]
                set dscp30 [queue0|queue1|...]
                set dscp31 [queue0|queue1|...]
                set dscp32 [queue0|queue1|...]
                set dscp33 [queue0|queue1|...]
                set dscp34 [queue0|queue1|...]
                set dscp35 [queue0|queue1|...]
                set dscp36 [queue0|queue1|...]
                set dscp37 [queue0|queue1|...]
                set dscp38 [queue0|queue1|...]
                set dscp39 [queue0|queue1|...]
                set dscp40 [queue0|queue1|...]
                set dscp41 [queue0|queue1|...]
                set dscp42 [queue0|queue1|...]
                set dscp43 [queue0|queue1|...]
                set dscp44 [queue0|queue1|...]
                set dscp45 [queue0|queue1|...]
                set dscp46 [queue0|queue1|...]
                set dscp47 [queue0|queue1|...]
                set dscp48 [queue0|queue1|...]
                set dscp49 [queue0|queue1|...]
                set dscp50 [queue0|queue1|...]
                set dscp51 [queue0|queue1|...]
                set dscp52 [queue0|queue1|...]
                set dscp53 [queue0|queue1|...]
                set dscp54 [queue0|queue1|...]
                set dscp55 [queue0|queue1|...]
                set dscp56 [queue0|queue1|...]
                set dscp57 [queue0|queue1|...]
                set dscp58 [queue0|queue1|...]
                set dscp59 [queue0|queue1|...]
                set dscp60 [queue0|queue1|...]
                set dscp61 [queue0|queue1|...]
                set dscp62 [queue0|queue1|...]
                set dscp63 [queue0|queue1|...]
            next
        end
        config ethernet-type
            Description: Configure a NP7 QoS Ethernet Type.
            edit <name>
                set type {ether-type}
                set queue {integer}
                set weight {integer}
            next
        end
        config ip-protocol
            Description: Configure a NP7 QoS IP Protocol.
            edit <name>
                set protocol {integer}
                set queue {integer}
                set weight {integer}
            next
        end
        config ip-service
            Description: Configure a NP7 QoS IP Service.
            edit <name>
                set protocol {integer}
                set sport {integer}
                set dport {integer}
                set queue {integer}
                set weight {integer}
            next
        end
        config scheduler
            Description: Configure a NP7 QoS Scheduler.
            edit <name>
                set mode [none|priority|...]
            next
        end
    end
    set np6-cps-optimization-mode [enable|disable]
    set npu-group-effective-scope {integer}
    set per-policy-accounting [disable|enable]
    set per-session-accounting [traffic-log-only|disable|...]
    set policy-offload-level [disable|dos-offload]
    config port-cpu-map
        Description: Configure NPU interface to CPU core mapping.
        edit <interface>
            set cpu-core {string}
        next
    end
    config port-npu-map
        Description: Configure port to NPU group mapping.
        edit <interface>
            set npu-group-index {integer}
        next
    end
    config port-path-option
        Description: Configure port using NPU or Intel-NIC.
        set ports-using-npu <interface-name1>, <interface-name2>, ...
    end
    config priority-protocol
        Description: Configure NPU priority protocol.
        set bgp [enable|disable]
        set slbc [enable|disable]
        set bfd [enable|disable]
    end
    set qos-mode [disable|priority|...]
    set qtm-buf-mode [6ch|4ch]
    set rdp-offload [enable|disable]
    set recover-np6-link [enable|disable]
    set session-acct-interval {integer}
    set session-denied-offload [disable|enable]
    set shaping-stats [disable|enable]
    set sse-backpressure [enable|disable]
    set strip-clear-text-padding [enable|disable]
    set strip-esp-padding [enable|disable]
    config sw-eh-hash
        Description: Configure switch enhanced hashing.
        set computation [xor16|xor8|...]
        set ip-protocol [include|exclude]
        set source-ip-upper-16 [include|exclude]
        set source-ip-lower-16 [include|exclude]
        set destination-ip-upper-16 [include|exclude]
        set destination-ip-lower-16 [include|exclude]
        set source-port [include|exclude]
        set destination-port [include|exclude]
        set netmask-length {integer}
    end
    set sw-np-bandwidth [0G|2G|...]
    config sw-tr-hash
        Description: Configure switch traditional hashing.
        set draco15 [enable|disable]
        set tcp-udp-port [include|exclude]
    end
    set switch-np-hash [src-ip|dst-ip|...]
    set uesp-offload [enable|disable]
    set ull-port-mode [10G|25G]
    set vlan-lookup-cache [enable|disable]
end

config system npu

Parameter

Description

Type

Size

Default

capwap-offload *

Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

option

enable

Option	Description
enable	Enable CAPWAP offload.
disable	Disable CAPWAP offload.

