Fortinet white logo
Fortinet white logo

Administration Guide

Diagnosing NPU-based interfaces

Diagnosing NPU-based interfaces

Some Fortinet products contain network processors, such as NP6, NP6Lite, NP6XLite, NP7, or NP7Lite. Offloading requirements will vary depending on the model.

To view the initial session setup for NPU-based interfaces:

diagnose debug flow

  • If the session is programmed into the ASIC (fastpath) correctly, the command will not detect the packets that arrive at the CPU.
  • If the NPU functionality is disabled, the CPU detects all the packets. However, you should only disable the NPU functionality for troubleshooting purposes.
To diagnose NPU-based interfaces:
  1. Get the NPx or NPU ID and port numbers.

    diagnose npu <processor> list

    The output will look like this:

    ID Model Slot Interface

    0 On-board port1 fabric1 fabric3 fabric5

    1 On-board fabric2 port2 base2 fabric4

  2. Disable the NPU functionality.

    diagnose npu <processor> fastpath disable <dev_id>

    The dev_id is the NPx ID number.

  3. Analyze the packets.

    diagnose npu <processor> fastpath-sniffer enable port1

    Note

    These commands only apply to NP4 and NP6 interfaces.

    The output will look similar to:

    NP4 Fast Path Sniffer on port1 enabled

    This causes traffic on port1 of the network processor to be sent to the CPU. This means you can perform a standard sniffer trace and use other diagnostic commands, if it is a standard CPU-driven port.

Diagnosing NPU-based interfaces

Diagnosing NPU-based interfaces

Some Fortinet products contain network processors, such as NP6, NP6Lite, NP6XLite, NP7, or NP7Lite. Offloading requirements will vary depending on the model.

To view the initial session setup for NPU-based interfaces:

diagnose debug flow

  • If the session is programmed into the ASIC (fastpath) correctly, the command will not detect the packets that arrive at the CPU.
  • If the NPU functionality is disabled, the CPU detects all the packets. However, you should only disable the NPU functionality for troubleshooting purposes.
To diagnose NPU-based interfaces:
  1. Get the NPx or NPU ID and port numbers.

    diagnose npu <processor> list

    The output will look like this:

    ID Model Slot Interface

    0 On-board port1 fabric1 fabric3 fabric5

    1 On-board fabric2 port2 base2 fabric4

  2. Disable the NPU functionality.

    diagnose npu <processor> fastpath disable <dev_id>

    The dev_id is the NPx ID number.

  3. Analyze the packets.

    diagnose npu <processor> fastpath-sniffer enable port1

    Note

    These commands only apply to NP4 and NP6 interfaces.

    The output will look similar to:

    NP4 Fast Path Sniffer on port1 enabled

    This causes traffic on port1 of the network processor to be sent to the CPU. This means you can perform a standard sniffer trace and use other diagnostic commands, if it is a standard CPU-driven port.