Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mfiedler1985
New Contributor II

Created on ‎04-06-2023 02:11 AM Edited on ‎04-10-2023 11:19 AM

Fortigate 200D with Hauwei 3372h Modem (AT Version)

Hi,

 

i have a Fortigate 200D Firewall with FortiOS 6.0.16 and a Huawei 4G Webstick Modell 3372h. I can't bring the Connection to the LTE-Network up. I searched around and found this https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-Huawei-E3372-h-modem-stick/ta-p...

 

The Problem is, that i have the AT-Command Version of this Stick and this HowTo is for the Web-Interface Version. 

When i try to configure the Stick as lte-modem

diagnose sys lte-modem info

says, that the Modem is not connected. 

 

So i tried to configure the Stick as "normal" Modem. The Modem itself seems to work properly:

 

diagnose sys modem query
USB status: Connected
manufacturer: huawei
model: E3372
IMEI number: 868230032061123
SIM state: Valid
service status: Valid Service
signal level: 3/4
network name: E-Plus
network type: E-UTRAN
location area code:
active profile(AT&V):
COMMAND NOT SUPPORT

^RSSI:18

^HCSQ:"LTE",45,47,136,26

 

But in the Debug Messages a Timout occures (At the end after CONNECTED):

 

eset_cur_modem_info:1573
get_cur_modem_info:1663 force=1 inited=0
custom_list_load()
act_driver(): serial driver attached (ret=0)
reset_cur_modem_info:1573
get_cur_modem_info:1663 force=1 inited=0
send 9: AT+CGMI

recv 0:
recv 6: huawei
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",47,47,136,22
send 9: AT+CGMM

recv 0:
recv 5: E3372
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",47,47,136,24
send 9: AT+CGSN

recv 0:
recv 15: 868230032061123
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",46,46,131,24
send 12: AT^SYSINFO

recv 0:
recv 21: ^SYSINFO:2,3,0,5,1,,4
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",46,46,131,24
send 10: AT+CREG?

recv 0:
recv 10: +CREG: 0,1
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",46,46,131,24
send 10: AT+COPS?

recv 0:
recv 21: +COPS: 0,0,"E-Plus",7
recv 0:
recv 2: OK
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",46,46,131,24
send 8: AT+CSQ

recv 0:
recv 11: +CSQ: 19,99
recv 0:
recv 0:
recv 2: OK
send 6: AT&V

recv 0:
recv 19: COMMAND NOT SUPPORT
recv 0:
recv 8: ^RSSI:19
recv 0:
recv 24: ^HCSQ:"LTE",46,46,126,22
chat: abort on (BUSY)
chat: abort on (NO DIAL TONE)
chat: abort on (NO DIALTONE)
chat: abort on (NO ANSWER)
chat: abort on (ERROR)
chat: send (atz^M)
chat: expect (OK)
chat: ^M
chat: ^HCSQ:"LTE",46,46,131,24^M
chat: ^M
chat: OK
chat: -- got it

chat: send (ath0^M)
chat: abort on (NO CARRIER)
chat: expect (OK)
chat: ^M
chat: ^M
chat: OK
chat: -- got it

chat: send (ats7=90^M)
chat: timeout set to 90 seconds
chat: expect (OK)
chat: ^M
chat: ^M
chat: OK
chat: -- got it

chat: send (AT+CGDCONT=1,"IP","internet.partner1"^M)
chat: expect (OK)
chat: ^M
chat: ^M
chat: OK
chat: -- got it

chat: send (ATD*99***1#^M)
chat: expect (CONNECT)
chat: ^M
chat: ^M
chat: CONNECT
chat: -- got it

chat: send (^M)
chat: abort on (BUSY)
chat: abort on (NO DIAL TONE)
chat: abort on (NO DIALTONE)
chat: abort on (NO ANSWER)
chat: abort on (ERROR)
chat: send (atz^M)
chat: expect (OK)

 

 

Im located in Germany. My Provider is O2/E-Plus. I have verified, that this Configuration / APN etc. is working. I use the same config on my Rasperry with wvdial. 

