# KPN # 01 | KPN PPPoE - IPv4 Deze instructie neemt je stap voor stap mee door de configuratie van KPN PPPoE op je FortiGate. ### Stap 1 - VLAN 6 aanmaken Bij onderstaand voorbeeld word wan1 gebruikt, let er op dat je het juiste interface koppelt. ``` config system interface edit "KPN-INET-VL6" set vdom "root" set role wan set interface "wan1" set mtu-override enable set mtu 1506 set vlanid 6 next end ``` ### Stap 2 - PPPoE interface aanmaken ``` config system pppoe-interface edit "KPN-PPPoE" set device "KPN-INET-VL6" set username "internet" set password "internet" next end ``` ### Stap 3 - PPPoE interface configureren ``` config system interface edit "KPN-PPPoE" set vdom "root" set mode pppoe set type tunnel set external enable set role wan set dns-server-override disable set interface "KPN-INET-VL6" next end ``` ### Stap 4 - Statische route aanmaken ``` config router static edit 0 set device KPN-PPPoE next end ``` ### Stap 5 - Policy aanmaken ``` config firewall policy edit 0 set name "any to internet - IPv4" set srcintf "any" set dstintf "KPN-PPPoE" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set logtraffic all set nat enable next end ``` ### Stap 6 - Internet connectiviteit testen ``` execute ping google.com ``` # 02 | KPN PPPoE - IPv6 Deze instructie gaat er vanuit dat je [01 | KPN PPPoE - IPv4](https://wiki.tdthosting.nl/books/fortinet/page/01-kpn-pppoe-ipv4) al gevolgd hebt. ### Stap 1 - PPPoE interface voorzien van IPv6 flag ``` config system pppoe-interface edit "KPN-PPPoE" set ipv6 enable next end ``` ### Stap 2 - PPPoE interface configureren met IPv6 adres ``` config system interface edit "KPN-PPPoE" config ipv6 set ip6-address 2a02:xxxx:yyyy::ffff/128 ## Controleer je IPv6 prefix in de KPN app end next end ``` ### Stap 3 - Statische route aanmaken ``` config router static6 edit 0 set device "KPN-PPPoE" next end ``` ### Stap 4 - LAN interface configureren met IPv6 adres ``` config system interface edit "VLAN2001" config ipv6 set ip6-address 2a02:xxxx:yyyy:2001::1/64 set ip6-send-adv enable ## Verstuurd router advertisements set ip6-manage-flag enable ## Geeft aan dat je DHCP wil gebruiken in plaats van SLAAC set ip6-other-flag enable ## Geeft aan dat je middels DHCP de DNS servers mee wil geven end next end ``` ### Stap 5 - DHCP server aanmaken ``` config system dhcp6 server edit 0 set lease-time 86400 set dns-service default set domain "domain.local" set subnet 2a02:xxxx:yyyy:2001::/64 set interface "VLAN2001" config ip-range edit 1 set start-ip 2a02:xxxx:yyyy:2001::1000 set end-ip 2a02:xxxx:yyyy:2001::2000 next end next end ``` ### Stap 6 - Policy aanmaken ``` config firewall policy edit 0 set name "any to internet - IPv6" set srcintf "any" set dstintf "KPN-PPPoE" set action accept set srcaddr6 "all" set dstaddr6 "all" set schedule "always" set service "ALL" set logtraffic all next end ``` ### Stap 7 - Internet connectiviteit testen ``` execute ping6 google.com ``` # 03 | KPN - IPTV In deze instructie maken we gebruik van VLAN1003 als IPTV VLAN ### Stap 1 - VLAN 4 aanmaken ``` config system interface edit "KPN-IPTV-VL4" set vdom "root" set mode dhcp config client-options edit 1 set code 60 set type string set value "IPTV_RG" next edit 2 set code 55 set value "79" next end set distance 10 set role wan set dns-server-override disable set interface "wan1" set vlanid 4 next end ``` ### Stap 2 - Statische route aanmaken ``` config router static edit 0 set dst 213.75.112.0 255.255.248.0 set device "KPN-IPTV-VL4" set dynamic-gateway enable next end ``` ### Stap 3 - IPTV VLAN aanmaken ``` config system interface edit VLAN1003 set vdom "root" set ip 10.10.3.6 255.255.255.248 set role lan set interface "LACP" ## Replace with physical interface set vlanid 1003 next end ``` ### Stap 4 - DHCP server aanmaken ``` config system dhcp server edit 0 set ntp-service local set default-gateway 10.10.3.6 set netmask 255.255.255.248 set interface "VLAN1003" config ip-range edit 1 set start-ip 10.10.3.1 set end-ip 10.10.3.5 next end set dns-server1 195.121.1.34 set dns-server2 195.121.1.66 next end ``` ### Stap 5 - Multicast policies aanmaken ``` config firewall multicast-policy edit 0 set name "iTV > KPN" set logtraffic enable set srcintf "VLAN1003" ## Replace with IPTV VLAN set dstintf "KPN-IPTV-VL4" set srcaddr "all" set dstaddr "all" set snat enable next edit 0 set name "KPN > iTV" set logtraffic enable set srcintf "KPN-IPTV-VL4" set dstintf "VLAN1003" ## Replace with IPTV VLAN set srcaddr "all" set dstaddr "all" next end ``` ### Stap 6 - IPTV policy maken richting KPN ``` config firewall policy edit 0 set name "IPTV to KPN" set srcintf "VLAN1003" ## Replace with IPTV VLAN set dstintf "KPN-IPTV-VL4" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set nat enable next end ``` ### Stap 7 - Internet policy maken voor TV ontvanger Deze stap is bedoeld om streamingsdiensten zoals Netflix of Spotify te laten werken ``` config firewall policy edit 0 set name "IPTV to internet" set srcintf "VLAN1003" ## Replace with IPTV VLAN set dstintf "KPN-INET-VL6" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set nat enable next end ```