Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pjang
Staff
Staff

Created on ‎12-02-2024 09:30 PM Edited on ‎12-02-2024 09:32 PM By Community Manager

Article Id 361198

Technical Tip: Hyperscale Hardware Logs do not appear in FortiView on the FortiGate

Description This article discusses a known-behavior with FortiView and NP7 hardware logging on Hyperscale-enabled FortiGates.
Scope Hyperscale-enabled FortiGates.
Solution

As a quick primer, NP7-based FortiGates with Hyperscale licenses applied unlock several additional features, including hardware-accelerated session establishment and logging. This allows the FortiGate to have the NP7 processor directly handle the establishment and logging of hyperscale traffic/NAT sessions (using either UDP-based syslog or Netflow/IPFix) rather than needing to have log messages handled by the CPU. For more information, refer to the following documentation:

 

However, since the logging is now being offloaded and handled directly by the NP7 hardware, the FortiGate CPU will no longer have direct visibility to these logs, nor will it have direct access to the session table. This affects functions like FortiView, where it is impossible to view information regarding hardware sessions in real-time or historically. For example, visiting the FortiView Policies page within a Hyperscale VDOM with hardware logging will result in a page showing a 'No results' message:

 

Hyperscale_FortiView_Policies_Realtime_No_results.png

 

 

The FortiGate still has mechanisms to query the state of hardware-based firewall sessions on the NP7. The 'diagnose sys npu-session [...]' family of commands can be used to check for this information.

 

This list includes but is not limited to:

 

diagnose sys npu-session list <----- List NPU sessions defined by filter

diagnose sys npu-session filter <----- IPv4 session with filters.

diagnose sys npu-session stat <----- NPU session statistics.

 

Note:

While the FortiGate CPU can query the NP7 to check the hardware session list, other technical limitations prevent FortiView from being able to pull and display hardware sessions in real-time, so FortiView is not expected to work with Hyperscale FortiGates that have hardware logging enabled. Likewise, historical FortiView is not expected to work either since the NP7 logs to external logging servers (Syslog or NetFlow/IPFix) that the FortiGate cannot directly retrieve logs from.

 

Labels:
92
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.