You are on page 1of 4

The Fortigate and the 3G Modem | Brad Peczka's Blog

http://blog.bradpeczka.com/2009/11/16/the-fortigate-and-the-3g-modem/

Brad Peczka's Blog


$ CA T /DE V/RAND OM > /D EV /BLOG ABOU T BRA D PE CZKA C ONTACT ME

Search

Troubleshooting Fun with Exchange 2007 Queues

RE CEN T M USING S

How to upgrade JUNOS on the SRX100

The Fortigate and the 3G Modem


by B R A D P E C Z K A on N O V E M B E R 1 6 , 2 0 0 9 2 C O MM E NT S

NetApp SnapMirror issues with Riverbed Steelhead WordPress Automatic Upgrade via SSH IBM NICs in VMWare ESXi 4.0/4.1 MGCP Voice Gateway Configuration in CUCM Disabling the CUCM Corporate Directory

Say what you will about it, but I think that the Fortinet Fortigate 60B is a nice piece of gear. For the purchase price, you get a grunty firewall with 2 WAN Ports, a dedicated DMZ Port, 6 Fast Ethernet Ports and a PCMCIA Slot. You also score two USB Ports, which can be used to power a USB 3G Modem. With the right type of 3G Service, this setup provides you with the perfect temporary office network a situation where you only need basic services for few users who require access to the corporate LAN. Im going to quickly run through setting up the connection with some common Australian 3G Providers, and how to debug any issues that may arise. For the purposes of this demo, Im using: Fortinet Fortigate 60B (running FortiOS v4.1 Patch 1) Huawei E169G 3G USB Modem 3G Services provided by Three Owing to some inconsistencies in the Administration Guide, this config will be entered using the CLI. Dont be scared it wont bite! Firstly, ensure that your modem is firmly plugged into a USB Port on the back of the Fortigate, and that youve power-cycled the unit to detect the modem. Youll need to enable the modem with the following command:

Managing Volume License Keys When the Citrix IMA Service fails to start Exchange 2007 Services Shutdown Order Troubleshooting Fun with Exchange 2007 Queues

WHAT I 'M DO IN G. . .

@skryring Looks like Chicken? in reply to skryring 22 hrs ago Book 'em, Danno. 1 day ago @slampt Find me a nice Shiraz keke? in reply to slampt 1 day ago @Mooba Awesome, thanks! in reply to Mooba 1 day ago @mooba Are you fine folks open tomorrow? 1 day ago Just saw the @WA_Police RV heading into the city, followed by another, unmarked version. 1 day ago @skryring You're not alone! in reply to
config system modem set status enable end

skryring 1 day ago @lathiat You don't write, you don't call... :-( in reply to lathiat 1 day ago @WA_Police No info on your new chopper though? :-( in reply to WA_Police 1 day ago

Next, try and detect the custom vendor and product IDs with the following command. Be sure to note it down, as youll need it later!

@lathiat Did you finally get tired of the pink Playboy logo on your rear window? ;-) in reply to lathiat 2 days ago

FortiGate # diagnose sys modem wireless-id vendor: 0x12d1, product: 0x1003, registered: yes

More updates...

ARCH IVE S

Next, well configure the modem settings in our FortiGate to activate the modem connection:

October 2011 May 2011 September 2010 August 2010

config system modem

May 2010
set status enable set status enable set dial-on-demand enable

January 2010 November 2009

1 de 4

28-10-2011 10:44

The Fortigate and the 3G Modem | Brad Peczka's Blog

http://blog.bradpeczka.com/2009/11/16/the-fortigate-and-the-3g-modem/

set connect-timeout 30 set wireless-custom-vendor-id 0x12d1 set wireless-custom-product-id 0x1003 set modem-dev1 pcmcia-wireless set phone1 "*99#" set username1 "3services" # Set this to your provider's APN set altmode disable end

BLO GR O LL

Clint Boessen Peter Revill Sam Kendall Shane Short Trent Lloyd

Special Note: If youre a Virgin Broadband user, ensure you also configure set authtype1 pap. While every other provider has moved with the times, and utilise the more secure and robust CHAP Authentication (which is the default option on the FortiGate), Virgin still use PAP which needs to be manually configured to ensure a successful connection. Were almost there! The last thing to do is to turn on debugging (to watch the progress of the dial), and to actually execute the dial:

diagnose debug enable diagnose debug application ppp 255 diagnose debug app modemd 255

execute modem dial

With a little luck, and a little hope, youll see the logs go rushing by, and the modem will establish a connection to your provider. You should now conduct tests to verify your connectivity (after establishing the appropriate firewall rules), or (if unsucessful) review the ppp and modemd logs to see if you can determine what fouled up. Common causes are the modem not being detected, the wrong APN being provided to the FortiGate, or (funnily enough) the SIM Card not being activated for the APN youre dialling! Once youre done, dont forget to turn off your logging:

diagnose debug application modemd 0 diagnose debug application ppp 0 diagnose debug disable

And thats it!


Tagged with: 3G Fortigate Fortinet FortiOS Three

If you enjoyed this post, please consider sharing it!

2 Responses to the fortigate and the 3g modem


Mramadan says:
February 14, 2010 at 5:14 PM

thanks very very much


R E PL Y

Vidar says:
August 17, 2011 at 7:41 AM

2 de 4

28-10-2011 10:44

The Fortigate and the 3G Modem | Brad Peczka's Blog

http://blog.bradpeczka.com/2009/11/16/the-fortigate-and-the-3g-modem/

Thanks. I got Huawei E367 working based on your instructions + a bit fiddling. I ended up with this config: config system modem set status enable set auto-dial enable set connect-timeout 30 set phone1 *99# set username1 internet set extra-init1 AT&FE0V1X1&D2&C1S0=0 set altmode disable end config system 3g-modem custom edit 2 set vendor Huawei set model E367b set vendor-id 12d1 set product-id 1506 next edit 3 set vendor Huawei set model E367a set vendor-id 12d1 set product-id 1446 set init-string 55534243123456780000000000000011062000000100000000000000000000 next end The extra init string doesnt seem to be necessary though. I just added it because I noticed the Mobile Partner application send it to the modem in Windows when I tried to connect it to my laptop. One set-back is that the upload performance through Fortigate is much worse than directly on laptop. Im getting 600kbps through Fortigate and 2-3Mbps direct on laptop.
R E PL Y

Leave a Reply
Your email address will not be published. Required fields are marked * Name *

Email *

Website

Comment

You may use these HTML tags and attributes:


<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

POS T C OM M EN T

Brad Peczka's Blog

PA GES

THE LA TEST

MORE

2011 Brad Peczka All Rights Reserved

About Brad Peczka

How to upgrade JUNOS on the SRX100

Thanks for dropping by!

3 de 4

28-10-2011 10:44

The Fortigate and the 3G Modem | Brad Peczka's Blog

http://blog.bradpeczka.com/2009/11/16/the-fortigate-and-the-3g-modem/

Contact Me

Ive had an ongoing love affair with the Juniper SRX Series Gateways []

Feel free to join the discussion by leaving comments, and stay updated by subscribing to my RSS feed.

Hosted by Domain Futures.

4 de 4

28-10-2011 10:44