Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vprabhu_FTNT
Staff
Staff

Created on ‎10-01-2019 06:33 AM Edited on ‎03-06-2025 06:17 AM By Moderator

Article Id 195577

Troubleshooting Tip: Network Interface Card NIC commands

Description

 

This article describes various commands to check NIC and interface drops.

 

Scope

 

FortiGate.

Solution

 

The following commands are to check the Network interface statistics and counters of received/transmitted packets and drops.

 

diagnose netlink interface list name <interface name>

 

Sample output:

 

diag netlink interface list name wan1
if=wan1 family=00 type=1 index=4 mtu=1500 link=0 master=0
ref=329 state=off start fw_flags=10000000 flags=up broadcast run allmulti multicast
Qdisc=mq hw_addr=90:6c:ac:5b:bf:b9 broadcast_addr=ff:ff:ff:ff:ff:ff
outbandwidth=92000(kbps)      
 :::Below output of priority only show when traffic shaping applied and bandwidth values specified.
    priority=0     allocated-bandwidth=8(kbps)     total_bytes=225378K     drop_bytes=0
    priority=1     allocated-bandwidth=0(kbps)     total_bytes=2320057K     drop_bytes=5278K
    priority=2     allocated-bandwidth=0(kbps)     total_bytes=0     drop_bytes=0
    priority=3     allocated-bandwidth=379(kbps)     total_bytes=826200K     drop_bytes=29K
    priority=4     allocated-bandwidth=91611(kbps)     total_bytes=0     drop_bytes=0
stat: rxp=8542076 txp=7928261 rxb=5853285911 txb=3381014267 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0

 

More details regarding the counters:

rxp = received packets
txp = transmitted packets
rxb = received bytes
txb = transmitted bytes
rxe = received errors
txe = transmitted errors
rxd and txd counters indicates the number of packets dropped on the interface
mc = multicast
collision indicate if there are collisions on the interface
re = received errors
te = transmitted errors

 

Other commands: config global:

 

diag hardware deviceinfo nic wan1

 

diag hardware deviceinfo nic wan1
Description :FortiASIC NP6 Adapter
Driver Name :FortiASIC Unified NPU Driver
Name :np6_0
PCI Slot :0000:02:00.0
irq :16
Board :FGT800D
SN :FG800D3916800432
Major ID :20
Minor ID :0
lif id :16
lif oid :154
netdev oid :154
netdev flags :1003
netdev oid_vid :0
Current_HWaddr 90:6c:ac:5a:da:e2
Permanent_HWaddr 90:6c:ac:5a:da:e2
phy name :wan1
bank_id :1
phy_addr :0x03
lane :8
flags :0x400220
sw_port :0
sw_np_port :0
vid_phy[6] :[ 18, 0, 0, 0, 0, 0]
eid_phy[6] :[ 0, 0, 0, 0, 0, 0]
======== Link Settings ==========
link_autonego :1
link_setting :1
link_speed :1000
link_duplex :1
link_fec :None (0x0)
link_fec_cap :None (0x0)
link_serdes_if :None
serdes_if_cap : (0x0)
serdes_dflt :0
pm_mode_setting :0
pm_mode :0x0
pm_mode_dflt :0
pm_port :No
medium_mode :0
========== Link Status ==========
Admin :up
netdev status :down
Speed :N/A
Duplex :N/A
link_status :Down
rx_link_status :0
int_phy_link :0
local_fault :0
local_warning :0
remote_fault :0
nr_reset :0
============ Counters ===========
Rx_CRC_Errors :0
Rx_Frame_Too_Longs:0
rx_undersize :0
Rx Pkts :0
Rx Bytes :0
Tx Pkts :0
Tx Bytes :0
rx_rate :0
tx_rate :0
nr_ctr_reset :0
Host Rx Pkts :0
Host Rx Bytes :0
Host Tx Pkts :0
Host Tx Bytes :0
Host Tx dropped :0
FragTxCreate :0
FragTxOk :0
FragTxDrop :0

 

get hardware nic wan1
Description :FortiASIC NP6 Adapter
Driver Name :FortiASIC Unified NPU Driver
Name :np6_0
PCI Slot :0000:02:00.0
irq :16
Board :FGT800D
SN :FG800D3916800432
Major ID :20
Minor ID :0
lif id :16
lif oid :154
netdev oid :154
netdev flags :1003
netdev oid_vid :0
Current_HWaddr 90:6c:ac:5a:da:e2
Permanent_HWaddr 90:6c:ac:5a:da:e2
phy name :wan1
bank_id :1
phy_addr :0x03
lane :8
flags :0x400220
sw_port :0
sw_np_port :0
vid_phy[6] :[ 18, 0, 0, 0, 0, 0]
eid_phy[6] :[ 0, 0, 0, 0, 0, 0]
======== Link Settings ==========
link_autonego :1
link_setting :1
link_speed :1000
link_duplex :1
link_fec :None (0x0)
link_fec_cap :None (0x0)
link_serdes_if :None
serdes_if_cap : (0x0)
serdes_dflt :0
pm_mode_setting :0
pm_mode :0x0
pm_mode_dflt :0
pm_port :No
medium_mode :0
========== Link Status ==========
Admin :up
netdev status :down
Speed :N/A
Duplex :N/A
link_status :Down
rx_link_status :0
int_phy_link :0
local_fault :0
local_warning :0
remote_fault :0
nr_reset :0
============ Counters ===========
Rx_CRC_Errors :0
Rx_Frame_Too_Longs:0
rx_undersize :0
Rx Pkts :0
Rx Bytes :0
Tx Pkts :0
Tx Bytes :0
rx_rate :0
tx_rate :0
nr_ctr_reset :0
Host Rx Pkts :0
Host Rx Bytes :0
Host Tx Pkts :0
Host Tx Bytes :0
Host Tx dropped :0
FragTxCreate :0
FragTxOk :0
FragTxDrop :0

 

Or:

 

get hardware nic wan2
fnsysctl ifconfig <interface name>   <- Internal command.

fnsysctl ifconfig -a <interface name>   <- Internal command.

 

Repeat commands to check for increases in drops/collisions.
Alternatively, clear the counters through the following command and verify counters again. 

 

diagnose netlink interface clear <interface name>

 

diag netlink interface clear wan1

 

Note:

Versions 5.0 up to 6.4 are out of engineering support. So these commands might be different on higher versions. Consider upgrading the firmware level on the device to a supported version (7.0 up to 7.6). Check here the firmware path and compatibility depending on the hardware:

Upgrade Path Tool Table

Labels:
52086
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.