Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jglaser
New Contributor

KPN FTTH Configuration Internet IPv4 and IPv6 and IPTV

Hi all,

 

I'm reaching out here to investigate if anyone has a complete configuration for a FortiGate 60F in combination with KPN (Dutch Internet Provider) 1GB fiber internet (Fiber tot the Home) IPv4, IPv6 and two IPtv decoders. 

 

There are many possible solutions and discussions about configuring the FortiGate firewall directly to the fiber ONT, so without a standard Experiabox or more advanced Fritzbox connected. 

 

A lot of issues seem to be with configuring Ipv6 and the IPtv decoders, multiple, to work together including recording and interactive functions. 

 

 

 

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello Jglaser,

 

One of our engineer gave me the solution:

 

https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiGate-60E-DSL-and-FortiWifi-60E-DSL-R...

 

Could you please follow this KB article?

 

Thanks a lot in advance.

 

Regards,

Anthony-Fortinet Community Team.
Jglaser

Hi Anthony,

 

Thank you for your reply but this configuration is not directly applicable. 

I'll share underneath the configuration specs from our ISP, I am trying to convert these to a complete working configuration for the Fortigate firewall: 

 

On the WAN (1) interface underneath VLAN's need to be created with underlaying specs. 

 

Technical details Internet: 
• PPPoE via VLAN 6 (802.1q)
• PPPoE authentication PAP with a username and password (example: internet / internet).
• Maximum packet size (mtu) 1500 bytes (rfc4638) (how about mtu sizes on the WAN interface, needs to be higher 1508, 1512, ???)
• IPv4 address + DNS servers via PPPoE
• IPv6 Addresses + DNS servers (IPv6) via DHCPv6-PD request (in PPPoE)

 

Technical details IPtv
• Ethernet VLAN 4 (802.1q)
• Address via DHCP mandatory option60 (Vendor Class Identifier) with value: IPTV_RG.
• Specific route information via DHCP (option 55 needs value 1, 3, 28 and 121)
• Extra; Don't use DNS servers + dont use default gateway. only specific routes.
• Enable IGMP-proxy including fast-leave option mandatory for tv-signal within homenetworks (min. IGMPv2).
• Routed mode. KPN uses routed mode, no bridge mode

 

Remark: The tv receivers do need to be connected to the internet to be able to receive patches and updates but also be able to receive other streaming platforms; Netflix, ViaPlay etc. Needs network policy

 

Remark: with a lot of upstream traffic, interactive television needs to be prioritized with value 5 (802.1p)

 

Technical details Local network (Home network)
• IPv4 addresses (private series rfc1918) + DNS server(s) distribute via DHCP server.
• IPv6 addresses and DNS server(s) distribute (series received from prefix) via SLAAC and/or DHCPv6.
• Activate IGMP snooping function for the network ports to prevent TV signal on all ports and IGMP fast-leave to disconnect unnecessary streams like switching from channel to channel. 

 

I'm looking for one formal configuration so we can also help others on this matter. The best I've found so far are based on the configurations as discussed here: 

 

http://networkdynamics.nl/?p=1 (Internet)

and

http://networkdynamics.nl/?p=94 (IPtv)

 

These configurations are almost there; things that don't seem to work are based on MTU sizes, which are the correct ones. IPv6 is an issues, works but needs attention. there is no "tunnel" option for "set type" command when creating interface "pppoe1". So probably some explanation or redisigning the config is needed. 

 

Kind regards 

 

 

 

MdeVries
New Contributor

Hi All, has anyone had any succes migrating the ipv6 config from 7.2.x (set type tunnel) to 7.4.x?

kindest regards, Martin

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors