Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGuard
- FortiGate Cloud
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiToken
- FortiTester
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RE: Interface eth0
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Interface eth0
Hi,
I have a fortigate 110C V4.0MR3 P14 which will show traffic exiting port1 or port3 as also exiting interface eth0.
Interface eth0 does not appear on the interface configuration.
diag hardware deviceinfo nic eth0
returns information on packets sent/received
diag hardware deviceinfo nic port1
returns information on packets sent/received but omits many categories including:
Rx_Errors
Tx_errors
Collisions
Rx_Length_Errors
Rx_Over_Errors
Rx_Frame_Errors
Tx_aborted_Errors
Tx_carrier_errors
Rx_CRC_Errors
eth0 has these categories (with zero counted in each), but other ports do not.
Any thoughts?
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
diag hardware deviceinfo nic eth0I think that' s a pusedo interface but stangely m 110C has a eth0; FW1LAW # diag hardware deviceinfo nic eth0 Description Broadcom 570x Tigon3 Ethernet Adapter Part_Number BCM95786T8600 PHY_Device_ID 5787 Driver_Name tg3 Driver_Version 3.85l PCI_Vendor 0x14e4 PCI_Device_ID 0x169a PCI_Subsystem_Vendor 0x14e4 PCI_Subsystem_ID 0x969a PCI_Revision_ID 0xb002 PCI_Address 1:0.0 Memory 0xdfc00000 IRQ 9 System_Device_Name eth0 Current_HWaddr 00:09:0f:ca:f9:7e Permanent_HWaddr 00:09:0f:ca:f9:7e Link up Speed 1000 Mbps full duplex FlowControl Tx off, Rxoff MTU_Size 1500 Rx_Packets 247284410 Rx_Packets_Dropped 0 Tx_Packets 338341834 Rx_Bytes 1501420373 Tx_Bytes 2229875905 Rx_Errors 0 Tx_errors 0 Multicast 1160947 Collisions 0 Rx_Length_Errors 0 Rx_Over_Errors 0 Rx_Frame_Errors 0 Tx_aborted_Errors 0 Tx_carrier_errors 0 Rx_CRC_Errors 0 rx_pending 200 tx_pending 511 tg3_flags a2486c05 tg3_flags2 380c9200 but it' s not an interface you can sniffer on; diag sniffer packet <interface> the network interface to sniff (or " any" ) FG100C3G09611205 # diag sniffer packet eth0 " any" interfaces=[eth0] filters=[any] pcap_lookupnet: eth0: no IPv4 address assigned pcap_compile: parse error and version of code; Version: Fortigate-110C v4.0,build0196,100319 (MR1 Patch 4) Qs: Where are you seeing traffic exiting eth0? Are you using any IPS or end-point UTM features ? What does " get sys performance status" show? And " diag ip arp list " 7 " diag ip address list" show for you ip_address L3 interfaces ?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where are you seeing traffic exiting eth0? Are you using any IPS or end-point UTM features ?using diag sniffer packet any ' filters' 4 to give the interface name
What does " get sys performance status" show?CPU states: 0% user 0% system 0% nice 100% idle CPU0 states: 0% user 0% system 0% nice 100% idle Memory states: 16% used Average network usage: 2090 kbps in 1 minute, 1596 kbps in 10 minutes, 2186 kbps in 30 minutes Average sessions: 373 sessions in 1 minute, 323 sessions in 10 minutes, 298 sessions in 30 minutes Average session setup rate: 1 sessions per second in last 1 minute, 2 sessions per second in last 10 minutes, 1 sessions per second in last 30 minutes Virus caught: 0 total in 1 minute IPS attacks blocked: 0 total in 1 minute Uptime: 27 days, 1 hours, 41 minutes
And " diag ip arp list " 7 " diag ip address list" show for you ip_address L3 interfaces ?They show the L3 interfaces on port3, no references to eth0...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay that' s good. I believe you can ignore that.
Eth0 is problem something that replicating packets for one of the UTM features or offloading.
e.g
diag sniffer packet any ' arp' 4
interfaces=[any]
filters=[arp]
0.601971 wan2 out arp who-has 192.168.11.68 tell 192.168.11.73
0.601976 eth0 out arp who-has 192.168.11.68 tell 192.168.11.73
2.513880 wan2 in arp reply 192.168.0.120 is-at d4:ae:52:bd:e4:fe
5.624268 wan2 in arp who-has 192.168.11.73 tell 192.168.11.67
5.624281 wan2 out arp reply 192.168.11.73 is-at 0:9:f:ca:f9:7f
5.624284 eth0 out arp reply 192.168.11.73 is-at 0:9:f:ca:f9:7f
6.382000 wan2 out arp who-has 192.168.254.2 tell 192.168.254.1
6.382005 eth0 out arp who-has 192.168.254.2 tell 192.168.254.1
6.382202 wan2 in arp reply 192.168.254.2 is-at 3c:4a:92:f5:e6:1c
9 packets received by filter
0 packets dropped by kernel
~
Are you experiencing performance issues? or just curious on eth0?
fwiw: All of the firewall that I checked, exhibits the same.
