FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cfchan
Staff
Staff
Article Id 197649

Description


This article describes the settings required for FortiGate-60E-DSL and FortiWifi-60E-DSL for specific regions such as Australia and New Zealand, settings for different providers. This is based on build 5.6 (b4096) as the time of writing (Aug 2018).  


Solution

 

Note on centralised managetsystgement: to manage above build with FortiManager please contact the SE for GA version of FortiManager.

 

FG60E  # get system status

Version: FortiGate-60E-DSL v5.6.0,build4096,180809 (GA)

Virus-DB: 61.00240(2018-08-05 09:28)

…..(output omitted)

BIOS version: 05000002

System Part-Number: P21074-03

Log hard disk: Not available

Hostname: FG60E***********  

Operation Mode: NAT

Current virtual domain: root

Max number of virtual domains: 10

Virtual domains status: 1 in NAT mode, 0 in TP mode

Virtual domain configuration: disable

FIPS-CC mode: disable

Current HA mode: standalone

Branch point: 1600

Release Version Information: GA

System time: Thu Aug 16 15:41:29 2018

 

ISP: Vodafone New Zealand (VDSL).

 

GUI and full CLI settings below:

 

Anthony_E_0-1655724376641.png

 

Figure: settings network interfaces.

 

Anthony_E_1-1655724498242.png

 


Figure: settings for DSL interface

 

Anthony_E_2-1655724686887.png

 


Figure: settings for vlan 10 under DSL interfaces

 

FG60E # config sys interface

FG60E (interface) # edit dsl

config system interface

edit "dsl"

    set vdom "root"

    set mode dhcp

    set allowaccess ping fgfm

    set type physical

       set phy-mode vdsl

    set tc-mode ptm

    set role wan

    set snmp-index 2

next

end

 

FG60E  (dsl) # next

FG60E  (interface) # edit DSL_vlan10  

FG60E (DSL_vlan10) # show

config system interface

edit "DSL_vlan10"

    set vdom "root"

    set mode dhcp

    set allowaccess https ssh fgfm

    set role wan

    set snmp-index 9

    set interface "dsl"

    set vlanid 10

next

end

 

FG60E (DSL_vlan10) # get

name                : DSL_vlan10

vdom                : root

cli-conn-status     : 2

mode                : dhcp

distance            : 5

priority            : 0

ip                  : 203.118.---.x 255.255.---.0

allowaccess         : https ssh fgfm

type                : vlan

devindex            : 20

l2tp-client         : disable

fortiheartbeat      : disable

role                : wan

snmp-index          : 9

defaultgw           : enable

DHCP Gateway        : 203.118.---.254

dns-server-override : enable

Lease Expires        : Thu Aug 16 16:52:21 2018

Acquired DNS1        : 203.109.191.1

Acquired DNS2        : 203.118.191.1

interface           : dsl

vlanid              : 10

 

ISP: Vodafone New Zealand (VDSL) (Tim)

 

Anthony_E_3-1655724777430.png

 


Figure: settings network interfaces

 

Anthony_E_4-1655724867527.png

 


Anthony_E_5-1655724915614.png

 

Figure: settings for DSL interface

 

FG60E # get system status  

Version: FortiGate-60E-DSL v5.6.0,build4093,180808 (GA)

Virus-DB: 59.00623(2018-07-10 15:16)

Extended DB: 59.00623(2018-07-10 15:15)

IPS-DB: 6.00741(2015-12-01 02:30)

IPS-ETDB: 0.00000(2001-01-01 00:00)

APP-DB: 6.00741(2015-12-01 02:30)

INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)

Serial-Number: FG60E***********

IPS Malicious URL Database: 2.00034(2018-07-10 05:11)

Botnet DB: 4.00258(2018-06-22 10:09)

BIOS version: 05000002

System Part-Number: P21074-03

Log hard disk: Not available

Hostname: FG60E***********

Operation Mode: NAT

Current virtual domain: root

Max number of virtual domains: 10

Virtual domains status: 1 in NAT mode, 0 in TP mode

Virtual domain configuration: disable

FIPS-CC mode: disable

Current HA mode: standalone

Branch point: 1600

Release Version Information: GA

System time: Thu Aug 16 21:59:11 2018

 

FG60E # config system interface    

FG60E (interface) # edit dsl

 config system interface

edit "dsl"

    set vdom "root"

    set mode pppoa

    set allowaccess ping

    set type physical

    set scan-botnet-connections block

    set vpi 0

    set vci 100

    set mux-type vc-encaps

    set phy-mode adsl

    set tc-mode atm

    set role wan

    set snmp-index 2

    set username "user@vodafone.co.nz"

 

    set password ENC cGFzc3dvcmQ=

next

end

 

