Example; Config System Npu; Syntax - Fortinet FortiGate FortiGate-ASM-FB4 Technical Note

Version 1.0

Hide thumbs Also See for FortiGate FortiGate-ASM-FB4:

Quick start manual (1 page)

Table Of Contents

Table of Contents

Specialized CLI settings

Example

config system npu

Syntax

FortiGate-ASM-FB4 Version 1.0 Technical Note

01-30005-0424-20071002

You might configure the media type for an SGMII transceiver, and hardware

accelerate dropping packets with TCP WinNuke or unknown IP protocol

anomalies, but to pass packets with an IP time stamp.

config system interface

edit AMC-SW1/1

set mediatype sgmii

set fp-anomaly drop_winnuke drop_ipunknown_prot

pass_iptimestamp

end

Network processing unit (npu, the FortiGate-ASM-FB4 module) settings appear

when a FortiGate-ASM-FB4 module is installed. The following settings configure

offloading behavior for IPSec VPN and traffic shaping.

config system npu

set

enc-offload-antireplay {enable | disable}

set

dec-offload-antireplay {enable | disable}

set

offload-ipsec-host {enable | disable}

set

traffic-shaping-mode{bidirection | unidirection}

end

Variables

Description

Enable or disable offloading of IPSec encryption.

enc-offload-

This option is used only when replay detection is

antireplay

enabled in Phase 2 configuration. If replay detection

{enable |

is disabled, encryption is always offloaded.

disable}

Enable or disable offloading of IPSec decryption.

dec-offload-

This option is used only when replay detection is

antireplay

enabled in Phase 2 configuration. If replay detection

{enable |

is disabled, decryption is always offloaded.

disable}

Enable or disable offloading of IPSec encryption of

offload-ipsec-

traffic from local host (FortiGate unit).

host {enable |

Note: For this option to take effect, the FortiGate unit

disable}

must have previously sent the security association

(SA) to the FortiGate-ASM-FB4 module. For details

on SA offloading, see

requirements" on page

Select the offloaded traffic shaping bandwidth

traffic-shaping-

calculation method.

mode{bidirection

•

| unidirection}

•

"IPSec offloading

unidirection: The bandwidth limit applies per

direction. For example, a unidirectional limit of 10

KBps would result in an overall limit of 20 KBps

— 10 KBps per direction.

bidirection: The bandwidth limit applies to

both directions overall. For example, a

bidirectional limit of 10 KBps would result in an

overall limit of 10 KBps — 5 KBps per direction.

config system npu

Default

disable

enable

disable

bidirec

tion for

FortiGate

-3600A

units;

unidire

ction

for

FortiGate

-3810

units

Table of Contents

Example; Config System Npu; Syntax - Fortinet FortiGate FortiGate-ASM-FB4 Technical Note

Example

config system npu

Syntax

Related Manuals for Fortinet FortiGate FortiGate-ASM-FB4

Related Content for Fortinet FortiGate FortiGate-ASM-FB4

Table of Contents