Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vprabhu_FTNT
Staff
Staff

Created on ‎10-01-2019 06:33 AM Edited on ‎08-25-2025 10:13 PM By Community Manager

Article Id 195577

Troubleshooting Tip: Network Interface Card NIC commands

Description

 

This article describes the troubleshooting commands to check packet drops at the interface level (NIC drops / interface drops)

 

Scope

 

FortiGate.

Solution

 

The following commands will show network interface statistics, as well as counters of received/transmitted packets and drops.

 

diagnose netlink interface list name <interface name>

 

Sample output:

 

diagnose netlink interface list name wan1
if=wan1 family=00 type=1 index=4 mtu=1500 link=0 master=0
ref=329 state=off start fw_flags=10000000 flags=up broadcast run allmulti multicast
Qdisc=mq hw_addr=90:6c:ac:5b:bf:b9 broadcast_addr=ff:ff:ff:ff:ff:ff
outbandwidth=92000(kbps)      
 :::Below output of priority only show when traffic shaping applied and bandwidth values specified.
    priority=0     allocated-bandwidth=8(kbps)     total_bytes=225378K     drop_bytes=0
    priority=1     allocated-bandwidth=0(kbps)     total_bytes=2320057K     drop_bytes=5278K
    priority=2     allocated-bandwidth=0(kbps)     total_bytes=0     drop_bytes=0
    priority=3     allocated-bandwidth=379(kbps)     total_bytes=826200K     drop_bytes=29K
    priority=4     allocated-bandwidth=91611(kbps)     total_bytes=0     drop_bytes=0
stat: rxp=8542076 txp=7928261 rxb=5853285911 txb=3381014267 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0

 

Other commands:

 

     config global

diagnose hardware deviceinfo nic wan1
Description :FortiASIC NP6 Adapter
Driver Name :FortiASIC Unified NPU Driver
Name :np6_0
PCI Slot :0000:02:00.0
irq :16
Board :FGT800D
SN :FG800D3916800432
Major ID :20
Minor ID :0
lif id :16
lif oid :154
netdev oid :154
netdev flags :1003
netdev oid_vid :0
Current_HWaddr 90:6c:ac:5a:da:e2
Permanent_HWaddr 90:6c:ac:5a:da:e2
phy name :wan1
bank_id :1
phy_addr :0x03
lane :8
flags :0x400220
sw_port :0
sw_np_port :0
vid_phy[6] :[ 18, 0, 0, 0, 0, 0]
eid_phy[6] :[ 0, 0, 0, 0, 0, 0]
======== Link Settings ==========
link_autonego :1
link_setting :1
link_speed :1000
link_duplex :1
link_fec :None (0x0)
link_fec_cap :None (0x0)
link_serdes_if :None
serdes_if_cap : (0x0)
serdes_dflt :0
pm_mode_setting :0
pm_mode :0x0
pm_mode_dflt :0
pm_port :No
medium_mode :0
========== Link Status ==========
Admin :up
netdev status :down
Speed :N/A
Duplex :N/A
link_status :Down
rx_link_status :0
int_phy_link :0
local_fault :0
local_warning :0
remote_fault :0
nr_reset :0
============ Counters ===========
Rx_CRC_Errors :0
Rx_Frame_Too_Longs:0
rx_undersize :0
Rx Pkts :0
Rx Bytes :0
Tx Pkts :0
Tx Bytes :0
rx_rate :0
tx_rate :0
nr_ctr_reset :0
Host Rx Pkts :0
Host Rx Bytes :0
Host Tx Pkts :0
Host Tx Bytes :0
Host Tx dropped :0
FragTxCreate :0
FragTxOk :0
FragTxDrop :0

 

Note:

Starting from v7.6.4, the 'diagnose hardware deviceinfo nic <port>' command has been updated to include additional counters for enhanced debug-related analysis of network interface cards (NICs). Specifically, the new counters added are:

 

  • htx_drop: This counter tracks if there are FCS, oversized, or jabber errors on the network interface.
  • RX pps: This represents the receive packets per second rate, providing real-time insight into inbound traffic volume.
  • Rx bps: This indicates the receive bits per second rate, useful for monitoring bandwidth utilization on the receive side.
  • Tx pps:  This counter measures the rate at which packets are transmitted through the specified network interface (e.g., port17) in packets per second (pps).
  • Tx bps: This counter measures the rate at which data is transmitted through the specified network interface in bits per second (bps).

These enhancements build on the existing statistics (such as Host Tx dropped) to offer more granular visibility into NIC performance and potential bottlenecks. At present, this feature is limited to the FortiGate 1801F and interfaces that support FEC CL91.

