Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ehanssen
Staff
Staff

Created on ‎01-28-2026 03:43 AM

Article Id 421538

Technical Tip: Understanding NP6XLite HPE outputs

Description This article describes the outputs generated by the diagnose npu np6xlite hpe command.
Scope All FortiGate models with NP6XLite chips.
Solution

This command checks the Host Packet Engine (HPE) behavior for NP6XLite models.
It provides statistics about the packet shaping rates and potential drops happening on the NPU.

 

Example output:

 

Queue       Type       NPU-min       NPU-max       CFG-min(pps)       CFG-max(pps)       Pkt-credit
----------------------------------------------------------------------------------------------------
0           tcpsyn     595285        797354        600000             800000             0
0           tcpsyn-ack 595285        797354        600000             800000             0
0           tcpfin-rst 595285        797354        600000             800000             0
0           tcp-others 595285        797354        600000             800000             0
0           udp        595285        797354        600000             800000             0
0           icmp       199338        199338        200000             200000             0
0           sctp       199338        199338        200000             200000             0
0           esp        199338        199338        200000             200000             0
0           ip-frag    199338        199338        200000             200000             0
0           ip-others  199338        398677        200000             400000             0
0           arp        199338        398677        200000             400000             0
0           l2-others  199338        398677        200000             400000             0
-----------------------------------------------------------------------------------------------------
HPE HW pkt_credit:20000 , tsref_inv:45000, tsref_gap:4 , np:0, hpe_type_max:200000, hpe_ring:4
HPE Dropping :0000000000000000

 

Key Fields:

  • Queue: Internal index for traffic type.
  • Type: Traffic type (TCP SYNs, UDP, ICMP, ESP, etc.).
  • NPU-min: Minimum observed packet rate (pps) on NPU for that traffic type.
  • NPU-max: Maximum observed packet rate (pps) on NPU for that traffic type.
  • CFG-min (pps): Minimum configured rate limit from HPE configuration (packets per second).
  • CFG-max (pps): Maximum allowed rate limit.
  • Pkt-credit: Available packet shaping credits.
  • Pkt-credit = 0: No shaping needed (good).
  • Pkt-credit > 0: HPE is shaping/delaying traffic.

 

Additional parameters at the bottom:

  • pkt_credit: Hardware credits used for shaping.
  • tsref_inv: Timer reference interval.
  • tsref_gap: Timer reference gap.
  • hpe_type_max: Maximum threshold configured per traffic type.
  • hpe_ring: Number of RX rings available.
  • HPE Dropping: The number of packets dropped by HPE.

 

The HPE Dropping value should always be 0; if it is not, this indicates a traffic overload or attacks.
31
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.