Tag Archives: inter-vdom link

Hardware acceleration get and diagnose commands

Hardware acceleration get and diagnose commands

This section describes some get and diagnose commands you can use to display useful information about the NP6 processors sessions processed by NP6 processors.

get hardware npu np6

You can use the get hardware npu np6 command to display information about the NP6 processors in your FortiGate and the sessions they are processing. This command contains a subset of the options available from the diagnose npu np6 command. The command syntax is:

get hardware npu np6 {dce <np6-id> | ipsec-stats | port-list | session-stats <np6-id> |

sse-stats <np6-id> | synproxy-stats}

 

<np6-id> identifies the NP6 processor. 0 is np6_0, 1 is np6_1 and so on. dce show NP6 non-zero sub-engine drop counters for the selected NP6. ipsec-stats show overall NP6 IPsec offloading statistics.

port-list show the mapping between the FortiGate’s physical ports and its NP6 processors.

session-stats show NP6 session offloading statistics counters for the selected NP6.

sse-stats show hardware session statistics counters.

synproxy-stats show overall NP6 synproxy statistics for TCP connections identified as being syn proxy DoS attacks.

 

diagnose npu np6

The diagnose npu np6 command displays extensive information about NP6 processors and the sessions that they are processing. Some of the information displayed can be useful for understanding the NP6 configuration, seeing how sessions are being processed and diagnosing problems. Some of the commands may only be useful for Fortinet software developers. The command syntax is:

diagnose npu np6 {options}

The following options are available:

fastpath {disable | enable} <np6-od> enable or disable fastpath processing for a selected NP6.

dce shows NP6 non-zero sub-engine drop counters for the selected NP6.

dce-all show all subengine drop counters.

anomaly-drop show non-zero L3/L4 anomaly check drop counters. anomaly-drop-all show all L3/L4 anomaly check drop counters. hrx-drop show non-zero host interface drop counters.

hrx-drop-all show all host interface drop counters. session-stats show session offloading statistics counters. session-stats-clear clear sesssion offloading statistics counters. sse-stats show hardware session statistics counters.

sse-stats-clear show hardware session statistics counters.

pdq show packet buffer queue counters.

xgmac-stats show XGMAC MIBs counters.

xgmac-stats-clear clear XGMAC MIBS counters.

port-list show port list.

ipsec-stats show IPsec offloading statistics.

ipsec-stats-clear clear IPsec offloading statistics.

eeprom-read read NP6 EEPROM.

npu-feature show NPU feature and status.

register show NP6 registers.

fortilink configure fortilink.

synproxy-stats show synproxy statistics.

 

FortiGate NP4 architectures

FortiGate NP4 architectures

This chapter shows the NP4 architecture for the all FortiGate units and modules that include NP4 processors.

 

FortiGate600C

The FortiGate-600C features one NP4 processor. All the ports are connected to this NP4 over the Integrated Switch Fabric. Port1 and port2 are dual failopen redundant RJ-45 ports. Port3-port22 are RJ-45 ethernet ports, and there are four 1Gb SFP interface ports duplicating the port19-port22 connections.

 

FortiGate800C

The FortiGate-800C features one NP4 processor. All the ports are connected to this NP4. Port1 and port2 are dual failopen redundant RJ-45 ports. Port3-port22 are RJ-45 ethernet ports, and there are eight 1Gb SFP interface ports duplicating the port15-18 and port19-port22 connections. There are also two 10Gb SFP+ ports, port23 and port24.

 

FortiGate1000C

The FortiGate-1000C features one NP4 processor. All the ports are connected to this NP4. Port1 and port2 are dual failopen redundant RJ-45 ports. Port3-port22 are RJ-45 ethernet ports, and there are eight 1Gb SFP interface ports duplicating the port15-18 and port19-port22 connections. There are also two 10Gb SFP+ ports, port23 and port24.

 

FortiGate1240B

The FortiGate-1240B features two NP4 processors:

  • Port1 to port24 are 1Gb SFP interfaces connected to one NP4 processor.
  • Port25 to port38 are RJ-45 ethernet ports, connected to the other NP4 processor.
  • Port39 and port40 are not connected to an NP4 processor.

 

Integrated Switch Fabric

FortiASIC NP4

FortiASIC NP4

System Bus

CP6

CPU

 

FortiGate3040B

The FortiGate-3040B features two NP4 processors:

  • The 10Gb interfaces, port1, port2, port3, port4, and the 1Gb interfaces, port9, port10, port11, port12, port13, share connections to one NP4 processor.
  • The 10Gb interfaces, port5, port6, port7, port8, and the 1Gb interfaces, port14, port15, port16, port17, port18, share connections to the other NP4 processor.

 

FortiGate  3040B

STATUS ALARM HA POWER

NP4-1      NP4-2

CONSOLE

10G SFP+

1                    3                    5                       7

2                    4                    6                       8

9                     11                   13

10                   12                   14

15                  17

16                  18

FSM1

FSM2

SHUT DO WN

FSM3

FSM4

Integrated Switch Fabric

FortiASIC NP4

FortiASIC NP4

System Bus

CP7

CPU