Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
npariyar
Staff
Staff

Created on ‎03-06-2023 11:26 PM Edited on ‎09-15-2023 06:25 AM By Moderator

Article Id 248294

Technical Tip: PPPOE interface not showing on SD-WAN rule as a selected interface (Tick Mark)

Description This article describes why the PPPoE interface does not show as a selected interface on an SD-WAN Rule and a workaround to verify the traffic passing via the PPPoE Interface.
Scope FortiGate v7.2.3.
Solution

When a PPPoE interface is added on an SD-WAN rule, the interface does not show as a selected interface although traffic is passing from the same interface. Currently, this feature of showing a tick mark on a PPPoE interface is not supported.


To verify whether the traffic is passing from the PPPoE interface or not, it is possible to use the below-listed commands and procedures.

 

Here port7 is a PPPoE interface and port1 is a normal physical interface:

 

config system interface

    edit "port7"

        set vdom "root"

        set mode pppoe

        set type physical

        set snmp-index 7

        set username "fortinet"

        set password 'xxxxxxxx'

    next

end

    edit "port1"

        set vdom "root"

        set ip 10.5.25.63 255.255.240.0

        set allowaccess ping https ssh http telnet

        set type physical

        set snmp-index 1

    next

end

 

Here, interfaces port7 and port1 are configured as SD-WAN interfaces.

 

npariyar_0-1678173462512.png

 

Here SD-WAN Rule ID 3 is configured to forward traffic destined to 8.8.8.8/32 from all LAN interfaces from interface port7 which is a PPPoE interface.

Here it is possible to see the Hit Count but the Tick mark is not showing. The same applies to rule 2.

 

npariyar_1-1678173462516.png

 

npariyar_2-1678173462519.png

 

To verify the traffic passing via the PPPoE interface:

 

diagnose sys sdwan member

Member(3): interface: port7(ppp1), flags=0x0 , gateway: 172.31.176.254, priority: 1 1024, weight: 0

Member(4): interface: port1, flags=0x0 , gateway: 10.5.31.254, priority: 1 1024, weight: 0

 

diagnose  firewall  proute list

list route policy info(vf=root):

 

id=2136276995(0x7f550003) vwl_service=3(GOOGLE-DNS) vwl_mbr_seq=3 dscp_tag=0xfc 0xfc flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0-65535 iif=0(any) dport=1-65535 path(1) oif=116(ppp1)

source(1): 0.0.0.0-255.255.255.255

destination(1): 8.8.8.8-8.8.8.8

hit_count=120 last_used=2023-03-07 08:12:02

 

id=2136276994(0x7f550002) vwl_service=2(INTERNET) vwl_mbr_seq=3 4 dscp_tag=0xfc 0xfc flags=0x10 load-balance hash-mode=round-robin  tos=0x00 tos_mask=0x00 protocol=0 sport=0-65535 iif=0(any) dport=1-65535 path(2) oif=116(ppp1) num_pass=1 oif=3(port1) num_pass=1

source(1): 0.0.0.0-255.255.255.255

destination(1): 0.0.0.0-255.255.255.255

hit_count=58495 last_used=2023-03-07 08:12:21

 

diagnose  sys  sdwan health-check filter  name GOOGLE_DNS

diagnose  sys  sdwan health-check  status

Health Check(GOOGLE_DNS):

Seq(4 port1): state(alive), packet-loss(0.000%) latency(17.145), jitter(0.051), mos(4.396), bandwidth-up(9999999), bandwidth-dw(9999941), bandwidth-bi(19999940) sla_map=0x1

Seq(3 port7:( state(alive), packet-loss(0.000%) latency(17.573), jitter(0.069), mos(4.395), bandwidth-up(9999999), bandwidth-dw(9999999), bandwidth-bi(19999998) sla_map=0x1

 

diagnose  sys sdwan service

 

Service(3): Address Mode(IPV4) flags=0x200 use-shortcut-sla

 Tie break: cfg

  Gen(1), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(manual)

  Members(1):

    1: Seq_num(3 port7), alive, selected

  Src address(1):

        0.0.0.0-255.255.255.255

 

  Dst address(1):

        8.8.8.8-8.8.8.8

 

Service(2): Address Mode(IPV4) flags=0x200 use-shortcut-sla

 Tie break: cfg

  Gen(1), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(load-balance  hash-mode=round-robin)

  Members(2):

    1: Seq_num(3 port7), alive, sla(0x1), gid(2), num of pass(1), selected

    2: Seq_num(4 port1), alive, sla(0x1), gid(2), num of pass(1), selected

  Src address(1):

        0.0.0.0-255.255.255.255

 

  Dst address(1):

        0.0.0.0-255.255.255.255

 

diagnose  sys  sdwan intf-sla-log port7

Timestamp: Tue Mar  7 08:03:32 2023, used inbandwidth: 3033bps, used outbandwidth: 1023bps, used bibandwidth: 4056bps, tx bytes: 10676330bytes, rx bytes: 132769222bytes.

Timestamp: Tue Mar  7 08:03:42 2023, used inbandwidth: 3721bps, used outbandwidth: 1121bps, used bibandwidth: 4842bps, tx bytes: 10679515bytes, rx bytes: 132781825bytes.

Timestamp: Tue Mar  7 08:03:52 2023, used inbandwidth: 3715bps, used outbandwidth: 1114bps, used bibandwidth: 4829bps, tx bytes: 10680884bytes, rx bytes: 132783305bytes.

Timestamp: Tue Mar  7 08:04:02 2023, used inbandwidth: 21707bps, used outbandwidth: 10949bps, used bibandwidth: 32656bps, tx bytes: 10748015bytes, rx bytes: 132902128bytes.

Timestamp: Tue Mar  7 08:04:12 2023, used inbandwidth: 126419bps, used outbandwidth: 34651bps, used bibandwidth: 161070bps, tx bytes: 10906871bytes, rx bytes: 133572659bytes.
1187
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.