FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Pedro_FTNT
Staff
Staff
Article Id 403672
Description This article describes how to understand the full options displayed by the 'diagnose netlink interface list' command.
Scope

FortiGate.

Solution

Diagnose command:


diagnose netlink interface list port


This command a diagnostic tool used to display detailed kernel-level information about all network interfaces on a FortiGate system.
It pulls data from the Linux-like kernel (netlink subsystem) and is useful for low-level interface troubleshooting.

 

This command lists information such as:

 

  • Interface name and index.
  • Interface type and status flags (e.g., UP, RUNNING, MULTICAST).
  • MAC address and broadcast address.
  • Packet and byte statistics (RX, TX, errors, dropped packets, multicast).
  • Queue disciplines (Qdisc) used for traffic control.
  • Interface MTU.
  • Hardware-level and offloading stats (depending on platform).

 

When to use it:

 

  • Check if an interface is physically up and running.
  • See MAC address, MTU, or interface index.
  • Inspect packet counters (e.g., errors, dropped packets).
  • Troubleshoot hardware offloading or driver issues.
  • Validate link state vs what GUI or SNMP shows.
  • Investigate performance issues, especially packet loss or NIC-level problems.

 

Example:


diagnose netlink interface list port1

 

if=port1 family=00 type=1 index=3 mtu=1500 link=0 master=0
flags=up broadcast run multicast
Qdisc=mq hw_addr=00:0c:29:fc:18:54 broadcast_addr=ff:ff:ff:ff:ff:ff
stat: rxp=61149 txp=81109 rxb=5839308 txb=52396373 rxe=0 txe=0 rxd=0 txd=0 mc=95 collision=0 @ time=1678486883
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0

 

Understanding line-by-line:

 

if=port1 family=00 type=1 index=3 mtu=1500 link=0 master=0

 

  • if=port1 – Interface name.
  • family=00 – Address family. 00 = AF_UNSPEC (not tied to IPv4/IPv6 here).
  • type=1 – Hardware type. 1 = Ethernet (ARPHRD_ETHER).
  • index=3 – Kernel/internal interface ID (ifindex).
  • mtu=1500 – Maximum Transmission Unit in bytes.
  • link=0 – Not a slave of another interface (e.g., bond/bridge).
  • master=0 – Not acting as a master (bridge/bond master).

 

flags=up broadcast run multicast

 

These are interface flags/capabilities:

  • up – Admin state is up.
  • broadcast – Supports broadcast addressing.
  • run – Link is operational (carrier is up).
  • multicast – Can send/receive multicast frames.

 

Qdisc=mq hw_addr=00:0c:29:fc:18:54 broadcast_addr=ff:ff:ff:ff:ff:ff

 

  • Qdisc=mq – Queuing discipline = multiqueue (one queue per HW TX ring).
  • hw_addr=00:0c:29:fc:18:54 – MAC address of the NIC.
  • broadcast_addr=ff:ff:ff:ff:ff:ff – L2 broadcast MAC (all Fs).

 

stat: rxp=61149 txp=81109 rxb=5839308 txb=52396373 rxe=0 txe=0 rxd=0 txd=0 mc=95 collision=0 @ time=1678486883

 

Main cumulative counters since last reboot/reset:

 

  • rxp – RX packets (frames received).
  • txp – TX packets (frames sent).
  • rxb – RX bytes.
  • txb – TX bytes.
  • rxe – RX errors (sum of receive error types below).
  • txe – TX errors (sum of transmit error types below).
  • rxd – RX dropped (accepted by NIC but dropped by kernel/stack).
  • txd – TX dropped (couldn’t be transmitted/queued).
  • mc – Multicast packets received.
  • collision – Ethernet collisions (rare on full‑duplex links).
  • @ time=1678486883 – Unix epoch when the snapshot was taken (Fri Mar 10 2023 22:21:23 UTC).

 

  1. Receive error breakdown (re:).

 

re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0

 

  • rxl – RX length errors (frame too long/short).
  • rxo – RX overrun errors (buffer overflow at NIC/driver).
  • rxc – RX CRC errors (bad FCS).
  • rxf – RX frame/alignment errors (bad framing).
  • rxfi – RX FIFO errors (FIFO underrun/overflow on NIC).
  • rxm – RX missed errors (NIC dropped due to no buffers).

 

  1. Transmit error breakdown (te:).

 

te: txa=0 txc=0 txfi=0 txh=0 txw=0

 

  • txa – TX aborted errors (NIC aborted before complete send).
  • txc – TX carrier errors (no carrier / link problems).
  • txfi – TX FIFO errors (NIC FIFO issue while sending).
  • txh – TX heartbeat errors (old half‑duplex check; almost always 0).
  • txw – TX window errors (exceeded retry window).

 

  1. Miscellaneous (misc).

 

misc rxc=0 txc=0

 

  • rxc – RX compressed packets (used by some tunneling/compression drivers; usually 0).
  • txc – TX compressed packets.

 

Tips:

 

Counters reset on reboot or if they are cleared with 'diagnose hardware nic stats-clear' (model dependent).

 

To see lower-level NIC stats:

 

diagnose hardware deviceinfo nic port1
diagnose hardware nic port1 stats <----- (Varies by model/ASIC).

 

Related article:

FortiGate / FortiOS 7.6.3 Administration Guide / Displaying detail Hardware NIC information