 

I have tried to set the wireless-port to 0/1/2, but still get the same Error. 

 

Here is my Configuration:

(modem) # get
status : enable
pin-init :
network-init :
lockdown-lac :
mode : standalone
auto-dial : enable
redial : none
reset : 0
connect-timeout : 90
wireless-port : 1
dont-send-CR1 : disable
phone1 : *99***1#
dial-cmd1 : ATD
username1 :
passwd1 : *
extra-init1 : AT+CGDCONT=1,"IP","internet.partner1"
peer-modem1 : generic
ppp-echo-request1 : enable
authtype1 : pap chap mschap mschapv2
dont-send-CR2 : disable
phone2 :
dial-cmd2 :
username2 :
passwd2 : *
extra-init2 :
peer-modem2 : generic
ppp-echo-request2 : enable
authtype2 : pap chap mschap mschapv2
dont-send-CR3 : disable
phone3 :
dial-cmd3 :
username3 :

passwd3 : *
extra-init3 :
peer-modem3 : generic
ppp-echo-request3 : enable
altmode : disable
authtype3 : pap chap mschap mschapv2
distance : 1
priority : 0

 

When i try to dial:

 

execute modem dial

I get 

"The modem is already connected."

 

But the LED on the Stick is blinking in 2 Sec interval. This indicates, that the Modem is not connected. See

 

 

Thanks for your Help!

 

Marcus 

 

Edit:

 

In my old wvdial.conf i had an additional init Command

Init2 = AT&F&D2&C1 Q0 V1 E1 S0=0

 

But i dont know, how to implement it in my FortiGate Modem Config, because i can only give one extra-init per ISP. My working wvdial config looks like follows:

 

[Dialer Defaults]
Init1 = ATZ
Init2 = AT&F&D2&C1 Q0 V1 E1 S0=0
Init3 = AT+CGDCONT=1,"IP","internet.partner1"
Phone = *99***1#
Username = websfr
Password = websfr
Ask Password = 0
Dial Command = ATD
Stupid Mode = on
Auto Reconnect = on

Labels:
2692
0 Kudos
1 Solution
jhonmartin826
New Contributor

Created on ‎02-27-2024 08:11 AM

Hi Marcus,

Have you considered reaching out to Fortinet's technical support for Text assistance? They might have additional insights or solutions to help resolve the connectivity issue with the Huawei modem.

View solution in original post

1565
0 Kudos
9 REPLIES 9
Anthony_E
Community Manager
Community Manager

Created on ‎04-09-2023 10:16 PM

Hello Marcus,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
2631
0 Kudos
mfiedler1985
New Contributor II

Created on ‎04-10-2023 10:45 PM

Update:

 

I gave the lte-modem Configuration a second chance, but it doesnt work. 

 

My Config is

config system lte-modem
set status enable
set apn "pinternet.interkom.de"
set modem-port 0
end

 

But FortiOS says, that my SIM is invalid ( I tested on another System. Its valid)

 

show system lte-modem
config system lte-modem
set status enable
set apn "pinternet.interkom.de"
set modem-port 0
end

 

diagnose sys lte-modem info
LTE Modem configuration enabled!
LTE Modem device initialized.
Manufacturer:
Model:
IMEI:
USB Modem Interface: down
SIM State: Invalid
ICCID:
Signal Strength: 4
Network Type: 3G
APN: pinternet.interkom.de
Authen Type: none
Extra Init String:
Interface mode: standalone
Holddown Time: 30

Because it seems, that the Modem isn*t initialized correctly and it is not on the supported list, i tried to add my Modem to the supported List following this Guide:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/241739/configuring-an-unsupported-modem

 

id : 1
vendor : Huawei
model : 3372h
vendor-id : 12d1
product-id : 1506
class-id : 00
init-string : 

2

But it's still not working. When it is connected and configured using "lte-modem" the device hangs on reboot and SSH-Login. 

2608
Anthony_E
Community Manager
Community Manager

Created on ‎04-12-2023 04:46 AM

Hello Marcus,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
2586
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎04-13-2023 02:28 AM Edited on ‎04-13-2023 02:29 AM

Hi Marcus,

 

Here is the answer from one of our experts:

 

"The configuration for the modem is usually performed under config sys lte-modem, not  under config sys modem was for 3G...not LTE if I really correctly......there can be an issue if you have both modem/ltemodem enabled on the device as it can create a USB conflict."

 

He will check but needs some time to go through old engineer reports.

 

We will then come back to you once he will have the result of these tests.

 

Regards,

Anthony-Fortinet Community Team.
2565
0 Kudos
mfiedler1985
New Contributor II
In response to Anthony_E

Created on ‎04-13-2023 05:07 AM

Hi Anthony, 

 

thanks for your reply. 

I had never enabled both Modem-Types at the same time. I disabled the "modem" Device, before i enabled "lte-modem".

 

Best regards 

 

Marcus Fiedler

2559
0 Kudos
mfiedler1985
New Contributor II

Created on ‎05-02-2023 05:59 AM

Hi, 

 

has anyone some new Ideas, what could be the Problem here? 

Unfortunately i still can't get the Stick working. 

 

Thanks very much!

 

Marcus Fiedler

2437
0 Kudos
sw2090
SuperUser
SuperUser

Created on ‎05-02-2023 11:42 PM Edited on ‎05-02-2023 11:43 PM

hm usb modem sticks are always problematic. This after all is due to a big fail by design in usb protocoll. Due to this every manufacturer creates its own pair of device and vendor id and the kernel drivers would have to know every single one because additionally there is no generic standard like there is for usb storage devices. That means one Stick might work and annother will not even though it contains the same hardware.

I tried with several such sticks on Fortigates and I only found one that worked. I finally ended up using FortiExtenders or LTE capable routers because that doesn't need any kernel driver support. 

They just hand you ethernet on an interface.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
2423
0 Kudos
jhonmartin826
New Contributor

Created on ‎02-27-2024 08:11 AM

Hi Marcus,

Have you considered reaching out to Fortinet's technical support for Text assistance? They might have additional insights or solutions to help resolve the connectivity issue with the Huawei modem.

1566
0 Kudos
scarletJEO036
New Contributor

Created on ‎12-11-2024 06:05 AM

Hi Marcus,

It looks like you're on the right track with your troubleshooting, but I see a few things you could check:

  1. AT-Command Version vs Web-UI Version: Since you're using the AT command version of the Huawei E3372, make sure the FortiGate recognizes it properly as a standard 4G modem (not the HiLink version). Some configurations work better with a "generic" modem type, so double-check the peer-modem settings.

  2. Extra Init Commands: Regarding your Init2 command from wvdial.conf, you can try incorporating that initialization string into the extra-init1 field, but note that FortiGate only allows one extra init per ISP. If it’s not working, try experimenting with alternative commands like AT&F or AT+CSQ to ensure proper initialization.

  3. Dial Command Timeout: In some cases, the timeout on the dial command (ATD*99***1#) may be causing issues. You could adjust the timeout settings to see if that resolves the connection issue.

  4. Modem Configuration: If you have access to the FortiGate's diagnostic tools, you might want to try a deeper modem diagnostic (diagnose sys modem debug), as it could offer more insight into what’s failing during the connection process.

  5. Firmware/Software Version: Finally, I would suggest upgrading FortiOS if possible. While you're on 6.0.16, there could be bug fixes in newer versions that may address modem connection issues like this.

Good luck, and I hope this helps! Regards Brotherapplicances

79
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.