Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cryptochrome
New Contributor III

Created on ‎05-12-2016 06:16 AM

Getting 3G/4G USB Modem to work

Hi guys,

 

I am struggling to get a USB 3G/4G Modem (Huwaei E3276) to work. The FGT-51E does recognize the modem and I can set it up in a way that is starts dialling, but I never get a connection.

 

If I use the modem on my PC with the exact same settings (same APN, username and what have you), I have no issues. 

 

Has anyone ever gotten this to work?

 

Here is what I get in a debug output while the modem is dialling:

 

FGT51E3U16000385 # modemd: run_state_machine state 1(inactive)
modemd: Launch modem due to manual dial.
modemd: Begin dialing: redials left = 99999
modemd: dev=/dev/ttyusb0 tel=*99#
modemd: modem state changed: 1(inactive) -> 2(dialing)
chat: abort on (BUSY)
chat: abort on (NO DIAL TONE)
chat: abort on (NO DIALTONE)
chat: abort on (NO ANSWER)
chat: abort on (ERROR)
chat: send (atz^M)
chat: expect (OK)
chat: ^M
chat: ^RSSI:21^M
chat: ^M
chat: ^LTERSRP:-98,-7^M
chat: ^M
chat: ^RSSI:21^M
chat: ^M
chat: ^LTERSRP:-98,-7^M
chat: ^M
chat: ^RSSI:21^M
chat: ^M
chat: ^LTERSRP:-99,-8^M
chat: ^M
chat: ^RSSI:21^M
chat: ^M
chat: ^LTERSRP:-99,-7^M
chat: ^M
chat: ^RSSI:21^M
chat: ^M
chat: ^LTERSRP:-98,-7^M
chat: ^M
chat: ^RSSI:20^M
chat: ^M
chat: ^LTERSRP:-99,-6^M
chat: ^M
chat: ^RSSI:21^M
chat: ^M
chat: ^LTERSRP:-99,-7^M
chat: ^M
chat: ^RSSI:20^M
chat: ^M
chat: ^LTERSRP:-99,-6^M
chat: ^M
chat: ^RSSI:20^M
chat: ^M
chat: ^LTERSRP:-99,-7^M
chat: ^M
chat: ^RSSI:20^M
chat: ^M
chat: ^LTERSRP:-99,-7^M
chat: ^M
chat: ^RSSI:21^M
chat: ^M
chat: ^LTERSRP:-99,-7^M
chat: ^M
chat: ^RSSI:20^M
chat: ^M
chat: ^LTERSRP:-98,-6^M
chat: ^M
chat: ^RSSI:21^M
chat: ^M
chat: ^LTERSRP:-98,-7^M
chat: atz^M^M
chat: OK
chat: -- got it

chat: send (ath0^M)
chat: abort on (NO CARRIER)
chat: expect (OK)
chat: ^M
chat: ath0^M^M
chat: OK
chat: -- got it

chat: send (ats7=90^M)
chat: timeout set to 90 seconds
chat: expect (OK)
chat: ^M
chat: ats7=90^M^M
chat: OK
chat: -- got it

chat: send (AT+CGDCONT=1,"IP","internet.t-mobile"^M)
chat: expect (OK)
chat: ^M
chat: AT+CGDCONT=1,"IP","internet.t-mobile"^M^M
chat: OK
chat: -- got it

chat: send (atd*99#^M)
chat: expect (CONNECT)
chat: ^M
chat: atd*99#^M^M
chat: CONNECT
chat: -- got it

chat: send (^M)
modemd: modem_ppp_start:406 primary
SND: LCP Configure_Request id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 44F924EF] [Protocol_Field_Compression] [Address-and-Control-Field-Compression] 
modemd: run_state_machine state 2(dialing)
SND: LCP Configure_Request id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 44F924EF] [Protocol_Field_Compression] [Address-and-Control-Field-Compression] 
modemd: run_state_machine state 2(dialing)
SND: LCP Configure_Request id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 44F924EF] [Protocol_Field_Compression] [Address-and-Control-Field-Compression] 
modemd: run_state_machine state 2(dialing)
SND: LCP Configure_Request id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 44F924EF] [Protocol_Field_Compression] [Address-and-Control-Field-Compression] 
modemd: run_state_machine state 2(dialing)
get_cur_modem_info:1706 force=0 inited=1
get_cur_modem_info:1706 force=0 inited=1
SND: LCP Configure_Request id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 44F924EF] [Protocol_Field_Compression] [Address-and-Control-Field-Compression] 
modemd: run_state_machine state 2(dialing)
SND: LCP Configure_Request id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 44F924EF] [Protocol_Field_Compression] [Address-and-Control-Field-Compression] 
modemd: run_state_machine state 2(dialing)
SND: LCP Configure_Request id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 44F924EF] [Protocol_Field_Compression] [Address-and-Control-Field-Compression] 
modemd: run_state_machine state 2(dialing)
SND: LCP Configure_Request id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 44F924EF] [Protocol_Field_Compression] [Address-and-Control-Field-Compression] 
modemd: run_state_machine state 2(dialing)
SND: LCP Configure_Request id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 44F924EF] [Protocol_Field_Compression] [Address-and-Control-Field-Compression] 
modemd: run_state_machine state 2(dialing)
SND: LCP Configure_Request id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 44F924EF] [Protocol_Field_Compression] [Address-and-Control-Field-Compression] 
modemd: run_state_machine state 2(dialing)
LCP: timeout sending Config-Requests
Connection terminated.
modemd: run_state_machine state 2(dialing)
modemd: Unable to connect to remote server "*99#"
modemd: modem state changed: 2(dialing) -> 4(hangingup)
modemd: modem_ppp_stop:478 primary
modemd: redials:1 isp:0 dev:/dev/ttyusb0 tel:*99#
modemd: run_state_machine state 4(hangingup)
modemd: modem state changed: 4(hangingup) -> 0(uninit)
modemd: run_state_machine state 0(uninit)
modemd: modem state changed: 0(uninit) -> 1(inactive)
modemd: run_state_machine state 1(inactive)
modemd: run_state_machine state 1(inactive)
modemd: run_state_machine state 1(inactive)
modemd: run_state_machine state 1(inactive)
modemd: run_state_machine state 1(inactive)
modemd: run_state_machine state 1(inactive)
modemd: run_state_machine state 1(inactive)

