Labels

Cisco ASA (1) Fortigate (1) Links (1) OpenSSL (1) Quick Tips (1) SSL Certificates (1)

woensdag 3 september 2014

Using a 3G/4G mobile internet modem as a WAN connection on a Fortigate firewall

Today, i'm testing a Fortigate security appliance in combination with a 4G USB mobile internet modem. My testing environment is set up with the following specs:
  • Fortigate 60D with firmware 5.0 patch 9
  • Huawei E398
Here are the steps which has worked for me to successfully setup the USB 4G modem.
Now the first thing to do, is to enable the modem.
FGT60D # config system modem
FGT60D (modem) # set status enable
FGT60D (modem) # end
Now a good thing to do is to check if the modem is detected successfully. To check is I used the following commands:
FGT60D # diagnose sys modem detect
modem is attached.
dialtone is detected.
FGT60D # diagnose sys modem external-modem
External modem vendor: Huawei
External modem vendor id: 12d1
External modem model : E392/E397/E398/E353/E3276
External modem product id: 1506

In some cases, I noticed that no modem was detected. I removed the modem from the USB port and insert it back again. After that the modem was detected. In some cases I needed to reboot the Fortigate unit to get it activated again :-(. I don't know for sure what the reason for this is, but I decided to let it go for now...
After this, when you look at the web GUI under System > Network > Modem, you can see the following:


As you can see, the modem is detected successfully, but it's still inactive. Now let's activate it. You need to enter some commands to get this done. Some parameters are specific to the mobile provider you have. In this case, the settings (APN) are from the dutch provider KPN Mobile. In my case, I want to use the 4G connection when my primary WAN connection goes down.
config system modem
    set status enable
    set pin-init "AT+CPIN=****"
    set mode redundant
    set interface "wan1"
    set phone1 "*99#"
    set extra-init1 "at+cgdcont=1,\"ip\",\"portalmmm.nl\""
You need to enter the correct APN for portalmmm.nl. If everything goed well, you can check the 4G connection with the following commands.
FGT60D # diagnose sys modem query
USB status: Connected
manufacturer: Huawei Technologies Co., Ltd.
model: E398
IMEI number: ******
SIM state: Valid
service status: Valid Service
signal level: 4/4
network name: KPN
network type: UTRAN
location area code:
active profile(AT&V):
<<output omitted>>
Now all should work! You can check if the modem interface comes UP and gets it's Connected state:


Don't forget to configure a policy rule with NAT to allow traffic to the internet through the modem interface.


That's all folks!

Gepost door op
Labels:

3 opmerkingen:

  1. Anthony9 september 2015 om 01:01

    Hi Peter,

    I would like to "pick your brains" as an information gathering exercise.

    Have you tried your 60D on 5.2 of the firmware ? Did it behave any better ?
    As you appear to be a a NZ website, which NZ provider did you get your Sim card from ?
    Did you buy your Huawei from them ?

    As you can see I want to attempt something similar.
    Regards,
    Anthony.

    BeantwoordenVerwijderen
  2. Unknown28 maart 2017 om 19:33


    Intercel is a vertically integrated company. Product ideas and market need spark research and development that transforms into innovative products and services sold directly to the market. Partnering with Intercel means you can be assured of quality, innovation, reliability, longevity and price competitiveness.

    BeantwoordenVerwijderen
  3. Unknown2 augustus 2017 om 11:24

    BUY NOW The Intercel UltraSAM 4G/LTE router An industrial-grade cellular modem router
    supporting various networks and service types including UMTS/HSDPA/HSUPA/LTE and
    delivering high download speeds of up to 100 Mbps.

    https://www.intercel.com.au/product/ultrasam4w/

    BeantwoordenVerwijderen

Abonneren op: Reacties posten (Atom)