Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
alif
Staff
Staff

Created on ‎03-15-2020 03:48 AM Edited on ‎08-26-2025 02:39 AM By Moderator

Article Id 194710

Technical Tip: Setting up Access Point Name (APN) on FortiGate 3G4G and 5G devices

Description


This article describes how to configure a custom APN on the FortiGate 3G4G and 5G appliances.


Scope


FortiGate-3G4G (with lte-modem integrated module) and FortiGate 5G.

Solution


By default, the APN is undefined in the configuration, which means the modem will match available networks it discovers from its automatic network scan against the wireless profile list. Some providers require users to configure the access point name (APN) for the LTE network on the FortiGate.

 

3G4G (lte-modem):

 

config system lte-modem
    set status enable
    set apn internet.telekom
    set username telekom
    set passwd telekom
end

 

For Vodafone UK:

 

config system lte-modem
    set status enable
    set authtype pap
    set apn wap.vodafone.co.uk
    set username wap
    set passwd wap
end

 

Once an APN is set, the LTE modem will only connect to the wireless network with the specific APN. FortiGate matches the wireless profile from top to bottom and uses the first match on the list. If it is missing or not configured, this must be completed for the device to work.

 

If the SIM has a PIN defined, this can be defined under FortiGate as follows:

 

config system lte-modem
    set extra-init "pin-init AT+CPIN=8664"
end

 

Note that the value 8664 is just an example PIN code and needs to be replaced with the original PIN code.

 

The profile creation looks like this:

 

execute lte-modem wireless-profile create
{name}                       <----- Wireless profile name 1 to 16 characters.
(0, 1)                       <----- Wireless profile type.
0 -                          <----- 3GPP .
1 -                          <----- 3GPP2.
(0 - 4)                      <-----Wireless profile PDP type.
0 -                          <----- IPV4.
1 -                          <----- PPP.
2 -                          <----- IPV6.
3 -                          <----- IPV4V6.
{name}                       <----- Wireless profile APN name 0 to 32 characters.
(0 - 3)                      <----- Wireless profile authentication type.
0 -                          <----- None.
1 -                          <----- PAP.
2 -                          <----- CHAP.
3 -                          <----- PAP and CHAP.
{name}|{Enter}               <----- Wireless profile user Name 1 to 32 characters, or <Enter> if authentication is none.
{password}                   <----- Wireless profile password 1 to 32 characters. 

 

The wireless profile can also be modified with the following command:

 

execute lte-modem wireless-profile modify < Wireless profile ID> < Wireless profile name> < Wireless profile type> < Wireless profile PDP type> < APN name> < authentication type>

 

When creating the profile, note that the command will be entered in one line. To see the next required argument in the command, press '?' to bring up the command help.

Take the following example of Deutsche Telekom (source: APN Settings)

 

apn: internet.telekom
user: telekom
password: telekom

 

The command looks like the following:

 

execute lte-modem wireless-profile create DT-Internet 0 0 internet.telekom 3 telekom telekom

 

To verify the entry, check the wireless profile list.

 

execute lte-modem wireless-profile list
ID    Type    Name        APN            PDP_Type    Authen        Username
 1    0                                      3         0       
 2    0    DT-Internet    internet.telekom   3         1            telekom

 

To confirm if the APN has been set and matched, run the following command:

 

execute lte-modem wireless-profile test

 

If there is no error code, the wireless profile is matched.

 

Take the following example of Vodafone UK:

 

execute lte-modem wireless-profile list

ID       Type       Name       APN                            PDP_Type       Authen       Username

1         0                                                    3              0

 

When planning to change the SIM card later, leave profile ID 1 untouched and create a new profile or modify profile 1.

 

execute lte-modem wireless-profile modify 1 "VodafoneUK" 0 0 wap.vodafone.co.uk 1 wap wap

 

execute lte-modem wireless-profile list

ID       Type       Name                    APN          PDP_Type       Authen       Username  Passwd

1          0      VodafoneUK       wap.vodafone.co.uk      0             0            wap        wap

 

If it is desired to keep the default profile and create a new one under it, execute the following:

 

execute lte-modem wireless-profile create 2 "VodafoneUK" 0 0 wap.vodafone.co.uk 1 wap wap

 

execute lte-modem wireless-profile list

ID       Type       Name                    APN          PDP_Type       Authen       Username  Passwd

1         0                                               3              0

2         0      VodafoneUK       wap.vodafone.co.uk      0              0             wap        wap


In cases where the default profile is getting matched, the wireless profiles can be deleted as well.

 

execute lte-modem wireless-profile delete <ID>

 

To delete all wireless profiles (out of factory config), delete all profiles except the last one. If only one entry is in the table, it cannot be deleted, but only modified.

To remove the last profile, use the command below to set default values:

 

execute lte-modem wireless-profile modify 1 " " 0 3 "" 0

 

3G4G troubleshooting commands:

 

diagnose sys lte-modem sim-info               <----- Shows LTE Modem SIM card information.
diagnose test application lted ?                              <-----Shows several options such as IMEI, Model, Manufacturer, SIM status, etc.
diagnose sys lte-modem modem-details          <----- Shows LTE Modem detailed information.
diagnose sys lte-modem data-session-info      <----- Shows LTE Modem data session information.

 

5G modems:

 

The APN is set within a data-plan object, and then the data plan is assigned to a specific SIM slot under the modem configuration:

 

config system 5g-modem

    config data-plan

        edit 1

            set apn '<your_apn_here>'

        next

    end

end

 

config system 5g-modem

    config modem1

         set sim1-data-plan 1

    end

end

 

To set the carrier manually:

 

config system 5g-modem

    config modem1

        set carrier-config manual

    end

end

execute 5g-modem carrier-config switch <integer>   <----- Select integer corresponding to carrier or 1 for Generic PTCRB.

 

execute 5g-modem carrier-config list
--------------------
Available carrier config:
--------------------
0:Generic GCF
1:Generic PTCRB
10:AT&T
11:T-Mobile
12:Verizon
14:Bell
15:Rogers
16:Telus
20:SK Telecom
21:SK Telecom Dongle
22:KT
30:NTT Docomo
31:KDDI
40:Telstra
50:LATAM
60:Telefonica
61:DTAG

 

5G troubleshooting commands:

diagnose sys 5g-modem modem-details
diagnose sys 5g-modem sim-info
diagnose sys 5g-modem signal-info
diagnose sys 5g-modem traffic-status
diagnose sys 5g-modem gps-info
diagnose sys 5g-modem data-session-info

 

Further diagnostic commands for 5G devices can be found in the FortiGate 5G Operator's Manual.

 

Related documents:

set carrier-config 

Technical Tip: Troubleshooting 5G SIM cards and LTE modem issues on FortiGate using CLI commands  

Labels:
24346
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.