Configuring Modems on the FortiGate

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

Overview

This modem configuration document is a reference for system engineers who need help configuring USB modems with the FortiGate. It will also provide specific examples to help you custom configure an unsupported USB modem. There is a lot of confusion on this subject since the configuration of each USB modem varies greatly, and this guide will walk you through modem concepts, troubleshooting tips, and further steps.

The following concepts will be covered:

  • How these commands really work: config system modem, config system 3g-modem custom, and config system lte-modem.
  • Modem modeswitch
  • The differences between modem and lte-modem
  • Standard procedures for deploying new modems on the FortiGate
  • Troubleshooting tips

This document will help you classify all modem related issues and make sure that when you escalate to the development team that you have something only they are able to resolve.

Note: A USB modem doesn’t only mean the USB sticks plugged into the USB port on FortiGates. Some newer FortiGate models, like the 30E-3G4G include a built-in modem module installed on an internal USB port, and they are also considered USB modems.

The information in this article is based on Julian Zhong’s “A Guide for Modem Configuration On FortiGate” based on commonly asked questions about modem configuration.

Modem, 3G Modem and LTE Modem

There are three modes that look like they are related to USB modem configuration, but in actual fact these modes  Modem, 3G Modem and LTE Modem — are often not understood correctly.

Misconceptions about the terms

There are several misconceptions surrounding these three modes: Modem, 3G-Modem, and LTE-Modem. Modem appears to be configuration for all USB modems, but it is not. Similarly, 3g-modem is not limited to 3G modems. LTE-modem can also connect to a 3G network. Although these commands may cause some confusion, they are legacy terms in FortiOS, and by defining them clearly, there’s no need to change the terms. 

It’s important to understand what’s going on inside a USB modem. There are two parts of hardware: front-end and back-end. The front-end runs UMTS, HRPD, LTE or similar languages. The backend runs PPP or an Ethernet-like protocol to talk to the host. During the 3G modem era, the mainstream technology used in the backend was PPP protocol.  Later 4G and LTE technology came into play and modem companies added LTE capable hardware in the front-end, but often the newer LTE modems still inherited the same PPP backend.

Now LTE has dominated the wireless network, a PPP backend for the modems has become a bottleneck. It is not efficient enough and it’s not sophisticated either. Some USB communication specs similar to Ethernet that have been developed in recent years, like EEM, ECM, NCM, MBIM are mostly paired with LTE technology to make the current generation of LTE modems.

Config System Modem

In fact, the mode system modem should be called PPP modem to be more accurate, as it has nothing to do with 3G or LTE.

Config system lte-modem

Configurations under this mode are sent to modems with Ethernet-like backend interfaces. Sometimes we will need the 3g-modem settings to do modeswitch for us. 

Preliminary Knowledge

USB Modems

Wireless modems up until now have mostly been USB modems, but why USB modems? Because wireless modems are complex, and they are not born as part of the standard computer hardware. The USB interface is simple, powerful, and flexible. It has been a standard PC interface for so long that when we pair a wireless modem with a USB interface, it becomes a peripheral which can be easily used on all PCs with a USB interface. Besides this, many communication protocols based on CDC 1.2 (Communication Device class) have been developed, which provide industrial standards for wireless communication devices, which is why we only need to talk about USB modems here.

Modem Ports

Almost all the USB modems have a modem port. As we’ve observed, only some of the CDC Ethernet or rndis_host modems don’t have it. To identify a modem port, send an AT command ati, which all the modem ports support, to it. If it echoes back the modem information, then you know it’s a modem port.

 

Mode Switch

The most popular PC operating system is Windows, and in order for a USB modem to work on a Windows PC, the device driver and modem utilities have to be installed first. Since some of the modem users might not have a preexisting Internet connection (otherwise why would they want a USB modem?), and they might not be able to download the drivers and utilities. This renders the USB modems useless. Luckily, mode switch provided a solution to this problem. It is implemented on many USB modems, but not all.

