NSE 7 — Enterprise Firewall — Question 65

Which statement about network processor (NP) offloading is true?

Answer options

• A. When NP acceleration is enabled, firewall sessions may not offload if proxy-based security profiles are included in the firewall policy.
• B. You can disable the NP for each firewall policy using the command np-acceleration set to loose.
• C. The FortiGate CPU offloads all firewall sessions that require FortiOS session helper to the network processing unit (NPU).
• D. For UDP traffic, the FortiGate CPU offloads the first packet to identify it as fast-path traffic.

Correct answer: A

Explanation

The correct statement is A, as NP acceleration can indeed prevent offloading for firewall sessions that include proxy-based security profiles. Option B is incorrect because the command to disable NP acceleration is not mentioned correctly. Options C and D are also false; the FortiGate CPU does not offload all sessions requiring session helpers to the NPU, and the CPU does not offload packets based on fast-path identification in the manner described.