FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sagha
Staff
Staff
Article Id 197541
Description
With a PPoE interface configured in SD-WAN rules, the traffic is not going to be forwarded on that interface.
This article describes the behavior observed if an interface is configured under ‘config system interface’ with ‘set mode pppoe’. 



Scope
This behavior is observed in v6.0.6 to v6.0.8 and v6.2.0 to v6.2.2.

The following behavior was changed in v6.0.9 onwards and v6.2.3 onwards where setting up ‘set mode ppoe’ would work.

Solution
PPoE interface configuration.
# config system interface
    edit "wan1"
        set vdom "root"
        set mode pppoe                                         <----- Setting up mode to PPoE.
        set allowaccess ping https ssh snmp
        set type physical
        set snmp-index 4
        set username "pppoe"
        set password ENC  xxxxxx
    next
end
SD-WAN rule output.
# diagnose sys virtual-wan-link service

Service(21): Address Mode(IPV4) flags=0x0
  TOS(0x0/0x0), Protocol(0: 1->65535), Mode(priority), link-cost-factor(bibandwidth), link-cost-threshold(10), health-check(ping)
  Service role: standalone
  Member sub interface:
  Members:
    1: Seq_num(1), alive, bibandwidth: 0kbps, selected
  Dst address:
        10.100.2.0-10.100.2.255
In case firmware upgrade is not an option, workaround is to set interface mode to PPoE, configure it under ‘# config system pppoe-interface’.
# config system pppoe-interface
    edit "11"
        set device "wan1"
        set username "pppoe"
        set password ENC0  xxxxxx
    next
end

# diagnose sys virtual-wan-link service
Service(21): Address Mode(IPV4) flags=0x0
  TOS(0x0/0x0), Protocol(0: 1->65535), Mode(priority), link-cost-factor(bibandwidth), link-cost-threshold(10), health-check(ping)
  Service role: standalone
  Member sub interface:
  Members:
    1: Seq_num(1), alive, bibandwidth: 199.79Mbps, selected
  Dst address:
        10.100.2.0-10.100.2.255

Contributors