Hardware acceleration get and diagnose commands

Hardware acceleration get and diagnose commands

This section describes some get and diagnose commands you can use to display useful information about the NP6 processors sessions processed by NP6 processors.

get hardware npu np6

You can use the get hardware npu np6 command to display information about the NP6 processors in your FortiGate and the sessions they are processing. This command contains a subset of the options available from the diagnose npu np6 command. The command syntax is:

get hardware npu np6 {dce <np6-id> | ipsec-stats | port-list | session-stats <np6-id> |

sse-stats <np6-id> | synproxy-stats}

 

<np6-id> identifies the NP6 processor. 0 is np6_0, 1 is np6_1 and so on. dce show NP6 non-zero sub-engine drop counters for the selected NP6. ipsec-stats show overall NP6 IPsec offloading statistics.

port-list show the mapping between the FortiGate’s physical ports and its NP6 processors.

session-stats show NP6 session offloading statistics counters for the selected NP6.

sse-stats show hardware session statistics counters.

synproxy-stats show overall NP6 synproxy statistics for TCP connections identified as being syn proxy DoS attacks.

 

diagnose npu np6

The diagnose npu np6 command displays extensive information about NP6 processors and the sessions that they are processing. Some of the information displayed can be useful for understanding the NP6 configuration, seeing how sessions are being processed and diagnosing problems. Some of the commands may only be useful for Fortinet software developers. The command syntax is:

diagnose npu np6 {options}

The following options are available:

fastpath {disable | enable} <np6-od> enable or disable fastpath processing for a selected NP6.

dce shows NP6 non-zero sub-engine drop counters for the selected NP6.

dce-all show all subengine drop counters.

anomaly-drop show non-zero L3/L4 anomaly check drop counters. anomaly-drop-all show all L3/L4 anomaly check drop counters. hrx-drop show non-zero host interface drop counters.

hrx-drop-all show all host interface drop counters. session-stats show session offloading statistics counters. session-stats-clear clear sesssion offloading statistics counters. sse-stats show hardware session statistics counters.

sse-stats-clear show hardware session statistics counters.

pdq show packet buffer queue counters.

xgmac-stats show XGMAC MIBs counters.

xgmac-stats-clear clear XGMAC MIBS counters.

port-list show port list.

ipsec-stats show IPsec offloading statistics.

ipsec-stats-clear clear IPsec offloading statistics.

eeprom-read read NP6 EEPROM.

npu-feature show NPU feature and status.

register show NP6 registers.

fortilink configure fortilink.

synproxy-stats show synproxy statistics.

 

This entry was posted in FortiOS 5.4 Handbook and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.