dedicated-management-affinity *

Affinity setting for management daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).

string

Maximum length: 79

dedicated-management-cpu *

Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

option

disable

Option	Description
enable	Enable dedication of CPU #0 for management tasks.
disable	Disable dedication of CPU #0 for management tasks.

default-qos-type *

Set default QoS type.

option

shaping

Option	Description
policing	QoS type policing.
shaping	QoS type shaping.
policing-enhanced	Enhanced QoS type policing.

double-level-mcast-offload *

Enable double level mcast offload.

option

disable

Option	Description
enable	Enable double level mcast offload.
disable	Disable double level mcast offload.

fastpath *

Enable/disable NP6 offloading (also called fast path).

option

enable

Option	Description
disable	Disable NP6 offloading (fast path).
enable	Enable NP6 offloading (fast path).

gtp-enhanced-cpu-range *

GTP enhanced CPU range option.

option

Option	Description
0	Inspect GTPU packets by all CPUs.
1	Inspect GTPU packets by Master CPUs.
2	Inspect GTPU packets by Slave CPUs.

gtp-enhanced-mode *

Enable/disable GTP enhanced mode.

option

disable

Option	Description
enable	Enable GTP enhanced mode.
disable	Disable GTP enhanced mode.

gtp-support *

Enable/Disable NP7 GTP support

option

disable

Option	Description
enable	Enable NP7 GTP support
disable	Disable NP7 GTP support

hash-tbl-spread *

Enable/disable hash table entry spread.

option

enable

Option	Description
enable	Enable hash table entry spread.
disable	Disable hash table entry spread.

host-shortcut-mode *

Set NP6 host shortcut mode.

option

bi-directional

Option	Description
bi-directional	Offload TCP and IP Tunnel sessions in both directions between 10G and 1G interfaces (normal operation).
host-shortcut	Only offload TCP and IP Tunnel sessions received by 1G interfaces. Select if packets are dropped for offloaded traffic between 10G to 1G interfaces.

htab-dedi-queue-nr *

Set the number of dedicate queue for hash table messages.

integer

Minimum value: 1 Maximum value: 2

htab-msg-queue *

Set hash table message queue mode.

option

data

Option	Description
data	Use data queue.
idle	Use idle queue.
dedicated	Use dedicated queue.

htx-gtse-quota *

Configure HTX GTSE quota.

option

1Gbps

Option	Description
100Mbps	100Mbps.
200Mbps	200Mbps.
300Mbps	300Mbps.
400Mbps	400Mbps.
500Mbps	500Mbps.
600Mbps	600Mbps.
700Mbps	700Mbps.
800Mbps	800Mbps.
900Mbps	900Mbps.
1Gbps	1Gbps.
2Gbps	2Gbps.
4Gbps	4Gbps.
8Gbps	8Gbps.
10Gbps	10Gbps.

htx-icmp-csum-chk *

Set HTX icmp csum checking mode.

option

drop

Option	Description
drop	Drop bad icmp csum.
pass	Pass bad icmp csum.

inbound-dscp-copy-port <interface> *

Physical interfaces that support inbound-dscp-copy.

Physical interface name.

string

Maximum length: 15

intf-shaping-offload *

Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.

option

disable

Option	Description
enable	Enable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.
disable	Disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.

iph-rsvd-re-cksum *

Enable/disable IP checksum re-calculation for packets with iph.reserved bit set.

option

disable

Option	Description
enable	Enable IP checksum re-calculation for packets with iph.reserved bit set.
disable	Disable IP checksum re-calculation for packets with iph.reserved bit set.

ipsec-dec-subengine-mask *

IPsec decryption subengine mask.

user

Not Specified

ipsec-enc-subengine-mask *

IPsec encryption subengine mask.

user

Not Specified

ipsec-inbound-cache *

Enable/disable IPsec inbound cache for anti-replay.

option

enable

Option	Description
enable	Enable inbound cache always.
disable	Disable inbound cache when IPsec anti-replay is on.

ipsec-mtu-override *

Enable/disable NP6 IPsec MTU override.

option

disable

Option	Description
disable	Disable NP6 IPsec MTU override.
enable	Enable NP6 IPsec MTU override.

ipsec-ob-np-sel *

IPsec NP selection for OB SA offloading.

option

Option	Description
rr	Round Robin.
Packet	NPU of the first packet.
Hash	Hash.

ipsec-over-vlink *

Enable/disable IPsec over vlink.

option

disable

Option	Description
enable	Enable IPSEC over vlink.
disable	Disable IPSEC over vlink.