I fogot to add this
http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install_advanced/cb_appendix_diags.html
hardware deviceinfo nic eth0
Display information about the network card attached to the interface. The information displayed varies by the type of NIC. It will include the VLAN id, state, link, speed, counts for received and transmitted packets and bytes. The MAC for this NIC is Current_HWaddr and Permant_HWaddr, and this is only place you can see both the old and new MAC when it is changed.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you experiencing performance issues? or just curious on eth0?Just curious :) Also curious re the counts under diag hardware deviceinfo nic port1 I don' t see any numbers on rx/tx errors/collisions. Will these only appear if the counts are nonzero?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rx/tx errors/collisionsYes only if they appear. Collision should never been seen in a full-duplex setting. Collision, CRC and late collision are normally a duplex miss-match or if a 802.1q tag is being applied and the other party is not expecting it. Man your question was challenging, I remember some fortinet rep explain the eth0 and I can' t recall what it' s used for now
I would not worry too much about it unless your see performance issues or numbers are climbing on a regular schedule.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats ok, thanks for your input emnoc!
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- SD WAN with Policy route 8 Views
- S2S VPN issues with packets drops 96 Views
- Should I create two default routes (0.0.0.0/0.0.0.0)... 109 Views
- Internal Zone to External Zone policy... 156 Views
- FortiGate cheatsheet FortiOS 7.4 108 Views
Labels
-
Fortigate
7,445 -
FortiClient
1,469 -
5.2
801 -
5.4
639 -
FortiManager
637 -
FortiAnalyzer
484 -
6.0
416 -
FortiSwitch
387 -
FortiAP
386 -
5.6
362 -
FortiClient EMS
312 -
FortiMail
287 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
181 -
FortiNAC
134 -
SSL-VPN
129 -
6.4
128 -
IPsec
124 -
FortiGuard
121 -
FortiGateCloud
97 -
FortiCloud Products
93 -
FortiSIEM
92 -
FortiToken
80 -
Customer Service
72 -
Wireless Controller
68 -
SD-WAN
65 -
4.0MR3
64 -
FortiProxy
52 -
FortiEDR
47 -
Fortivoice
46 -
FortiADC
46 -
FortiDNS
43 -
FortiAuthenticator
43 -
Firewall policy
40 -
FortiSandbox
38 -
VLAN
38 -
FortiExtender
37 -
FortiGate v5.4
36 -
FortiSwitch v6.4
32 -
High Availability
32 -
DNS
28 -
BGP
27 -
LDAP
27 -
FortiConnect
26 -
ZTNA
26 -
FortiGate v5.2
24 -
FortiWAN
24 -
FortiConverter
23 -
SAML
22 -
Interface
22 -
Authentication
21 -
Routing
21 -
Certificate
21 -
FortiSwitch v6.2
20 -
FortiLink
19 -
NAT
19 -
FortiPortal
18 -
VDOM
18 -
RADIUS
16 -
Logging
16 -
FortiMonitor
16 -
Virtual IP
16 -
Web profile
16 -
FortiGate v5.0
15 -
SSL SSH inspection
15 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Application control
14 -
Traffic shaping
13 -
FortiManager v5.0
12 -
FortiCASB
12 -
SSO
12 -
IP address management - IPAM
11 -
FortiRecorder
10 -
SSID
10 -
Static route
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiAnalyzer v5.0
9 -
FortiSOAR
9 -
FortiWeb v5.0
9 -
SNMP
9 -
RMA Information and Announcements
9 -
OSPF
9 -
FortiAP profile
9 -
WAN optimization
9 -
FortiManager v4.0
8 -
FortiBridge
8 -
Admin
8 -
Security profile
8 -
Proxy policy
8 -
Web application firewall profile
8 -
4.0
7 -
FortiCache
7 -
Automation
7 -
trunk
6 -
IPS signature
6 -
Antivirus profile
6 -
Traffic shaping policy
6 -
System settings
6 -
FortiCarrier
5 -
FortiDirector
5 -
DNS Filter
5 -
Packet capture
5 -
FortiTester
5 -
Users
5 -
Port policy
5 -
Intrusion prevention
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiDeceptor
4 -
FortiScan
4 -
Explicit proxy
4 -
FortiPAM
4 -
Traffic shaping profile
4 -
Application signature
4 -
DLP sensor
4 -
DoS policy
4 -
Web rating
4 -
FortiInsight
3 -
FortiDB
3 -
FortiCWP
3 -
FortiToken Cloud
3 -
FortiHypervisor
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
Email filter profile
3 -
Fabric connector
3 -
File filter
3 -
Multicast routing
3 -
FortiAI
2 -
FortiNDR
2 -
Internet Service Database
2 -
Netflow
2 -
Protocol option
2 -
Replacement messages
2 -
Schedule
2 -
Service
2 -
VoIP profile
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
Kerberos
1 -
RIP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1237 | |
| 932 | |
| 674 | |
| 441 | |
| 176 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.