I have a FWF40C at a site of one of my customers that is experiencing PPPoE disconnection issues during the working day. I have been in contact with the ISP, they've verified the line (fibre optic), and from their perspective all is clean. During a disconnect the fibre connection stays up so they're saying it's probably the firewall.
I have enabled debug on the firewall to see what happens, and every time this issue occurs the firewall misses three consecutive LCP echo replies, which results in reinitialising the ppp daemon.
The connection from the firewall to the internet is made using a simple fibre optic media converter, no router or bridge is used.
I have replaced the original FWF40C with a (temporary) FGT50B, a spare FWF40C, and a new FWF40C I received from Fortinet. All the firewalls showed the same behaviour, with older, recent, and the latest supported firmware revisions (for the 50B that's a v4 release obviously). Given this, I have a hard time accepting the firewall is at fault, but if anyone can tell me that PPPoE connections on a Fortigate are to be avoided, I am happy to get a bridge in place to offload PPPoE from the firewall. However, if this is proven rock solid on Fortigates, I don't see the need to change this.
CPU loading remains normal, no spikes above 80%, average is around 10-15% (remotely monitored, so when the disconnects happen I obviously do not get any SNMP stats, but prior to the disconnects I don't see unusual rises).
So my question is, does anyone here have any experience with this type of issue, and maybe some suggestions as to what else to verify. I am thinking about inserting wireshark into the Wan link, between the media converter and the fortigate, and verify if the LCP echos are in fact returned, even when the Fortigates say they don't. However, if anyone else has any other suggestions, please let me know.
Yes this is very common & in my pass case I've seen ISP change software codes on the PPPoE server AG and these problems starts to appear and b4 in the past was never present. They can be frustrating to say the least.
What I would do is what you have alreay done ; " monitor the PPPoE protocol" but also adjust the lcp timeouts and holdover. You will need to do this from the cli;
config sys interface
set lcp-echo-interval 15
set lcp-max-echo-fail 5
We monitor and check the logs. Your ISP should also tell you hat LCP parameters they support as far as intervals. Either side can drop or re-negotiate the connections typically.
YMMV on what parameters you try and if your ISP/SP has knowledge of the parameters.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.