FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
snowman_FTNT
Staff
Staff
Article Id 189747
Description
This article describes the steps to configure a USB modem to act as a redundant interface in the case of WAN link failure. It includes configuration steps and a short list of troubleshooting commands.

Scope
All FortiGates with USB port.

Solution
CLI configuration

1. Enable and configure modem with related parameters like phone number, username, password or init string and set it  to redundant mode towards WAN1 interface.

config system modem
    set status enable
    set phone1 "*99***1#"
    set username1 "username from provider"
    set passwd1 "password given by provider"
    set init-string "Specific_modem_init_string"
    set mode redundant
    set interface "wan1"
    set distance 50
end


2. Configure link monitor if FortiOS 5.2 is used or gw-detect for FortiOS 5.0 to monitor WAN1 interface.

config system link-monitor     (if FortiOS 5.2 is used)
    edit "WAN1"
        set srcintf "wan1"
        set server "8.8.8.8"
    next
end
config router gwdetect          (if FortiOS 5.0 is used)
    edit 1
        set interface "wan1"
        set server "8.8.8.8"
    next
end


Verification of Configuration and troubleshooting

1. Verify if modem is correctly detected and recognized by FortiGate.

# diagnose sys modem detect
modem is attached.
dialtone is detected.

# diagnose sys modem external-modem
External modem vendor: Huawei
External modem model : E1692


2. Check link-monitor (gwdetect) status for monitored interface.

# diag sys link-monitor status
Link Monitor: 1 Status: alive Create time: Wed Feb 11 00:28:08 2015
Source interface: wan1 (5)
Interval: 5, Timeout 1
Fail times: 0/5
Send times: 0
  Peer: 8.8.8.8(8.8.8.8)
        Source IP(192.168.196.82)
        Route: 192.168.196.82->8.8.8.8/32, gwy(192.168.196.254)
    protocol: ping, state: alive


3. Check that correct default routing via WAN1 is used.

FWF60C3G12006121 # get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       > - selected route, * - FIB route, p - stale info

S    *> 0.0.0.0/0 [5/0] via 192.168.196.254, wan1
C    *> 192.168.1.0/24 is directly connected, lan
C    *> 192.168.196.0/24 is directly connected, wan1


4. Once link-monitor registers that monitored interface is down modem is initiated and redundant connection will take place.

# diag sys link-monitor status

Link Monitor: 1 Status: die Create time: Wed Feb 11 00:28:08 2015
Source interface: wan1 (5)
Interval: 5, Timeout 1
Fail times: 1/5
Send times: 1
  Peer: 8.8.8.8(8.8.8.8)
        Source IP(192.168.196.82)
        Route: 192.168.196.82->8.8.8.8/32, gwy(192.168.196.254)
    protocol: ping, state: die


FWF60C3G12006121# get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       > - selected route, * - FIB route, p - stale info

S   *>  0.0.0.0/0 [50/0] via 10.64.64.64, modem 
S          0.0.0.0/0 [5/0] via 192.168.196.254, wan1 inactive
C    *> 10.37.34.7/32 is directly connected, modem
C    *> 10.64.64.64/32 is directly connected, modem


Troubleshooting commands

# get router info routing-table database
# diag sys link-monitor status
# diag sys modem history

# diag debug application modemd -1
# diag deb app ppp -1

#diag sys modem cmd {AT-command>



Contributors