lag-out-port-select *

Enable/disable LAG outgoing port selection based on incoming traffic port.

option

disable

Option	Description
disable	Disable LAG outgoing trunk in switch.
enable	Enable LAG outgoing trunk in switch.

max-session-timeout *

Maximum time interval for refreshing NPU-offloaded sessions.

integer

Minimum value: 10 Maximum value: 1000

mcast-session-accounting *

Enable/disable traffic accounting for each multicast session through TAE counter.

option

tpe-based

Option	Description
tpe-based	Enable TPE-based multicast session accounting.
session-based	Enable session-based multicast session accounting.
disable	Disable multicast session accounting.

napi-break-interval *

NAPI break interval.

integer

Minimum value: 0 Maximum value: 65535

np6-cps-optimization-mode *

Enable/disable NP6 connection per second (CPS) optimization mode.

option

disable

Option	Description
enable	Enable NP6 connection per second (CPS) optimization mode.
disable	Disable NP6 connection per second (CPS) optimization mode.

npu-group-effective-scope *

npu-group-effective-scope defines under which npu-group cmds such as list/purge will be excecuted. Default scope is for all four HS-ok groups..

integer

Minimum value: 0 Maximum value: 255

255

per-policy-accounting *

Set per-policy accounting.

option

disable

Option	Description
disable	Disable per-policy hit count.
enable	Enable per-policy hit count

per-session-accounting *

Set per-session accounting.

option

traffic-log-only

Option	Description
traffic-log-only	Per-session accounting only for sessions with traffic logging
disable	Disable per-session accounting.
enable	Per-session accounting for all sessions.

policy-offload-level *

Configure firewall policy offload level.

option

disable

Option	Description
disable	Disable policy offloading
dos-offload	Only enable DoS policy offloading

qos-mode *

QoS mode on switch and NP.

option

disable

Option	Description
disable	Disable QoS on switch and NP.
priority	Priority based.
round-robin	Round Robin Scheduler.

qtm-buf-mode *

QTM channel configuration for packet buffer.

option

6ch

Option	Description
6ch	6 DRAM channels for packet buffer.
4ch	4 DRAM channels for packet buffer.

rdp-offload *

Enable/disable RDP offload.

option

enable

Option	Description
enable	Enable reliable datagram protocol traffic offload.
disable	Disable reliable datagram protocol traffic offload.

recover-np6-link *

Enable/disable internal link failure check and recovery after boot up.

option

disable

Option	Description
enable	Enable internal link failure check and recovery after boot up.
disable	Disable internal link failure check and recovery after boot up.

session-acct-interval *

Session accounting update interval.

integer

Minimum value: 1 Maximum value: 10

session-denied-offload *

Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set.

option

disable

Option	Description
disable	Disable offloading of denied sessions.
enable	Enable offloading of denied sessions.

shaping-stats *

Enable/disable NP7 traffic shaping statistics.

option

disable

Option	Description
disable	Disable NP7 traffic shaping statistics.
enable	Enable NP7 traffic shaping statistics.

sse-backpressure *

Enable/disable SSE backpressure.

option

disable

Option	Description
enable	Enable SSE backpressureg.
disable	Disable SSE backpressureg.

strip-clear-text-padding *

Enable/disable stripping clear text padding.

option

disable

Option	Description
enable	Enable stripping clear text padding.
disable	Disable stripping clear text padding.

strip-esp-padding *

Enable/disable stripping ESP padding.

option

disable

Option	Description
enable	Enable stripping ESP padding.
disable	Disable stripping ESP padding.

sw-np-bandwidth *

Bandwidth from switch to NP.

option

Option	Description
0G	Default value. No bandwidth control.
2G	2Gbps.
4G	4Gbps.
5G	5Gbps.
6G	6Gbps.
7G	7Gbps.
8G	8Gbps.
9G	9Gbps.

switch-np-hash *

Switch-NP trunk port selection Criteria.

option

src-dst-ip

Option	Description
src-ip	Source IP address.
dst-ip	Destination IP address.
src-dst-ip	Source+dest IP address.

uesp-offload *

Enable/disable UDP-encapsulated ESP offload.

option

disable

Option	Description
enable	Enable UDP-encapsulated ESP traffic offload.
disable	Disable UDP-encapsulated ESP traffic offload.

ull-port-mode *

Set ULL port's speed to 10G/25G.

option

10G

Option	Description
10G	10G speed setting for ULL ports.
25G	25G speed setting for ULL ports.

vlan-lookup-cache *

Enable/disable vlan lookup cache.

option

enable

Option	Description
enable	Enable VLAN lookup cache.
disable	Disable VLAN lookup cache.

