Fortinet black logo

Administration Guide

Diagnosing NPU-based interfaces

Diagnosing NPU-based interfaces

Some Fortinet products contain network processors, such as NP4, NP6Lite, or NP6. Offloading requirements will vary depending on the model.

To view the initial session setup for NPU-based interfaces:

diagnose debug flow

  • If the session is programmed into the ASIC (fastpath) correctly, the command will not detect the packets that arrive at the CPU.
  • If the NPU functionality is disabled, the CPU detects all the packets. However, you should only disable the NPU functionality for troubleshooting purposes.
To diagnose NPU-based interfaces:
  1. Get the NPx or NPU ID and port numbers.

    diagnose npu <processor> list

    The output will look like this:

    ID Model Slot Interface

    0 On-board port1 fabric1 fabric3 fabric5

    1 On-board fabric2 port2 base2 fabric4

  2. Disable the NPU functionality.

    diagnose npu <processor> fastpath disable <dev_id>

    The dev_id is the NPx ID number.

  3. Analyze the packets.

    diagnose npu <processor> fastpath-sniffer enable port1

    Note

    These commands only apply to NP4 and NP6 interfaces.

    The output will look similar to:

    NP4 Fast Path Sniffer on port1 enabled

    This causes traffic on port1 of the network processor to be sent to the CPU. This means you can perform a standard sniffer trace and use other diagnostic commands, if it is a standard CPU-driven port.

Diagnosing NPU-based interfaces

Some Fortinet products contain network processors, such as NP4, NP6Lite, or NP6. Offloading requirements will vary depending on the model.

To view the initial session setup for NPU-based interfaces:

diagnose debug flow

  • If the session is programmed into the ASIC (fastpath) correctly, the command will not detect the packets that arrive at the CPU.
  • If the NPU functionality is disabled, the CPU detects all the packets. However, you should only disable the NPU functionality for troubleshooting purposes.
To diagnose NPU-based interfaces:
  1. Get the NPx or NPU ID and port numbers.

    diagnose npu <processor> list

    The output will look like this:

    ID Model Slot Interface

    0 On-board port1 fabric1 fabric3 fabric5

    1 On-board fabric2 port2 base2 fabric4

  2. Disable the NPU functionality.

    diagnose npu <processor> fastpath disable <dev_id>

    The dev_id is the NPx ID number.

  3. Analyze the packets.

    diagnose npu <processor> fastpath-sniffer enable port1

    Note

    These commands only apply to NP4 and NP6 interfaces.

    The output will look similar to:

    NP4 Fast Path Sniffer on port1 enabled

    This causes traffic on port1 of the network processor to be sent to the CPU. This means you can perform a standard sniffer trace and use other diagnostic commands, if it is a standard CPU-driven port.