FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 195577

This article will show various commands to check NIC and interface drops.

Below commands are to check the Network interface statistics and counters of received/transmitted packets and drops.

#diagnose netlink interface list name <interface name>

Sample output as below:

FGT <vdom> # diag netlink interface list name wan1
if=wan1 family=00 type=1 index=4 mtu=1500 link=0 master=0
ref=329 state=off start fw_flags=10000000 flags=up broadcast run allmulti multicast
Qdisc=mq hw_addr=90:6c:ac:5b:bf:b9 broadcast_addr=ff:ff:ff:ff:ff:ff
 :::Below output of priority only show when traffic shaping applied and bandwidth values specified.
    priority=0     allocated-bandwidth=8(kbps)     total_bytes=225378K     drop_bytes=0
    priority=1     allocated-bandwidth=0(kbps)     total_bytes=2320057K     drop_bytes=5278K
    priority=2     allocated-bandwidth=0(kbps)     total_bytes=0     drop_bytes=0
    priority=3     allocated-bandwidth=379(kbps)     total_bytes=826200K     drop_bytes=29K
    priority=4     allocated-bandwidth=91611(kbps)     total_bytes=0     drop_bytes=0
stat: rxp=8542076 txp=7928261 rxb=5853285911 txb=3381014267 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0

Other commands: config global >

#diag hardware deviceinfo nic   


#get hardware nic wan2
fnsysctl ifconfig <interface name>   (internal command)

Repeat commands to check if increase in drop/collision.
Alternatively, clear the counters through below command and verify counters again.

#diagnose netlink interface clear <interface name>
Eg.: diag netlink interface clear wan1