Chapter 12 – Hardware Acceleration

Determining the content processor in your FortiGate unit

Use the get hardware status CLI command to determine which content processor your FortiGate unit contains. The output looks like this:

get hardware status

Model name: FortiGate-100D

ASIC version: CP8

ASIC SRAM: 64M

CPU: Intel(R) Atom(TM) CPU D525 @ 1.80GHz

Number of CPUs: 4

RAM: 1977 MB

Compact Flash: 15331 MB /dev/sda

Hard disk: 15272 MB /dev/sda

USB Flash: not available

Network Card chipset: Intel(R) PRO/1000 Network Connection (rev.0000) Network Card chipset: bcm-sw Ethernet driver 1.0 (rev.)

The ASIC version line lists the content processor model number.

 

Viewing SSL acceleration status

You can view the status of SSL acceleration using the following command:

get vpn status ssl hw-acceleration-status

Acceleration hardware detected: kxp=on cipher=on

 

Disabling CP offloading for firewall policies

If you want to completely disable offloading to CP processors for test purposes or other reasons, you can do so in security policies. Here are some examples:

For IPv4 security policies.

config firewall policy edit 1

set auto-asic-offload disable end

For IPv6 security policies.

 

config firewall policy6 edit 1

set auto-asic-offload disable end

For multicast security policies.

 

config firewall multicast-policy edit 1

set auto-asic-offload disable end

 

Disabling  auto-asic-offload also disables NP offloading.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.