Fortinet FortiGate-FortiWiFi User manual
FortiGate-FortiWiFi - 3G4G LTE Modem Operator's
Manual
Version 5.0
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com
FORTINET VIDEO GUIDE
https://video.fortinet.com
FORTINET BLOG
https://blog.fortinet.com
CUSTOMER SERVICE & SUPPORT
https://support.fortinet.com
FORTINET TRAINING & CERTIFICATION PROGRAM
https://www.fortinet.com/support-and-training/training.html
NSE INSTITUTE
https://training.fortinet.com
FORTIGUARD CENTER
https://fortiguard.com/
END USER LICENSE AGREEMENT
https://www.fortinet.com/doc/legal/EULA.pdf
FEEDBACK
Email: techdoc@fortinet.com
April 19, 2021
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual
TABLEOFCONTENTS
Introduction 6
FortiGate/FortiWiFi variant LTE feature matrix 7
4G/3G handover 8
Band restriction 8
LTE modem firmware upgrade 8
LTE modem firmware scheduled upgrade 8
Modem firmware auto switch 8
Carrier modem firmware selection 8
GPS 9
Dual SIM 9
SIM card hot-swap 9
Dual SIM LED 9
Billing data 9
Wireless profile configuration 9
Data usage tracking 9
SIM PLMN code lock 10
Installation 11
Hardware installation 11
Check LTE Modem Driver Status and AT command interface 11
Check Modem Status 13
Use LTE Service 15
Configuration 17
Configure the modem from FortiGate GUI 17
Configure the modem from FortiGate Console 18
Connect your server to FortiGate 18
Create wireless profiles 20
Configure the LTE modem 21
set status 22
set extra-init 22
set manual-handover 22
set apn 23
set force-wireless-profile 23
set authtype 23
set network-type 24
set modem-port 24
set auto-connect 25
set gps-service 25
set data-usage-tracking 26
set billing-date 26
set data-limit 26
set gps-port 27
set band-restrictions 27
set image-preference 27
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 3
Fortinet Technologies Inc.
set allow-modify-wireless-profile-table 28
set sim-hot-swap 28
set connection-hot-swap 28
set sim-slot 29
set sim-lock-passcode 29
diagnose sys lte-modem 31
diagnose sys_lte-modem traffic-status 31
diagnose sys lte-modem modem-details 31
diagnose sys lte-modem sim-info 32
diagnose sys lte-modem signal-info 32
diagnose sys lte-modem data-session-info 34
diagnose sys lte-modem GPS-info 35
diagnose sys lte-modem data-usage 35
execute lte-modem 36
execute lte-modem cold-reboot 36
execute lte-modem purge-billing-data 36
execute lte-modem power-off 36
execute lte-modem power-on 37
execute lte-modem reboot 37
execute lte-modem set-operation-mode 37
execute lte-modem wireless-profile-list 37
execute lte-modem wireless-profile create 38
execute lte-modem wireless-profile modify 39
execute lte-modem wireless-profile delete 40
Upgrade modem firmware 41
Diagnostic test commands 42
Show device information 42
Show data session connection status 42
Connect and disconnect the modem 43
Show signal strength 43
Show IP address of the modem 44
Show IPaddress and DNS server 44
Show SIMcard status 44
Internal debugging commands 45
Get modem ID 45
Get ICCID 45
Get firmware preference 45
Recover firmware preference 46
Set internal USB configuration 46
Get stored images 46
Get MSISDN 48
Check SIM card state 48
Check RF band information 48
Get RF band capacity 48
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 4
Fortinet Technologies Inc.
