The difference between WAN interface and DSL Interface

Hello,

we have fortigate 100d and it have 2 WAN interfaces along with other interfaces but no DSL interface in it, And i want to know if i can use this WAN interface to connect directly to the ISP without any modem or router between the firewall and the ISP or the Internet. I have a router with VDSL interfaces but it reboot frequently so i want to get rid of it by puting the firewall in his place.

so can anyone explain why a lot of firewalls and routers today have WAN interfaces and not DSL interfaces?
LVL 1
omar fdalNetwork and Server AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bryant SchaperCommented:
no, they are different, wan interfaces are just ethernet interfacing with routing on them, ie you can assign them an ip and such.  they are rj45.  A dSL interface is rj11 for a DSL circuit and supports the DSL protocols such as VDSL, adsl.
0
omar fdalNetwork and Server AdministratorAuthor Commented:
Thanks Bryant, I want to know also why firewalls such as fortigate 100d and also sophos do not have DSL interfaces only WAN interfaces, and why they have functions  such as NAT that is useful only for Port Forwarding or NAT/PAT of private addresses to public addresses while they don't have any DSL interface.??
0
Bryant SchaperCommented:
Let me break this down a bit.

I want to know also why firewalls such as fortigate 100d and also sophos do not have DSL interfaces only WAN interfaces?

They could but in my opinion DSL is for home, not a business service, even though the ISP will sell it as such.  They do not carry a good SLA in most cases, and only best effort on the repair.  Also, the carriers tend to recommend their modem so they can do end to end testing, which would not be an option if you had your own device.  Ethernet is the easiest to provide.

why they have functions  such as NAT that is useful only for Port Forwarding or NAT/PAT of private addresses to public addresses while they don't have any DSL interface.??

These are router functions and required to go from the private address space to public and use a single IP.  Not technically required, but they would have offer them.  They are not unique to DSL, just to WAN interfaces.
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

omar fdalNetwork and Server AdministratorAuthor Commented:
Yes I know the usage of NAT/PAT and Port Forwarding but what i mean by my question is how you can do port forwarding with a Firewall without public address ? i mean if we have fortigate in the middle of our topology between LAN and WAN, and we want to do port forwarding in the firewall not in the DSL router?
0
Bryant SchaperCommented:
ok, I think I understand, so what you would be looking for is PPPoE passthrough.  What that does is allows the DSL router to act as a modem and you can assign the public IP address to the wan interface.  Your firewall and dsl router has to support it, and you have to have info to connect your firewall to the ISP by providing username and password typically.  I can provide the cisco commands.

interface GigabitEthernet0/2
 description DSL
 no ip address
 ip flow ingress
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable

interface Dialer0
 description ADSL CL 602-863-1666 058B
 bandwidth 20000
 bandwidth receive 40000
 ip address negotiated
 no ip redirects
 no ip unreachables
 ip mtu 1492
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip ospf network point-to-point
 dialer pool 1
 ppp authentication pap chap callin
 ppp chap hostname xxxxxxxxx@qwest.net
 ppp chap password 0 xxxxxxxxxx
 ppp pap sent-username xxxxxxxx@qwest.net password 0 xxxxxxx
 crypto map gsm1
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bryant SchaperCommented:
Looks like it is possible with a google search.  here is the doc from Fortinet

http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/interfaces.100.17.html
0
omar fdalNetwork and Server AdministratorAuthor Commented:
This is what i'm looking for "PPPoE passthrough", thank you, in last i want to ask you : how to configure PPPoE passthrough on cisco router so that my firewall gets public ip address ? (public ip will be assigned dynamically via ISP DHCP)
0
Bryant SchaperCommented:
Just set it up as

ip address dhcp

Then it will get an ip from the ISP, but you will have to have the dialer and pppoe configured so the interface can logon to the isp.
0
omar fdalNetwork and Server AdministratorAuthor Commented:
I understand how to configure my firewall as PPPoE client (Fortigate in my case), but i want to know what i need to configure in my cisco router to let it act as PPPoE Passthrough ?
0
Bryant SchaperCommented:
so now I am a bit confused, is the cisco router the dsl modem from the carrier?  Do you have a model number
0
Bryant SchaperCommented:
I figured your network was like this

ISP --> DSL router --> Fortigate --> Inside network
0
omar fdalNetwork and Server AdministratorAuthor Commented:
yes my cisco router is used as dsl modem the model number is 2901
0
Bryant SchaperCommented:
so wouldn't you want the public IP on the router?  the 2901 will probably handle routing better with greater flexibility.  

I am not sure how to configure passthrough on the 2901, sure it can be done, normally the cheap dsl routers have a bridge mode feature that you just enable.  I have to think cisco does it too, but probably a bit more complex.
0
omar fdalNetwork and Server AdministratorAuthor Commented:
I know cisco's router can handle routing and also nat and so on, but we have problem in it so it reboot frequently and also we want to consolidate everything in the Fortigate firewall and also we need cisco router just because it has VDSL interface.
0
Bryant SchaperCommented:
can you just replace with a cheap dsl modem?  My experience with DSL is that they all require reboots.
0
omar fdalNetwork and Server AdministratorAuthor Commented:
this is also a good solution anyway i will test the cheap modem or configure cisco router as PPPoE Passthrough,

Thanks a lot Bryant I appreciate your help
0
Bryant SchaperCommented:
no problem.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Operations

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.