Tag Archives: fortigate vdom links

Configuring Inter-VDOM link acceleration with NP4 processors

Configuring Inter-VDOM link acceleration with NP4 processors

FortiGate units with NP4 processors include inter-VDOM links that can be used to accelerate inter-VDOM link traffic.

Traffic is blocked if you enable IPS for traffic passing over inter-VDOM links if that traffic is being offloaded by an NP4 processor.If you disable NP4 offloading traffic will be allowed to flow. You can disable offloading in individual firewall policies by dis- abling auto-asic-offload for those policies. You can also use the following com- mand to disable all IPS offloading

config ips global

set np-accel-mode none set cp-accel-mode none

end

 

  • For a FortiGate unit with two NP4 processors there are also two inter-VDOM links, each with two interfaces:
  • npu0-vlink: npu0-vlink0 npu0-vlink1
  • npu1-vlink: npu1-vlink0 npu1-vlink1

These interfaces are visible from the GUI and CLI. For a FortiGate unit with NP4 interfaces, enter the following CLI command (output shown for a FortiGate-5001B):

get hardware npu np4 list

 

 

 

ID

 

 

Model

 

 

Slot

 

 

Interface

0 On-board   port1 port2 port3 port4
      fabric1 base1 npu0-vlink0 npu0-vlink1
1 On-board   port5 port6 port7 port8
      fabric2 base2 npu1-vlink0 npu1-vlink1

By default the interfaces in each inter-VDOM link are assigned to the root VDOM. To use these interfaces to

accelerate inter-VDOM link traffic, assign each interface in a pair to the VDOMs that you want to offload traffic between. For example, if you have added a VDOM named New-VDOM to a FortiGate unit with NP4 processors, you can go to System > Network > Interfaces and edit the npu0-vlink1 interface and set the Virtual Domain to NewVDOM.

This results in an inter-VDOM link between root and New-VDOM. You can also do this from the CLI:

config system interface edit npu0-vlink1

set vdom New-VDOM

end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!