NPU based interfaces
Many Fortinet products contain network processors such as NP1, NP2, and NP4 network processors. Therefore offloading requirements, vary by network processor model.
When using the NPU-based interfaces, only the initial session setup will be seen through the diag debug flow command. If the session is correctly programmed into the ASIC (fastpath), the debug flow command will no longer see the packets arriving at the CPU. If the NPU functionality is disabled, the CPU will see all the packets, however, this should only be used for troubleshooting purposes.
First, obtain the NP4 id and the port numbers with the following command:
diag npu np4 list
Sample output:
ID Model Slot Interface
0 On-board port1 fabric1 fabric3 fabric5
1 On-board fabric2 port2 base2 fabric4
Run the following commands:
diag npu np4 fastpaf th disable <dev_id>
(where dev_id is the NP4 number)
Then, run this command:
diag npu np4 fastpath-sniffer enable port1
Sample output:
NP4 Fast Path Sniffer on port1 enabled
This will cause all traffic on port1 of NP4 to be sent to the CPU meaning a standard sniffer trace can be taken and other diag commands should work if it was a standard CPU driven port.
These commands are only for the newer NP4 interfaces.