Get GPS satellite information 49
MIBs 50
Download MIBfiles 50
Enable SNMP support 50
Create SNMPcommunity 51
Allow SNMPaccess 52
Configure a MIBbrowser 53
Browse for internal LTE modem MIBentries 54
Drill down to MIBentries 56
Syslog 57
LTEmodem daemon debugging 58
Data usage tracking 58
Wireless module debugging 58
Connection troubleshooting 60
Known issues 60
"QMI_UIM_CARD_STATE_ERROR" 60
No location information for 30E-GBL 60
“execute sys lte-modem” commands fail to work 60
Unable to establish LTE connection after upgrading to FOS 6.2.5 61
“diagnose lte-modem sim-info” shows erroneous information 61
“diagnose lte-modem sim-info” shows mixed SIM card info 61
Carrier-provided SIM cards unable to establish LTE connection 61
LTE data connectivity and connection stability 62
SIM card validity 62
Device registration 63
LTE network registration 63
LTE modem signal reception 64
LTE hardware integrity 64
LTE modem firmware carrier match 64
Wireless profile, APNconfiguration 64
FortiGate hardware integrity 64
FortiOS software integrity 65
Enable Verizon 3G/4G service 66
Activate Verizon SIM card 66
Activate Verizon static IP SIM card 66
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 5
Fortinet Technologies Inc.
Introduction
Introduction
The FortiGate/FortiWiFi 30E-3G4G devices come with a built-in 3G/4G LTE modem to provide additional Internet
connection and/or redundant WAN link for its customers.
This Manual discusses how to configure the built-in LTE modem as the Internet access interface. It must be noted that,
to provide Internet connections to the end devices on your network through the LAN ports, the devices must operate in
NAT mode; it does not work in transparent mode. The term "LTE modem" means an LTE-capable modem. It does not
mean that the modem is only able to work in LTE mode.
This Manual covers the configuration of the internal LTE modem only. For configuration of the other features of your
FortiGate/FortiWiFi devices, refer to the latest FortiGate/FortiOS documentation and FortiWiFi documentation.
We strongly recommend against putting any USB modem into the external USB port because it might confuse the
system and cause the built-in LTEmodem to malfunction. On the other hand, if you clearly understand what you are
doing, you can put a USB modem running the PPP protocol in the external USB port.
This Manual is based on FortiOS 6.0.6 GA release for FortiGate 30E GBL, unless further acknowledged. It is prepared
for technical staff of Fortinet Inc. and customers of FortiGate 30E and FortiWiFi 30E devices with the integrated 3G/4G
LTEmodem.
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 6
Fortinet Technologies Inc.
FortiGate/FortiWiFi variant LTE feature matrix
FortiGate/FortiWiFi variant LTE feature matrix
FortiGate and FortiWiFi have different models with different Sierra LTE modems. So the LTE features may vary with
the models of FortiGate or FortiWiFi appliances. The table below highlights the LTEfeatures supported on various
FortiGate and FortiWiFi models.
Features FortiGate/FortiWiFi Models
FGT/FWF-30E-
NAM
FGT/FWF-30E-
INTL
FGT/FWF-30E-
GBL
FGT/FWF-4xF-
3G4G
FGTRugged-
60F-3G4G
FWF-80F-2R-
3G4G-DSL
(NPI phase)
FWF-81F-2R-
3G4G-DSL
(NPI phase)
Modem Sierra EM7355 Sierra EM7355 Sierra EM7565 Sierra EM7565 Sierra EM7565 Sierra EM7565 Sierra
EM7565
4G LTE x x x x x x x
3G x x x x x x x
4G/3G handover x x x x x x x
Band restriction x x x x x x x
Modem firmware
upgrade
x x x x x x x
Scheduled firmware
upgrade
x x x x x
Firmware auto-
switching
x x x x x
Carrier firmware
selection
x x x x x
GPS x x x x
Dual SIM card x x x x
SIM card auto-
switching
x x x x
Dual SIM LED x
Billing data x x x x x x x
Wireless profile
configuration
x x x x x x x
Data usage
tracking
x x x x x x x
SIM PLMN code
lock
x x x x x
This Manual is written based on FortiGate-30E-3G4G-GBL.
