Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vpalli
Staff & Editor
Staff & Editor

Created on ‎08-07-2025 04:21 PM Edited on ‎08-10-2025 11:10 AM By Moderator

Article Id 405400

Technical Tip: Understanding Interface Error Packet Counters on FortiGate

Description This article provides an overview of interface error packet counters on FortiGate interfaces.
Scope FortiGate.
Solution

In the output of the command diagnose hardware deviceinfo nic <interface name>:

 

Sample Output:


diagnose hardware deviceinfo nic port10
Description :FortiASIC NP7 Adapter
Driver Name :FortiASIC Unified NPU Driver
pid :9
oid :137
vid :11
macid :9
eif_id :127
promiscous :0
local_port :0
vlan_wa_done :0
mtu :1500
netdev oid :137
dev-flags :1003
dev-promis :0
Current_HWaddr e0:23:ff:ae:1e:69
Permanent_HWaddr e0:23:ff:ae:1e:69
==== Default Link Settings =====
auto-nego :Disable
s_speed :10000
s_duplex :Full
==== Current Link Settings =====
auto-nego :Disable
s_status :Up
s_speed :10000
s_duplex :Full
FEC :OFF (0x2)
FEC_cap :OFF,CL91,CL74 (0x1c)
SerDes_if :SR
SerDes_if_cap :GMII,SGMII,SR,LR,CR (0x3e)
SerDes_dflt :3
pm_mode_setting :1
pm_mode :0x6
pm_mode_dflt :1
pm_port :Yes
medium_mode :0
==== Link Status ===============
Admin :Up
link_status :Up
Speed :N/A
Duplex :N/A
==== Netdev Status =============
dev_running :Yes
dev_carrier :Off
==== Host Counters =============
hrx_pkts :0
hrx_bytes :0
htx_pkts :0
htx_bytes :0
htx_drop :0
htx_e_busy :0
htx_e_noheadroom:0
htx_e_oid :0
htx_e_adapter :0
htx_e_pad :0
htx_e_frag :0
htx_e_other :0
==== Netdev Counters ===========
Rx Pkts :0
Rx Bytes :0
Tx Pkts :0
Tx Bytes :0
==== Switch Poll Counters ======
sw_tx_pkts :0
sw_tx_bytes :0
sw_tx_bc_pkts :0
sw_tx_mc_pkts :0
sw_rx_pkts :0
sw_rx_bytes :0
sw_rx_bc_bytes :0
sw_rx_mc_bytes :0
==== Switch Error Counters =====
rx_err :0
rx_crc_err :0
rx_len_err :0
rx_carrier_err :0
rx_over_err :32423
rx_under_err :1212
rx_drop_pkts :0
tx_collision_err:0
tx_drop_pkts :0
======Queue Counters ===========
uc_que0_pkts : 20102
uc_que1_pkts :0
uc_que2_pkts :0
uc_que3_pkts :0
uc_que4_pkts :0
uc_que5_pkts :0
uc_que6_pkts :0
uc_que7_pkts :0
--------------------------------
uc_drop_que0_pkts:0
uc_drop_que1_pkts:0
uc_drop_que2_pkts:0
uc_drop_que3_pkts:0
uc_drop_que4_pkts:0
uc_drop_que5_pkts:0
uc_drop_que6_pkts:0
uc_drop_que7_pkts:0
==== Transceiver Info ==========
tx_disable : N/A
rx_los : N/A
tx_fault : N/A
present : N/A
last_spd : 0

 

The rx_err counter represents the total number of general receive errors encountered by a network interface.

 

The rx_len_err counter indicates the number of received packets with invalid or incorrect length on a network interface.

 

The rx_crc_err counter represents the number of received packets with Cyclic Redundancy Check errors on a network interface.

 

The rx_under_err counter increases when the network interface receives packets that are smaller than the minimum allowed Ethernet frame size (typically less than 64 bytes) and have CRC errors or are otherwise malformed.

 

The rx_over_err counter indicates the number of packets received on the interface that exceed the standard maximum Ethernet frame size of 1500 bytes.

 

The uc_queX_pkts counter reflects the number of unicast packets exiting the FortiGate's internal switch and egressing into the physical network. If only the uc_que0_pkts counter is increasing, it means that only QoS/Class of Service (CoS) queue 0 is being utilized.

The uc_drop_que0_pkts represents the number of unicast packets dropped in Queue 0 on the FortiGate's internal switch.


The rx_carrier_err counter tracks the number of carrier errors detected on the receive side of a network interface. A carrier error occurs when the physical layer signal i.e. data transmission on the medium is lost or disrupted unexpectedly during packet reception. This usually points to a physical layer problem.

The rx_drop_pkts counts the number of packets received by the interface that were dropped before being processed by the FortiOS operating system. These packets were discarded at the interface level, often due to resource constraints or errors.

The tx_collision_err counter records the number of collisions detected while transmitting packets on an interface. Collisions occur when two devices on the same Ethernet segment attempt to transmit simultaneously.

The tx_drop_pkts counter indicates the number of packets dropped during transmission attempts on the interface. Such drops typically occur due to output queue or buffer exhaustion caused by congestion, hardware or driver limitations, traffic shaping or rate-limiting policies, or link and interface errors.
271
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.