How to Configure PPPoE, Fixed IP, DHCP on FortiGate Firewall - Managing WAN Interfaces (Part4)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi guys this is the Igor attack today I will show you how to configure 40 gate Wan interfaces we will configure pppoe how to configure using fixed IP address and also DHCP [Music] let's begin go to network interfaces in the previous video I showed you how to configure the Lan interface how to configure DHCP and DHCP ranges or DHCP pool you can see we have now one DHCP client we also created VLAN interfaces which are VLAN 100 and VLAN 200. also how to configure DNS let's now check the WAN interfaces for the WAN we have the default interfaces which are the WAN 1 and Wan 2. however we can configure any interface to be our Wan like this DMZ we can configure it to be our Lan or Wan interface the same goes with Port A or Port B which is currently configured for 40 link by default we can take it out from the interface members then we can configure it to be our Lan or Wan interface or even set it as DMZ port also we can even take out any port on the Lan Network and configure as our Wan let me put back the port B first on the 40 link interface before we proceed for the when one we will configure using pppoe for the when to we will use fixed IP address lastly we will take out this port 5 on this internal member and configure it as our Wan 3 using DHCP let's configure first the Wan 1. double-click on it to edit name is wan1 for the Alias we will give an alias as isp1 to make it simple type is physical interface the role should be when since this is for our Wan or Internet facing interface we don't need to configure the estimated bandwidth or you can input your connection speed for the addressing mode by default it's set to DHCP and you can see it's trying to obtain an IP address since this interface is for pppoe then we will choose that option now enter the details provided by your internet service provider or ISP which is the username and the password make sure to input the correct details to verify your password you can click on the eye icon to have a plain text View next is the retrieve default gateway from server if this option is enabled then no need to configure the default static route if this one is disabled then you need to configure the default static route which I will show you later on if you have only single when connection that no need to concern about this distance if you have multiple Wan connection then this is very important to briefly explain this distance its lower comes first if we get a lower distance on Wan 1 and give a higher distance on when two then the WAN 1 would be your primary connection and when two would be the backup however we need to configure also different policies pointing to each interface I will explain this later on and on the next video for the administrative access since this is for the WAN or internet-facing interface we will enable https for GUI or web access it's not advisable to enable HTTP and SSH for security purposes enable ping for troubleshooting purposes again this depends on your preference or requirements comments is optional you can click on API preview to view the changes we are about to apply you can see here the alias administrative or allow access description distance mode and the pppoe username and password you can also click edit in CLI and you will be redirected to this interface configuration in CLI window click ok to apply the changes if you notice the interface icon it's red this is because the interface is not yet active or there's no cable connected to it yet now I will connect the cable from my ISB modem to this 40 gate when one interface let's refresh the page notice that the interface icon change to Green it means it's already active let's check the pppoe status if in case the status is failed to connect then we have methods to troubleshoot the issue first is to click on retry if still failed then you need to check your pppoe username and password make sure the details are correct also you can test to reboot your ISP modem or even change the cable from the ISP modem to your 40-gate device then click on retry again notice that we are now connected you can see the IP address received the DNS the WAN default gateway the pppoe username and password the distance Etc you can click renew if you have a dynamic IP address and you want to receive a different Wan IP address again since we enabled the retrieve default gateway from server then we don't need to configure the default static route since the status is already connected then we should be able to access the internet from this device let's open the CLI console we will try to Ping the Google DNS run the command execute ping 8.8.8.8 success this means this device is now connected and can access the internet let's go back to the network interfaces from here you can also see the IP address received by this interface also the administrative access which means we can ping this IP address from the internet and can access it through GUI or web from the internet using this public IP address received that's how you configure pppoe on 40-gate firewall for some countries they require VLAN ID for the pppoe configuration you can check my other video on how to configure pppoe with VLAN ID on 40gate firewall next is we will configure fixed IP address on this Wan 2 interface name is when to we will give a Alias of isp2 role should be when for the addressing mode it's set to DHCP by default we need to set it to manual if we are going to manually assign the IP address however if we set to manual then the option for retrieve default gateway from server will be disabled so we need to configure the default static route now click manual enter your desired IP address but make sure they are in the same subnet with the ISP or your Wan Gateway router I used 1.100.1.5 with 29 subnet mask because it must be on the same subnet with my Gateway router which is 1.100.1.1 with Slash 29 subnet mask 29 has six usable hosts so I can use any IP from dot 1 to.6 except for DOT one because it's already been used by my Gateway router we cannot assign the IP address which has already been used for the administrative access again since this is a Wan or internet-facing interface then we enable https for Google web access and ping for troubleshooting purposes this depends on your preference or customers requirements click ok to apply the changes we will now configure the default static route for this Wan 2 or isp2 under Network click