* This parameter may not exist in some models.

config dos-options

Parameter

Description

Type

Size

Default

npu-dos-meter-mode

Set DoS meter NPU offloading mode.

option

global

Option	Description
global	Install DoS meter to all NPs.
local	Install DoS meter only to the NP assigned to the traffic.

npu-dos-tpe-mode

Enable/disable insertion of DoS meter ID to session table.

option

enable

Option	Description
enable	Enable insertion of DoS meter ID to session table.
disable	Disable insertion of DoS meter ID to session table.

config dsw-dts-profile

Parameter

Description

Type

Size

Default

profile-id

Set NPU DSW DTS profile profile id.

integer

Minimum value: 1 Maximum value: 32

min-limit

Set NPU DSW DTS profile min-limt.

integer

Minimum value: 32 Maximum value: 2048

step

Set NPU DSW DTS profile step.

integer

Minimum value: 0 Maximum value: 64

action

Set NPU DSW DTS profile action.

option

wait

Option	Description
wait	DSW DTS profile WAIT indefinitely.
drop	DSW DTS profile DROP immediately.
drop_tmr_0	DSW DTS profile DROP after interval #0 time-out.
drop_tmr_1	DSW DTS profile DROP after interval #1 time-out.
enque	DSW DTS profile ENQUE immediately.
enque_0	DSW DTS profile ENQUE after interval #0 time-out.
enque_1	DSW DTS profile ENQUE after interval #1 time-out.

config dsw-queue-dts-profile

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 35

iport

Set NPU DSW DTS in port.

option

eif0

Option	Description
eif0	DSW IPORT EIF0.
eif1	DSW IPORT EIF1.
eif2	DSW IPORT EIF2.
eif3	DSW IPORT EIF3.
eif4	DSW IPORT EIF4.
eif5	DSW IPORT EIF5.
eif6	DSW IPORT EIF6.
eif7	DSW IPORT EIF7.
htx0	DSW IPORT HTX0.
htx1	DSW IPORT HTX1.
sse0	DSW IPORT SSE0.
sse1	DSW IPORT SSE1.
sse2	DSW IPORT SSE2.
sse3	DSW IPORT SSE3.
rlt	DSW IPORT RLT.
dfr	DSW IPORT DFR.
ipseci	DSW IPORT IPSECI.
ipseco	DSW IPORT IPSECO.
ipti	DSW IPORT IPTI.
ipto	DSW IPORT IPTO.
vep0	DSW IPORT VEP0.
vep2	DSW IPORT VEP2.
vep4	DSW IPORT VEP4.
vep6	DSW IPORT VEP6.
ivs	DSW IPORT IVS.
l2ti1	DSW IPORT L2TI1.
l2to	DSW IPORT L2TO.
l2ti0	DSW IPORT L2TI0.
ple	DSW IPORT PLE.
spath	DSW IPORT SPATH.
qtm	DSW IPORT QTM.

oport

Set NPU DSW DTS out port.

option

eif0

Option	Description
eif0	DSW OPORT EIF0.
eif1	DSW OPORT EIF1.
eif2	DSW OPORT EIF2.
eif3	DSW OPORT EIF3.
eif4	DSW OPORT EIF4.
eif5	DSW OPORT EIF5.
eif6	DSW OPORT EIF6.
eif7	DSW OPORT EIF7.
hrx	DSW OPORT HRX.
sse0	DSW OPORT SSE0.
sse1	DSW OPORT SSE1.
sse2	DSW OPORT SSE2.
sse3	DSW OPORT SSE3.
rlt	DSW OPORT RLT.
dfr	DSW OPORT DFR.
ipseci	DSW OPORT IPSECI.
ipseco	DSW OPORT IPSECO.
ipti	DSW OPORT IPTI.
ipto	DSW OPORT IPTO.
vep0	DSW OPORT VEP0.
vep2	DSW OPORT VEP2.
vep4	DSW OPORT VEP4.
vep6	DSW OPORT VEP6.
ivs	DSW OPORT IVS.
l2ti1	DSW OPORT L2TI1.
l2to	DSW OPORT L2TO.
l2ti0	DSW OPORT L2TI0.
ple	DSW OPORT PLE.
sync	DSW OPORT SYNK.
nss	DSW OPORT NSS.
tsk	DSW OPORT TSK.
qtm	DSW OPORT QTM.

profile-id

Set NPU DSW DTS profile ID.

integer

Minimum value: 1 Maximum value: 32

queue-select

Set NPU DSW DTS queue ID select.