 

diagnose hardware deviceinfo nic port17
Description     :FortiASIC NP7 Adapter
Driver Name     :FortiASIC Unified NPU Driver
pid             :18
oid             :146
vid             :19
macid           :17
eif_id          :128
promiscous      :2
local_port      :1
vlan_wa_done    :0
mtu             :9000
netdev oid      :146
dev-flags       :1904
dev-promis      :2
Current_HWaddr   e0:23:ff:52:33:6c
Permanent_HWaddr e0:23:ff:52:33:6c
==== Default Link Settings =====
auto-nego       :Enable
s_speed         :1000
s_duplex        :Half
==== Current Link Settings =====
auto-nego       :Disable
s_status        :Down
s_speed         :1000
s_duplex        :Half
FEC             :OFF (0x3)
FEC_cap         :None (0x1)
SerDes_if       :SGMII
SerDes_if_cap   :SGMII (0x5)
SerDes_dflt     :3
pm_mode_setting :1
pm_mode         :0x1
pm_mode_dflt    :1
pm_port         :Yes
medium_mode     :1
==== Link Status ===============
Admin           :Down
link_status     :Down
Speed           :1000
Duplex          :Half
==== Netdev Status =============
dev_running     :No
dev_carrier     :Off
==== Host Counters =============
hrx_pkts        :300
hrx_bytes       :28000
htx_pkts        :2100
htx_bytes       :220000
htx_drop        :0
htx_e_busy      :0
htx_e_noheadroom:0
htx_e_oid       :0
htx_e_adapter   :0
htx_e_pad       :0
htx_e_frag      :0
htx_e_other     :0
==== Netdev Counters ===========
Rx Pkts         :260
Rx Bytes        :33000
Tx Pkts         :2000
Tx Bytes        :225000
Rx pps          :3
Rx bps          :1600
Tx pps          :3
Tx bps          :1400
==== Switch Poll Counters ======
sw_tx_pkts      :2000
sw_tx_bytes     :225000
sw_tx_bc_pkts   :0
sw_tx_mc_pkts   :0
sw_rx_pkts      :260
sw_rx_bytes     :33000
sw_rx_bc_bytes  :35
sw_rx_mc_bytes  :180
==== Switch Error Counters =====
rx_err          :0
rx_crc_err      :0
rx_len_err      :0
rx_carrier_err  :0
rx_over_err     :0
rx_under_err    :0
rx_drop_pkts    :0
tx_collision_err:0
tx_drop_pkts    :0
======Queue  Counters ===========
uc_que0_pkts    :0
uc_que1_pkts    :0
uc_que2_pkts    :0
uc_que3_pkts    :0
uc_que4_pkts    :0
uc_que5_pkts    :0
uc_que6_pkts    :0
uc_que7_pkts    :0
--------------------------------
uc_drop_que0_pkts:0
uc_drop_que1_pkts:0
uc_drop_que2_pkts:0
uc_drop_que3_pkts:0
uc_drop_que4_pkts:0
uc_drop_que5_pkts:0
uc_drop_que6_pkts:0
uc_drop_que7_pkts:0
==== Transceiver Info ==========
tx_disable      : N/A
rx_los          : N/A
tx_fault        : N/A
present         : N/A
last_spd        : 0

 

 

 

get hardware nic wan1
Description :FortiASIC NP6 Adapter
Driver Name :FortiASIC Unified NPU Driver
Name :np6_0
PCI Slot :0000:02:00.0
irq :16
Board :FGT800D
SN :FG800D3916800432
Major ID :20
Minor ID :0
lif id :16
lif oid :154
netdev oid :154
netdev flags :1003
netdev oid_vid :0
Current_HWaddr 90:6c:ac:5a:da:e2
Permanent_HWaddr 90:6c:ac:5a:da:e2
phy name :wan1
bank_id :1
phy_addr :0x03
lane :8
flags :0x400220
sw_port :0
sw_np_port :0
vid_phy[6] :[ 18, 0, 0, 0, 0, 0]
eid_phy[6] :[ 0, 0, 0, 0, 0, 0]
======== Link Settings ==========
link_autonego :1
link_setting :1
link_speed :1000
link_duplex :1
link_fec :None (0x0)
link_fec_cap :None (0x0)
link_serdes_if :None
serdes_if_cap : (0x0)
serdes_dflt :0
pm_mode_setting :0
pm_mode :0x0
pm_mode_dflt :0
pm_port :No
medium_mode :0
========== Link Status ==========
Admin :up
netdev status :down
Speed :N/A
Duplex :N/A
link_status :Down
rx_link_status :0
int_phy_link :0
local_fault :0
local_warning :0
remote_fault :0
nr_reset :0
============ Counters ===========
Rx_CRC_Errors :0
Rx_Frame_Too_Longs:0
rx_undersize :0
Rx Pkts :0
Rx Bytes :0
Tx Pkts :0
Tx Bytes :0
rx_rate :0
tx_rate :0
nr_ctr_reset :0
Host Rx Pkts :0
Host Rx Bytes :0
Host Tx Pkts :0
Host Tx Bytes :0
Host Tx dropped :0
FragTxCreate :0
FragTxOk :0
FragTxDrop :0

 

Or:

 

fnsysctl ifconfig <interface name>   <- Internal command.

fnsysctl ifconfig -a <interface name>   <- Internal command.

 

Repeat the commands to check for increases in drops/collisions. Alternatively, clear the counters through the following command and verify the counters again. 

 

diagnose netlink interface clear <interface name>

diagnose netlink interface clear wan1

 

Note:

These commands may be different in older FortiOS versions that are already out of support. Consider upgrading the firmware on the device to a supported version. Check the firmware path and compatibility based on the hardware platform: Upgrade Path Tool Table - Fortinet.com

Labels:
57336
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.