The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

FireWall-1 FAQ: PPPoE Connections

Last Modified: 06 Jul 2004

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)

Beginning with version 3.8 IPSO supports PPPoE connections (i.e. connecting the Nokia directly to a DSL modem or any comparable device) To create a new PPPoE connection the following steps are necessary:

1) Create a new PPPoE Profile Go to Config | Interfaces | Physical/pppoe0 | PPPOE Profile Link

Necessary parameters (depending on your DSL line):

  • Profile Name
  • Ethernet Interface (Interface where the DSL device is connected to, usually eth-s1p1)
  • Mode (Connect-On-Demand/Keep-Alive)
  • Timeout (for Connect-On-Demand connections only)
  • Authentication Type (PAP/CHAP, normally PAP)
  • Username
  • Password

2) Create a new logical PPPoE Interface and define the Interface type a) Go to Config | Interfaces | Physical/pppoe0 | Create a new interface with PPPoE profile: Profile Name b) Define Interface type (click on the name of the Logical Interface e.g. pppoe0c1) Select either Dynamic, Static or Unnumberd (usually Dynamic), if Static is selected additionally specify the Local and Remote Address

If all parameters are correct and the Ethernet Interface is connected to your DSL device the PPPoE session should be getting established in some time (visible by the green bullet)

3) Create a new default route Go to Config | Routing Configuration | Static Routes Select Next hop type: normal and click on Apply Select Gateway Type: logical name and select pppoe0c1 and click on Apply

Additional note: Due to a limitation of the PPPoE protocol the Maximum MTU size is 1492 for a PPPoE interface (which is also the default value). This could lead to serious connection problems, i.e. specific web pages (with lots of images or flash animations) will not load (it seemingly takes ages to load). This is because the normal MTU size in Ethernet networks is 1500 and the MTU size of 1492 will lead to fragmentation on the nokia if large packets are sent. To fix this problem you will need to change the MTU size on every client PC to the same value as on the nokia (1454 is recommended for PPPoE).

See also: http://www.dslreports.com/tweaks/MTU/

#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.

(C) Dameon D. Welch All Rights Reserved
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 United States License.
Don't hold my personal views against any past, present or future employers.
Offended? Stick your head in a barrel of shaving cream!
Powered by jekyll. Cosmo theme by Bootswatch.