Hello all, I manage several Fortigates(80D,80E,60E) with different Fortios(5.6.3 and 5.4.8). I founded an issue with forti os 5.6.3 I'm not sure if it is an issue it is maybee my mistake.
It relates to fortiview. When I want to monitor traffic(sources\destinations\interfaces)I don't see what widget "interface bandwith" shows and what is true. There is the smaller amount of bandwith in fortiview. I tried same with multiple Fortigate units and it is same for all with 5.6.3. I tried it for one unit(80D) with 4.5.8 and it was ok.
I'm attaching image.
img1 - You can see the computer which downloading file through VPN. The transfer rate is 3,44MB(aprox. 28Mbit) but fortiview\sources show only 8Mbit Bandwith for this computer.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have reply from Fortinet support.
All that you can see in Fortiview is traffic passed through CPU. If the traffic is offloaded to NP(network processor), SP(security processor) or CP(content processor) you cannot see it in Fortiview. If you want it you should by Fortigate mode with NP6 processor(higher models of FG).
Hardware acceleration overview:
"Except for the NP6, network processors do not count offloaded packets, and offloaded packets are not logged by traffic logging and are not included in traffic statistics and traffic log reports.
NP6 processors support per-session traffic and byte counters, Ethernet MIB matching, and reporting through messages resulting in traffic statistics and traffic log reporting."
It is fu*king feature.
It isn't related to Fortios but to models with NP, CP or SP. Old units(80D) don't have "coprocessor" so with this unit you see everything.
It is possible to turn offloading off but you can expect high cpu usage.
Sorry I can not be of any help here, but I'm really curious on any insights to come.
Because this has been bugging me for quite some time now, too.
And I couldn't figure out if it is some misunderstanding on my side (because of the realtime-nature of the fortiview reporting in these cases). Due to the TO's post I now have a feeling that some sort of explanation would really come in handy.
I have reply from Fortinet support.
All that you can see in Fortiview is traffic passed through CPU. If the traffic is offloaded to NP(network processor), SP(security processor) or CP(content processor) you cannot see it in Fortiview. If you want it you should by Fortigate mode with NP6 processor(higher models of FG).
Hardware acceleration overview:
"Except for the NP6, network processors do not count offloaded packets, and offloaded packets are not logged by traffic logging and are not included in traffic statistics and traffic log reports.
NP6 processors support per-session traffic and byte counters, Ethernet MIB matching, and reporting through messages resulting in traffic statistics and traffic log reporting."
It is fu*king feature.
It isn't related to Fortios but to models with NP, CP or SP. Old units(80D) don't have "coprocessor" so with this unit you see everything.
It is possible to turn offloading off but you can expect high cpu usage.
On some FGT models you have the possibility to turn on the logging for the NPU accelerated sessions too. You don't need to turn off the NPU offloading in this case.
Ref: http://help.fortinet.com/cli/fos50hlp/56/Content/FortiOS/fortiOS-cli-ref-56/config/system/npu.htm
Regards,
Prab
Hi,
Just follow the commands to disable Offload.
If you want to completely disable offloading to CP processors for test purposes or other reasons, you can do so in security policies. Here are some examples:
For IPv4 security policies.
config firewall policyedit 1set auto-asic-offload disableendFor IPv6 security policies.
config firewall policy6edit 1set auto-asic-offload disableendFor multicast security policies.
config firewall multicast-policyedit 1set auto-asic-offload disableend
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.