Tuesday, July 19, 2011

Useful Interface Statistics

On the CLI try this

> diag hardware deviceinfo nic "interface name"

for example

> diag hardware deviceinfo nic wan1

produces the following sample output. Very handy to check for duplex mismatches, collisions, errors, etc in a pinch.

Driver Name: NP2
Version: 0.92
Chip Revision: 2
BoardSN: N/A
Module Name: 310B
DDR Size: 256 MB
Bootstrap ID: 11
PCIX-64bit-@133MHz bus: 03:01.0
Admin: up
Link: up
Speed: 1000Mbps
Duplex: Full
Rx Pkts: 3875403410
Tx Pkts: 3337050564
Rx Bytes: 1095981056
Tx Bytes: 1043256285
MAC0 Rx Errors: 0
MAC0 Rx Dropped: 0
MAC0 Tx Dropped: 0
MAC0 FIFO Overflow: 0
MAC0 IP Error: 0

TAE Entry Used: 0
TSE Entry Used: 0
Host Dropped: 1477715
Shaper Dropped: 121
EEI0 Dropped: 0
EEI1 Dropped: 0
EEI2 Dropped: 0
EEI3 Dropped: 0
IPSEC QFIFO Dropped: 0
IPSEC DFIFO Dropped: 0
PBA: 123/1019/251
Forwarding Entry Used: 0
Offload IPSEC Antireplay ENC Status: Disable
Offload IPSEC Antireplay DEC Status: Enable
Offload Host IPSEC Traffic: Disable

1 comment:

M00sebyte said...

I was having an issue with my Fortinet 60Bs hitting 100% CPU utilization and found your past blog entries helpful. I thought I would pass these test options on as someone else having the issue may be able to use them.

Disable or Renable IPSengine
-----------------------------------
# diag test application ipsmonitor
IPS Engine Test Usage:
1: Display IPS engine information
2: Toggle IPS engine enable/disable status
3: Display restart log
4: Clear restart log
5: Toggle bypass status
6: Submit attack characteristics now
97: Start all IPS engines
98: Stop all IPS engines
99: Restart all IPS engines and monitor

I did not have the IPS engine applied to any filter and it should not have been in use, but was taking 100% of the CPU. Using 98 to shut it off completely did the trick.