Description
This article explains limitations of the NP processor.
Certain interfaces are unable to support NP offloading.
These limits apply to virtual/software interfaces that are presented here below.
Scope
FortiGate
Loopback interface.
A loopback interface is a logical interface that is always up (no physical link dependency).
It is widely used to form a BGP setup with neighbors and is used as an IPsec VPN tunnel interface.
Since the interface is a software interface, it will not permit offloading to network processors.
Example of Loopback interface.
config system interface
edit "Lo1"
set vdom "root"
set ip 192.168.1.33 255.255.255.255
set allowaccess ping
set type loopback
set snmp-index 50
next
end
Note:
For devices with NP7, running on FortiOS 7.0.6 and 7.2.1 and above, hardware acceleration is supported on Loopback interfaces.
Refer to the below KB article:
Software switch.
Software switches are supported in certain models of FortiGate.
All of the interfaces in this virtual switch act like interfaces in a hardware switch.
In that, it has the same IP address and can be connected to the same network.
The FortiGate CPU is used to maintain the mac-port table, hence traffic would not be handled by network processors
Example of software switch interface.
config system switch-interface
edit <interface>
set vdom <vdom>
set member <interface_list>
set type switch
next
end
PPPoE Interface.
PPPoE is commonly used to connect to the provider edge.
It is handled by a PPP software process and connections are terminated in virtual interfaces where traffic is not able to be handled by hardware acceleration.
Example of PPPoE interface.
config system interface
edit "wan1"
set vdom "root"
set mode pppoe
set allowaccess ping
set type physical
set scan-botnet-connections block
set role wan
set snmp-index 1
config ipv6
set ip6-mode dhcp
end
set username "user@abc.com"
set dns-server-override disable
next
Solution
Use physical or VLAN interfaces that bind to fixed ports in order for traffic offloading to NP (network processors).
Related link concerning NP6 and NP6 lite acceleration:
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-hardware-acceleration/NP6.htm?Highli...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.