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 7
Fortinet Technologies Inc.
FortiGate/FortiWiFi variant LTE feature matrix
The following paragraphs explain what the aforementioned parameters mean.
4G/3G handover
Our LTE modems support both 4G and 3G connectivity. Because LTE connection is always preferred, the modem will
try to switch back to the LTE network whenever the signal is strong enough. Although handover to an LTE network is the
default, this behavior is not very explicit sometimes. To make sure the modem always switch back to the LTE network in
a prompt manner, FortiOS has the “manual-handover” option which, once enabled, will constantly scanning available
LTE signal and send a request to the modem to switch to the LTE network instead of waiting for that modem to act.
Band restriction
You are able to select the allowed radio bands for 3G and LTE services.
LTE modem firmware upgrade
Although the modem is preloaded with firmware for different carriers across the globe, FortiOS supports LTE modem
firmware upgrade to meet our customers' needs. You can upgrade your LTE modem either locally or remotely, with local
method such as usb/tftp transfer or download it from FortiCloud.
LTE modem firmware scheduled upgrade
In addition to letting you manually upgrade your LTE firmware, FortiOS also enables you to set a download schedule to
automatically check for new firmware and to initiate the upgrade process by querying the FortiCloud server routinely.
You can simply set a upgrade schedule to let the FortiOS to check for any update weekly, bi-weekly, or monthly. Refer
to the LTE firmware upgrade section for more detail.
Modem firmware auto switch
In order to accommodate the different requirements of carrier around the globe, the LTE modem is preloaded with
multiple carrier specific firmware. FortiOS will instruct the modem to automatically switch to the corresponding carrier
firmware according to the SIM card inserted.
Carrier modem firmware selection
You are also able to manually select a modem firmware to be used instead of letting FortiOS do it automatically.
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 8
Fortinet Technologies Inc.
FortiGate/FortiWiFi variant LTE feature matrix
GPS
The LTE modem possesses GPS location capability. GPS service can be provided by the modem regardless of the
inserted SIM cards, as long as there is good GPS satellite signal.
Dual SIM
For SOC4-based LTE models, there are two physical SIM slots available which enable the unit to hold two SIM cards
simultaneously. However, only one SIM card will be used at a time for connection.
SIM card hot-swap
This feature enables FortiOS to automatically choose the valid SIM card to be used regardless of the slot it was
inserted. If both SIM card slots are filled, FortiOS will choose the one with connectivity.
Dual SIM LED
For certain models, there are LED lights in the front to indicate the active SIM slot the unit is currently using.
Billing data
You are able to view your billing information and set payment notification.
Wireless profile configuration
You are able to construct multiple wireless profiles with different APNs username and authentication settings. FortiOS
will match these customized wireless profiles with a network in the air and choose the right one to connect instead of
using the default carrier APN. This feature comes in handy for those who would like to join a private network or connect
with different credential information.
Data usage tracking
FortiOS keeps track of LTE data usage.
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 9
Fortinet Technologies Inc.
FortiGate/FortiWiFi variant LTE feature matrix
SIM PLMN code lock
FortiOS allows you to set a SIM PLMN code lock which only allows SIM cards with certain PLMN code prefix in its IMSI
code for connection.
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 10
Fortinet Technologies Inc.
Installation
Installation
Hardware installation
Follow the instructions below to install your FortiGate 30E.
lThe flat antennas are for the 3G/4G LTE modem and must be mounted on both sides.
lThe Wi-Fi antennas are on the backside. For a non-Wi-Fi unit, there are no Wi-Fi
antennas on the backside.
lIf the GPS connector is present, be sure to attach the GPS antenna as well.