static routes click create new for the destination choose subnet since this is for the default static route then leave it to eight zeros eight zeros means all or anything in short you are allowing this device to access the internet for the gateway address you must input your gateway router IP address which in my case is 1.100.1.1 for the interface choose your outgoing interface which in my case is the WAN 2. you can double check the network interfaces you can simply right-click on the network interfaces and then choose open link in new tab in this case you don't need to cancel and redo what you are currently doing now verify the interface you can simply click on the other tab to go back to the default static route configuration for the administrative distance earlier we configure the when one distance to 10. if you want this Wan 2 to be the backup then give a higher distance load balancing will be on a different topic for this demo we will configure failover method we will set this Wan 2 to be the backup so we will give a higher distance than when one this Wan 2 will take over the traffic if when one fails no need to change the priority since we configured different distance click ok to apply the changes you can see the newly created static route destination is all Gateway is the ISP or Gateway router's IP address the outgoing interface which is the WAN 2 and the status which is enabled to view the distance and priority configuration you can right click on the blank space or tick on configure table tick the distance and priority then click apply to save the changes we can now see the distance and priority again this Wan 2 has an administrative distance of 15 so it will be the backup of Wan 1 which has an administrative distance of 10. currently the device is connected to the internet via this Wan 1. what we are going to do is disable this when one assuming it's down or has some issue we should be able to access the internet via this backup link connection which is this one too for the failover we need also to configure the link monitor which I will show you later on to verify we can open the CLI console run the command execute ping 8.8.8.8 success this means the device can access the internet via the fixed IP which is when 2. we can also test to Ping the ISB router or the WAN Gateway router which in my case is 1.100.1.1 success next is we are going to remove the port 5 from the admin or internal and configure it as our Wan or internet-facing interface it will be our Wan 3 and will be using Dynamic IP address double-click on it now click the X sign to remove from the interface members click ok to save the changes you can see the port 5 is now on physical interface without any configuration it's already removed from the internal interface members now double-click on it to edit name is internal 5 so we will give a name of isp3 for our reference type is physical interface for the role you can see that we can configure this interface as our Lan our Wan or even DMZ since we are going to configure as our internet facing interface then we will choose when for the addressing mode by default it's set to manual now choose DHCP retrieve default gateway is enabled by default so we don't need to configure the default static route you can disable this option if you want to configure the default static route like what I showed you earlier for the distance the when one interface which is our primary has a distance of 10 so if you want to modify and set this as your primary when connection then leave it to 5 or set any number lower than 10. if you want to set it as your backup connection for the WAN 2 assuming it's a 4G or 5G connection then give a higher distance since we are using the failover method then we will set this as a backup of Wan 1 and Wan 2. we will set the distance of 20 Which is higher than the distance of Wan 1 and Wan 2. for the administrative access we will enable https and ping we can give the description as DHCP click ok to apply the changes I will now plug in the third ISP to Port 5 which is our isp3 the interface is now active let's check the status still connecting and now we are connected you can see the ipnet mask received the expiry date this is like the DHCP lease time we configured on the Lan interface the acquired DNS which is also configured on the ISP or the Gateway router and the default gateway which is the IP address of the ISP or the Gateway router as well again this retrieve default gateway from server is enabled so this device can access the internet even without configuring the default static route to show the comment or description click on the configure table tick on the description then click apply to save the changes drag the bar to the right and we can see here the comment which is DHCP and pppoe for the WAN 1 or isp1 for us to test the wan3 let's disable the WAN 2 as well assuming that when one and Wan 2 are down let's open a CLI console we can try to Ping first the ISP router or the route Gateway IP address which in my case is 192.168.0.2 execute ping 192.168.0.2 success we can now test to Ping the internet execute ping 8.8.8.8 success we have now configured three-wan connections with different roles to enable the interface simply right click on it hover your cursor to set status then tick enable you need to refresh the page now all three when connections are up and running I hope by now you already know how to configure the 40 gate Wan interfaces using different roles and with failover method in the next video I will show you how to configure the NAT policies well that's all for today's demonstration and I really hope you like this video if you are new to my channel please don't forget to like share subscribe and click on the notification Bell for more amazing tutorials thank you and see you in the next video
Info
Channel: IgoroTech Official
Views: 20,197
Rating: undefined out of 5
Keywords: how to configure pppoe on fortigate - youtube.com, how to configure pppoe on fortigate - google.com, how to configure fixed IP, how to configure DHCP, fortigate firewall, fortinet firewall, fortinet, firewall, fortigate basic configuration, fortigate WAN, how to configure pppoe on fortigate firewall, fortigate tutorial, beginner, training, configure fortigate, wan interface, lan, dhcp, dns, default route, static route, configure pppoe, configure fix ip, configure dhcp, fortigate dmz
Id: O6Bmq8_20YA
Channel Id: undefined
Length: 14min 58sec (898 seconds)
Published: Thu Mar 23 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.