Hi folks
I hope you're all doing well.
I'm writing because I have a little "cosmetic" problem with my Fortigate 60E which is in use by one of my companies clients.
Our monitoring tool notifies a lot of drops on interface 5 (more than 500k/hour). So I started troubleshooting.
First I run the dia hard deviceinfo nic internal5 command:
Description :FortiASIC NP6LITE Adapter Driver Name :FortiASIC NP6LITE Driver Board :60E lif id :7 lif oid :71 netdev oid :71 Current_HWaddr xx Permanent_HWaddr xx ========== Link Status ========== Admin :up netdev status :up autonego_setting:1 link_setting :0 speed_setting :10 duplex_setting :0 Speed :1000 Duplex :Full link_status :Up ============ Counters =========== Rx Pkts :18208097703 Rx Bytes :11024838411269 Tx Pkts :15296225169 Tx Bytes :10319894982632 Host Rx Pkts :3749448284 Host Rx Bytes :9406441080 Host Tx Pkts :582392616 Host Tx Bytes :11678029692 Host Tx dropped :0
Couldn't see any problems.
Then I run the following command:
fnsysctl ifconfig internal5
internal5 Link encap:Ethernet HWaddr xx UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 [size="2"] RX packets:18213138482 errors:0 dropped:2148776702 overruns:0 frame:0[/size] TX packets:15302455501 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11026769464625 (10269.5 GB) TX bytes:10324633075520 (9615.6 GB)
You can see (red marked) that there are a LOT of receiving Drops.
I checked the interface speed on both sides, switch and firewall. Both duplex 1Gig/s. So no problems here.
The bandwith useage is also "normal" in other words less than 500mbit/s.
Do you have any suggestions what I can try to resolve this drops? Funny thing is: The customer doesn't perceive any problems so that's why I'm calling it a "cosmetic" problem.
Best regards
Jimmy
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I would do regular layer1 troubleshooting. First check the stats on the other side to make sure the other side is not seeing any problem. Then either change the cable or move/swap the port to isolate if it's on this particular port (if it doesn't follow) or the connection (if it follows).
At the same time I would open a TT in case I have to go to RMA.
More commands can be used to analyze the issue with the link between two FortiGates in cluster
get hardware nic <interface-name>
diagnose hardware deviceinfo nic <interface-name>
diagnose netlink interface list name <interface name>
fnsysctl ifconfig <interface name>
Useful article related to the above commands.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Changing-the-speed-of-a-FortiGate-interfac...
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGate-interface-error-counters/t...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-Ethernet-speed-duplex-and-negoti...
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Network-Interface-Card-NIC-commands/...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.