Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
xiaoj
Staff
Staff

Created on ‎08-22-2023 10:05 PM Edited on ‎08-22-2023 10:06 PM By Community Manager

Article Id 269838

Technical Tip: Virtual-Wire for PPPoE traffic

Description This article describes how to configure the Virtual-Wire in FortiGate for passing through the PPPoE traffic.
Scope FortiGate.
Solution

Topology:

 

KB1.jpg

 

  1. Create the virtual-wire:

 

Ornstein-kvm32 (PPPoE-VW) # show

config system virtual-wire-pair

    edit "PPPoE-VW"

        set member "port3" "port4"

    next

end

 

  1. Enable l2forward and broadcast-forward in the interfaces of the virtual-wire:

 

config system interface

    edit "port3"

        set broadcast-forward enable

        set l2forward enable

    next

    edit "port4"

        set broadcast-forward enable

        set l2forward enable

    next

 

  1. It is not necessary to configure the 'Firewall Virtual Wire Pair Policy'.

 

FortiGate cannot recognize the packets encapsulated in PPP which is a Layer 2 protocol between two routers directly without any host or any other networking in between:

  • 'l2forward' and 'broadcast-forward' must be enabled to force forwarding the packets.
  • The 'Firewall Virtual Wire Pair Policy' needs the IP/MAC in the packets to match the traffic, which is not suitable for the PPP Layer 2 traffic.

 

Related document:

Virtual wire pair
993
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.