When a USB modem with mode switch implemented is plugged into a PC’s USB port, it appears to be a USB storage device first, the device driver and modem utilities can be installed from the storage device. After installation, when we run the modem utility, it first sends USB messages to the modem, which causes the storage device to switch into a USB modem device, and the switch is called mode switch. Different modems have different mode switch messages, and it is impossible to have all the mode switch messages stored in a FortiOS image, so if the mode switch message can’t be found, you can manually configure it using the config system 3g-modem custom command. You can also find a configuration example later on in the Configuring Mode Switching section.

Modem Protocols

For PPP modems, standard PPP is the way to go, and we won’t be expanding on this topic here.

For modems using Ethernet-like protocols, FortiOS now supports the following:

  • CDCEther
  • cdc_ether
    • They are in fact the same, in our kernal 2.4 products the driver’s name is CDCEther, in kernal 3.2 products it is cdc_ether.
  • sierra_net
    • Drivers for some of the older Sierra wireless models, like 313U, 320U and etc. They were all sold to Netgear later, and almost all the Netgear branded modems run the sierra_net driver.
  • cdc_ncm
  • huawei_cdc_ncm
    • NCM protocol is widely adopted by Huawei modems, and some modems from other vendors might also run the cdc_ncm protocol. huawei_cdc_ncm is a customized NCM protocol by Huawei, and we only support it in kernel 3.2 products.
  • GobiNet
  • GobiNet driver is a Qualcomm protocol, for now and I have only met with Netgear (Sierra Wireless) 341U modem, which uses this protocol.
  • qmi_wwan
    • This is a mature and widely used protocol on the current market, as the main stream qualcomm wireless chips are quipped with software stack for this protocol.
  • rndis_host
    • This is a protocol similar as cdc_ether, and it is supported in the 5.4.4, the 5.6 beta and the 5.8 releases support rndis_host devices on both kernel 2.4 and kernel 3.2 products.

Single Instance

If we are running modems with the protocol listed in the previous section, keep in mind that we only support a single instance of these modems. It is limited by the software, and this may be improved upon in the future.

We can still have multiple USB modems running at the same time, as long as only one modem running the protocols is present, and the other modems are PPP modems.

Configuring a USB Modem

Check Devfs

USB devfs are disabled by default in the latest Linux kernel releases, and instead the information is put into sysfs. At least it is a compact form of USB device.

From the output, we can see there’s a Sierra Wireless EM7355 modem on Bus 4, under the root hub, the device number is 5, and it is on the USB 3.0 bus but running at USB 2.0 speed.

There are some important parameters we need to pay attention to:

Tag Meaning Notes
T: Topology This line shows the position of the device in the USB tree topology.
D: Device descriptor Each USB device has a device descriptor. It includes all the lines after this tag.
B: Bandwidth descriptor
#Cfgs Number of configurations Each USB device has one or more configurations, but only one is active.
C: Configuration descriptor The active configuration has a star symbol, * , to the right.
I: Interface descriptor The * symbol means the interface descriptor is active.
#Ifs Number of Interfaces A USB configuration includes one or more USB interface descriptors.
Cfg# Index of configuration descriptor
Alt Alternative interface descriptor ID Each USB interface under a USB configuration may have multiple alternative interface descriptors, but only one is active.
#EPs Number of endpoints Each USB interface consists of several USB endpoints.
Cls, Sub, Prot

Interface class

Interface sub class

Interface protocol

These are important elements in CDC definitions.
Driver=  USB interface driver Each USB interface binds to a specific USB driver if supported by the host, otherwise it means the host doesn’t know this device, it shows (None).
Ad= Address of the USB endpoint  Each USB device can have up to 30 endpoints, 0 is reserved as control endpoint, the other endpoints are addressed from 1-15 and direction in or out.
(I) and (O) Direction of the endpoint In or Out.
Int/Bulk/Isoc/Ctrl Type of Endpoint Interrupt, Bulk, Isochronous, Control, four types of endpoints.

After checking devfs, we find out that we have a Sierra Wireless EM7355 modem attached to our device, and it seems our kernel fully understands how this modem works.

Now on to another example:

 

After we insert a Dlink DWR-910 modem into the same device, we found an additional USB descriptor. The vendor ID is 0x2001, the Product ID is 0xa40d, it shows up as a storage device. As we have mentioned in the previous chapter, it seems to be a device which needs a mode switch, we will now show you how we can do a mode switch.

