This article describes the Fortinet PBR (Policy Based Routing) behavior  when  a PPPoE connection is used.

The objective of this document is to describe and illustrate how the PBR works 

for PPPoE connections that do not have a static IP address and next-hop-IP(Gateway).

 FortiGate All versions.

When a packet is received by the FortiGate unit and appropriately picked by a PBR (checking source and destination IP addresses, incoming and outgoing ports, and destination service port), the gateway IP indicated by the PBR is used as the destination.

When utilizing a PPPoE interface as the destination interface on PBR, the gateway is automatically detected, and no gateway IP address is required to be configured under PBR policy.

CLI Syntax:

# config router policy
    edit "ID"
       set input-device "portY" -> Source Interface
       set src "0.0.0.0/0.0.0.0" 
       set dst "0.0.0.0/0.0.0.0"
       set output-device "portX" -> Destination PPPoE Interface

       set gateway 0.0.0.0 -> keep it Unchanged (0.0.0.0 would be default value)
    next
  end

GUI:

To verify the Traffic matching appropriate PBR configured with PPPoE interface:

Note: Once PPPoE connection is established, a dynamic interface will be created with the name 'pppX' (ppp1 or ppp2 etc.) which can be verified via the CLI.  

For example: the following output has the PPPoE interface name 'ppp1'.

Traffic Flow Debug Output:

id=20085 trace_id=1 func=print_pkt_detail line=5863 msg="vd-root:0 received a packet(proto=1, 10.166.5.71:1->8.8.8.8:2048) tun_id=0.0.0.0 from port3. type=8, code=0, id=1, seq=35."
id=20085 trace_id=1 func=init_ip_session_common line=6042 msg="allocate a new session-01219bfb, tun_id=0.0.0.0"
id=20085 trace_id=1 func=rpdb_srv_match_input line=1028 msg="Match policy routing id=1: to 8.8.8.8 via ifindex-22"
id=20085 trace_id=1 func=vf_ip_route_input_common line=2605 msg="find a route: flag=04000000 gw-172.31.178.254 via ppp1"
id=20085 trace_id=1 func=get_new_addr line=1228 msg="find SNAT: IP-172.31.178.55(from IPPOOL), port-60417"
id=20085 trace_id=1 func=fw_forward_handler line=879 msg="Allowed by Policy-1: SNAT"
id=20085 trace_id=1 func=__ip_session_run_tuple line=3490 msg="SNAT 10.166.5.71->172.31.178.55:60417"
id=20085 trace_id=2 func=print_pkt_detail line=5863 msg="vd-root:0 received a packet(proto=1, 8.8.8.8:60417->172.31.178.55:0) tun_id=0.0.0.0 from ppp1. type=0, code=0, id=60417, seq=35."
id=20085 trace_id=2 func=resolve_ip_tuple_fast line=5949 msg="Find an existing session, id-01219bfb, reply direction"
id=20085 trace_id=2 func=__ip_session_run_tuple line=3503 msg="DNAT 172.31.178.55:0->10.166.5.71:1"
id=20085 trace_id=2 func=vf_ip_route_input_common line=2605 msg="find a route: flag=00000000 gw-10.166.5.71 via port3"
id=20085 trace_id=2 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ppp1 to port3, skb.npu_flag=00000000 ses.state=00000200 ses.npu_state=0x00000100"
id=20085 trace_id=2 func=fw_forward_dirty_handler line=410 msg="state=00000200, state2=00000000, npu_state=00000100"

diagnose firewall proute list

list route policy info(vf=root):

id=1 dscp_tag=0xff 0xff flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0-0 iif=5 dport=0-65535 path(1) oif=22(ppp1)
source wildcard(1): 0.0.0.0/0.0.0.0
destination wildcard(1): 0.0.0.0/0.0.0.0
hit_count=118 last_used=2022-08-29 10:34:27

get router info routing-table details
S* 0.0.0.0/0 [5/0] via 172.31.178.254, ppp1, [1/0]

diagnose ip address list
IP=172.31.178.55->172.31.178.254/255.255.255.255 index=22 devname=ppp1