 

FYI:

 

I am trying to connect to Deutsche Telekom's LTE network in Germany.

26678
0 Kudos
16 REPLIES 16
cryptochrome
New Contributor III
In response to cryptochrome

Created on ‎05-12-2016 11:05 AM

Ok, I tried setting the authtype individually, went through each of them, no change. 

 

Maybe it's struggling with the LCP compression? There is something about that in the logs.

 

 

2639
0 Kudos
cryptochrome
New Contributor III
In response to cryptochrome

Created on ‎05-14-2016 03:28 AM

Hi guys,

 

small update from me:

 

I was on the phone with Fortinet support. That someone has a lot of knowledge about the modem implementation in FortiOS and he agrees that it is far from perfect. He said they are working on improving it. Anyways, there is already a new setting (since 5.4 I believe) that is supposed to make life easier when it comes to USB based LTE modems:

 

    config system lte-modem

 

Apparently in most cases (that's what they say) it is enough to simply enable this (set status enable) and the system will go ahead and read the modem's config and establish a connection, all "automagic". If "automagic" doesn't work, you can fine tune things and set APN etc. - which is slightly easier than the legacy modem config.

 

I still wasn't able to get it to work with this lte-modem config because in my particular case, the modem's firmware I have is very old and known to have problems with FortiGate. They instructed me to update the modem's firmware and also advised that I configure the modem from a PC before I plug it into the FG. What this will do is set the modem up as an additional router and the FG will get an IP address assigned from it when plugged in. I didn't have a chance yet to do this, but thought I'll let you know that this new option exists. I'll be back with more info once I've upgraded the firmware.

 

 

2639
0 Kudos
Itguy
New Contributor
In response to cryptochrome

Created on ‎05-16-2016 11:32 AM

Seems like what I told you is coming true.

 

Best advice - give it up right now, and order a cradlepoint dock for the USB modem. You'll likely never get them to work right when directly plugged into a Fortinet. This is one of the worst aspects of the Fortinet.

 

Trust me.. We tried 30 different modems. 5 different Fortigate units, and couldn't fully troubleshoot them. We have nearly 1000 Fortigates deployed, and the ones that need USB Modem backups, rely on Cradles. We've found no other reasonable way to do it. Firmware updates won't help, we did dozens of those.

2639
0 Kudos
cryptochrome
New Contributor III
In response to Itguy

Created on ‎05-16-2016 11:35 AM

I'll give this exactly one shot (upgrading the firmware) and if it doesn't work, I'll follow your advice :)

2639
0 Kudos
RD5
New Contributor
In response to cryptochrome

Created on ‎06-14-2016 06:47 AM

Had the same issue with an ATT modem that was on the supported list.  Two things had to be done;

Firmware update to enable LINUX support on the MODEM, got it directly from NETGEAR and had to run it on a Win7 machine.

Then we had to modify the modem config( I believe it was the set wireless-port 2 that made it work);

config system modem

    set status enable

    set dial-on-demand enable

    set redial 3

    set wireless-port 2

    set phone1 "*99***1#"

    set extra-init1 "AT+CGDCONT=1,\"IP\",\"Broadband\""

    set altmode disable

    set distance 10

    set priority 10

end

2639
0 Kudos
NeilG
Contributor
In response to Itguy

Created on ‎01-28-2017 02:00 PM

What specific Cradlepoint device do you use to get 4G cellular data to work with a Fortigate?

 

What is Fortigate Model and Version?

 

I am guessing that as far as the fortigate is concerned its not a modem, just a slow WAN link?

 

Thanks!

-Neil

2639
0 Kudos
RD5
New Contributor
In response to NeilG

Created on ‎01-31-2017 06:52 AM

We use a Sierra - AC340U which we got from AT&T and use it with our 92D's.  They all run version 5.4 or above.  I don't think the 4G is officially supported by Fortinet but the dial string for 4G does work.  Yes it is a really slow dynamic WAN link but it is okay in some environments.  

2639
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.