integer

Minimum value: 0 Maximum value: 4095

config fp-anomaly

Parameter

Description

Type

Size

Default

tcp-syn-fin *

TCP SYN flood SYN/FIN flag set anomalies.

option

allow

Option	Description
allow	Allow TCP packets with syn_fin flag set to pass.
drop	Drop TCP packets with syn_fin flag set.
trap-to-host	Forward TCP packets with syn_fin flag set to FortiOS.

tcp-fin-noack *

TCP SYN flood with FIN flag set without ACK setting anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets with FIN flag set without ack setting to pass.
drop	Drop TCP packets with FIN flag set without ack setting.
trap-to-host	Forward TCP packets with FIN flag set without ack setting to FortiOS.

tcp-fin-only *

TCP SYN flood with only FIN flag set anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets with FIN flag set only to pass.
drop	Drop TCP packets with FIN flag set only.
trap-to-host	Forward TCP packets with FIN flag set only to FortiOS.

tcp-no-flag *

TCP SYN flood with no flag set anomalies.

option

allow

Option	Description
allow	Allow TCP packets without flag set to pass.
drop	Drop TCP packets without flag set.
trap-to-host	Forward TCP packets without flag set to FortiOS.

tcp-syn-data *

TCP SYN flood packets with data anomalies.

option

allow

Option	Description
allow	Allow TCP syn packets with data to pass.
drop	Drop TCP syn packets with data.
trap-to-host	Forward TCP syn packets with data to FortiOS.

tcp-winnuke *

TCP WinNuke anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets winnuke attack to pass.
drop	Drop TCP packets winnuke attack.
trap-to-host	Forward TCP packets winnuke attack to FortiOS.

tcp-land *

TCP land anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP land attack to pass.
drop	Drop TCP land attack.
trap-to-host	Forward TCP land attack to FortiOS.

udp-land *

UDP land anomalies.

option

trap-to-host

Option	Description
allow	Allow UDP land attack to pass.
drop	Drop UDP land attack.
trap-to-host	Forward UDP land attack to FortiOS.

icmp-land *

ICMP land anomalies.

option

trap-to-host

Option	Description
allow	Allow ICMP land attack to pass.
drop	Drop ICMP land attack.
trap-to-host	Forward ICMP land attack to FortiOS.

icmp-frag *

Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies.

option

allow

Option	Description
allow	Allow L3 fragment packet with L4 protocol as ICMP attack to pass.
drop	Drop L3 fragment packet with L4 protocol as ICMP attack.
trap-to-host	Forward L3 fragment packet with L4 protocol as ICMP attack to FortiOS.

ipv4-land *

Land anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 land attack to pass.
drop	Drop IPv4 land attack.
trap-to-host	Forward IPv4 land attack to FortiOS.

ipv4-proto-err *

Invalid layer 4 protocol anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 invalid L4 protocol to pass.
drop	Drop IPv4 invalid L4 protocol.
trap-to-host	Forward IPv4 invalid L4 protocol to FortiOS.

ipv4-unknopt *

Unknown option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with unknown options to pass.
drop	Drop IPv4 with unknown options.
trap-to-host	Forward IPv4 with unknown options to FortiOS.

ipv4-optrr *

Record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with record route option to pass.
drop	Drop IPv4 with record route option.
trap-to-host	Forward IPv4 with record route option to FortiOS.

ipv4-optssrr *

Strict source record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with strict source record route option to pass.
drop	Drop IPv4 with strict source record route option.
trap-to-host	Forward IPv4 with strict source record route option to FortiOS.

ipv4-optlsrr *

Loose source record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with loose source record route option to pass.
drop	Drop IPv4 with loose source record route option.
trap-to-host	Forward IPv4 with loose source record route option to FortiOS.

ipv4-optstream *

Stream option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with stream option to pass.
drop	Drop IPv4 with stream option.
trap-to-host	Forward IPv4 with stream option to FortiOS.

ipv4-optsecurity *

Security option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with security option to pass.
drop	Drop IPv4 with security option.
trap-to-host	Forward IPv4 with security option to FortiOS.

ipv4-opttimestamp *

Timestamp option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with timestamp option to pass.
drop	Drop IPv4 with timestamp option.
trap-to-host	Forward IPv4 with timestamp option to FortiOS.

ipv4-csum-err

Invalid IPv4 IP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid IP checksum.
trap-to-host	Forward IPv4 invalid IP checksum to main CPU for processing.

tcp-csum-err

Invalid IPv4 TCP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid TCP checksum.
trap-to-host	Forward IPv4 invalid TCP checksum to main CPU for processing.

udp-csum-err

Invalid IPv4 UDP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid UDP checksum.
trap-to-host	Forward IPv4 invalid UDP checksum to main CPU for processing.

