How to mitigate an abnormal increase in "flow_fwd_notopology" global counter

• Next Generation Firewall
• DP packet drop
• flow_fwd_notopology

1. To check the routing table use the CLI command:

   show routing route

2. To check the forwarding table use the CLI command:

   show routing fib

3. To check the interface routing use the CLI command:

   show routing interface

4. If a certain traffic is suspected to be affected by those packet drops then during a maintenance window:
   1. Setup a filter for that traffic under Monitor > packet capture > configure filtering and enable the filter. Refer to step 1 in Getting Started: Packet Capture.
   2. Check using the CLI the filtered global counter to see if you the global counter flow_fwd_notopology is seen. Refer to step 2 in Getting Started: Packet Capture. 
   3. Using your network topology and the routing information gathered above make sure that the expected egress interface of the packet has a forwarding entry. Additionally you can use the CLI command:

      test routing fib-lookup virtual-router default ip <ip address>

      Refer to How to Perform FIB Lookup for a Particular Destination for more details on the use of the above command.
5. In case you need further help in troubleshooting this problem contact support so they can assist you in narrowing down the affected traffic and performing a packet capture.

For an example of used case on where the flow_fwd_notopology can be seen check: Active/Active HA drops traffic in network with asymmetric routing.