FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
CGeorge
Staff
Staff
Article Id 325797
Description This article describes a solution for using two SIM cards with two different APNs from two different wireless carriers. Refer to the note in the following document Active SIM card switching.
Scope FortiGate-40F-3G4G (FG-40F-3G4G), FortiGateRugged-60F-3G4G Ruggedized (FGR-60F-3G4G), FortiGateRugged-70F-3G4G Ruggedized (FGR-70F-3G4G).
Solution

The solution is to reconfigure the LTE modem using the exceptional flexibility that the automation stitches offer, forcing the modem to use the corresponding APN each time the switching mechanism is triggered.

 

For this solution, let's use the state of the link monitor as a trigger mechanism for SIM switching, by configuring the option by-link-monitor under config sim-switch.

 

SIM 1 will be configured with APN: net.

SIM 2 will be configured with APN: live.vodafone.com.

          

The initial configuration of the LTE modem is:

 

config system lte-modem

    set apn "net"

    set sim1-pin 0000   

        config sim-switch

            set by-sim-state disable

            set by-connection-state disable

            set by-link-monitor enable

            set by-data-plan disable

            set link-monitor SIM1

        end

end

 

For the link monitoring, there are two options:

  1. The first option is to use the same IP destination to trigger the switching from SIM 1 to SIM 2 and from SIM 2 to SIM 1.
  2. The second option is to use two different IP destinations, one IP to trigger the switching from SIM 1 to SIM 2 and the other IP to trigger the switching from SIM 2 to SIM 1.

Moving forward, choose the option with two IP destinations because it is slightly more complex and can be applied in more cases, such as private APN, a combination of private APN with public APN, etc.

In this case, it is very important not to set the source interface under link-monitor and, if the default route is not through WWAN, to route the two IPs statically through WWAN. The configuration of the link monitor is as follows:

 

config system link-monitor

    edit "SIM1"

        set server "10.1.100.22"

    next

    edit "SIM2"

        set status disable

        set server "10.2.100.22"

    next

end

 

The configuration for the automation stitches is:

  1. The trigger:

config system automation-trigger

    edit "SIM1-TO-SIM2"

        set event-type event-log

        set logid 46520

            config fields

                edit 1

                    set name "msg"

                   set value "*SIM card slot changed to 2*"

                next

            end

    next

end

 

  1. The action:

    config system automation-action

        edit "CLI-SIM1-TO-SIM2"

            set action-type cli-script

            set script "config system lte-modem

            set apn \"APN-SIM-2\"  

                config sim-switch

                    set link-monitor SIM2

                end

    end

    config system link-monitor

        edit \"SIM1\"

            set status disable

        next

        edit \"SIM2\"

            set status enable

        next

    end

    execute lte-modem wireless-profile modify 1 SIM 0 0 APN-SIM-2 0"

            set accprofile "super_admin"

        next

    end

  2. The stitch:

    config system automation-stitch

        edit "SWITCH-SIM1-TO-SIM2"

            set trigger "SIM1-TO-SIM2"

                config actions

                    edit 1

                        set action "CLI-SIM1-TO-SIM2"

                        set delay 10

                        set required enable

                    next

                end

        next

    end

     

Do the same configuration to switch from SIM2 to SIM1:

 

  1. The trigger:

config system automation-trigger

    edit "SIM2-TO-SIM1"

        set event-type event-log

        set logid 46520

            config fields

                edit 1

                    set name "msg"

                    set value "*SIM card slot changed to 1*"

                next

            end

    next

end

 

  1. The action:

    config system automation-action

        edit "CLI-SIM2-TO-SIM1"

            set action-type cli-script

            set script "config system lte-modem

            set apn \"APN-SIM-1\"

                config sim-switch

                    set link-monitor SIM1

                end

    end

     


    config system link-monitor

        edit \"SIM1\"

            set status enable

        next

        edit \"SIM2\"

            set status disable

        next

    end

    execute lte-modem wireless-profile modify 1 SIM 0 0 APN-SIM-1 0"

        set accprofile "super_admin"

        next

    end

  2. The stitch:

    config system automation-stitch

        edit "SWITCH-SIM2-TO-SIM1"

            set trigger "SIM2-TO-SIM1"

                config actions

                    edit 1

                        set action "CLI-SIM2-TO-SIM1"

                        set delay 10

                        set required enable

                    next

                end

        next

    end

     

Troubleshooting:

 

diagnose sys lte-modem data-session-info

 

CGeorge_0-1721041610319.png

 

diagnose sys lte-modem sim-info

 

CGeorge_1-1721041610321.png

 

After it is triggered the SIM switching.

 

CGeorge_2-1721041610323.png

 

diagnose sys lte-modem data-session-info

 

CGeorge_3-1721041610324.png

 

diagnose sys lte-modem sim-info

 
 

sim1.JPG