Chapter 12 – Hardware Acceleration

Leave a reply

Configuring NP accelerated IPsec VPN encryption/decryption offloading

Network processing unit (npu) settings configure offloading behavior for IPsec VPN. Configured behavior applies to all network processors in the FortiGate unit.

config system npu

set enc-offload-antireplay {enable | disable} set dec-offload-antireplay {enable | disable} set offload-ipsec-host {enable | disable}

end

 

Variables                                                  Description                                                               Default

enc-offload-antireplay

{enable | disable}

Enable or disable offloading of IPsec encryption.

This option is used only when replay detection is enabled in Phase 2 configuration. If replay detection is disabled, encryption is always offloaded.

disable

dec-offload-antireplay

{enable | disable}

Enable or disable offloading of IPsec decryption.

 

This option is used only when replay detection is enabled in Phase 2 configuration. If replay detection is disabled, decryption is always offloaded.

 

enable

offload-ipsec-host {enable |

disable}

Enable or disable offloading of IPsec encryption of traffic from local host (FortiGate unit).

 

Note: For this option to take effect, the FortiGate unit must have previously sent the security asso- ciation (SA) to the network processor.

disable

 

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.