Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate / FortiOS 8.0.0 Administration Guide
    8.0.0
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0

    PF and VF SR-IOV driver and virtual SPU support

    PF and VF SR-IOV driver and virtual SPU support

    Physical function (PF) and virtual function (VF) PCI Passthrough and SR-IOV drivers in FortiGate guest VM are supported.

    PF provides the ability for PCI Passthrough, but requires an entire Network Interface Card (NIC) for a VM. It can usually achieve greater performance than a Virtual Function (VF) based SR-IOV. PF is also expensive. While VF allows one NIC to be shared among multiple guests VMs, PF is allocated to one port on a VM.

    The supported driver versions are:

    Driver

    Version

    Hypervisor

    PCI-Passthrough/SR-IOV

    vSPU (In-guest DPDK)

    Note

    ixgbe

    5.3.7

    ESXi, KVM

    Yes

    Yes

    Ixgbevf

    4.3.5

    i40e

    2.12.6

    Yes

    i40evf

    3.6.15

    Available in FortiOS 6.4.0 and earlier versions.

    Iavf

    4.5.3

    Replaces i40evf in FortiOS 6.4.1 and later versions. Supports Intel E810-C 100G adapters.

    Mlx5

    24.04-0.6.6

    Supports Nvidia ConnectX-5 and ConnectX-6 100G adapters.

    Bnxt_en

    1.10.1-216.0.416.1

    Available in FortiOS 6.4.3 and later versions. Supports Broadcom P2100G 100G adapters.

    Vmxnet3

    1.4.16.0-k-NAPI

    ESXi

    The combination of VMware ESXi and NSX-T does not support virtual SPU (vSPU).

    ICE

    1.9.11

    ESXi, KVM

    Yes

    Yes

    Added support to Intel 25GbE E-810 card and its variants (E810-XXVDA2 and E810-XXVDA4)

    Other hypervisors, such as Xen or Microsoft Hyper-V, may work with vSPU, although they are unverified.

    All tools and software utilities for UEFI 1.X have been removed from 6.2.0 and later releases. Update to UEFI 2.x to use the UEFI tools or software utilities.

    You perform the configuration to use PF or VF on the hypervisor, and do not configure it on the FortiGate.

    To check what driver is being used on the FortiGate:
    # diagnose hardware deviceinfo nic port2
Name:        port2
Driver:      i40e
Version:     2.4.10
Bus:         0000:03:00.0
Hwaddr:      3c:fd:fe:1e:98:02
Permanent Hwaddr:3c:fd:fe:1e:98:02
State:       up
Link:        up
Mtu:         1500
Supported:   auto 1000full 10000full
Advertised:  auto 1000full 10000full
Auto:        disabled
Rx packets:      0
Rx bytes:        0
Rx compressed:       0
...
    Previous
    Next

    PF and VF SR-IOV driver and virtual SPU support

    PF and VF SR-IOV driver and virtual SPU support

    Physical function (PF) and virtual function (VF) PCI Passthrough and SR-IOV drivers in FortiGate guest VM are supported.

    PF provides the ability for PCI Passthrough, but requires an entire Network Interface Card (NIC) for a VM. It can usually achieve greater performance than a Virtual Function (VF) based SR-IOV. PF is also expensive. While VF allows one NIC to be shared among multiple guests VMs, PF is allocated to one port on a VM.

    The supported driver versions are:

    Driver

    Version

    Hypervisor

    PCI-Passthrough/SR-IOV

    vSPU (In-guest DPDK)

    Note

    ixgbe

    5.3.7

    ESXi, KVM

    Yes

    Yes

    Ixgbevf

    4.3.5

    i40e

    2.12.6

    Yes

    i40evf

    3.6.15

    Available in FortiOS 6.4.0 and earlier versions.

    Iavf

    4.5.3

    Replaces i40evf in FortiOS 6.4.1 and later versions. Supports Intel E810-C 100G adapters.

    Mlx5

    24.04-0.6.6

    Supports Nvidia ConnectX-5 and ConnectX-6 100G adapters.

    Bnxt_en

    1.10.1-216.0.416.1

    Available in FortiOS 6.4.3 and later versions. Supports Broadcom P2100G 100G adapters.

    Vmxnet3

    1.4.16.0-k-NAPI

    ESXi

    The combination of VMware ESXi and NSX-T does not support virtual SPU (vSPU).

    ICE

    1.9.11

    ESXi, KVM

    Yes

    Yes

    Added support to Intel 25GbE E-810 card and its variants (E810-XXVDA2 and E810-XXVDA4)

    Other hypervisors, such as Xen or Microsoft Hyper-V, may work with vSPU, although they are unverified.

    All tools and software utilities for UEFI 1.X have been removed from 6.2.0 and later releases. Update to UEFI 2.x to use the UEFI tools or software utilities.

    You perform the configuration to use PF or VF on the hypervisor, and do not configure it on the FortiGate.

    To check what driver is being used on the FortiGate:
    # diagnose hardware deviceinfo nic port2
Name:        port2
Driver:      i40e
Version:     2.4.10
Bus:         0000:03:00.0
Hwaddr:      3c:fd:fe:1e:98:02
Permanent Hwaddr:3c:fd:fe:1e:98:02
State:       up
Link:        up
Mtu:         1500
Supported:   auto 1000full 10000full
Advertised:  auto 1000full 10000full
Auto:        disabled
Rx packets:      0
Rx bytes:        0
Rx compressed:       0
...
    Previous
    Next