In the olden days of the internet, we used to called theses solutions a " dialup backup", or " dial around the cloud"
These where commonly used when critical access was required or for dialing around a failure in the service-provider main delivery. They typically backed up the primary WAN path with a low-cost, affordable, and a slower solution.
(e.g dial backup for any of the following )
- ADSL line
The ole school method, was to purchase a business 2wire phone-line or isdn-line. Now with 3/4G services commonly available, cheap, and easily obtainable, the Opportunities are much simpler and quicker.
1st the topology
So the components that are required;
- existing WAN uplink device
- usb-external modem
Now for the configuration and tip/tricks
First you need a compatible external usb-modem. Fortinet is always changing and adding new devices based on the software-release, but most huawei modems have a good track record for working.
note: Read the release notes from Fortinet before purchasing a modem. I will not list modems here, do some research is all that I'm telling you.
I'm using a E352 , the service provider is Orange-GETESA. You need to execute the enabling of the modem from the cli
config sys modem
set status enable
You need to identify the model . You have a few methods for the execution of this. The diag sys modem command is the trick. I will show you 2 ways;
method one ( issuing a "ati" command diag sys modem cmd ati )
method two ( diag sys modem commands diag sys modem exeternal-modem )
method three ( looking at the WebGUI )
Next, you will probably need to identify some service-provider specific. This will be a YMMV & will depend on the ServiceProvider specifics ( example....... dialup#, APN,phone#, pin-lockout ,etc.... )
For the provider Orange, I only need to provide a single dialup#. The card-sim in this case, does not use a PUK ( pin unlock code ) code or any type of pin insertion before initialization.
note: If you have any PIN or PUK code requirements, make sure you confirm the numbers. You don't want to lockout the modem :)
Can't get any easier than that :)
Since the modem is a interface, you will need a firewall policy. Make sure you apply the correct policy to allow traffic and sNAT.
Note: You can apply traffic-shaper to preference critical stuff like VoIP over this interface, the above fwpolicy is for my wireless clients to access the internet via the 3g UPLINK.
If this path is not to be used for the primary access, you might need to adjust the route preferences
So that's how you do a dialup around the cloud using a basic configuration , with a fortigate and huawei-modem. You can use this interface for VIP terminations, VPNs, or anything else as far as that goes.
Things to keep in mind;
- review if your modem is compatible and supported
- gather all dialup requirement from the provider
- keep in the back of your mind, that data usage charges could apply based on your service plan
- adjust route by increasing distance of the routes available by this interface
- by using policy-based-routing you can throw some traffic down the slower path if required
add June 12 2014
Consulting Engineer Network & Security ( Cisco, Juniper, Fortinet )
kfelix ----a---t---socpuppets ---d---o---t---com
=( ~ ~ )=