Fortinet black logo

Hyperscale Firewall Release Notes

Home FortiGate / FortiOS 6.4.8 Hyperscale Firewall Release Notes

Enabling or disabling per-policy accounting for hyperscale firewall traffic

6.4.8
7.2.4
7.2.3
7.2.2
7.2.1
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6
Copy Link
Copy Doc ID 2d41ab62-4d5b-11ec-bdf2-fa163e15d75b:598524
Download PDF

Enabling or disabling per-policy accounting for hyperscale firewall traffic

Per-policy accounting for hyperscale firewall traffic was added to hyperscale firewall for FortiOS 6.2.7. This change was documented as resolved issue 689660 (Policy hit counters have been implemented for hyperscale firewall policies), in the Resolved issues section of the FortiOS 6.2.7 hyperscale firewall release notes. Per-policy accounting was added to be able to record hit counts for packets accepted or denied by hyperscale firewall policies.

To implement per-policy accounting for hyperscale firewall policies, changes were made to NP7 session management. As a result of these changes, per-policy accounting for hyperscale firewall policies can reduce hyperscale firewall performance.

Hyperscale firewall for FortiOS 6.4.8 includes the following command that you can use to enable or disable hyperscale firewall per-policy accounting for all hyperscale traffic:

config system npu

set per-policy-accounting {disable | enable}

end

Per-policy accounting is disabled by default. When per-policy accounting is enabled, you can see hyperscale firewall policy hit counts on the GUI and CLI. If you disable per-policy-accouting for hyperscale firewall traffic, FortiOS will not collect hit count information for traffic accepted or denied by hyperscale firewall policies.

Note

Enabling or disabling per-policy accounting deletes all current sessions, disrupting traffic. Changing the per-policy accounting configuration should only be done during a quiet period.
Previous
Next

Enabling or disabling per-policy accounting for hyperscale firewall traffic

Per-policy accounting for hyperscale firewall traffic was added to hyperscale firewall for FortiOS 6.2.7. This change was documented as resolved issue 689660 (Policy hit counters have been implemented for hyperscale firewall policies), in the Resolved issues section of the FortiOS 6.2.7 hyperscale firewall release notes. Per-policy accounting was added to be able to record hit counts for packets accepted or denied by hyperscale firewall policies.

To implement per-policy accounting for hyperscale firewall policies, changes were made to NP7 session management. As a result of these changes, per-policy accounting for hyperscale firewall policies can reduce hyperscale firewall performance.

Hyperscale firewall for FortiOS 6.4.8 includes the following command that you can use to enable or disable hyperscale firewall per-policy accounting for all hyperscale traffic:

config system npu

set per-policy-accounting {disable | enable}

end

Per-policy accounting is disabled by default. When per-policy accounting is enabled, you can see hyperscale firewall policy hit counts on the GUI and CLI. If you disable per-policy-accouting for hyperscale firewall traffic, FortiOS will not collect hit count information for traffic accepted or denied by hyperscale firewall policies.

Note

Enabling or disabling per-policy accounting deletes all current sessions, disrupting traffic. Changing the per-policy accounting configuration should only be done during a quiet period.
Previous
Next