Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mfiedler1985
New Contributor II

Fortigate 200D with Hauwei 3372h Modem (AT Version)

Hi,

 

i have a Fortigate 200D Firewall with FortiOS 6.0.16 and a Huawei 4G Webstick Modell 3372h. I can't bring the Connection to the LTE-Network up. I searched around and found this https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-Huawei-E3372-h-modem-stick/ta-p...

 

The Problem is, that i have the AT-Command Version of this Stick and this HowTo is for the Web-Interface Version. 

When i try to configure the Stick as lte-modem

diagnose sys lte-modem info

says, that the Modem is not connected. 

 

So i tried to configure the Stick as "normal" Modem. The Modem itself seems to work properly:

 

diagnose sys modem query
USB status: Connected
manufacturer: huawei
model: E3372
IMEI number: 868230032061123
SIM state: Valid
service status: Valid Service
signal level: 3/4
network name: E-Plus
network type: E-UTRAN
location area code:
active profile(AT&V):
COMMAND NOT SUPPORT

^RSSI:18

^HCSQ:"LTE",45,47,136,26

 

But in the Debug Messages a Timout occures (At the end after CONNECTED):

 

eset_cur_modem_info:1573
get_cur_modem_info:1663 force=1 inited=0
custom_list_load()
act_driver(): serial driver attached (ret=0)
reset_cur_modem_info:1573
get_cur_modem_info:1663 force=1 inited=0
send 9: AT+CGMI

recv 0:
recv 6: huawei
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",47,47,136,22
send 9: AT+CGMM

recv 0:
recv 5: E3372
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",47,47,136,24
send 9: AT+CGSN

recv 0:
recv 15: 868230032061123
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",46,46,131,24
send 12: AT^SYSINFO

recv 0:
recv 21: ^SYSINFO:2,3,0,5,1,,4
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",46,46,131,24
send 10: AT+CREG?

recv 0:
recv 10: +CREG: 0,1
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",46,46,131,24
send 10: AT+COPS?

recv 0:
recv 21: +COPS: 0,0,"E-Plus",7
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",46,46,131,24
send 8: AT+CSQ

recv 0:
recv 11: +CSQ: 19,99
recv 0:
recv 0:
recv 2: OK
send 6: AT&V

recv 0:
recv 19: COMMAND NOT SUPPORT
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",46,46,126,22
chat: abort on (BUSY)
chat: abort on (NO DIAL TONE)
chat: abort on (NO DIALTONE)
chat: abort on (NO ANSWER)
chat: abort on (ERROR)
chat: send (atz^M)
chat: expect (OK)
chat: ^M
chat: ^HCSQ:"LTE",46,46,131,24^M
chat: ^M
chat: OK
chat: -- got it

chat: send (ath0^M)
chat: abort on (NO CARRIER)
chat: expect (OK)
chat: ^M
chat: ^M
chat: OK
chat: -- got it

chat: send (ats7=90^M)
chat: timeout set to 90 seconds
chat: expect (OK)
chat: ^M
chat: ^M
chat: OK
chat: -- got it

chat: send (AT+CGDCONT=1,"IP","internet.partner1"^M)
chat: expect (OK)
chat: ^M
chat: ^M
chat: OK
chat: -- got it

chat: send (ATD*99***1#^M)
chat: expect (CONNECT)
chat: ^M
chat: ^M
chat: CONNECT
chat: -- got it

chat: send (^M)
chat: abort on (BUSY)
chat: abort on (NO DIAL TONE)
chat: abort on (NO DIALTONE)
chat: abort on (NO ANSWER)
chat: abort on (ERROR)
chat: send (atz^M)
chat: expect (OK)

 

 

Im located in Germany. My Provider is O2/E-Plus. I have verified, that this Configuration / APN etc. is working. I use the same config on my Rasperry with wvdial. 

 

I have tried to set the wireless-port to 0/1/2, but still get the same Error. 

