Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
maydin
Staff
Staff

Created on ‎06-06-2023 07:02 AM

Article Id 259260

Technical Tip: How to display NP7 routing information for hyperscale firewall

Description This article describes that with an hyperscale firewall, sessions are set up in the NP7 chip and also routed from there. There is a process to program kernel routes to the NP7 chip. For troubleshooting purposes, it can be necessary to display current routing information in the NP7 chip. 
Scope FortiGate Hyperscale Firewall - 7.0, 7.2, 7.4.
Solution

For a specific IP routing information can be displayed with the below command:

 

FGT (GiFW-hw1) # diagnose lpmd route query 10.118.5.80
=> VR: 0x0000, VDOM: 0500, IP: 10.118.5.80 / 32, NHI: 62
nhi: 62, family: 2, vdom: 500, ifindex: 20 port10, vlan_id: 0, status: GW, next hop: 10.153.11.172

 

All routes programmed on NP7 can be printed with the below command : 

 

FGT  (GiFW-hw1) # diagnose lpmd route dump
=== DUMP ALL ROUTE PROGRAMMED TYPE: 0 ===
*** Level 0 ***
=> VR: 0x0000, VDOM: 0000, IP: 0.0.0.0 / 0, NHI: 61424
=> VR: 0x8000, VDOM: 0000, IP: 0.0.0.0 / 0, NHI: 61425
*** Level 1 ***
*** Level 2 ***
*** Level 3 ***
*** Level 4 ***
=> VR: 0x0000, VDOM: 0500, IP: 224.0.0.0 / 4, NHI: 64
*** Level 5 ***
*** Level 6 ***
=> VR: 0x0000, VDOM: 0500, IP: 10.203.0.0 / 20, NHI: 53
=> VR: 0x0000, VDOM: 0500, IP: 10.110.0.0 / 20, NHI: 50
=> VR: 0x0000, VDOM: 0500, IP: 10.153.0.0 / 20, NHI: 55
*** Level 7 ***
=> VR: 0x0000, VDOM: 0500, IP: 10.110.15.255 / 32, NHI: 49
=> VR: 0x0000, VDOM: 0500, IP: 10.153.3.142 / 32, NHI: 54
=> VR: 0x0000, VDOM: 0500, IP: 10.118.5.80 / 32, NHI: 62
=> VR: 0x0000, VDOM: 0500, IP: 10.203.3.142 / 32, NHI: 52
=> VR: 0x0000, VDOM: 0500, IP: 10.110.0.0 / 32, NHI: 49
=> VR: 0x0000, VDOM: 0500, IP: 255.255.255.255 / 32, NHI: 64
=> VR: 0x0000, VDOM: 0500, IP: 10.153.0.0 / 32, NHI: 54
=== DUMP ALL ROUTE PROGRAMMED TYPE: 1 ===
*** Level 0 ***
=> VR: 0x0000, VDOM: 0000, IP: :: / 0, NHI: 61424
=> VR: 0x8000, VDOM: 0000, IP: :: / 0, NHI: 61425
*** Level 1 ***
*** Level 2 ***
*** Level 3 ***
*** Level 4 ***
=> VR: 0x0000, VDOM: 0500, IP: ff00:: / 8, NHI: 54
*** Level 5 ***
*** Level 6 ***
*** Level 7 ***
*** Level 8 ***
*** Level 9 ***
*** Level 10 ***
*** Level 11 ***
=> VR: 0x0000, VDOM: 0500, IP: fe80:: / 64, NHI: 54
*** Level 12 ***
*** Level 13 ***
*** Level 14 ***
*** Level 15 ***
*** Level 16 ***
*** Level 17 ***
*** Level 18 ***
*** Level 19 ***
=> VR: 0x0000, VDOM: 0500, IP: fe80:: / 128, NHI: 54
=> VR: 0x0000, VDOM: 0500, IP: fe80::d676:a0ff:fe1c:2a50 / 128, NHI: 49
=> VR: 0x0000, VDOM: 0500, IP: fe80::d676:a0ff:fe1c:2a57 / 128, NHI: 52
=> VR: 0x0000, VDOM: 0500, IP: fe80::d676:a0ff:fe1c:2a59 / 128, NHI: 54
=> VR: 0x0000, VDOM: 0500, IP: ::1 / 128, NHI: 2

 

In the above command output, route next-hop is specified with NHI parameter, for example : 

 

=> VR: 0x0000, VDOM: 0500, IP: 10.118.5.80 / 32, NHI: 62

 

To find the gateway IP of NHI next-hop indexes below command can be used : 

 

FGT (GiFW-hw1) # diag lpmd ktrie next_hop | grep 62

nhi: 62, family: 2, vdom: 500, ifindex: 20, oid: 137, vlan_id: 0 ref_cnt: 1, nh_flags: 0020, status: SYNCED | GW, next hop: 10.153.11.172
625
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.