#config system lte-modem2) Check that LTE interface is created
set status enable
end
#config system interface
edit "wwan"
set vdom "root"
set mode dhcp
set status down
set distance 1
set type physical
set snmp-index 23
next
end
Shortly after LTE modem joins carriers's network, wwan will be enabled and granted direct IP:
FortiGate-600D # config system interface
FortiGate-600D (interface) # edit wwan
FortiGate-600D (wwan) # get
name : wwan
....
ip : 100.112.75.43 255.255.255.248
....
status : up
....
defaultgw : enable
DHCP Gateway : 100.112.75.41
Lease Expires : Thu Feb 21 19:33:27 2019
dns-server-override : enable
Acquired DNS1 : 184.151.118.254
Acquired DNS2 : 70.28.245.227
....
PC can reach internet via the following firewall policy:
config firewall policy
....
edit 5
set name "LTE"
set uuid 61880e9a-36ce-51e9-a4f4-15cc3ffc25f3
set srcintf "port9"
set dstintf "wwan"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set fsso disable
set nat enable
next
end
With LTE modem enabled, use the GUI to view the LTE interface and check the acquired IP, DNS, and gateway:It's possible to configure the firewall policy that utilizes this LTE interface:Limitations:- Most LTE modems have a preset APN in the SIM card.As a result, the APN doesn't need to be set in FortiOS configuration. In cases the Internet cannot be accessed, consult with the carrier about APN (for example, inet.bell.ca) and set the APN in LTE modem configuration.#config system lte-modem- Some FortiGate units have built-in LTE modems, such as the FortiGate-30E-3G4G. This type of FortiGate has LTE modem enabled by default.
set status enable
set apn "inet.bell.ca"
endFirewall policy via LTE interface is also created by default. After the user plugs in a SIM card, the user's network devices can reach the Internet.
FWF-30E-3G4G default configuration:#config system lte-modem
set status enable
set extra-init ''
set manual-handover disable
set force-wireless-profile 0
set authtype none
set apn ''
set modem-port 255
set network-type auto
set auto-connect disable
set gpsd-enabled disable
set data-usage-tracking disable
set gps-port 255
end
#config firewall policy
....
edit 3
set uuid f7c77cc6-36d1-51e9-2899-a7040791330c
set srcintf "internal"
set dstintf "wwan"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.