Fortinet has introduced a new transceiver module designed for use with the FortiGate. A DSL modem that can be used in a free SFP port of the FortiGate. It is possible to replace an existing DSL bridge with this transceiver. The modem supports PPPoE as well as DHCP provisioning.
The Fortinet SKU of the transceiver is FN-TRAN-DSL and this is a Fortinet labeled “Procend 180-T DSL” transceiver module.
Since internet connections over copper are still pretty common in Switzerland and are only slowly being replaced by FTTH solutions, DSL modems and bridges are still bought quite often. By adding this SFP module to it’s portfolio, Fortinet eradicated the need to buy a DSL bridge modem for your DSL connection if you have a FortiGate with a free SFP port.
Features and limitations of the DSL modem transceiver
There is a RJ45 connector on the transceiver side to connect the two wire DSL line to the module. This RJ45 socket is able to receive a RJ11 connector too. Therefore all cables that are delivered by swiss copper providers will fit nicely into this transceiver module.
The module supports VDSL2 transfer speeds up to 300mbit/sec and can be operated in a very wide temperature range from -20 °C up to 75 °C what makes this transceiver also an ideal part for use in rugged FortiGates.
In a HA cluster it is not quite simple to configure a real failover scenario. Since the copper wires can not just get fed into two transceivers at the same time, there is a need to reconnect the DSL copper line manually what is not very elegant. So there is a limitation here if we do not have two different DSL lines that support failover of sessions.
It is also possible to use the DSL transceiver in a FortiSwitch as documented under the linked KB article.
There is a limitation on the FortiGate regarding PPP encapsulation over Ethernet since the FortiGate will not offload PPPoE traffic to the hardware chipset to accelerate it’s processing. PPPoE Traffic can not be accelerated by the FortiGate hardware while DHCP addressed interfaces do not need a PPP encapsulation and therefore can be offloaded to the FortiGate hardware. Because of this limitation, we recommend to use DHCP addressing over PPPoE. If you are interested in this matter, you may want to have a look into our Hardware acceleration troubleshooting guide.
How to configure a DHCP based DSL connection
The last important information that may be of interest for you is the following: The FortiGate is supporting the use of DHCP client options since FortiOS 6.4. Therefore it is now possible to set the DHCP client option number 60, which is the vendor class identifier (short: VCI).
On the Swisscom information page for the “configuration of third-party routers” you can find all the settings you need to set for a swisscom DSL and FTTH line. In the Fortinet new feature guide for FortiOS 6.4 is a guide how to configure the DHCP client option.
In the case that you are using a bridge or the Fortinet own SFP DSL transceiver (SKU: FN-TRAN-DSL), the configuration on the WAN interface looks like following:
config system interface edit "wan1" set mode dhcp config client-options edit 60 set code 60 set type string set value "100008,0001" next end next end
Some people found out, that you can prevent a re-registration of the internet connection if you set the MAC address of your old modem on the FortiGate WAN interface like following:
config system interface edit "wan1" set macaddr 00:11:22:33:44:55 next end