Fortinet white logo
Fortinet white logo

Cookbook

Diagnosing NPU-based interfaces

Diagnosing NPU-based interfaces

Some Fortinet products contain network processors, such as NP1, NP2, NP4, and NP6. Offloading requirements will vary depending on the model.

To view the initial session setup for NPU-based interfaces:

diagnose debug flow

  • If the session is programmed into the ASIC (fastpath) correctly, the command will not detect the packets that arrive at the CPU.
  • If the NPU functionality is disabled, the CPU detects all the packets. However, you should only disable the NPU functionality for troubleshooting purposes.
To diagnose NPU-based interfaces:
  1. Get the NP4 or NPU ID and port numbers.

    diagnose npu {np4|npu6}list

    The output will look like this:

    ID Model Slot Interface

    0 On-board port1 fabric1 fabric3 fabric5

    1 On-board fabric2 port2 base2 fabric4

  2. Disable the NPU functionality.

    diagnose npu {np4|npu6}fastpath disable <dev_id>

    The dev_id is the NP4 or NP6 number.

  3. Analyze the packets.

    diagnose npu {np4|npu6}fastpath-sniffer enable port1

    Note

    These commands only apply to the newer NP4 and NP6 interfaces.

    The output will look like this:

    NP4 Fast Path Sniffer on port1 enabled

    This causes traffic on port1 of the network processor to be sent to the CPU. This means you can perform a standard sniffer trace and use other diagnostic commands, if it is a standard CPU-driven port.

Diagnosing NPU-based interfaces

Diagnosing NPU-based interfaces

Some Fortinet products contain network processors, such as NP1, NP2, NP4, and NP6. Offloading requirements will vary depending on the model.

To view the initial session setup for NPU-based interfaces:

diagnose debug flow

  • If the session is programmed into the ASIC (fastpath) correctly, the command will not detect the packets that arrive at the CPU.
  • If the NPU functionality is disabled, the CPU detects all the packets. However, you should only disable the NPU functionality for troubleshooting purposes.
To diagnose NPU-based interfaces:
  1. Get the NP4 or NPU ID and port numbers.

    diagnose npu {np4|npu6}list

    The output will look like this:

    ID Model Slot Interface

    0 On-board port1 fabric1 fabric3 fabric5

    1 On-board fabric2 port2 base2 fabric4

  2. Disable the NPU functionality.

    diagnose npu {np4|npu6}fastpath disable <dev_id>

    The dev_id is the NP4 or NP6 number.

  3. Analyze the packets.

    diagnose npu {np4|npu6}fastpath-sniffer enable port1

    Note

    These commands only apply to the newer NP4 and NP6 interfaces.

    The output will look like this:

    NP4 Fast Path Sniffer on port1 enabled

    This causes traffic on port1 of the network processor to be sent to the CPU. This means you can perform a standard sniffer trace and use other diagnostic commands, if it is a standard CPU-driven port.