FG60E (dsl) # get

name                : dsl

vdom                : root

cli-conn-status     : 2

mode                : pppoa

distance            : 5

priority            : 0

ip                  : 121.72.---.177 255.255.---.255

allowaccess         : ping

type                : physical

vpi                 : 0

vci                 : 100

mux-type            : vc-encaps

phy-mode            : adsl

tc-mode             : atm

retransmission      : enable

vectoring           : enable

l2tp-client         : disable

role                : wan

snmp-index          : 2

ipunnumbered        : 0.0.0.0

username        : user@vodafone.co.nz  

 

password        : *

idle-timeout     : 0

detected-peer-mtu   : 0

disc-retry-timeout  : 1

padt-retry-timeout  : 1

service-name        :

ac-name             :

lcp-echo-interval   : 5

lcp-max-echo-fails  : 3

defaultgw           : enable

PPPoATM Gateway     : 218.101.--.122

dns-server-override : enable

Acquired DNS1      : 203.97.--.44

Acquired DNS2      : 203.97.--.43

auth-type           : auto

 

ISP: Australia NBN Telstra

 

Anthony_E_6-1655724984534.png


Figure: settings network interfaces

 

 

Anthony_E_7-1655725059310.png

 

Figure: settings for DSL interface

 

FG60E # get system status  

Version: FortiGate-60E-DSL v5.6.0,build4096,180809 (GA)

Virus-DB: 1.00123(2015-12-11 13:18)

Extended DB: 1.00000(2012-10-17 15:46)

IPS-DB: 6.00741(2015-12-01 02:30)

IPS-ETDB: 0.00000(2001-01-01 00:00)

APP-DB: 14.00436(2018-08-23 00:32)

INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)

Serial-Number: FG60EVTK18-----1

IPS Malicious URL Database: 2.00076(2018-08-23 05:01)

Botnet DB: 1.00000(2012-05-28 22:51)

BIOS version: 05000002

System Part-Number: P21074-03

Log hard disk: Not available

Hostname: Recycal-FG60E-Camp

Operation Mode: NAT

Current virtual domain: root

Max number of virtual domains: 10

Virtual domains status: 1 in NAT mode, 0 in TP mode

Virtual domain configuration: disable

FIPS-CC mode: disable

Current HA mode: standalone

Branch point: 1600

Release Version Information: GA

System time: Fri Aug 24 12:28:45 2018

 

FG60E # config sys int

FG60E # edit dsl

config system interface

edit "dsl"

    set vdom "root"

    set mode dhcp

    set allowaccess ping https ssh http fgfm capwap

    set type physical

    set phy-mode vdsl

    set tc-mode ptm

    set fortiheartbeat enable

    set role wan

    set snmp-index 2

next

end

 

FG60E # config sys int

FG60E # edit dsl

FG60E # get

name                : dsl

vdom                : root

cli-conn-status     : 2

fortilink           : disable

mode                : dhcp

distance            : 5

priority            : 0

ip                  : 58.171.---.237 255.255.---.0

allowaccess         : ping https ssh http fgfm capwap  

devindex            : 6

phy-mode            : vdsl

tc-mode             : ptm

retransmission      : enable

vectoring           : enable

l2tp-client         : disable

endpoint-compliance : disable  

role                : wan

snmp-index          : 2

preserve-session-route: disable  

auto-auth-extension-device: disable  

fortilink-stacking  : enable

dhcp-client-identifier:  

dhcp-renew-time     : 0

defaultgw           : enable

DHCP Gateway        : 58.171.136.1

dns-server-override : enable

Lease Expires       : Fri Aug 24 15:11:03 2018

Acquired DNS1       : 61.9.---.49

Acquired DNS2       : 61.9.---.193

mtu-override        : disable

wccp                : disable

drop-overlapped-fragment: disable  

drop-fragment       : disable

 

ISP: Australia NBN Dodo.

 

Anthony_E_8-1655725127652.png

 

Figure: settings network interfaces

 

Anthony_E_9-1655725159392.png

 


 

Figure: settings for DSL interface

 

Anthony_E_10-1655725228892.png

 

Figure: settings for VLAN/PPPoE interface

 

FG60E # get system status  

Version: FortiGate-60E-DSL v5.6.0,build4096,180809 (GA)

Virus-DB: 61.00015(2018-07-27 00:28)

Extended DB: 1.00000(2012-10-17 15:46)

IPS-DB: 13.00419(2018-07-26 00:20)

IPS-ETDB: 0.00000(2001-01-01 00:00)

APP-DB: 13.00419(2018-07-26 00:20)

INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)

Serial-Number: FG60EVTK180----1

IPS Malicious URL Database: 2.00076(2018-08-23 05:01)

Botnet DB: 4.00271(2018-07-26 10:00)

BIOS version: 05000002

System Part-Number: P21074-03

Log hard disk: Not available

Hostname: FG60EVTK18000011

Operation Mode: NAT

Current virtual domain: root

Max number of virtual domains: 10

Virtual domains status: 1 in NAT mode, 0 in TP mode

Virtual domain configuration: disable

FIPS-CC mode: disable

Current HA mode: standalone

Branch point: 1600

Release Version Information: GA

System time: Fri Aug 24 13:35:58 2018

 

