Fortinet black logo

Hyperscale Firewall Guide

Viewing the NP7 hyperscale policy engine routing configuration

Viewing the NP7 hyperscale policy engine routing configuration

You can use the following diagnose command to view the current NP7 hyperscale policy engine routing configuration. You can also use this command to add and remove routes. Because this is a diagnose command, any changes are reverted to defaults when the FortiGate restarts:

diagnose npd route {lookup | dump | stats| sync | flush | add | del}

lookup lookup route links.

dump list the NP7 policy engine routing table.

stats display route statistics.

sync update the NP7 policy engine routing table to match the CPU kernel routing table.

flush flush the NP7 policy engine routing table.

add add a route to the NP7 policy engine routing table.

del delete a route to the NP7 policy engine routing table.

The syntax for the add and del command is:

diagnose npd route {add | del} <destination> <prefix-length> <gateway> <oif> <table> <scope> <type> <proto> <priority> <tos> <flags>

For blackhole and loopback routes, set <flags> to the following nh_flags values:

  • For blackhole routes the nh_flags value is 0x80.

  • For loopback routes, the nh_flags value is 0x100.

For example, use the following command to add a blackhole route to the NP7 policy engine routing table:

diagnose npd route add 1.1.1.1 24 0.0.0.0 54 254 0 1 11 3333 0 0x80

The following command will delete this route from the NP7 policy engine routing table:

diagnose npd route del 1.1.1.1 24 0.0.0.0 54 254 0 1 11 3333 0 0x80

Viewing the NP7 hyperscale policy engine routing configuration

You can use the following diagnose command to view the current NP7 hyperscale policy engine routing configuration. You can also use this command to add and remove routes. Because this is a diagnose command, any changes are reverted to defaults when the FortiGate restarts:

diagnose npd route {lookup | dump | stats| sync | flush | add | del}

lookup lookup route links.

dump list the NP7 policy engine routing table.

stats display route statistics.

sync update the NP7 policy engine routing table to match the CPU kernel routing table.

flush flush the NP7 policy engine routing table.

add add a route to the NP7 policy engine routing table.

del delete a route to the NP7 policy engine routing table.

The syntax for the add and del command is:

diagnose npd route {add | del} <destination> <prefix-length> <gateway> <oif> <table> <scope> <type> <proto> <priority> <tos> <flags>

For blackhole and loopback routes, set <flags> to the following nh_flags values:

  • For blackhole routes the nh_flags value is 0x80.

  • For loopback routes, the nh_flags value is 0x100.

For example, use the following command to add a blackhole route to the NP7 policy engine routing table:

diagnose npd route add 1.1.1.1 24 0.0.0.0 54 254 0 1 11 3333 0 0x80

The following command will delete this route from the NP7 policy engine routing table:

diagnose npd route del 1.1.1.1 24 0.0.0.0 54 254 0 1 11 3333 0 0x80