1. Attach the Wi-Fi and 3G/4G antennas to the unit. Refer to the notes above.
2. Use the power cable provided in the package to connect the device to a power outlet.
3. Use an Ethernet cable to connect the device to your network.
4. Use another Ethernet cable to connect the device (via any port from port1 through port4) to your PC, hub, or switch.
Check LTE Modem Driver Status and AT command interface
Because the internal LTE Modem is connected to the device via the USB interface, you can check its status via the USB
devfs with "fnsysctl cat /proc/bus/usb/devices":
T: Bus=02 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 5 Spd=5000 MxCh= 0
D: Ver= 3.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1
P: Vendor=1199 ProdID=9091 Rev= 0.06
S: Manufacturer=Sierra Wireless, Incorporated
S: Product=Sierra Wireless EM7565 Qualcomm ® Snapdragon ™ X16 LTE-A
S: SerialNumber=UF00227145031047
You can see that the vendor ID of the modem is 1199, the product ID is 9091, and the modem name is EM7565.
Look for the following lines. These descriptors are for the USB interface 0/2/3 and are bound to USB driver qcserial,
which means they are USB serial ports. Beware that they are enumerated as /dev/ttyusb0~ttyusb2 in the system. The
naming conventions are different in FortiOS from the traditional Linux kernel.
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=qcserial
E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=qcserial
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=82(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=qcserial
E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 11
Fortinet Technologies Inc.
Installation
There’s an interface 8 in the output which is bound to USB driver qmi_wwan. It is the interface that does the real
network data transmission for this modem. It is attached to an Ethernet mode interface wwan in FortiOS.
I:* If#= 8 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
Interfaces 0/2/3 for this specific modem are DM/GPS/Modem ports. The DM port is reserved for low-level debugging
purpose; the GPS port outputs location-related information; the Modem port is also known as the AT Command
Interface, to which you can issue AT commands for status and debugging purpose.
T: Bus=02 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 5 Spd=5000 MxCh= 0
D: Ver= 3.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1
P: Vendor=1199 ProdID=9091 Rev= 0.06
S: Manufacturer=Sierra Wireless, Incorporated
S: Product=Sierra Wireless EM7565 Qualcomm ® Snapdragon ™ X16 LTE-A
S: SerialNumber=UF00227145031047
C:* #Ifs= 4 Cfg#= 1 Atr=a0 MxPwr=224mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=qcserial
E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=qcserial
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=82(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=qcserial
E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
I:* If#= 8 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=86(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=8e(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
E: Ad=0f(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
The following command displays the modem data interface. The interface seems to be already connected and it has got
an IP address. If you see no output, then something must be wrong with this modem.
FortiWiFi-40F-3G4G # fnsysctl ifconfig wwan
wwan Link encap:Ethernet HWaddr 2E:96:91:15:B5:81
inet addr:10.53.79.115 Bcast:10.53.79.119 Mask:255.255.255.248
UP BROADCAST RUNNING NOARP MULTICAST MTU:1430 Metric:1
RX packets:23863 errors:0 dropped:0 overruns:0 frame:0
TX packets:23811 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8056332 (7.7 MB) TX bytes:2255841 (2.2 MB
The DM port is an industrial standard interface. Write a logging filter in a special format, and it will start to output device
management logging messages. The DM log is very helpful for the modem vendor to diagnose low-level issues. DM
port logging support is not provided in the released version of FortiOS images. The DM log message output might affect
the performance of FortiOS. We will discuss how to obtain a DM log with the help of a debug version of FortiOS image
later.
The DM port (after filter injection) and the GPS port are read-only.
If the device is at a location without good GPS signal reception, the location information can’t be retrieved. The internal
GPS daemon, if enabled, polls NMEA messages from the port continuously. With the GPS daemon disabled, you can
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 12
Fortinet Technologies Inc.
Installation
use the command “diagnose system modem com /dev/ttyusb1” from the console to get NMEA messages
displayed on the console, as illustrated below:
FortiWiFi-40F-3G4G # dia sys modem com /dev/ttyusb1
Serial port: /dev/ttyusb1
Do not run this command when modem is dialing or connected!
