FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ehanssen
Staff
Staff
Article Id 362285
Description This article describes how to determine the amount of bytes handled by the WAD over time.
Scope FortiGate.
Solution

The stats as presented in 'get sys performance status' only show overall performance and do not differentiate flow and proxy-based throughput. This makes it difficult to determine how much is processed by the WAD daemon, and if the usage of the WAD daemon as seen in the 'diag sys top' is explainable by traffic going over the FortiGate.

 

FGT01 #  get sys performance status

CPU states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU0 states: 2% user 0% system 0% nice 98% idle 0% iowait 0% irq 0% softirq

CPU1 states: 1% user 0% system 0% nice 99% idle 0% iowait 0% irq 0% softirq

CPU2 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU3 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU4 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU5 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU6 states: 1% user 0% system 0% nice 99% idle 0% iowait 0% irq 0% softirq

CPU7 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

Memory: 8170500k total, 5961204k used (73.0%), 1878960k free (23.0%), 330336k freeable (4.0%)

Average network usage: 337506 / 130776 kbps in 1 minute, 244569 / 163774 kbps in 10 minutes, 205483 / 179163 kbps in 30 minutes

   Maximal network usage: 977251 / 195145 kbps in 1 minute, 1082185 / 496639 kbps in 10 minutes, 1082185 / 532541 kbps in 30 minutes

   Average sessions: 15115 sessions in 1 minute, 15957 sessions in 10 minutes, 16234 sessions in 30 minutes

   Maximal sessions: 15315 sessions in 1 minute, 17246 sessions in 10 minutes, 18640 sessions in 30 minutes

   Average session setup rate: 122 sessions per second in last 1 minute, 117 sessions per second in last 10 minutes, 117 sessions per second in last 30 minutes

   Maximal session setup rate: 217 sessions per second in last 1 minute, 317 sessions per second in last 10 minutes, 477 sessions per second in last 30 minutes

   Average NPU sessions: 3875 sessions in last 1 minute, 4244 sessions in last 10 minutes, 4481 sessions in last 30 minutes

   Maximal NPU sessions: 3951 sessions in last 1 minute, 4837 sessions in last 10 minutes, 5396 sessions in last 30 minutes

   Average nTurbo sessions: 3 sessions in last 1 minute, 40 sessions in last 10 minutes, 29 sessions in last 30 minutes

   Maximal nTurbo sessions: 3 sessions in last 1 minute, 68 sessions in last 10 minutes, 68 sessions in last 30 minutes

   Virus caught: 0 total in 1 minute

   IPS attacks blocked: 0 total in 1 minute

   Uptime: 4 days,  19 hours,  28 minutes

 

The total amount of bytes processed by the WAD can be found in diag wad stats worker. Down below are the statistics for http traffic, but other types of traffic are also tracked in the logs. These statistics are lifetime statistics and this command would need to be executed periodically to check the throughput over time.

 

   diagnose wad stats worker

 

   protos.http.wan.bytes_in                        265985948059

   protos.http.wan.bytes_out                       10581471688

   protos.http.lan.bytes_in                        10535926368

   protos.http.lan.bytes_out                       148935781548

 

Executing this periodically by hand may prove to be cumbersome, if the WAD issues being investigated are intermittent. It is better to automate this process with the help of a Teraterm monitoring script. See the related articles at the bottom of this article for instructions.

 

Any such scripts should include the following commands. Additional commands can be added depending on what exactly is being investigated.

 

   fnsysctl date

   get system performance status

   fnsysctl ifconfig

   diagnose sys session stat

   diagnose wad stats worker

 

Related articles:

Technical Tip: FortiGate monitoring script

Technical Tip: TAC debug script with TeraTerm

Troubleshooting Tip: WAD troubleshooting commands