icmp-csum-err

Invalid IPv4 ICMP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid ICMP checksum.
trap-to-host	Forward IPv4 invalid ICMP checksum to main CPU for processing.

ipv6-land *

Land anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 land attack to pass.
drop	Drop IPv6 land attack.
trap-to-host	Forward IPv6 land attack to FortiOS.

ipv6-proto-err *

Layer 4 invalid protocol anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 L4 invalid protocol to pass.
drop	Drop IPv6 L4 invalid protocol.
trap-to-host	Forward IPv6 L4 invalid protocol to FortiOS.

ipv6-unknopt *

Unknown option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with unknown options to pass.
drop	Drop IPv6 with unknown options.
trap-to-host	Forward IPv6 with unknown options to FortiOS.

ipv6-saddr-err *

Source address as multicast anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with source address as multicast to pass.
drop	Drop IPv6 with source address as multicast.
trap-to-host	Forward IPv6 with source address as multicast to FortiOS.

ipv6-daddr-err *

Destination address as unspecified or loopback address anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with destination address as unspecified or loopback address to pass.
drop	Drop IPv6 with destination address as unspecified or loopback address.
trap-to-host	Forward IPv6 with destination address as unspecified or loopback address to FortiOS.

ipv6-optralert *

Router alert option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with router alert option to pass.
drop	Drop IPv6 with router alert option.
trap-to-host	Forward IPv6 with router alert option to FortiOS.

ipv6-optjumbo *

Jumbo options anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with jumbo option to pass.
drop	Drop IPv6 with jumbo option.
trap-to-host	Forward IPv6 with jumbo option to FortiOS.

ipv6-opttunnel *

Tunnel encapsulation limit option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with tunnel encapsulation limit to pass.
drop	Drop IPv6 with tunnel encapsulation limit.
trap-to-host	Forward IPv6 with tunnel encapsulation limit to FortiOS.

ipv6-opthomeaddr *

Home address option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with home address option to pass.
drop	Drop IPv6 with home address option.
trap-to-host	Forward IPv6 with home address option to FortiOS.

ipv6-optnsap *

Network service access point address option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with network service access point address option to pass.
drop	Drop IPv6 with network service access point address option.
trap-to-host	Forward IPv6 with network service access point address option to FortiOS.

ipv6-optendpid *

End point identification anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with end point identification option to pass.
drop	Drop IPv6 with end point identification option.
trap-to-host	Forward IPv6 with end point identification option to FortiOS.

ipv6-optinvld *

Invalid option anomalies.Invalid option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with invalid option to pass.
drop	Drop IPv6 with invalid option.
trap-to-host	Forward IPv6 with invalid option to FortiOS.

* This parameter may not exist in some models.

config hpe

Parameter

Description

Type

Size

Default

all-protocol

Maximum packet rate of each host queue except high priority traffic, set 0 to disable.

integer

Minimum value: 0 Maximum value: 32000000

400000

tcpsyn-max

Maximum TCP SYN packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcpsyn-ack-max

Maximum TCP carries SYN and ACK flags packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcpfin-rst-max

Maximum TCP carries FIN or RST flags packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcp-max

Maximum TCP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

udp-max

Maximum UDP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

icmp-max

Maximum ICMP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

sctp-max

Maximum SCTP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

esp-max

Maximum ESP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

ip-frag-max

Maximum fragmented IP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

ip-others-max

Maximum IP packet rate for other packets.

integer

Minimum value: 1000 Maximum value: 32000000

5000

arp-max

Maximum ARP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

l2-others-max

Maximum L2 packet rate for L2 packets that are not ARP packets.

integer

Minimum value: 1000 Maximum value: 32000000

5000

high-priority

Maximum packet rate for high priority traffic packets.

integer

Minimum value: 1000 Maximum value: 32000000

400000

enable-shaper

Enable/Disable NPU Host Protection Engine (HPE) for packet type shaper.

option

disable

Option	Description
disable	Disable NPU HPE shaping based on packet type.
enable	Enable NPU HPE shaping based on packet type.

config ip-reassembly

Parameter

Description

Type

Size

Default

min-timeout

Minimum timeout value for IP reassembly (5 us - 600,000,000 us).

integer

Minimum value: 5 Maximum value: 600000000

max-timeout

Maximum timeout value for IP reassembly (5 us - 600,000,000 us).

integer

Minimum value: 5 Maximum value: 600000000

200000

status

Set IP reassembly processing status.

option

disable

Option	Description
disable	Disable IP reassembly.
enable	Enable IP reassembly.

