Configuring Inter-VDOM link acceleration with NP4 processors
FortiGate units with NP4 processors include inter-VDOM links that can be used to accelerate inter-VDOM link traffic.
Traffic is blocked if you enable IPS for traffic passing over inter-VDOM links if that traffic is being offloaded by an NP4 processor.If you disable NP4 offloading traffic will be allowed to flow. You can disable offloading in individual firewall policies by dis- abling auto-asic-offload for those policies. You can also use the following com- mand to disable all IPS offloading
config ips global
set np-accel-mode none set cp-accel-mode none
end
- For a FortiGate unit with two NP4 processors there are also two inter-VDOM links, each with two interfaces:
- npu0-vlink: npu0-vlink0 npu0-vlink1
- npu1-vlink: npu1-vlink0 npu1-vlink1
These interfaces are visible from the GUI and CLI. For a FortiGate unit with NP4 interfaces, enter the following CLI command (output shown for a FortiGate-5001B):
get hardware npu np4 list
ID |
Model |
Slot |
Interface |
0 | On-board | port1 port2 port3 port4 | |
fabric1 base1 npu0-vlink0 npu0-vlink1 | |||
1 | On-board | port5 port6 port7 port8 | |
fabric2 base2 npu1-vlink0 npu1-vlink1 |
By default the interfaces in each inter-VDOM link are assigned to the root VDOM. To use these interfaces to
accelerate inter-VDOM link traffic, assign each interface in a pair to the VDOMs that you want to offload traffic between. For example, if you have added a VDOM named New-VDOM to a FortiGate unit with NP4 processors, you can go to System > Network > Interfaces and edit the npu0-vlink1 interface and set the Virtual Domain to New–VDOM.
This results in an inter-VDOM link between root and New-VDOM. You can also do this from the CLI:
config system interface edit npu0-vlink1
set vdom New-VDOM
end