Skip to main content
amigo
amigo
New Member
February 1, 2018
Solved

FortiView 5.6.3 bandwidth

  • February 1, 2018
  • 1 reply
  • 11269 views

Hello all, I manage several Fortigates(80D,80E,60E) with different Fortios(5.6.3 and 5.4.8). I founded an issue with forti os 5.6.3 I'm not sure if it is an issue it is maybee my mistake.

 

It relates to fortiview. When I want to monitor traffic(sources\destinations\interfaces)I don't see what widget "interface bandwith" shows and what is true. There is the smaller amount of bandwith in fortiview. I tried same with multiple Fortigate units and it is same for all with 5.6.3. I tried it for one unit(80D) with 4.5.8 and it was ok.

 

I'm attaching image.

 

img1 - You can see the computer which downloading file through VPN. The transfer rate is 3,44MB(aprox. 28Mbit) but fortiview\sources show only 8Mbit Bandwith for this computer.

 

 

 

Best answer by amigo

I have reply from Fortinet support.

All that you can see in Fortiview is traffic passed through CPU. If the traffic is offloaded to NP(network processor), SP(security processor) or CP(content processor) you cannot see it in Fortiview. If you want it you should by Fortigate mode with NP6 processor(higher models of FG). 

 

Hardware acceleration overview:

"Except for the NP6, network processors do not count offloaded packets, and offloaded packets are not logged by traffic logging and are not included in traffic statistics and traffic log reports.

NP6 processors support per-session traffic and byte counters, Ethernet MIB matching, and reporting through messages resulting in traffic statistics and traffic log reporting."

 

It is fu*king feature.

 

It isn't related to Fortios but to models with NP, CP or SP. Old units(80D) don't have "coprocessor" so with this unit you see everything.

 

It is possible to turn offloading off but you can expect high cpu usage.

1 reply

filigran
filigran
New Member
February 2, 2018

Sorry I can not be of any help here, but I'm really curious on any insights to come.

Because this has been bugging me for quite some time now, too.

And I couldn't figure out if it is some misunderstanding on my side (because of the realtime-nature of the fortiview reporting in these cases). Due to the TO's post I now have a feeling that some sort of explanation would really come in handy. 

amigo
amigoAuthorAnswer
New Member
February 16, 2018

I have reply from Fortinet support.

All that you can see in Fortiview is traffic passed through CPU. If the traffic is offloaded to NP(network processor), SP(security processor) or CP(content processor) you cannot see it in Fortiview. If you want it you should by Fortigate mode with NP6 processor(higher models of FG). 

 

Hardware acceleration overview:

"Except for the NP6, network processors do not count offloaded packets, and offloaded packets are not logged by traffic logging and are not included in traffic statistics and traffic log reports.

NP6 processors support per-session traffic and byte counters, Ethernet MIB matching, and reporting through messages resulting in traffic statistics and traffic log reporting."

 

It is fu*king feature.

 

It isn't related to Fortios but to models with NP, CP or SP. Old units(80D) don't have "coprocessor" so with this unit you see everything.

 

It is possible to turn offloading off but you can expect high cpu usage.

    Prab
    Prab
    New Member
    September 18, 2018

     

    On some FGT models you have the possibility to turn on the logging for the NPU accelerated sessions too. You don't need to turn off the NPU offloading in this case.

    Ref: http://help.fortinet.com/cli/fos50hlp/56/Content/FortiOS/fortiOS-cli-ref-56/config/system/npu.htm

     

    Regards,

    Prab

    Terms & ConditionsAccessibility statement