config isf-np-queues

Parameter	Description	Type	Size
cos0	CoS profile name for CoS 0.	string	Maximum length: 35
cos1	CoS profile name for CoS 1.	string	Maximum length: 35
cos2	CoS profile name for CoS 2.	string	Maximum length: 35
cos3	CoS profile name for CoS 3.	string	Maximum length: 35
cos4	CoS profile name for CoS 4.	string	Maximum length: 35
cos5	CoS profile name for CoS 5.	string	Maximum length: 35
cos6	CoS profile name for CoS 6.	string	Maximum length: 35
cos7	CoS profile name for CoS 7.	string	Maximum length: 35

config profile

Parameter

Description

Type

Size

Default

Profile ID.

integer

Minimum value: 0 Maximum value: 255

type

Profile type.

option

cos

Option	Description
cos	VLAN priority.
dscp	IP differentiated services code point.

weight

Class weight.

integer

Minimum value: 0 Maximum value: 15

cos0

Queue number of CoS 0.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos1

Queue number of CoS 1.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos2

Queue number of CoS 2.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos3

Queue number of CoS 3.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos4

Queue number of CoS 4.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos5

Queue number of CoS 5.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos6

Queue number of CoS 6.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos7

Queue number of CoS 7.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp0

Queue number of DSCP 0.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp1

Queue number of DSCP 1.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp2

Queue number of DSCP 2.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp3

Queue number of DSCP 3.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp4

Queue number of DSCP 4.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp5

Queue number of DSCP 5.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp6

Queue number of DSCP 6.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp7

Queue number of DSCP 7.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp8

Queue number of DSCP 8.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp9

Queue number of DSCP 9.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp10

Queue number of DSCP 10.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp11

Queue number of DSCP 11.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp12

Queue number of DSCP 12.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp13

Queue number of DSCP 13.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp14

Queue number of DSCP 14.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp15

Queue number of DSCP 15.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp16

Queue number of DSCP 16.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp17

Queue number of DSCP 17.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp18

Queue number of DSCP 18.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp19

Queue number of DSCP 19.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp20

Queue number of DSCP 20.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp21

Queue number of DSCP 21.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp22

Queue number of DSCP 22.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp23

Queue number of DSCP 23.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp24

Queue number of DSCP 24.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp25

Queue number of DSCP 25.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp26

Queue number of DSCP 26.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp27

Queue number of DSCP 27.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp28

Queue number of DSCP 28.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp29

Queue number of DSCP 29.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp30

Queue number of DSCP 30.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp31

Queue number of DSCP 31.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp32

Queue number of DSCP 32.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp33

Queue number of DSCP 33.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp34

Queue number of DSCP 34.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp35

Queue number of DSCP 35.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp36

Queue number of DSCP 36.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp37

Queue number of DSCP 37.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp38

Queue number of DSCP 38.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp39

Queue number of DSCP 39.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp40

Queue number of DSCP 40.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp41

Queue number of DSCP 41.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp42

Queue number of DSCP 42.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp43

Queue number of DSCP 43.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp44

Queue number of DSCP 44.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp45

Queue number of DSCP 45.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp46

Queue number of DSCP 46.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp47

Queue number of DSCP 47.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp48

Queue number of DSCP 48.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp49

Queue number of DSCP 49.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp50

Queue number of DSCP 50.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp51

Queue number of DSCP 51.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp52

Queue number of DSCP 52.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp53

Queue number of DSCP 53.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp54

Queue number of DSCP 54.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp55

Queue number of DSCP 55.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp56

Queue number of DSCP 56.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp57

Queue number of DSCP 57.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp58

Queue number of DSCP 58.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp59

Queue number of DSCP 59.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp60

Queue number of DSCP 60.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp61

Queue number of DSCP 61.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp62

Queue number of DSCP 62.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp63

Queue number of DSCP 63.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

config ethernet-type

Parameter	Description	Type	Size	Default
name	Ethernet Type Name.	string	Maximum length: 35
type	Ethernet Type.	ether-type	Not Specified	0
queue	Queue Number.	integer	Minimum value: 0 Maximum value: 11	0
weight	Class Weight.	integer	Minimum value: 0 Maximum value: 15	15

config ip-protocol

Parameter	Description	Type	Size	Default
name	IP Protocol Name.	string	Maximum length: 35
protocol	IP Protocol.	integer	Minimum value: 0 Maximum value: 255	0
queue	Queue Number.	integer	Minimum value: 0 Maximum value: 11	0
weight	Class Weight.	integer	Minimum value: 0 Maximum value: 15	14

config ip-service

Parameter	Description	Type	Size	Default
name	IP service name.	string	Maximum length: 35
protocol	IP protocol.	integer	Minimum value: 0 Maximum value: 255	0
sport	Source port.	integer	Minimum value: 0 Maximum value: 65535	0
dport	Destination port.	integer	Minimum value: 0 Maximum value: 65535	0
queue	Queue number.	integer	Minimum value: 0 Maximum value: 11	0
weight	Class weight.	integer	Minimum value: 0 Maximum value: 15	13

config scheduler

Parameter

Description

Type

Size

Default

name

Scheduler name.

