Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiWeb 7.2.6 Administration Guide
    7.2.6
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    Diagnosing NIC issues

    Diagnosing NIC issues

    Sometimes diagnosing NIC issues is important, especially for hardware FortiWeb appliance.

    1. Use diagnose command to check and analyze NIC related issues:

      FortiWeb # diagnose hardware nic list port9

      driver igb

      version 5.6.0-k

      firmware-version 3.29, 0x8000021a

      bus-info 0000:85:00.0

      Supported ports: [ TP ]

      Supported link modes: 10baseT/Half 10baseT/Full

      100baseT/Half 100baseT/Full

      1000baseT/Full

      Supported pause frame use: Symmetric

      Supports auto-negotiation: Yes

      Supported FEC modes: Not reported

      Advertised link modes: 10baseT/Half 10baseT/Full

      100baseT/Half 100baseT/Full

      1000baseT/Full

      Advertised pause frame use: Symmetric

      Advertised auto-negotiation: Yes

      Advertised FEC modes: Not reported

      Speed: 1000Mb/s

      Duplex: Full

      Port: Twisted Pair

      PHYAD: 1

      Transceiver: internal

      Auto-negotiation: on

      MDI-X: off (auto)

      Supports Wake-on pumbg

      Wake-on g

      Current message level 0x00000007 (7)

      Link detected yes

      Link encap Ethernet

      HWaddr 08:35:71:11:65:BB

      INET addr 0.0.0.0

      Bcast 10.52.255.255

      Mask 255.255.0.0

      FLAG UP BROADCAST RUNNING MULTICAST

      MTU 1500

      MEtric 1

      Outfill 538970656

      Keepalive 538976266

      Memory fbd80000-fbdfffff

      RX packets 1

      RX errors 0

      RX dropped 1

      RX overruns 0

      RX frame 0

      TX packets 148

      TX errors 0

      TX dropped 0

      TX overruns 0

      TX carrier 0

      TX collisions 0

      TX queuelen 1000

      RX bytes 60 (60.0 b)

      TX bytes 10360 (10.1 Kb)

      Adaptive RX off

      Adaptive TX off

      stats-block-usecs 0

      sample-interval 0

      pkt-rate-low 0

      pkt-rate-high 0

      rx-usecs 3

      rx-frames 0

      rx-usecs-irq 0

      rx-frames-irq 0

      tx-usecs 0

      tx-frames 0

      tx-usecs-irq 0

      tx-frames-irq 0

    2. Use backend tools to check and analyze NIC related issues:

      /# ifconfig port1

      port1 Link encap:Ethernet HWaddr 08:35:71:16:F5:42

      inet addr:10.50.0.228 Bcast:10.50.255.255 Mask:255.255.0.0

      inet6 addr: fe80::a35:71ff:fe16:f542/64 Scope:Link

      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

      RX packets:0 errors:0 dropped:0 overruns:0 frame:0

      TX packets:198 errors:0 dropped:0 overruns:0 carrier:0

      collisions:0 txqueuelen:1000

      RX bytes:0 (0.0 B) TX bytes:13908 (13.5 KiB)

      #One can pay special attention to errors highlighted as above. If these error statistics continuously increase, it usually means a NIC issue or performance issue.

      Errors: counts CRC errors, too-short frames and too-long frames. This can result from faulty network cables, faulty hardware (e.g., NICs, switch ports), CRC errors, or a speed/duplex mismatch.

      Dropped: packets dropped here include NIC ring buffers full, CPU receiving NIC interrupts is very busy, cable/hw/duplex issues and driver issues

      Overruns: The overruns field counts the times when there is fifo overruns, caused by the rate at which the buffer gets full and the kernel isn't able to empty it.

      Frame: counts the number of received misaligned Ethernet frames; it usually means receiving invalid frames or CRC errors.

      /# ethtool port1

      Settings for port1:

      Supported ports: [ FIBRE ]

      Supported link modes: 40000baseSR4/Full

      Supported pause frame use: Symmetric

      Supports auto-negotiation: No

      Advertised link modes: 40000baseSR4/Full

      Advertised pause frame use: No

      Advertised auto-negotiation: No

      Speed: 40000Mb/s

      Duplex: Full

      Port: FIBRE

      PHYAD: 0

      Transceiver: internal

      Auto-negotiation: off

      Supports Wake-on: g

      Wake-on: g

      Current message level: 0x00000007 (7)

      drv probe link

      Link detected: yes

      #One can also add some options such as -S to check more details for a NIC:

      /# ethtool -S port1 | grep drop

      rx_dropped: 0

      tx_dropped: 0

      port.rx_dropped: 0

      port.tx_dropped_link_down: 1

      /# ethtool -S port1 | grep errors

      rx_errors: 0

      tx_errors: 0

      rx_length_errors: 0

      rx_crc_errors: 0

      veb.tx_errors: 0

      port.tx_errors: 0

      port.rx_crc_errors: 0

      port.rx_length_errors: 0

      /# ethtool -S port1 | grep crc

      rx_crc_errors: 0

      port.rx_crc_errors: 0

      /# dmesg | grep port1 (or driver name, etc.)

