This Article provides some explanations for the NPU flag field in the FortiOS session list.

FortiGate 6.2.x, 6.4.x, 7.0.x, 7.2.x

Below, an example output of the session list for a session captured in FortiOS:

# diagnose sys session list

session info: proto=6 proto_state=01 duration=34 expire=3565 timeout=3600 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=3

origin-shaper=

reply-shaper=

per_ip_shaper=

ha_id=0 policy_dir=0 tunnel=/

state=may_dirty npu

statistic(bytes/packets/allow_err): org=295/3/1 reply=60/1/1 tuples=2

orgin->sink: org pre->post, reply pre->post dev=48->6/6->48 gwy=10.1.100.11/11.11.11.1

hook=pre dir=org act=noop 172.16.200.55:56453->10.1.100.11:80(0.0.0.0:0)

hook=post dir=reply act=noop 10.1.100.11:80->172.16.200.55:56453(0.0.0.0:0)

pos/(before,after) 0/(0,0), 0/(0,0)

misc=0 policy_id=1 id_policy_id=0 auth_info=0 chk_client_info=0 vd=4

serial=0000091c tos=ff/ff ips_view=0 app_list=0 app=0

dd_type=0 dd_mode=0

per_ip_bandwidth meter: addr=172.16.200.55, bps=393

npu_state=00000000

npu info: flag=0x81/0x81, offload=4/4, ips_offload=0/0, epid=1/23, ipid=23/1, vlan=32779/0

Flag field here shows a value of 0x81.

If it is converted to binary, 0x81 = 1000 0001 will be get.

Bit 7 and bit 0 are flagged in this example.

The bit and meaning can be identified with the below table:

In this example, it is possible to refer to bit 7 and bit 0.