Configuring PPPoE Access on a USG Firewall

The document explains how to configure a USG device as a PPPoE client to obtain an IP address from an ISP and provide Internet access for a LAN. The network topology consists of a USG acting as the Internet gateway, a VLAN interface for the internal LAN (10.1.1.0/24), and a WAN interface that connects to the ISP via PPPoE.

Configuration steps:

1. Downlink (LAN) configuration : Create Vlanif 1 , assign IP 10.1.1.1/24 , enable DHCP server on the interface, and set the DNS list to the USG itself.

2. Uplink (WAN) configuration : Create Dialer 1 , enable shared DCC, set dialer-rule 20 ip permit , configure PPPoE authentication (user/password), and set the IP address to ppp-negotiate . Bind the Dialer bundle to the physical Ethernet port with pppoe-client dial-bundle-number 1 .

3. Security zones : Add the LAN interface to the trust zone and the PPPoE interface to the untrust zone, then configure inter‑zone packet filtering.

4. NAT configuration : Create an inter‑zone NAT policy from trust to untrust , enable source-nat for the LAN subnet, and use easy-ip dialer 1 to handle dynamic ISP addresses.

5. DNS proxy : Enable DNS proxy on the USG and bind the DNS server to the Dialer interface so that LAN clients receive the ISP‑provided DNS addresses.

6. Static routing : Add a default route ip route-static 0.0.0.0 0.0.0.0 Dialer 1 to forward all outbound traffic through the PPPoE link.

Verification : Use display interface dialer 1 to confirm the Dialer is up, has obtained an IP address and DNS servers, and check PC configuration with ipconfig /all to ensure proper address assignment and Internet connectivity.

Following these steps results in a fully functional PPPoE‑based Internet connection for the internal network, with DHCP, NAT, and DNS services correctly integrated.