Configuring Mode Switching

What does mode switch do?

Now that we’ve found a USB modem that shows up in the system as a storage device, we need to do a mode switch to turn it into a USB modem. There’s a famous website that lists all the mode switch utilities and all current popular Linux releases are from the website: www.drasberghof.de/usb_modeswitch/. If you want to dig deeper on this topic it’s definitely worth spending some time on this site.

A handy way to find out how to mode switch a modem is to install the usb_modeswitch utility from the website on your LInux PC, and try it first. I won’t go into the full details of how to do this in this article, but here’s a brief screenshot of how to find the message you’ll need to send into the modem to get it to mode switch.

Note: Fedora 20 and mode switch v 2.4 were used in this example.

The database of the mode switch messages can be found here:

The two parts of hex strings are the Vendor ID and Product ID of the USB storage devices. Let’s look at an example:

It is a Huawei modem, the original Product ID is 1031, after the switch it should become 1035, and the USB message we should send to the modem is the value of “MessageContent”, which is a long hex string.

For the Dlink-DWR-910 modem, we get a slightly different response:

We should get a a final Product ID of 7e38, but it is asking us to perform a “standard eject” instead of giving us a string (like in the previous example). Now we’ll look at the source code of usb_modeswitch. We’ll leave out the procedures, but just provide the result below. A standard eject equals to send two messages into the modem, and these messages are: 

  • 5553424312345678000000000001061e000000000000000000000000000000
  • 5553424312345679000000000001061b000000020000000000000000000000

Now, it is time to switch this modem on our device.

Mode Switch a Modem in FortiOS

Mode Switch is done in mode system 3g-modem custom. For example:

Please notice, if you have multiple entries for a same modem in the configuration, you should have the keyword “inquire=1” in the “init-string” command. If there’s only one entry, it is not needed. The multiple entries will be executed in the order as displayed, please do not change it.

One thing that it’s important to remember is that you need to either enable the modem daemon or LTE modem daemon to make the mode switch work. You need to enter the following:

Or enter:

After the mode switch we’ll find a new USB device:

Now the DWR-910 modem is switched into a device running the rndis_host driver. Furthermore, we can see this device has two configurations, the first is an rndis_host device, and the second configuration is not active, thus the interfaces are not identified by the Linux kernel. An advanced USB developer can identify that it’s a cdc_ether device, because the interface 0 of configuration 2 has class=2, subclass=6, and protocol=0, also the interface 1 has class=a, subclass=0 and protocol=0.

Does Our Kernel Fully Recognize the Modem?

Before doing anything else, we need to confirm that our kernel knows what kind of device it is dealing with, otherwise it is impossible to make the modem work. Let’s take a look at a few different modems that we have on hand as samples.

Dlink DWR-910

As we can see the active configuration has two interfaces forming a rndis_host interface union. (We won’t be expanding on this here, as you can easily find more resources online about rndis_host).

Sierra Wireless EM7355

As you’ve seen in previous configurations, the EM7355 has has 3 qcserial interfaces as serial ports, and a qmi_wwan interface. We believe our kernel knows this modem, too.

ZTE MF823

After applying the same mode switch settings, the modem switches to from an unknown storage device, to a cdc_ether device.

Sierra Wireless 340U

Take a good look at the interface driver sierra, a proprietary serial protocol by Sierra Wireless:

Notice that this device doesn’t have any Ethernet-like interfaces, like we’ve talked about in earlier sections. It’s a PPP modem, and so we should set the modem configuration in mode system modem but not system lte-modem.

The modem port is /dev/ttyusb1, and in modem configuration we should set the wireless port to 2, because the modem daemon counts from 1, port 1 means ttyusb0. In mode system lte-modem if we want to set the modem port, we set the port index to 1, because we count from 0.

Sierra Wireless 313U

Take a look at the Sierra Wireless 313U below.

The first 5 interfaces are identified as serial interfaces which use the sierra driver, the last interface is a sierra_net interface, and it is an Ethernet-like interface, supported by our LTE daemon.