 

Here is my Configuration:

(modem) # get
status : enable
pin-init :
network-init :
lockdown-lac :
mode : standalone
auto-dial : enable
redial : none
reset : 0
connect-timeout : 90
wireless-port : 1
dont-send-CR1 : disable
phone1 : *99***1#
dial-cmd1 : ATD
username1 :
passwd1 : *
extra-init1 : AT+CGDCONT=1,"IP","internet.partner1"
peer-modem1 : generic
ppp-echo-request1 : enable
authtype1 : pap chap mschap mschapv2
dont-send-CR2 : disable
phone2 :
dial-cmd2 :
username2 :
passwd2 : *
extra-init2 :
peer-modem2 : generic
ppp-echo-request2 : enable
authtype2 : pap chap mschap mschapv2
dont-send-CR3 : disable
phone3 :
dial-cmd3 :
username3 :

passwd3 : *
extra-init3 :
peer-modem3 : generic
ppp-echo-request3 : enable
altmode : disable
authtype3 : pap chap mschap mschapv2
distance : 1
priority : 0

 

When i try to dial:

 

execute modem dial

I get 

"The modem is already connected."

 

But the LED on the Stick is blinking in 2 Sec interval. This indicates, that the Modem is not connected. See

 

 

Thanks for your Help!

 

Marcus 

 

Edit:

 

In my old wvdial.conf i had an additional init Command

Init2 = AT&F&D2&C1 Q0 V1 E1 S0=0

 

But i dont know, how to implement it in my FortiGate Modem Config, because i can only give one extra-init per ISP. My working wvdial config looks like follows:

 

[Dialer Defaults]
Init1 = ATZ
Init2 = AT&F&D2&C1 Q0 V1 E1 S0=0
Init3 = AT+CGDCONT=1,"IP","internet.partner1"
Phone = *99***1#
Username = websfr
Password = websfr
Ask Password = 0
Dial Command = ATD
Stupid Mode = on
Auto Reconnect = on

7 REPLIES 7
Anthony_E
Community Manager
Community Manager

Hello Marcus,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
mfiedler1985
New Contributor II

Update:

 

I gave the lte-modem Configuration a second chance, but it doesnt work. 

 

My Config is

config system lte-modem
set status enable
set apn "pinternet.interkom.de"
set modem-port 0
end

 

But FortiOS says, that my SIM is invalid ( I tested on another System. Its valid)

 

show system lte-modem
config system lte-modem
set status enable
set apn "pinternet.interkom.de"
set modem-port 0
end

 

diagnose sys lte-modem info
LTE Modem configuration enabled!
LTE Modem device initialized.
Manufacturer:
Model:
IMEI:
USB Modem Interface: down
SIM State: Invalid
ICCID:
Signal Strength: 4
Network Type: 3G
APN: pinternet.interkom.de
Authen Type: none
Extra Init String:
Interface mode: standalone
Holddown Time: 30

Because it seems, that the Modem isn*t initialized correctly and it is not on the supported list, i tried to add my Modem to the supported List following this Guide:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/241739/configuring-an-unsupported-modem

 

id : 1
vendor : Huawei
model : 3372h
vendor-id : 12d1
product-id : 1506
class-id : 00
init-string : 

2

But it's still not working. When it is connected and configured using "lte-modem" the device hangs on reboot and SSH-Login. 

Anthony_E
Community Manager
Community Manager

Hello Marcus,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hi Marcus,

 

Here is the answer from one of our experts:

 

"The configuration for the modem is usually performed under config sys lte-modem, not  under config sys modem was for 3G...not LTE if I really correctly......there can be an issue if you have both modem/ltemodem enabled on the device as it can create a USB conflict."

 

He will check but needs some time to go through old engineer reports.

 

We will then come back to you once he will have the result of these tests.

 

Regards,

Anthony-Fortinet Community Team.
mfiedler1985

Hi Anthony, 

 

thanks for your reply. 

I had never enabled both Modem-Types at the same time. I disabled the "modem" Device, before i enabled "lte-modem".

 

Best regards 

 

Marcus Fiedler

mfiedler1985
New Contributor II

Hi, 

 

has anyone some new Ideas, what could be the Problem here? 

Unfortunately i still can't get the Stick working. 

 

Thanks very much!

 

Marcus Fiedler

sw2090
Honored Contributor

hm usb modem sticks are always problematic. This after all is due to a big fail by design in usb protocoll. Due to this every manufacturer creates its own pair of device and vendor id and the kernel drivers would have to know every single one because additionally there is no generic standard like there is for usb storage devices. That means one Stick might work and annother will not even though it contains the same hardware.

I tried with several such sticks on Fortigates and I only found one that worked. I finally ended up using FortiExtenders or LTE capable routers because that doesn't need any kernel driver support. 

They just hand you ethernet on an interface.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Top Kudoed Authors