You might check if your ISP delivers on a VLAN. In Germany, two of the big ISPs deliver VLAN 7 on the WAN side.

Many/some homeuse modems strip the VLAN tag on ingress if there is one; you will never notice.

So, create a VLAN interface on the WAN port and set it to authenticate via PPPoE. See if that provides a login.

If it does, create policies from this VLAN to internal, instead of WAN to internal.

Hello,

Thanks for the skill i'll try to find these informations from my ISP.

If i found, i come back quickly to aknowledge this informaiton.

Thanks mate.

Hello, i confirm that i need to create a VLAN interface and link this interface to my WAN1 interface...

I'm not sure how to do this task but i will post here my steps to setting up this interface...

The CLI is mandatory in order to configure : At the fresh install of the FG40 i have this set on it :

config system interface     edit "wan1"         set mode dhcp         set allowaccess ping fgfm auto-ipsec         set type physical         set snmp-index 1     next     edit "wan2"         set allowaccess ping fgfm auto-ipsec         set type physical         set snmp-index 2     next     edit "modem"         set mode pppoe         set type physical         set snmp-index 3     next     edit "ssl.root"         set type tunnel         set alias "SSL VPN interface"         set snmp-index 6     next     edit "internal"         set ip 192.168.1.99 255.255.255.0         set allowaccess ping https ssh http fgfm capwap         set type physical         set snmp-index 7     next end

I saw some example like create a VLAN and link to "WAN1" interface but some command in CLI seems not working because i'm under 5.2 OS version

config system interface     edit "wan1"         set mode static         unset allowaccess         unset role wan     next     edit "wan1.835"         set vdom "root"         set mode pppoe         set username "fti/********"         set password ********         set interface "wan1"         set vlanid 835         set role wan     next end

Do you know how i can do the same with a 5.2 version...?

"set role "wan"" = KO

"set vdom "root"" = KO

 Otherwise after some config set on it i got it :

config system interface     edit "wan1"         set mode dhcp         set type physical         set snmp-index 1     next     edit "wan2"         set allowaccess ping fgfm auto-ipsec         set type physical         set snmp-index 2     next     edit "modem"         set mode pppoe         set type physical         set snmp-index 3     next     edit "ssl.root"         set type tunnel         set alias "SSL VPN interface"         set snmp-index 6     next     edit "internal"         set ip 192.168.1.99 255.255.255.0         set allowaccess ping https ssh http fgfm capwap         set type physical         set snmp-index 7     next     edit "wan1.orange"         set mode pppoe         set snmp-index 4         set username "fti/xxxxxxx"         set password ENC xxxxxxxxxxxxxxxxxx         set interface "wan1"         set vlanid 835     next end

Now i can see this through the GUI :

 What is the next step a policy or something to test the configuration ?

I try "get router info routing-table all"

Result :

get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP        O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area        * - candidate default C       192.168.1.0/24 is directly connected, internal

I have no idea how 60CX-ADSL-A would operate. But if it's coming on ADSL interface, configuring a VLAN on WAN1 wouldn't help. It needs to be attached to ADSL. I don't know if possible though.

Just ignore the "set role" statement, introduced in v5.6. It is not crucially important for operation.