Chapter 12 – Hardware Acceleration

Leave a reply

Configuring NP accelerated IPsec VPN encryption/decryption offloading

Network processing unit (npu) settings configure offloading behavior for IPsec VPN. Configured behavior applies to all network processors in the FortiGate unit.

config system npu

set enc-offload-antireplay {enable | disable} set dec-offload-antireplay {enable | disable} set offload-ipsec-host {enable | disable}

end

 

Variables                                                  Description                                                               Default

enc-offload-antireplay

{enable | disable}

Enable or disable offloading of IPsec encryption.

This option is used only when replay detection is enabled in Phase 2 configuration. If replay detection is disabled, encryption is always offloaded.

disable

dec-offload-antireplay

{enable | disable}

Enable or disable offloading of IPsec decryption.

 

This option is used only when replay detection is enabled in Phase 2 configuration. If replay detection is disabled, decryption is always offloaded.

 

enable

offload-ipsec-host {enable |

disable}

Enable or disable offloading of IPsec encryption of traffic from local host (FortiGate unit).

 

Note: For this option to take effect, the FortiGate unit must have previously sent the security asso- ciation (SA) to the network processor.

disable

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.