string

Maximum length: 35

mode

Scheduler mode.

option

none

Option	Description
none	Disable QoS on NP7.
priority	Priority Based.
round-robin	Round Robin Scheduler.

config port-cpu-map

Parameter	Description	Type	Size	Default
interface	The interface to map to a CPU core.	string	Maximum length: 15
cpu-core	The CPU core to map to an interface.	string	Maximum length: 31	all

config port-npu-map

Parameter	Description	Type	Size	Default
interface	Set NPU interface port for NPU group mapping.	string	Maximum length: 15
npu-group-index	Mapping NPU group index.	integer	Minimum value: 0 Maximum value: 4294967295	0

config port-path-option

Parameter

Description

Type

Size

Default

ports-using-npu <interface-name>

Set ha/aux ports to handle traffic with NPU (otherise traffic goes to Intel-NIC and then CPU).

Available interfaces for NPU path.

string

Maximum length: 15

config priority-protocol

Parameter

Description

Type

Size

Default

bgp

Enable/disable NPU BGP priority protocol.

option

enable

Option	Description
enable	Enable NPU BGP priority protocol.
disable	Disable NPU BGP priority protocol.

slbc

Enable/disable NPU SLBC priority protocol.

option

enable

Option	Description
enable	Enable NPU SLBC priority protocol.
disable	Disable NPU SLBC priority protocol.

bfd

Enable/disable NPU BFD priority protocol.

option

enable

Option	Description
enable	Enable NPU BFD priority protocol.
disable	Disable NPU BFD priority protocol.

config sw-eh-hash

Parameter

Description

Type

Size

Default

computation

Set hashing computation.

option

xor16

Option	Description
xor16	Use XOR operator to make 16 bits hash.
xor8	Use XOR operator to make 8 bits hash.
xor4	Use XOR operator to make 4 bits hash.
crc16	Use CRC-16-CCITT polynomial to make 16 bits hash.

ip-protocol

Include/exclude IP protocol.

option

include

Option	Description
include	Include IP protocol.
exclude	Exclude IP protocol.

source-ip-upper-16

Include/exclude source IP address upper 16 bits.

option

include

Option	Description
include	Include source IP address upper 16 bits.
exclude	Exclude source IP address upper 16 bits.

source-ip-lower-16

Include/exclude source IP address lower 16 bits.

option

include

Option	Description
include	Include source IP address lower 16 bits.
exclude	Exclude source IP address lower 16 bits.

destination-ip-upper-16

Include/exclude destination IP address upper 16 bits.

option

include

Option	Description
include	Include destination IP address upper 16 bits.
exclude	Exclude destination IP address upper 16 bits.

destination-ip-lower-16

Include/exclude destination IP address lower 16 bits.

option

include

Option	Description
include	Include destination IP address lower 16 bits.
exclude	Exclude destination IP address lower 16 bits.

source-port

Include/exclude source port if TCP/UDP.

option

include

Option	Description
include	Include source port if TCP/UDP.
exclude	Exclude source port if TCP/UDP.

destination-port

Include/exclude destination port if TCP/UDP.

option

include

Option	Description
include	Include destination port if TCP/UDP.
exclude	Exclude destination port if TCP/UDP.

netmask-length

Network mask length.

integer

Minimum value: 17 Maximum value: 32

config sw-tr-hash

Parameter

Description

Type

Size

Default

draco15

Enable/disable DRACO15 hashing.

option

enable

Option	Description
enable	Enable using DRACO15 hashing for unicast trunk traffic.
disable	Enable using DRACO15 hashing for unicast trunk traffic.

tcp-udp-port

Include/exclude TCP/UDP source and destination port for unicast trunk traffic.

option

exclude

Option	Description
include	Include TCP/UDP source and destination port for unicast trunk traffic.
exclude	Exclude TCP/UDP source and destination port for unicast trunk traffic.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

config system npu

config system npu

config system npu

config dos-options

config dsw-dts-profile

config dsw-queue-dts-profile

config fp-anomaly

config hpe

config ip-reassembly

config isf-np-queues

config profile

config ethernet-type

config ip-protocol