Novatel U551L

Now let’s take a look at the Novatel U551L:

It is a cdc_ether device, the last two interfaces form a cdc_ether union, and it is supported by our LTE daemon too. The first 4 interfaces are identified as serial ports which use the option driver.

Identify the Modem Port

After we make sure that our kernel supports our USB modem, the next thing to do is to find out whether this modem has a modem port, or what the index of the modem port is.

The easiest and most reliable way to find out the modem port is to use the command: diagnose sys modem com /dev/ttyusbX.

Unlike the official Linux kernel, we don’t name the USB serial ports /dev/ttyUSBX, instead we use all lowercase. It should look like the example below:

It’s clear that the modem port here is /dev/ttyusb1.

Now, if you find out that the modem you are trying to deploy is a PPP modem, then just stop reading here, and go find an older modem configuration manual for help. If the modem is not a PPP modem then continue to follow the instructions below.

Is the LTE Modem Interface identified?

An easy way to test this is to use ifconfig.

Before checking this, you need to remove configurations in mode “system modem”, and if you are aware that we entered those lines hoping to make this particular modem work, then you need to enable the LTE modem daemon, as well.

On a modem with an internal LTE modem module, it doesn’t show this line because enable is the default value.

Now it’s time to run ifconfig

You can modify the Linux kernel source code, to rename the non-PPP modem network interface to wwan, and in old FortiOS versions, usb-wan. You’ll only allow one interface like this for now, and if you plug two non-PPP modems into one FortiGate at the same time, we don’t guarantee what happens.

From the screenshot, we can see the interface exists, and it seems to be working properly, although it hasn’t received an IP address yet because we don’t have a SIM card in it.

Further Debugging

Now enter get system interface to check if you can get an IP on the LTE modem interface:

If your result is similar to the image above, and you aren’t having any luck in getting an IP address try the following:

  1. Make sure your device has a modem port
  2. Enter the following commands:

3. Next, set debug mask to 31, which enables debug levels 0, 1, 2, 4, 8, 16.

4. Enter diagnose test application lted 1 to check the modem info.

If you see the error message “failed to read_modem_device” then the modem port may not be set correctly. It’s possible that you might have other USB devices plugged into the USB port, and there’s also a USB serial port on the external USB devices, which disrupts the default USB serial port order. This may cause the modem to fail.

Check the LTE modem configuration again, to see if the FortiGate is now using the new modem port that you switched it to, Port 3, instead of the default Port 0. 

 

Change it back and you should see the result below:

Now the modem port is working, as you can see below:

It’s still not connected, so what can we do?

First, you can run these diagnose tests:

Oh, we get a “SIM ERROR” and that means we should check the SIM card slot to make sure a SIM card is plugged in.

Still not working?

If you have reached this far, and it still doesn’t work, please contact Fortinet Support.

List of the Current Supported LTE Modems

 

Vendor ID Product ID Modem Notes
1410 B001 Novatel U551L  
1410 9010 Novatel E362 Internal modem only in 60D 3G4G units
1410 7031 Novatel MC679  
1410 7031 Novatel MC679  
1fac 0205 Franklin USB602  
0f3d 68aa Sierra Wireless 313U  
12d1 1575 Huawei K5150  
12d1 1576 Huawei K4201  
19d2 1405 ZTE MF667  
12d1 1506 Huawei E3276  
cdc_ether     If you see a cdc_ether or CDCEther device without a modem port, that device is supported.
rndis_host     IF you see an rndis_host device without a modem port, that device is supported.
1199 9041 Sierra Wireless EM7355 Internal modem in 30E 3G4G units
 1199  68c0  Sierra Wireless EM7355 Internal modem in 30E 3G4G units
 1199  9071  Sierra Wireless EM7455 Internal modem in 30E 3G4G units

Resources

You may be interested in checking out the following resources:

 

 
Kayla Robinson

Kayla Robinson

Technical Writer at Fortinet
Kayla Robinson works in Ottawa as part of Fortinet's Technical Documentation and New Media team. With a Bachelor's degree from Carleton, and a graduate certificate in Technical Writing from Algonquin College, she enjoys creating FortiOS Cookbook videos.
Kayla Robinson

Latest posts by Kayla Robinson (see all)

  • Was this helpful?
  • Yes   No