FG60E # config sys int

FG60E # edit dsl

config system interface

edit "dsl"

    set vdom "root"

    set mode dhcp

    set allowaccess ping fgfm

    set type physical

    set phy-mode vdsl

    set tc-mode ptm

    set role wan

    set snmp-index 2

next

End

 

FG60E # config sys int

FG60E # edit dsl

FG60E # get

name                : dsl

vdom                : root

cli-conn-status     : 3

mode                : dhcp

distance            : 5

priority            : 0

ip                  : 0.0.0.0 0.0.0.0

allowaccess         : ping fgfm

type                : physical

devindex            : 6

phy-mode            : vdsl

tc-mode             : ptm

retransmission      : enable

vectoring           : enable

l2tp-client         : disable

role                : wan

snmp-index          : 2

preserve-session-route: disable   

dhcp-client-identifier:  

dhcp-renew-time     : 0

defaultgw           : enable

DHCP Gateway        : 0.0.0.0

dns-server-override : enable

Lease Expires       :

Acquired DNS1       : 0.0.0.0

Acquired DNS2       : 0.0.0.0

 

ISP: New Zealand PPPoEoA settings (Mike)

 

 CLI configuration

 

config system interface

edit "dsl"

set vdom "root"

set type physical

set vpi 0

set vci 110

set atm-protocol none

set mux-type llc-encaps <--- Change this upon on your provider’s instruction

set phy-mode adsl

set tc-mode atm

set snmp-index 2

next

end

 

config system interface

edit "internet-1"

set vdom "root"

set mode pppoe

set role lan

set snmp-index 9

set username adsl-test@dsl.provider

set password <redacted>

set interface "dsl"

set vlanid 10

next

end

 

Anthony_E_11-1655725341609.png

 

Anthony_E_0-1655727129685.png

 

                    

CLI to display diagnose information :

 

FG60E # diag dsl show 2

2nd read[1289]2nd read[0]

HTTP/1.1 200 Ok

 

VCCs Status

-------------------------------------------------------------------

No   Wan Mode Type Status IP      Connection Name   

-------------------------------------------------------------------

WANIP0  VDSL-PTM Bridge  Connected  240.0.0.1 poe               

 

Gateway Information                                                         

                                                                            

                                                                         

DNS Information                                                          

Primary                                                                  

Secondary                                                                

MTU                              0                                    

Modem Status                     [SHOWTIME, SYNC[2049]]               

Mode Selected                    [VDSL, 17A]                          

Power Management Mode            [DSL_G997_PMS_L0]                    

Trellis-Coded Modulation         [Enable]                             

Latency Type                     [Fast]                               

Data Rate Downstream             [37898 kbps]                         

Data Rate Upstream               [22793 kbps]                         

Attainable Data Rate Downstream [42827 kbps]                         

Attainable Data Rate Upstream    [21888 kbps]                         

Interleaver Depth Downstream     [341]                                

Interleaver Depth Upstream       [40]                                 

Line Attenuation(LATN) Downstream   [19.6 dB]

Line Attenuation(LATN) Upstream [26.5 dB]                            

Signal Attenuation(SATN) Down    [19.0 dB]                            

Signal Attenuation(SATN) Up      [26.5 dB]                            

SNRM Downstream                  [12.9 dB]                            

SNRM Upstream                    [3.9 dB]                             

ACATP Downstream                 [6.9 dB]                             

ACATP Upstream                   [14.4 dB]                            

Superframe                       [Not available]                      

LOS Failure(near end)            [0]                                  

LOS Failure(far end)             [0]                                  

LOF Failure(near end)            [0]                                  

LOF Failure(far end)             [0]                                  

LPR Failure(near end)            [0]                                  

LPR Failure(far end)             [0]                                  

NCD Failure(near end)            [6]                                  

NCD Failure(far end)             [0]                                  

LCD Failure(near end)            [6]                                  

LCD Failure(far end)             [0]                                  

CRC(near end)                    [30015]                              

CRC(far end)                     [2559]                               

RS Correction(near end)          [255]                                

RS Correction(far end)           [128]                                

FECS(near end)                   [306255528]                          

FECS(far end)                    [965921046]                          

Errored Second(ES-L)(near end)   [9803]                               

Errored Second(ES-L)(far end)    [2630]                               

Serverely Errored Seconds(SES-L)NE  [3]

Serverely Errored Seconds(SES-L)FE  [384]

Loss of Signal Seconds(LOSS-L)NE [0]                                  

Loss of Signal Seconds(LOSS-L)FE [372]                                

Unavailable Seconds(UAS-L)NE     [44]                                 

Unavailable Seconds(UAS-L)FE     [44]                                 

HEC Error(near end)              [0]                                  

HEC Error(far end)               [0]

Contributors