Press Ctrl+W to exit.
$GPGGA,,,,,,0,,,,,,,,*66
$GPGGA,,,,,,0,,,,,,,,*66
$GPVTG,,T,,M,,N,,K,N*2C
$GPVTG,,T,,M,,N,,K,N*2C
$GPRMC,,V,,,,,,,,,,N*53
$GPRMC,,V,,,,,,,,,,N*53
$GPGSA,A,1,,,,,,,,,,,,,,,,*32
$GPGSA,A,1,,,,,,,,,,,,,,,,*32
lLocation information does not rely on the data service. Even if you are using a device
without a SIM card plugged in, it is possible for you to get the accurate location
information.
lThe GPS port is disabled by default because some FGT30E_GBL does not have a GPS
antenna. The GPS antenna is added back for SOC4 FortiGate LTE variants.
If the GPS daemon is enabled, the above messages will not show up because the GPS port is occupied by the daemon.
To check modem GPS signal information, use the command “diagnose test app 23”. It will show the available
satellites that the modem could use. The more satellites it detects, the better the GPS signal is.
By using command “diagnose system modem com /dev/ttyusb2”, you will be connected to the Modem
interface. Because the LTE modem daemon is running, it issues AT commands to the modem port periodically, so you
will see a lot of output from the AT Command interface. So you may want to avoid using the AT command interface
directly so that it won't disturb the background work by LTE daemon.
On EM modems, everything that an AT Command can do can be done by some QMI messages. QMI is a binary format
protocol for modems. The messages are more compact and much faster because they are in raw format and transferred
by USB control messages, while AT commands are limited by the baud rate of the serial port. More important, the QMI
protocol is an industrial standard wireless communication protocol. AT commands vary from vendor to vendor. Different
vendors have different AT Command sets, which is very inconvenient.
For 30E 3G4G devices, we rely very little on AT Commands. In fact, the AT Commands of EM
modems can’t even make a connection. We use QMI messages instead.
Check Modem Status
The most straightforward way to check the modem status is to use the command, “diagnose sys lte-modem
modem-details”. If the modem is working properly with the default configuration and recognized by FortiOS, the
following information should show up:
LTE Modem detailed information:
Modem detected: Yes
Manufacturer: Sierra Wireless, Incorporated
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 13
Fortinet Technologies Inc.
Installation
Model: EM7565
Revision: SWI9X50C_01.07.02.00 6c91bc jenkins 2018/06/13 23:08:16
MSISDN: 16692240893
ESN: 0
IMEI: 353533100752164
MEID:
Hardware revision: 10001
Software revision: T.2.5.1-00478-9655_GENNCH_PACK-1
SKU:
FSN: UF00227145031047
PRL version: 0x0000
Modem FW version: 00.00.00.00
PRI version: 000.000_000
Carrier Abbr: AUTO-SIM
Modem Operation mode: QMI_DMS_OPERATING_MODE_ONLINE
The modem firmware version and PRI version are displayed as 0 because the modem is set in AUTO-SIM mode as
default as the carrier Abbr indicates. This means the modem is not loaded with firmware for any particular carrier, but it
will decide when a SIM card is inserted.
Furthermore, with no SIM card inserted, the modem is in WCDMA mode. To view current modem network parameters,
issue “diagnose test app lted 5”, and you'll see something similar to what is shown below:
Make sure that the modem operation mode is in ONLINE mode. If the modem is in LOW-POWER mode, the modem is
not able to connect and you must perform a cold reset using “exec lte-modem cold-reboot”. If the low-power
mode issue persists, new modem firmware may need to be flashed.
For FortiGate 30E-LTE models (GBL/INTL/NAM), upgrading to FortiOS 6.2.4 will cause the
unit to stay in low-power mode. This known issue has been fixed in FortiOS6.2.5 and 6.2.6.
