09-09-2024 08:49 AM
We are troubleshooting something with TAC wherein they asked us to set the FBO to "Software".
What, exactly, is an FBO? I cannot find any references thereto in the docs besides the CLI reference, and that tells me nothing.
09-10-2024 01:09 AM - edited 09-10-2024 01:11 AM
Hi @dan_urson ,
Setting FBO to "software" allows the firewall to attempt SSL decryption using software processing instead of hardware, providing a secondary layer of processing for encrypted traffic. However, it can impact performance, so it should be configured with consideration of the firewall's capacity.
Using the "fbo show" command as seen in the example below allows you to see which operations are set to hardware/software processing.
You can set specific ones to hardware/software or all of them at the same time:
> debug dataplane fbo show
DP s1dp0:
offload timeout: 200 ms
rsa-sign = software
rsa-verify = hardware
ecdsa-sign = software
ecdsa-verify = hardware
ecdhe-key-generate = software
ecdhe-key-compute = hardware
> debug dataplane fbo set
> all Use hardware/software for all RSA and EC operations
> ecdhe-key-compute Use hardware/software for ECDHE key compute
> ecdhe-key-generate Use hardware/software for ECDHE key generate
> ecdsa-sign Use hardware/software for ECDSA sign
> ecdsa-verify Use hardware/software for ECDSA verify
> rsa-sign Use hardware/software for RSA sign
> rsa-verify Use hardware/software for RSA verify
#To set all to sofware :
> debug dataplane fbo set all software
Hope this helps,
-Kim.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
