Configuring NP accelerated IPsec VPN encryption/decryption offloading
Network processing unit (npu) settings configure offloading behavior for IPsec VPN. Configured behavior applies to all network processors in the FortiGate unit.
config system npu
set enc-offload-antireplay {enable | disable} set dec-offload-antireplay {enable | disable} set offload-ipsec-host {enable | disable}
end
Variables Description Default
enc-offload-antireplay
{enable | disable}
Enable or disable offloading of IPsec encryption.
This option is used only when replay detection is enabled in Phase 2 configuration. If replay detection is disabled, encryption is always offloaded.
disable
dec-offload-antireplay
{enable | disable}
Enable or disable offloading of IPsec decryption.
This option is used only when replay detection is enabled in Phase 2 configuration. If replay detection is disabled, decryption is always offloaded.
enable
offload-ipsec-host {enable |
disable}
Enable or disable offloading of IPsec encryption of traffic from local host (FortiGate unit).
Note: For this option to take effect, the FortiGate unit must have previously sent the security asso- ciation (SA) to the network processor.
disable
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!