The RxM RSSI C0 value is a good indicator of the signal reception strength. A more comprehensive signal strength
overview can be displayed only after a SIM card is inserted. However, this RSSI parameter alone can tell whether the
unit is having good signal reception or not. If the value is less than -90 dB, there is a signal problem in most cases, and
you must check antenna connection or open the device to inspect the antenna connection to the modem chip.
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 14
Fortinet Technologies Inc.
Installation
Use LTE Service
After inspecting the modem and make sure everything looks fine, simply insert a micro SIM card in the SIM slot. The
SIM card must be facing down, with the cut corner to the left. Verify that your SIM card is working before inserting it in
the device. For models with two SIM slots, it does not matter which slot the SIM card is inserted. With the default
configuration, FortiOS constantly scans for available SIM cards and choose the one with connectivity.
If you are using a FortiGate 30E-GBL unit, be sure to choose a nano to micro SIM card
adapter of good quality. Bad adapters may cause the SIM card to have loose contact with the
card slot, resulting in SIM card reading errors.
Voila! The unit will now automatically connect to the wireless network and an IP will be assigned to its wwan interface:
It may take up to a few minutes for the modem to have Internet connection because the
modem will switch its firmware according to the SIM card carrier, if auto-sim configuration is
enabled (default).
Once the device is connected, use “diagnose test application lted 5” to show LTEservice information:
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 15
Fortinet Technologies Inc.
Installation
Note that the system mode has changed from WCDMA to LTE. A few LTE protocol parameters indicated the modem is
now connected to an LTE network and receive full services. Additionally, more signal parameters such as SINR, RSRP
and RSRQ are now available for diagnosis.
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 16
Fortinet Technologies Inc.
Configuration
Configuration
You can configure the 3G/4G LTE modem in your FortiGate 30E in either of the following ways:
lConfigure the modem from FortiGate GUI on page 17
lConfigure the modem from FortiGate Console on page 18
Many new features and functions have been added to the Console, but may not have been
implemented in the GUI yet. For this reason, we highly recommend configuring the
LTEmodem via the FortiGate Console.
Configure the modem from FortiGate GUI
Follow these instructions to configure the device from the GUI:
1. Set the Ethernet port on your computer to DHCP mode.
2. Use an Ethernet cable to connect your computer to your FortiGate 30E via any of the Ethernet ports (1 through 4).
3. Start your browser and enter the address of your FortiGate 30E.
4. On the log-in page, enter the default username ‘admin’ (case-sensitive) in the Username field, leave the Password
field blank (no password), and press Login.
Note: By default, the FortiGate 30E GUI opens to the Dashboard>Status page after you log in.
5. Check the status of the modem interface by selecting Network>Interfaces, as shown in the following illustration.
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 17
Fortinet Technologies Inc.
Configuration
6. In the Status column, under Physical (2), make sure that wwan which is the LTEnetwork is up (as indicated by a
green up arrow).
A green up arrow in the Status column indicates that the LTE modem is connected and
functioning properly, whereas a red down arrow indicates the opposite.
You can double-click this row to view and edit the settings of the interface. Most important of
all, make sure that the status of the interface is set to Enabled.
Configure the modem from FortiGate Console
Configuring the 3G/4G LTEmodem from the FortiGate Console requires the following major steps:
lConnect your server to FortiGate on page 18
lCreate wireless profiles
lConfigure the LTE modem on page 21
Connect your server to FortiGate
The following instructions show how to access your FortiGate 30E from a server (computer) via its console port.
1. Use the serial cable (included in your product package)to connect the serial port of your computer to the console
port of your FortiGate 30E.
2. Start a serial console terminal program from your computer, and set the port to:
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 18
Fortinet Technologies Inc.
Configuration
l9600 baud rate
lData bits 8
lParity None
lStop bits 1
lFlow control None
We highly recommend setting baud rate to 115200 if we want to capture LTE modem
debug information. We also recommend using Telnet or SSH, if possible, to prevent
output overflow.
