Created on 03-06-2023 11:26 PM Edited on 09-15-2023 06:25 AM By Jean-Philippe_P
Description | This article describes why the PPPoE interface does not show as a selected interface on an SD-WAN Rule and a workaround to verify the traffic passing via the PPPoE Interface. |
Scope | FortiGate v7.2.3. |
Solution |
When a PPPoE interface is added on an SD-WAN rule, the interface does not show as a selected interface although traffic is passing from the same interface. Currently, this feature of showing a tick mark on a PPPoE interface is not supported.
Here port7 is a PPPoE interface and port1 is a normal physical interface:
config system interface edit "port7" set vdom "root" set mode pppoe set type physical set snmp-index 7 set username "fortinet" set password 'xxxxxxxx' next end edit "port1" set vdom "root" set ip 10.5.25.63 255.255.240.0 set allowaccess ping https ssh http telnet set type physical set snmp-index 1 next end
Here, interfaces port7 and port1 are configured as SD-WAN interfaces.
Here SD-WAN Rule ID 3 is configured to forward traffic destined to 8.8.8.8/32 from all LAN interfaces from interface port7 which is a PPPoE interface. Here it is possible to see the Hit Count but the Tick mark is not showing. The same applies to rule 2.
To verify the traffic passing via the PPPoE interface:
diagnose sys sdwan member Member(3): interface: port7(ppp1), flags=0x0 , gateway: 172.31.176.254, priority: 1 1024, weight: 0 Member(4): interface: port1, flags=0x0 , gateway: 10.5.31.254, priority: 1 1024, weight: 0
diagnose firewall proute list list route policy info(vf=root):
id=2136276995(0x7f550003) vwl_service=3(GOOGLE-DNS) vwl_mbr_seq=3 dscp_tag=0xfc 0xfc flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0-65535 iif=0(any) dport=1-65535 path(1) oif=116(ppp1) source(1): 0.0.0.0-255.255.255.255 destination(1): 8.8.8.8-8.8.8.8 hit_count=120 last_used=2023-03-07 08:12:02
id=2136276994(0x7f550002) vwl_service=2(INTERNET) vwl_mbr_seq=3 4 dscp_tag=0xfc 0xfc flags=0x10 load-balance hash-mode=round-robin tos=0x00 tos_mask=0x00 protocol=0 sport=0-65535 iif=0(any) dport=1-65535 path(2) oif=116(ppp1) num_pass=1 oif=3(port1) num_pass=1 source(1): 0.0.0.0-255.255.255.255 destination(1): 0.0.0.0-255.255.255.255 hit_count=58495 last_used=2023-03-07 08:12:21
diagnose sys sdwan health-check filter name GOOGLE_DNS diagnose sys sdwan health-check status Health Check(GOOGLE_DNS): Seq(4 port1): state(alive), packet-loss(0.000%) latency(17.145), jitter(0.051), mos(4.396), bandwidth-up(9999999), bandwidth-dw(9999941), bandwidth-bi(19999940) sla_map=0x1 Seq(3 port7:( state(alive), packet-loss(0.000%) latency(17.573), jitter(0.069), mos(4.395), bandwidth-up(9999999), bandwidth-dw(9999999), bandwidth-bi(19999998) sla_map=0x1
diagnose sys sdwan service
Service(3): Address Mode(IPV4) flags=0x200 use-shortcut-sla Tie break: cfg Gen(1), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(manual) Members(1): 1: Seq_num(3 port7), alive, selected Src address(1): 0.0.0.0-255.255.255.255
Dst address(1): 8.8.8.8-8.8.8.8
Service(2): Address Mode(IPV4) flags=0x200 use-shortcut-sla Tie break: cfg Gen(1), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(load-balance hash-mode=round-robin) Members(2): 1: Seq_num(3 port7), alive, sla(0x1), gid(2), num of pass(1), selected 2: Seq_num(4 port1), alive, sla(0x1), gid(2), num of pass(1), selected Src address(1): 0.0.0.0-255.255.255.255
Dst address(1): 0.0.0.0-255.255.255.255
diagnose sys sdwan intf-sla-log port7 Timestamp: Tue Mar 7 08:03:32 2023, used inbandwidth: 3033bps, used outbandwidth: 1023bps, used bibandwidth: 4056bps, tx bytes: 10676330bytes, rx bytes: 132769222bytes. Timestamp: Tue Mar 7 08:03:42 2023, used inbandwidth: 3721bps, used outbandwidth: 1121bps, used bibandwidth: 4842bps, tx bytes: 10679515bytes, rx bytes: 132781825bytes. Timestamp: Tue Mar 7 08:03:52 2023, used inbandwidth: 3715bps, used outbandwidth: 1114bps, used bibandwidth: 4829bps, tx bytes: 10680884bytes, rx bytes: 132783305bytes. Timestamp: Tue Mar 7 08:04:02 2023, used inbandwidth: 21707bps, used outbandwidth: 10949bps, used bibandwidth: 32656bps, tx bytes: 10748015bytes, rx bytes: 132902128bytes. Timestamp: Tue Mar 7 08:04:12 2023, used inbandwidth: 126419bps, used outbandwidth: 34651bps, used bibandwidth: 161070bps, tx bytes: 10906871bytes, rx bytes: 133572659bytes. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.