Created on 03-15-2020 03:48 AM Edited on 11-08-2023 03:03 AM By Jean-Philippe_P
Description
This article describes how to configure a custom APN on the Fortigate 3G4G appliances.
Scope
FortiGate 3G4G (with lte-modem integrated module).
Solution
By default, the APN is undefined in the configuration which means the modem will match available networks it discovers from its automatic network scan against the wireless profile list. Some providers require users to configure the access point name (APN) for the LTE network on the FortiGate.
config system lte-modem
set status enable
set apn internet.telekom
set username telekom
set passwd telekom
end
For Vodafone UK:
config system lte-modem
set status enable
set authtype pap
set apn wap.vodafone.co.uk
set username wap
set passwd wap
end
Once an APN is set, the LTE modem will only connect to the wireless network with the specific APN. FortiGate matches the wireless profile from top to bottom and uses the first match on the list. If it is missing or not configured, this needs to be completed in order for the device to work.
If the sim has a PIN defined, this can be defined under Fortigate as follows:
config system lte-modem
set extra-init "pin-init AT+CPIN=8664"
end
Note that the value 8664 is just an example PIN code and needs to be replaced with the original PIN code.
The profile creation looks like this:
execute lte-modem wireless-profile create
{name} <----- Wireless profile name 1 to 16 characters.
(0, 1) <----- Wireless profile type.
0 - <----- 3GPP .
1 - <----- 3GPP2
(0 - 4) <-----Wireless profile PDP type.
0 - <----- IPV4.
1 - <----- PPP.
2 - <----- IPV6.
3 - <----- IPV4V6.
{name} <----- Wireless profile APN name 0 to 32 characters.
(0 - 3) <----- Wireless profile authentication type.
0 - <----- None.
1 - <----- PAP.
2 - <----- CHAP.
3 - <----- PAP and CHAP.
{name}|{Enter} <----- Wireless profile user Name 1 to 32 characters, or <Enter> if authentication is none.
{password} <----- Wireless profile password 1 to 32 characters.
The wireless profile can also be modified with the following command:
execute lte-modem wireless-profile modify < Wireless profile ID> < Wireless profile name> < Wireless profile type> < Wireless profile PDP type> < APN name> < authentication type>
When creating the profile, note that the command will be entered in one line.
There is always a help option available to use ‘?’ for the next commands.
Take the following example of Deutsche Telekom (source: APN Settings:(
apn: internet.telekom.
user: telekom.
password: telekom.
The command looks like the following:
execute lte-modem wireless-profile create DT-Internet 0 0 internet.telekom 3 telekom telekom
To verify the entry, check the wireless profile list.
execute lte-modem wireless-profile list
ID Type Name APN PDP_Type Authen Username
1 0 3 0
2 0 DT-Internet internet.telekom 3 1 telekom
To confirm if the APN has been set and matched, run the following command:
execute lte-modem wireless-profile test
If there is no error code, the wireless profile is matched.
Take the following example of Vodafone UK:
execute lte-modem wireless-profile list
ID Type Name APN PDP_Type Authen Username
1 0 3 0
When planning to change the SIM card later, then leave profile ID 1 untouched and create a new profile or modify profile 1.
execute lte-modem wireless-profile modify 1 "VodafoneUK" 0 0 wap.vodafone.co.uk 1 wap wap
execute lte-modem wireless-profile list
ID Type Name APN PDP_Type Authen Username Passwd
1 0 VodafoneUK wap.vodafone.co.uk 0 0 wap wap
If it is desired to keep the default profile and create a new one under it, execute the following:
execute lte-modem wireless-profile create 2 "VodafoneUK" 0 0 wap.vodafone.co.uk 1 wap wap
execute lte-modem wireless-profile list
ID Type Name APN PDP_Type Authen Username Passwd
1 0 3 0
2 0 VodafoneUK wap.vodafone.co.uk 0 0 wap wap
In cases where the default profile is getting matched, the wireless profiles can be deleted as well.
execute lte-modem wireless-profile delete <ID>
Useful Troubleshooting Commands:
diagnose sys lte-modem sim-info <----- Shows LTE Modem SIM card information.
diagnose sys application lted ? <----- Shows several options such as IMEI, Model, Manufacturer, SIM status, etc.
diagnose sys lte-modem modem-details <----- Shows LTE Modem detailed information.
diagnose sys lte-modem data-session-info <----- Shows LTE Modem data session information.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.