Diagnosing NPU-based interfaces
Some Fortinet products contain network processors, such as NP6, NP6Lite, NP6XLite, NP7, or NP7Lite. Offloading requirements will vary depending on the model.
To view the initial session setup for NPU-based interfaces:
diagnose debug flow
- If the session is programmed into the ASIC (fastpath) correctly, the command will not detect the packets that arrive at the CPU.
- If the NPU functionality is disabled, the CPU detects all the packets. However, you should only disable the NPU functionality for troubleshooting purposes.
To diagnose NPU-based interfaces:
- Get the NPx or NPU ID and port numbers.
diagnose npu <processor> list
The output will look like this:
ID Model Slot Interface
0 On-board port1 fabric1 fabric3 fabric5
1 On-board fabric2 port2 base2 fabric4
- Disable the NPU functionality.
diagnose npu <processor> fastpath disable <dev_id>
The
dev_id
is the NPx ID number. - Analyze the packets.
diagnose npu <processor> fastpath-sniffer enable port1
These commands only apply to NP4 and NP6 interfaces.
The output will look similar to:
NP4 Fast Path Sniffer on port1 enabled
This causes traffic on
port1
of the network processor to be sent to the CPU. This means you can perform a standard sniffer trace and use other diagnostic commands, if it is a standard CPU-driven port.