FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to correlate port counters with the various components of FortiGate NP7-based platforms.
Scope
NP7 Hardware Platforms.
Solution
The 'diagnose hardware deviceinfo nic <port_number>' command in FortiOS displays port information, including descriptions, link status, and counters. When executed on a port connected to the integrated switch fabric on an NP7 platform, these counters are sourced from multiple components. The following is a typical set of information recorded on a FortiGate-3501F running v7.4.8 and collected on port1 using the following command:
diagnose hardware deviceinfo nic port1
Output
Description
Description: FortiASIC NP7 Adapter
NPU driver name
pid: 0
A unique id for specific configuration
oid: 128
FortiGate Object Identifiers (OID) for this interface
vid: 2
Interface vlan id
macid: 0
macid is used by Fortigate to search for MAC address from MAC table
eif_id: 127
Ethernet interface id on NP7
promiscous: 0
If the interface is in promiscuous mode
vlan_wa_done: 0
vlan workaround flag
mtu: 1500
Interface MTU size
netdev oid: 128
FortiGate Object Identifiers for network device
dev-flags: 1102
A special flag indicates certain feature is turned on/off
dev-promis: 1
Network device promiscuous mode flag
Current_HWaddr: 00:09:0f:09:00:00
Network device current MAC address
Permanent_HWaddr: 80:80:2c:2c:fe:54
Interface’s permanent MAC address
Default Link Settings:
Output
Description
auto-nego: Disable
Default auto negotiation enable/disable
s_speed: 10000
Default port speed
s_duplex: Full
Default port duplex
Current Link Settings:
Output
Description
auto-nego: Disable
Current auto negotiation enable/disable
s_status: Down
Current link status up/down
s_speed: 10000
Current port speed
s_duplex: Full
Current port duplex
FEC: OFF (0x2)
Forward Error Correction (FEC) feature on/off
FEC_cap: CL91,CL74 (0x18)
Supported Forward Error Correction (FEC) features
SerDes_if: SR
SerDes (Serializer/Deserializer) interface type
SerDes_if_cap: GMII,SGMII,SR,LR,CR (0x3e)
Supported SerDes (Serializer/Deserializer) interface type
SerDes_dflt: 3
Default SerDes configuration or profile
pm_mode_setting: 1
Port module mode setting
pm_mode: 0x6
Port module current mode
pm_mode_dflt: 1
Port module default mode
pm_port: Yes
The interface belongs to a port group (port module)
medium_mode: 0
Port medium type (copper or fiber)
Link Status:
Output
Description
Admin: Down
Desired state set by the administrator
link_status: Down
State of a physical network connection, whether it's active (up) or inactive (down)
Speed: N/A
Speed of a network port
Duplex: N/A
Specifies how data is transmitted and received on the link
Netdev Status:
Output
Description
dev_running: No
The state of the network device, the link is established or not
dev_carrier: Off
The network device's carrier state
Host Counters:
Output
Description
hrx_pkts: 0
Total host RX packet count
hrx_bytes: 0
Total host RX byte count
htx_pkts: 0
Total host TX packet count
htx_bytes: 0
Total host TX byte count
htx_drop: 0
Total host TX drop count
htx_e_busy: 0
Total host TX busy error count
htx_e_noheadroom: 0
Total host TX no head room error count
htx_e_oid: 0
Total host TX oid error count
htx_e_adapter: 0
Total host TX adapter error count
htx_e_pad: 0
Total host TX pad error count
htx_e_frag: 0
Total host TX fragment error count
htx_e_other: 0
Total host TX unknown error count
Netdev Counters:
Output
Description
Rx Pkts: 0
Network device total RX packet count
Rx Bytes: 0
Network device total RX byte count
Tx Pkts: 0
Network device total TX packet count
Tx Bytes: 0
Network device total TX byte count
Switch Poll Counters:
Output
Description
sw_tx_pkts: 0
Total TX packets from switch counter
sw_tx_bytes: 0
Total TX bytes from switch counter
sw_tx_bc_pkts: 0
Total TX broadcast packets from switch counter
sw_tx_mc_pkts: 0
Total TX multicast packets from switch counter
sw_rx_pkts: 0
Total RX packets from switch counter
sw_rx_bytes: 0
Total RX bytes from switch counter
sw_rx_bc_bytes: 0
Total RX broadcast packets from switch counter
sw_rx_mc_bytes: 0
Total RX multicast packets from switch counter
Switch Error Counters:
Output
Description
rx_err: 0
Total RX errors from switch counter
rx_crc_err: 0
Total RX CRC errors from switch counter
rx_len_err: 0
Total RX length errors from switch counter
rx_carrier_err: 0
Total RX carrier errors from switch counter
rx_over_err: 0
Number of jumbo frame (>1500) received
rx_under_err: 0
Undersized packet on Rx (< 64 bytes)
rx_drop_pkts: 0
Number of dropped packets on Rx
tx_collision_err
Total TX collision errors from switch counter
tx_drop_pkts: 0
Number of dropped packets on Tx
Transceiver Info:
Output
Description
tx_disable: N/A
Transceiver’s transmitter output is turned off/on
rx_los: N/A
Indicates the transceiver is not attached or cable is disconnected
tx_fault: N/A
Indicates a problem with the transmit side of the transceiver
present: N/A
Transceiver is attached or plugged in
last_spd: 0
Last recorded or negotiated speed of the transceiver
Note:
The diagnose hardware deviceinfo nic <port_number> command's output (specifically the counter list) can vary slightly between FortiOS releases. However, the organization and categorization of those counters remain consistent across different versions.