3. Press Enter on your keyboard to bring up the command line interface (CLI).
4. Type in the default username "admin", but with no password, and press Enter on your Keyboard to log in to the
Console.
5. Check the network configuration.
6. Us the following commands to check that the firewall policy allows all traffic from the internal ports to the wwan
interface:
FortiWiFi-40F-3G4G # sh firewall policy
config firewall policy
edit 1
set uuid 92f6165c-e23a-51ea-3694-7a20107fe598
set srcintf "internal"
set dstintf "wan"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
edit 2
set uuid 92f7ac10-e23a-51ea-f648-471c047f588f
set srcintf "guestwifi"
set dstintf "wan"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
FortiGate 30E comes with a default firewall policy that allows all traffic from internal ports
to the wwan interface. Make sure the policy is in place before moving on to the next step.
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 19
Fortinet Technologies Inc.
Configuration
Create wireless profiles
A wireless profile contains detailed LTE modem data session settings. Each modem can store up to 16 wireless profiles.
Any data connection is initiated using the settings from one of the stored wireless profiles. To make a data connection,
you must have at least one wireless profile defined. The following is a sample wireless profile table stored in the internal
modem.
FortiWiFi-40F-3G4G # exec lte-modem wireless-profile list
ID Type Name APN PDP_Type Authen Username
1 0 broadband 3 0
Profile Type:
0 ==> QMI_WDS_PROFILE_TYPE_3GPP
1 ==> QMI_WDS_PROFILE_TYPE_3GPP2
* ==> Default 3GPP profile, # ==> Default 3GPP2 profile
Profile PDP type:
0 ==> QMI_WDS_PDP_TYPE_IPV4
1 ==> QMI_WDS_PDP_TYPE_PPP
2 ==> QMI_WDS_PDP_TYPE_IPV6
3 ==> QMI_WDS_PDP_TYPE_IPV4_OR_IPV6
Authentication:
0 ==> QMI_WDS_AUTHENTICATION_NONE
1 ==> QMI_WDS_AUTHENTICATION_PAP
2 ==> QMI_WDS_AUTHENTICATION_CHAP
3 ==> QMI_WDS_AUTHENTICATION_PAP|QMI_WDS_AUTHENTICATION_CHAP
The above is wireless profile of a modem with Verizon firmware. If the APN can be left empty, it indicates a wildcard
entry; if the username shows empty, it means that no authentication is not configured.
There is a default wireless table that can be retrieved from the modem firmware. You can list, create, delete, or modify
the table with the exec lte-modem wireless-profile command. For generic modem firmware, the modem
has no wireless table entries pre- installed and the LTE daemon will create a default entry to be used.
It seems that the EM75xx modems do not support either the 3GPP2 or the PPP PDP types of
profiles. IPv6 is not supported on this modem yet although you can still specify a profile with
PDP type 2 or 3. However, you cannot initiate IPv6 data connection anyway.
When the modem boots up, it automatically scans the network and gets a list of the available candidates for data
connection. With the default system configuration, FortiOS sends the start network request to the modem, with no
(empty) APN, authentication, or wireless profile entry. Upon receiving the request, the modem scans the wireless profile
table, from top to bottom, to find a matching record and make the data call with the settings in that record.
If the APN field is left empty in the wireless profile, the modem make connections to wireless
networks with any APN.
It is very important to have a properly configured wireless profile because many carriers run private networks along with
their public network. When you have a SIM card for a private network, it can be used to connect to either a public or a
private network. If you define a wireless profile without an APN, then it would make connections to any network it scans.
When it connects to a unwanted network, it will receive no service. Having a clearly defined profile table can prevent this
issue. Assuming that you have a SIM card which can be used for either public network “pn” or private network “prn”, and
FortiGate-FortiWiFi 5.0 3G4G LTE Modem Operator's Manual 20
Fortinet Technologies Inc.
Table of contents
