Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amigo
New Contributor

Created on ‎02-01-2018 04:39 AM

FortiView 5.6.3 bandwidth

Hello all, I manage several Fortigates(80D,80E,60E) with different Fortios(5.6.3 and 5.4.8). I founded an issue with forti os 5.6.3 I'm not sure if it is an issue it is maybee my mistake.

 

It relates to fortiview. When I want to monitor traffic(sources\destinations\interfaces)I don't see what widget "interface bandwith" shows and what is true. There is the smaller amount of bandwith in fortiview. I tried same with multiple Fortigate units and it is same for all with 5.6.3. I tried it for one unit(80D) with 4.5.8 and it was ok.

 

I'm attaching image.

 

img1 - You can see the computer which downloading file through VPN. The transfer rate is 3,44MB(aprox. 28Mbit) but fortiview\sources show only 8Mbit Bandwith for this computer.

 

 

 

Preview file
52 KB
Labels:
8595
0 Kudos
1 Solution
amigo
New Contributor
In response to filigran

Created on ‎02-16-2018 05:05 AM

I have reply from Fortinet support.

All that you can see in Fortiview is traffic passed through CPU. If the traffic is offloaded to NP(network processor), SP(security processor) or CP(content processor) you cannot see it in Fortiview. If you want it you should by Fortigate mode with NP6 processor(higher models of FG). 

 

Hardware acceleration overview:

"Except for the NP6, network processors do not count offloaded packets, and offloaded packets are not logged by traffic logging and are not included in traffic statistics and traffic log reports.

NP6 processors support per-session traffic and byte counters, Ethernet MIB matching, and reporting through messages resulting in traffic statistics and traffic log reporting."

 

It is fu*king feature.

 

It isn't related to Fortios but to models with NP, CP or SP. Old units(80D) don't have "coprocessor" so with this unit you see everything.

 

It is possible to turn offloading off but you can expect high cpu usage.

View solution in original post

2682
4 REPLIES 4
filigran
New Contributor

Created on ‎02-02-2018 05:02 AM

Sorry I can not be of any help here, but I'm really curious on any insights to come.

Because this has been bugging me for quite some time now, too.

And I couldn't figure out if it is some misunderstanding on my side (because of the realtime-nature of the fortiview reporting in these cases). Due to the TO's post I now have a feeling that some sort of explanation would really come in handy. 

2647
0 Kudos
amigo
New Contributor
In response to filigran

Created on ‎02-16-2018 05:05 AM

I have reply from Fortinet support.

All that you can see in Fortiview is traffic passed through CPU. If the traffic is offloaded to NP(network processor), SP(security processor) or CP(content processor) you cannot see it in Fortiview. If you want it you should by Fortigate mode with NP6 processor(higher models of FG). 

 

Hardware acceleration overview:

"Except for the NP6, network processors do not count offloaded packets, and offloaded packets are not logged by traffic logging and are not included in traffic statistics and traffic log reports.

NP6 processors support per-session traffic and byte counters, Ethernet MIB matching, and reporting through messages resulting in traffic statistics and traffic log reporting."

 

It is fu*king feature.

 

It isn't related to Fortios but to models with NP, CP or SP. Old units(80D) don't have "coprocessor" so with this unit you see everything.

 

It is possible to turn offloading off but you can expect high cpu usage.

2683
Prab
New Contributor
In response to amigo

Created on ‎09-18-2018 02:54 AM

 

On some FGT models you have the possibility to turn on the logging for the NPU accelerated sessions too. You don't need to turn off the NPU offloading in this case.

Ref: http://help.fortinet.com/cli/fos50hlp/56/Content/FortiOS/fortiOS-cli-ref-56/config/system/npu.htm

 

Regards,

Prab

Preview file
88 KB
2647
0 Kudos
Ashik_Sheik
Contributor II
In response to Prab

Created on ‎09-18-2018 05:40 AM

Hi,

 

Just follow the commands to disable Offload.

 

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-hardware-acceleration-52/acceleration... 

Disabling CP offloading for firewall policies

If you want to completely disable offloading to CP processors for test purposes or other reasons, you can do so in security policies. Here are some examples:

For IPv4 security policies.

config firewall policy

edit 1

set auto-asic-offload disable

end

For IPv6 security policies.

config firewall policy6

edit 1

set auto-asic-offload disable

end

For multicast security policies.

config firewall multicast-policy

edit 1

set auto-asic-offload disable

end

 

Ashu 

 

Ashu
2647
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.