Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
stobadruck
New Contributor

Created on ‎04-21-2025 04:53 AM

Multiple external IPs via PPPoE

Hi,

 

we´ve got some difficulties with our new internet provider. The background: We´re using a Fortigate 60F with Firmware 7.4.7 and our new provider gives us a /28-Subnet, but via PPPoE.

 

I found the following, how to configure it with a Fortigate: (https://qiita.com/haruharuharuby/items/7f737153f8f291e089ca). If I understand correctly, the key is to set pppoe-unnumbered-negotiate disable on the PPPoE-interface and use a second one to configure the whole subnet to. Then bring them to the same subnet by useing the set allow-subnet-overlap enable config switch. Now the lane is connected to the WAN2-interface. My initial idea was:

  1. to create an PPPoE-Interface on the WAN2 and let it does the PPPoE-Dialup.
  2. configure the public-IPs on the WAN2 (and the corresponding VIPs ect...).
  3. After this setup, I want to set the pppoe-unnumbered-negotiate disable on the PPPoE-Interface (from step 1), but I cannot. The Fortigate console does not offer the command :(

(To be sure, the config-flag is correct, I configured the PPPoE-Dialup directly on the WAN2-interface and I can set pppoe-unnumbered-negotiate disable).

 

Now I need some help, please. Where I did the wrong turn or what I´m doing wrong? Is there a Cookbok-Article, I overlooked? How is the right way to configure such a scenario with a Fortigate? (Always keep in mind, please, there is the still the old provider on the WAN1, we need to be able to configure Policy-Routes, to switch external services to the new proivder step by step).

 

Thanks for reading and some ideas or links...

 

Sincerly

Kai

Labels:
139
0 Kudos
3 REPLIES 3
AEK
SuperUser
SuperUser

Created on ‎04-22-2025 01:02 AM

Hi Kai

I didn't use the unnumbered option before, but you can fully use multiple IP addresses on your PPPoE interface with VIPs/DNAT and SNAT.

Hope it helps.

AEK
AEK
117
0 Kudos
stobadruck
New Contributor
In response to AEK

Created on ‎04-22-2025 06:30 AM

Hi AEK,

 

thank you for your answer, can you give my an example how? If I configure the PPPoE on WAN2 and set the first IP at the "unnumbered IP" field, no IP is reachable from outside (VIPs etc. correctly set up). How can I use policy routing to divide traffic between the old provider at WAN1 and the new at WAN2?

 

Thanks for an advice...

 

Sincerly 

Kai

102
0 Kudos
AEK
SuperUser
SuperUser
In response to stobadruck

Created on ‎04-23-2025 09:51 AM

Hi Kai

In your VIP, make sure "arp-reply" is enabled.

config firewall vip
  edit vip1
    show full | grep arp-reply   ---> this should be enabled

For better managing multiple WAN links you better use SD-WAN instead of policy routes.

AEK
AEK
75
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.