Using diagnose npu np6 npu-feature to verify enabled NP6 features

Using diagnose npu np6 npu-feature to verify enabled NP6 features

You can use the diagnose npu np6 npu-feature command to see what NP6 features are enabled and which are not. The following command output shows the normal default NP6 configuration for most FortiGates. In this output all features are enabled except low latency features and GRE offloading. Low latency is only available on the FortiGate-3700D and DX models and GRE offloading will become available in a future FortiOS release. The following output is from a FortiGate-1500D

 

diagnose npu np6 npu-feature

np_0      np_1

——————- ——— ——— Fastpath            Enabled   Enabled Low-latency-mode    Disabled  Disabled

Low-latency-cap     No        No

IPv4 firewall Yes Yes
IPv6 firewall Yes Yes
IPv4 IPSec Yes Yes
IPv6 IPSec Yes Yes
IPv4 tunnel Yes Yes
IPv6 tunnel Yes Yes
GRE tunnel No No
IPv4 Multicast Yes Yes
IPv6 Multicast Yes Yes
CAPWAP Yes Yes

If you use the following command to disable fastpath for np_0:

config system np6 edit np6_0

set fastpath disable end

The npu-feature command output show this configuration change:

diagnose npu np6 npu-feature

np_0      np_1

IPv4 firewall Yes Yes
IPv6 firewall Yes Yes
IPv4 IPSec Yes Yes
IPv6 IPSec Yes Yes
IPv4 tunnel Yes Yes
IPv6 tunnel Yes Yes
GRE tunnel No No
IPv4 Multicast Yes Yes
IPv6 Multicast Yes Yes
CAPWAP Yes Yes

 

——————- ——— ——— Fastpath            Disabled  Enabled Low-latency-mode    Disabled  Disabled Low-latency-cap     No        No

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in FortiOS 5.4 Handbook and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.