How to configure PPPoE with VLAN ID on FortiGate Firewall

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi guys this is the Igor attack today I will show you how to configure pppoe with VLAN ID on fortigate firewall for some countries internet service provider requires VLAN ID for data traffic and voice [Music] let's begin for this demo I will only show you how to configure pppoe with VLAN ID and how to configure the policy using the interface you may check my other videos on the advanced configurations we are going to use this 40 gate 60f with firmware version 7.2.3 this is the latest firmware version during the time of this recording now go to network interfaces as you can see my laptop is connected to internal port 1. we are going to configure pppoe with VLAN ID on when one click create new interfaces for the name normally we input the ISP name for our reference or you can input any name based on your liking for the Alias it's optional type would be VLAN for the interface choose the interface where you want to configure the VLAN which in our case is when one now input the VLAN ID this is the one provided by your ISP in my case it's VLAN 500. the role should be when since it's the internet-facing interface for the estimated bandwidth you can input your bandwidth speed or you can leave it to default next is the addressing mode choose pppoe enter the pppoe details provided by your ISB this is a username and password you can click on the eye icon to verify your password retrieve default gateway is enabled so we don't need to configure the default route keep this in mind no need to configure the default static route of the retrieve default gateway is already enabled for the distance you can leave it to default if you have a single ISP the distance will only concern you if you have two or more isps you may check my other videos on the full configuration guide next is Administrative access this is how you access or manage this device through this interface enable https for GUI or web access you must disable HTTP as you know it's unsecured ping for troubleshooting purposes for security purposes never enable SSH on internet facing interface well this all depends on your preference or the customer's requirements make sure the status is enabled then click ok to apply the changes now notice that there's a plus sign on when one this is because we created a sub-interface which is the ISB VLAN under this interface click on it to expand if you hover your cursor over it you can view the interface details where you double-click on it to view the configuration and status here you can see all the details and notice the status is connected which means the connection was successful so the device can now access the internet well if you encountered this error you could simply click on retry and if still failed to connect then we have a few methods to test first double check your username and password and make sure it's correct next is to reboot the ISP modem or change the cable another method is to test to reboot the firewall I'm already connected but notice that I received private IP address this is because some internet service providers here in Malaysia assign a private IP address to lower internet plans you can click on renew to receive new IP address this is if you're not using fixed IP address let's go back to interfaces again expand the wan1 interface from here you can also view the IP address received let's now try to Ping Google DNS open the CLI enter the command execute ping 8.8.8.8 it should be able to access the internet my laptop is connected to the Lan interface so let's test to Ping the Google DNS as well open the command prompt enter the command ping 8.8.8.8 my laptop cannot access the internet we have to configure first the policy go to policy and objects choose firewall policy notice that there's a default configured policy we will delete this policy then we will create new policy just for me to show you how to create a new policy using the sub interface or the VLAN interface besides some of the firmware's don't have a default policy configured if you are new to fortigate this window is where you configure the NAT policies now click on create new give it a name based on your preference let's give a name of land to when to make it simple for the incoming interface this would be your Lan interface which in my case is the internal for the outgoing interface please keep this in mind we configured the sub interface or VLAN on when one but we are not going to point it to this interface instead we're going to point it to the sub interface or the VLAN interface next is the source this would be the source address you can select all but best practice is to select the internal or Lan address make sure the address matches the internal or Lan subnet if you can't find your Lan address then you need to manually create it for the destination since this is only a very basic policy and for internet access then we will select all schedule to always for the services choose all make sure Nat is enabled for the security profiles you can check my other videos for this demo we are only going to use the default profiles you can simply enable and choose the profile you prefer again this is based on your preference or your customer's requirements but best practice is to enable all security profiles for the basic all to all policies for the log allowed traffic I suggest you choose all sessions for troubleshooting purposes lastly make sure the policy is enabled then click ok to apply the changes you can see the new created policy internal interface to the sub interface or the VLAN interface name is lantowan source is internal destination to all schedule to always services to all Nat is enabled and you can see the security profiles configured this policy means internal can access the internet without any restrictions no scheduling and can use any protocols now since we already created the NAT policy let's go back to the command prompt again and test to Ping the Google DNS since we previously used the command then we can simply hit up arrow on our keyboard then hit enter notice that my laptop can now access the internet wait for a bit then you will also notice the network icon will be connected and now you can see it's connected to the internet to verify we can open another tab then test to access 40net.com success we can access the internet it means the configuration was successful now we can go back to the fortigate tab let's refresh the page notice that the internet traffic is already passing through this policy if your ISP don't require any VLAN for data traffic then you can check the link on the description below for the configuration guide well that's all for today's demonstration and I really hope you like this video if you are new to my channel please don't forget to like share subscribe and click on the notification Bell for more amazing tutorials thank you and see you in the next video

Info

Channel: IgoroTech Official

Views: 10,598

Rating: undefined out of 5

Keywords: how to configure pppoe with vlan on fortigate - google.com, how to configure pppoe with vlan on fortigate - youtube.com, vlan id, configure unifi vlan, unifi, fortigate, fortinet, configure dialup with vlan on fortigate, how to configure pppoe on fortigate, pppoe configuration on fortigate, dialup configuration on fortigate, how to configure pppoe on fortigate - google.com, how to configure pppoe on fortigate - youtube.com, configure dialup with vlan, configure vlan on fortigate, vlan

Id: Ts3Gdf7cDxs

Channel Id: undefined

Length: 8min 22sec (502 seconds)

Published: Wed Feb 01 2023