In higher-end FortiGate units with multiple NP6 chips, packet drops may be associated with a specific NP6 chip. To identify the problematic NP6 chip:

1. Determine the ingress and egress interfaces for the traffic experiencing drops, and check possible high memory or CPU consumption that might cause the packet drop:

   get sys performance status

diagnose hardware devinfo nic <port>

2. Use the following command to view NP6 port mappings:

diagnose npu np6 npu-feature <----- Show NPU feature and status.

get hardware npu np6 port-list

diagnose npu np6 port-list

3. Check drop statistics for the NP6 chip with these commands:

diagnose npu np6 dce <np6_id>           <----- Shows non-zero sub-engine drop counters.
diagnose npu np6 anomaly-drop <np6_id>  <----- Shows L3/L4 anomaly check drop counters.
diagnose npu np6 hrx-drop <np6_id>      <----- Shows host interface drop counters.
diagnose npu np6 sse-stats <np6_id>     <----- Shows hardware session statistics (Useful to identify session-drift and PBA leak problem.
diagnose npu np6 session-stats <np6_id> <-----Shows session offloading statistics.
diagnose npu np6 xgmac-stats <np6_id>   <----- Shows tx and rx counters in NP6

4. Run these commands multiple times. The initial output may include cumulative data from when the counters were last reset, which could include drops not related to the current issue. Discard the first output and use the results from the second run onward to accurately identify drop counters. Perform this during the issue period for accuracy.
5. To get a clearer view of changes, reset the counters and check again with:

diagnose npu np6 sse-stats-clear <np6_id>     <----- Clears session statistics counters.
diagnose npu np6 session-stats-clear <np6_id> <----- Clears session offloading statistics.
diagnose npu np6 xgmac-stats-clear <np6_id>   <----- Clears traffic counters.