      … ...

    Previous
    Next

    Diagnosing NIC issues

    Diagnosing NIC issues

    Sometimes diagnosing NIC issues is important, especially for hardware FortiWeb appliance.

    1. Use diagnose command to check and analyze NIC related issues:

      FortiWeb # diagnose hardware nic list port9

      driver igb

      version 5.6.0-k

      firmware-version 3.29, 0x8000021a

      bus-info 0000:85:00.0

      Supported ports: [ TP ]

      Supported link modes: 10baseT/Half 10baseT/Full

      100baseT/Half 100baseT/Full

      1000baseT/Full

      Supported pause frame use: Symmetric

      Supports auto-negotiation: Yes

      Supported FEC modes: Not reported

      Advertised link modes: 10baseT/Half 10baseT/Full

      100baseT/Half 100baseT/Full

      1000baseT/Full

      Advertised pause frame use: Symmetric

      Advertised auto-negotiation: Yes

      Advertised FEC modes: Not reported

      Speed: 1000Mb/s

      Duplex: Full

      Port: Twisted Pair

      PHYAD: 1

      Transceiver: internal

      Auto-negotiation: on

      MDI-X: off (auto)

      Supports Wake-on pumbg

      Wake-on g

      Current message level 0x00000007 (7)

      Link detected yes

      Link encap Ethernet

      HWaddr 08:35:71:11:65:BB

      INET addr 0.0.0.0

      Bcast 10.52.255.255

      Mask 255.255.0.0

      FLAG UP BROADCAST RUNNING MULTICAST

      MTU 1500

      MEtric 1

      Outfill 538970656

      Keepalive 538976266

      Memory fbd80000-fbdfffff

      RX packets 1

      RX errors 0

      RX dropped 1

      RX overruns 0

      RX frame 0

      TX packets 148

      TX errors 0

      TX dropped 0

      TX overruns 0

      TX carrier 0

      TX collisions 0

      TX queuelen 1000

      RX bytes 60 (60.0 b)

      TX bytes 10360 (10.1 Kb)

      Adaptive RX off

      Adaptive TX off

      stats-block-usecs 0

      sample-interval 0

      pkt-rate-low 0

      pkt-rate-high 0

      rx-usecs 3

      rx-frames 0

      rx-usecs-irq 0

      rx-frames-irq 0

      tx-usecs 0

      tx-frames 0

      tx-usecs-irq 0

      tx-frames-irq 0

    2. Use backend tools to check and analyze NIC related issues:

      /# ifconfig port1

      port1 Link encap:Ethernet HWaddr 08:35:71:16:F5:42

      inet addr:10.50.0.228 Bcast:10.50.255.255 Mask:255.255.0.0

      inet6 addr: fe80::a35:71ff:fe16:f542/64 Scope:Link

      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

      RX packets:0 errors:0 dropped:0 overruns:0 frame:0

      TX packets:198 errors:0 dropped:0 overruns:0 carrier:0

      collisions:0 txqueuelen:1000

      RX bytes:0 (0.0 B) TX bytes:13908 (13.5 KiB)

      #One can pay special attention to errors highlighted as above. If these error statistics continuously increase, it usually means a NIC issue or performance issue.

      Errors: counts CRC errors, too-short frames and too-long frames. This can result from faulty network cables, faulty hardware (e.g., NICs, switch ports), CRC errors, or a speed/duplex mismatch.

      Dropped: packets dropped here include NIC ring buffers full, CPU receiving NIC interrupts is very busy, cable/hw/duplex issues and driver issues

      Overruns: The overruns field counts the times when there is fifo overruns, caused by the rate at which the buffer gets full and the kernel isn't able to empty it.

      Frame: counts the number of received misaligned Ethernet frames; it usually means receiving invalid frames or CRC errors.

      /# ethtool port1

      Settings for port1:

      Supported ports: [ FIBRE ]

      Supported link modes: 40000baseSR4/Full

      Supported pause frame use: Symmetric

      Supports auto-negotiation: No

      Advertised link modes: 40000baseSR4/Full

      Advertised pause frame use: No

      Advertised auto-negotiation: No

      Speed: 40000Mb/s

      Duplex: Full

      Port: FIBRE

      PHYAD: 0

      Transceiver: internal

      Auto-negotiation: off

      Supports Wake-on: g

      Wake-on: g

      Current message level: 0x00000007 (7)

      drv probe link

      Link detected: yes

      #One can also add some options such as -S to check more details for a NIC:

      /# ethtool -S port1 | grep drop

      rx_dropped: 0

      tx_dropped: 0

      port.rx_dropped: 0

      port.tx_dropped_link_down: 1

      /# ethtool -S port1 | grep errors

      rx_errors: 0

      tx_errors: 0

      rx_length_errors: 0

      rx_crc_errors: 0

      veb.tx_errors: 0

      port.tx_errors: 0

      port.rx_crc_errors: 0

      port.rx_length_errors: 0

      /# ethtool -S port1 | grep crc

      rx_crc_errors: 0

      port.rx_crc_errors: 0

      /# dmesg | grep port1 (or driver name, etc.)

      … ...

    Previous
    Next