| Description | This article describes how to deploy a SD-WAN Zone and properly set up the routing to have one PPPoE interface and one interface configured with static IP to be part of the SD-WAN Zone and have both active at the same time. |
| Scope |
FortiOS. All configuration was done on version 7.0.12, but these steps can be applied to any version between 7.0.x and 7.2.x. |
| Solution |
At the beginning of this configuration there is no SD-WAN setting configured and the only settings already configured are the static IP on port1 and its default route and the PPPoE settings on port2.  Note: Port1 is configured as 'set mode static' but by default FortiGate does not present it on a simple show command. It is only possible to see the static mode command when 'show full-configuration' is used.
This is the static route that uses port1. The Administrative Distance of 10 is the default value added automatically by FortiGate.
These are the PPPoE interface settings. The Administrative Distance of 5 is also the default value assigned by the FortiGate.
Checking the routing table will reveal that FortiGate has only one default route via port2 (shown as ppp1), but it has a secondary default route via port1 on its routing-table database. Due to the difference in administrative distance between them, only the default route via port2 is considered active. This is expected behavior.
Solution:
Step 1: Create a Zone. Select Network -> SD-WAN -> Create New and select SD-WAN Zone.
Enter a name and select OK.
Step 2: Create an SD-WAN member. Select Network -> SD-WAN -> Create New and select SD-WAN Member.
Select port1 as an Interface, select UNDERLAY as the SD-WAN Zone, and select OK.
Repeat the process for port2.
If everything was done correctly, the results should be similar to the following screenshot.
Step 3: Check the routing table. Ensure the routing table and routing-table database are still the same. For example:
Step 4: Delete the old static route. Select Network -> Static Routes, then select the old default route using port1, and select Delete.
Step 5: Add a static route using a new Zone Underlay. Select Network -> Static Routes -> Create New, select UNDERLAY on the interface list, then select OK.
Note: After selecting UNDERLAY as the interface, the Gateway address field will disappear. This is expected.
If everything was done correctly, the results should be similar to the following:
Step 6: Check the routing table. Routing table and routing-table database only show one route using the port2 (ppp1) interface.
Step 7: Fix the routing table. Navigate to Network -> SD-WAN then expand UNDERLAY by selecting the '+' sign, then select port1 and select Edit.
Add the previous gateway IP address used by the static route via port1, then select OK.
Step 8: Check the routing table. Checking the routing table after the last change will show a default route using port1(static IP) and port2 (PPPoE) with an administrative distance of 1.
Note: editing port2 settings will still show an Administrative Distance of 5. That value is not updated to 1 upon adding the PPPoE interface to the SD-WAN settings.
|
