For When You Can't Have The Real Thing
[ start | index | login ]
start > FortiOS > 6.0 > IPSA self test failed, disable IPSA!

IPSA self test failed, disable IPSA!

Created by dave. Last edited by dave, 252 days ago. Viewed 168 times. #1
[edit] [rdf]
labels
attachments
(2022-01-17)

Problem

IPSA self test failed, disable IPSA!

Solution

FW # conf ips global 
FW (global) # set cp-accel-mode none 
FW (global) # end

Discussion

Hardware Acceleration for flow-based security profiles (NTurbo and IPSA)

Some FortiGate models support a feature call NTurbo that can offload flow-based firewall sessions to NP4 or NP6 network processors. Some FortiGate models also support offloading enhanced pattern matching for flow- based security profiles to CP8 or CP9 content processors. You can use the following command to configure NTurbo and IPSA:

config ips global

set np-accel-mode {none | basic}

set cp-accel-mode {none | basic | advanced}

end

If the np-accel-mode option is available, your FortiGate supports NTurbo: none disables NTurbo and basic (the default) enables NTurbo. If the cp-accel-mode option is available your FortiGate supports IPSA: none disables IPSA, basic enables basic IPSA and advanced enables enhanced IPSA which can offload more types of pattern matching than basic IPSA. advanced is only available on FortiGate models with two or more CP8 processors or one or more CP9 processors.

See the Hardware Acceleration handbook chapter for more information about NTurbo and IPSA.

(>>Source)

Fortinet Support has apparently advised people to move from 6.2 to 6.4 to correct this problem (>>Source)

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt