Fortigate - Search for a real working USB 3G Solution

Troubleshooter_73 · ‎07-23-2015

Hi to all,

we have a customer who bought 10 FGT 60D in a package with D-Link USB 3G Modems.

Now we try to deploy the first site and ran in different issues with this solution at all.

The modem is part of the Support List and should work, but it always were detected as mass storage

and we are not able to switch the state to modem.

Output of...

fnsysctl cat /proc/bus/usb/devices

T: Bus=02 Lev=02 Prnt=02 Port=00 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 3 P: Vendor=2001 ProdID=a706 Rev= 3.00 S: Manufacturer=D-Link,Inc S: Product=D-Link DWM-156 S: SerialNumber=536591504161600 C:* #Ifs= 1 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms C: #Ifs= 1 Cfg#= 2 Atr=a0 MxPwr= 98mA I: If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=(none) E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms C: #Ifs= 1 Cfg#= 3 Atr=e0 MxPwr= 0mA I: If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=(none) E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms

Diagnose sys modem...

FGT60DXXXXXXXX# diagnose sys modem The modem state is 1, poll rate is 300. The modem is not active.

config system modem set status enable set mode redundant set dial-on-demand enable set redial 3 set interface "wan1" set phone1 "*99#" end

config system 3g-modem custom

FGT60DXXXXXXXX (custom) # show

config system 3g-modem custom

edit 1

set vendor "D-Link,Inc"

set model "D-Link DWM-156"

set vendor-id 2001

set product-id 7d02

next

end

Diagnose debug application modemd -1

Plugin

modemd: usb hotplug event action:add vid=0x2001 pid=0xa706 modemd: scan usb device custom_list_load() reset_cur_modem_info:1539 modemd: query 3G modem info get_cur_modem_info:1629 force=1 inited=0 modemd: run_state_machine state 1(inactive) modemd: DOD enabled (do not dial). modemd: run_state_machine state 1(inactive) modemd: DOD enabled (do not dial). modemd: run_state_machine state 1(inactive)

I'm sure, we performed all the required steps but this dongle never run as a modem...

Last Question now and for me the most important:

Is there anybody that have a running solution (best would be in Germany) with USB 3G at a Fortigate 60D Device with Firmware 5.2.3. ?

The customer ask for a solution and if we have to switch to another model or another solution with Fortinet and 3G, he will do it, but I don't know which package is really working. Maybe an Extender works better (as if I dont think so)?

Thanks for all of your ideas!

FCNSA 5, FCNSP 5, NSE 4

Antonio_Milanese · ‎08-11-2015

Hello,

I've seldom fought with 3/4G usb dongle and even if the model is listed with the same product code it can happen that you have purchased a different revison model :\ in this case the model that it's listed with fnsysctl

Troubleshooter_73 wrote:
fnsysctl cat /proc/bus/usb/devices

T: Bus=02 Lev=02 Prnt=02 Port=00 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 3 [style="background-color: #ffff00;"]P: Vendor=2001 ProdID=a706 Rev= 3.00[/style] S: Manufacturer=D-Link,Inc S: Product=D-Link DWM-156 S: SerialNumber=536591504161600 C:* #Ifs= 1 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms

indicate an DWM-156 A7 revision with Mediatek chipset: i always use dd-wrt.com wiki and USB_ModeSwitch site as reference because FWIK "3g-modem custom" it's some sort of usb_modeswitch in fortigate land: so i'll try to build a more complete custom profile and see what's the result config system 3g-modem custom edit 1 set vendor "D-Link,Inc" set model "D-Link DWM-156" set vendor-id 2001 set product-id a706 set class-id ff set init-str "5553424312345678000000000000061b000000020000000000000000000000" next end you could also try to disable cd/storage emulation via AT commands but i dont have any cheat-sheet for mediatek chipsets

Best regards, Antonio

emnoc · ‎08-11-2015

I believe you need the huawei equal of "AT^U2DIAG=0" or "ATZRUN=0", can you execute a modem inquiry from the cli ?

Also, I wonder if you could take the modems and write value to the active V0 or V1 profiles via a computer and then try the modem in the fortigate?

disable the autorun storage and then write to AT&W0 and AT&W1

Have anybody ever did this?

PCNSE

NSE

StrongSwan

Antonio_Milanese · ‎08-12-2015

Hello Emnoc, yes I try to do it on programmatically base since I've found that some models, we use mostly huawei or zte, are slow at disabling features during modeswitch on FGT power-on (i.e. modem not recognized at power-on but work ok upon exec reboot) and disabling cd/store autorun has positive effects on stability. Btw for the sake of knowledge on some recent huawei dongles AT^U2DIAG it's not implemented and you have to use AT^SETPORT ^SETPORT:A1: CDROM ^SETPORT:A2: SD ^SETPORT:A: BLUE TOOTH ^SETPORT:B: FINGER PRINT ^SETPORT:D: MMS ^SETPORT:E: PC VOICE ^SETPORT:1: MODEM ^SETPORT:2: PCUI ^SETPORT:3: DIAG ^SETPORT:4: PCSC ^SETPORT:5: GPS ^SETPORT:6: GPS CONTROL ^SETPORT:7: NDIS ^SETPORT:16: NCM AT^SETPORT? - Display current configuration AT^GETPORTMODE - Display currently active mode AT^SETPORT = "A1, A2; 1,2,3,7, A1, A2" - Set default configuration AT^SETPORT = "A1, A2; 1,2,3,7" - Disable CD+SD after modeswitch (credits go to dd-wrt forums) About Mediatek models I have no information so per your suggestion I would try some AT inquiry commands

Best regards,

Antonio

Troubleshooter_73 · ‎08-19-2015

Antonio Milanese wrote:
Btw for the sake of knowledge on some recent huawei dongles AT^U2DIAG it's not implemented and you have to use AT^SETPORT ^SETPORT:A1: CDROM ^SETPORT:A2: SD ^SETPORT:A: BLUE TOOTH ^SETPORT:B: FINGER PRINT ^SETPORT:D: MMS ^SETPORT:E: PC VOICE ^SETPORT:1: MODEM ^SETPORT:2: PCUI ^SETPORT:3: DIAG ^SETPORT:4: PCSC ^SETPORT:5: GPS ^SETPORT:6: GPS CONTROL ^SETPORT:7: NDIS ^SETPORT:16: NCM AT^SETPORT? - Display current configuration AT^GETPORTMODE - Display currently active mode AT^SETPORT = "A1, A2; 1,2,3,7, A1, A2" - Set default configuration AT^SETPORT = "A1, A2; 1,2,3,7" - Disable CD+SD after modeswitch

Where do I have to execute these commands?

Directly by CLI at the Fortigate?

FCNSA 5, FCNSP 5, NSE 4

Troubleshooter_73 · ‎09-14-2015

I want to update this Topic, because we found the solution together with Fortinet Support:

Hardware:

Appliance: Fortigate 60D (the solution should be work with other models also, but we tested with 60D only...)

USB WAN Device: D-Link DWM-156

Config:

FGT60DXXXXXXXXXX (modem) # config system modem FGT60DXXXXXXXXXX (modem) # show config system modem set status enable set pin-init "AT+CPIN=\"5943\"" set mode redundant set dial-on-demand enable set redial 1 set interface "wan1" set phone1 "*99#" set username1 "vf" (only a Placeholder, the provider does not require username, but it should not empty in the config...) set passwd1 ENC ............................ (encoded Password of Provider here...) set extra-init1 "at+cfun=1;AT+CGDCONT=1,\"IP\",\"web.vodafone.de\"" (Vodafone Germany was the test provider) set distance 5 set priority 20 end

FGT60DXXXXXXXXXX # config system 3g-modem custom

FGT60DXXXXXXXXXX (custom) # edit 1

FGT60DXXXXXXXXXX (1) # show config system 3g-modem custom edit 1 set vendor "D-Link" set model "DWM-156" set vendor-id 2001 set product-id a706 set class-id 08 set init-string "inquire=1 msg=5553424312345678000000000000061b000000020000000000000000000000" (that was the issue!) next end

After create default Route for WAN1 with a Distance of 10 (cabled WAN access), set ECMP PING Server and created required Policies, everything works as expected.

Thanks to all for the suggestions and ideas!

FCNSA 5, FCNSP 5, NSE 4

Fortigate - Search for a real working USB 3G Solution

Nominate a Forum Post for Knowledge Article Creation