FortiGate 3G/4G modem, Verizon network.

When using Verizon as a mobile carrier, it may be seen that the WWAN interface works for a moment, but goes down without any indication as to why. This occurs even in cases where the SIM card would also work in a regular phone just fine with no issues.

The 'set source-ip'  command is used for management tools like Syslog, Netflow, etc. and may cause this issue: the above management traffic is sent out of the WWAN interface when the device initially turns on because the tunnels are not yet up.

It is possible to check if this is configured anywhere by running this command:

show | grep -f source-ip

When Verizon's network security detects traffic from an IP which was not assigned to that modem, an IP source violation occurs, causing the FortiGate WWAN interface to malfunction.

To avoid this:

• Try to create an automation stitch, so when the firewall reboots, it will remove all the source-IP, or any specific interface configured the force the traffic.
• Check the event ID for particular logs, so the firewall capture correct triggers and force changes to the configuration.
• Once the firewall and the WWAN interface are up, run another script to revert changes as before.

To create the Automation stitch, see this document.

A simple Script example:

Event ID: 20099 is used when the event occurs on the interface (UP or Down).

Event ID: 32009 when the Firewall reboot.