Fortinet fortigate-asm-fb4 Nota De Lançamento
Specialized CLI settings
config system npu
FortiGate-ASM-FB4 Version 1.0 Technical Note
01-30005-0424-20071002
01-30005-0424-20071002
15
Example
You might configure the media type for an SGMII transceiver, and hardware
accelerate dropping packets with TCP WinNuke or unknown IP protocol
anomalies, but to pass packets with an IP time stamp.
accelerate dropping packets with TCP WinNuke or unknown IP protocol
anomalies, but to pass packets with an IP time stamp.
config system interface
edit AMC-SW1/1
set mediatype sgmii
set fp-anomaly drop_winnuke drop_ipunknown_prot
set fp-anomaly drop_winnuke drop_ipunknown_prot
pass_iptimestamp
end
config system npu
Network processing unit (npu, the FortiGate-ASM-FB4 module) settings appear
when a FortiGate-ASM-FB4 module is installed. The following settings configure
offloading behavior for IPSec VPN and traffic shaping.
offloading behavior for IPSec VPN and traffic shaping.
Syntax
config system npu
set
set
set
set
end
Variables
Description
Default
enc-offload-
antireplay
{enable |
disable}
antireplay
{enable |
disable}
Enable or disable offloading of IPSec encryption.
This option is used only when replay detection is
This option is used only when replay detection is
enabled in Phase 2 configuration. If replay detection
is disabled, encryption is always offloaded.
disable
dec-offload-
antireplay
{enable |
disable}
antireplay
{enable |
disable}
Enable or disable offloading of IPSec decryption.
This option is used only when replay detection is
This option is used only when replay detection is
enabled in Phase 2 configuration. If replay detection
is disabled, decryption is always offloaded.
enable
offload-ipsec-
host {enable |
disable}
host {enable |
disable}
Enable or disable offloading of IPSec encryption of
traffic from local host (FortiGate unit).
Note: For this option to take effect, the FortiGate unit
Note: For this option to take effect, the FortiGate unit
must have previously sent the security association
(SA) to the FortiGate-ASM-FB4 module. For details
on SA offloading, see
.
disable
traffic-shaping-
mode{bidirection
| unidirection}
mode{bidirection
| unidirection}
Select the offloaded traffic shaping bandwidth
calculation method.
•
•
unidirection: The bandwidth limit applies per
direction. For example, a unidirectional limit of 10
KBps would result in an overall limit of 20 KBps
— 10 KBps per direction.
•
bidirection: The bandwidth limit applies to
both directions overall. For example, a
bidirectional limit of 10 KBps would result in an
overall limit of 10 KBps — 5 KBps per direction.
bidirec
tion for
FortiGate
-3600A
units;
unidire
ction
for
FortiGate
-3810
units