For locations without land-based Internet connection, or as a backup in case the land-based ISP connections fail, you can use a Wireless WAN modem to connect to a wireless network. Configure the connection settings and introduce a network route via the WWAN interface. You can operate the WWAN link in active or standby mode. With active mode, the link is automatically brought up with the network activation process. When operating the link in standby mode, the link is manually brought up and down by a command script.
Before You Begin
- Connect a supported (e.g., Barracuda 3G Modem) to the USB port of the Barracuda CloudGen Firewall.
- You need the APN configurations settings for your mobile broadband provider.
- (optional) PIN code to unlock your SIM card.
Step 1. Configure Connection Details
Configure the settings for your UMTS card and specify the connection details.
- Go to CONFIGURATION > Configuration Tree > Box > Network.
- In the left menu, select Wireless WAN.
- Click Lock.
Set Enable WWAN to Yes.
To use the WWAN modem as a backup connection, set Standby Mode to Yes.
- Select your WWAN modem from the Modem list. E.g., Barracuda 3G Modem M30 [USB].
- Enter the Access Point Name (APN) as suggested by your provider.
If your SIM card has a PIN code to unlock, enter the SIM PIN .
If required, enter t he Phone Number. (Do not enter the # sign.)
Step 2. Configure Authentication
Select an authentication method and enter the PPP credentials provided by your ISP. You can also set up dynamic DNS.
- In the Authentication section, select the Authentication Method that is used for the connection.
- In the User Access ID field, enter the principal account name (PPP username) assigned to you by your provider.
- If your provider assigned a sub-ID to you, enter it in the User Access Sub-ID field. Do not enter the # sign.
- Enter the PPP Access Password assigned to you by your ISP.
- Select Use ProviderDNS to use the DNS servers assigned by your provider. To use dynamic DNS, select Use Dynamic DNS and click Set/Edit. The Dynamic DNS Params window opens.
- Select a dynamic DNS Service Type. For information on DynDNS service types, see http://www.dyndns.com/services/.
- Enter the Dyn DNS Name that was registered on dyndns.org.
- Enter the User Access ID and Password for accessing the dyndns.org service.
- Click OK.
Step 3. Configure Routing Settings
Configure the routes and routing tables for the WWAN link.
- In the Routing section,
- Disable Own Routing Table to only insert routes in the main and default tables, or
- Enable Own Routing Table to use policy routing. With policy routing, a new umts1 table is introduced.
- To use the IP address dynamically assigned by your ISP as the source network for policy routing, select Use Assigned IP. Until the ISP has successfully assigned an address, the rule uses 0.0.0.0 as a source address.
- In the Source Networks table, add source networks or single hosts that will point to the umts1 table (IP address/netmask notation; for a single host, enter
32
as netmask (e.g.,192.168.0.55/32
).
- Enable Create Default Route to automatically introduce the default route assigned by the provider.
When disabling Create Default Route, you must add Target Networks that are supposed to be reachable through this link.
- Use the Remote Peer IP override mechanism if your provider does not assign a remote gateway IP address.
- If your default route should be set dynamically when the WWAN connection is established, add
0.0.0.0/0
to the Target Networks table. - When the OSPF/RIP/BGP service is used, select Advertise Route.
- Select a Trust Level to define which IP address types are counted by the firewall for traffic on this interface.
- Enable Clone Routes to clone the dynamic routes to the main or default table if Create Default Route is disabled. This setting is useful for setups where application-based selection (explicit binding in a firewall rule) of a traffic path is supposed to coexist with link failover (proxy dynamic).
- Specify a Route Metric to assign a preference number to the routes to the specified target networks or if multiple dynamic links are available. To use your WWAN uplink as a backup connection (provider failover), enter a value larger than 0.
- Enable GRE with Assigned IP to register the assigned IP address for IP protocol 47.
Step 4. Configure Connection Monitoring
Configure connection monitoring by entering a list of health check targets that are only reachable through this connection. Should the ping to all health check targets fail, the CloudGen Firewall will terminate and reestablish the connection until the monitoring target IP addresses are reachable again.
- In the Connection Monitoring section, select the Monitoring method:
- LCP – If ping fails, the dial in daemon is probed directly via LCP.
ICMP – The Barracuda CloudGen Firewall probes the Reachable IPs and. if there is no response, the gateway.
StrictLCP – No ICMP probing occurs.
Enter one or more Reachable IPs to monitor the availability of the connection. The target IP addresses should only be accessible via this connection.
- Click OK.
- Click Send Changes and Activate.
Your WWAN connection is now active and the IP address assigned by your ISP is visible on the CONTROL > Network page. All status icons next to the ppp5 interface are green, indicating an active connection. If the WWAN connection is your primary uplink, the default route pointing to the ppp5 interface is also created. If more than one default route is present, the connection with the lowest route metric is used.
Step 5. Activate Network Changes
You must activate the network changes to bring up the WWAN connection.
- Go to CONTROL > Box.
- In the left menu, expand the Network section and click Activate new network configuration.
- Select Failsafe. The 'Failsafe Activation Succeeded' message is displayed after your new network configurations have been successfully activated.
Your WWAN connection is now active and the IP address assigned by your ISP is visible on the CONTROL > Network page. All status icons next to the ppp5 interface are green, indicating an active connection. If the WWAN connection is your primary uplink, the default route pointing to the ppp5 interface is also created. If more than one default route is present, the connection with the lowest route metric is used.
Operating a WWAN Link in Standby Mode
Enable Standby Mode in the link configuration if the WWAN connection is used as a backup connection. In standby mode, the activation and subsequent monitoring of the link must be triggered externally. Standby mode also lets you combine HA setups for HA WWAN connections.
- The WWAN routes are set to pending, and the Barracuda CloudGen Firewall does not check whether they are established.
- The configuration is completely run through but the connection is not yet established.
Standby connection can only be started by a command line script. Example usage:
- Start WWAN connections –
/etc/phion/dynconf/network/openumts start first &
- Stop WWAN connections –
/etc/phion/dynconf/network/openumts stop first &
To enable link operation in standby mode,
- On the Wireless WAN page, enable Standby Mode.
- Select Register in Standby. This accelerates the dial-in process when the link is fully activated.
- In the Connection Details, enable Active GSM Channel to register on the WWAN network. No data connection is established when registering on the WWAN network.
- Click Send Changes and Activate.
You can now use the command line scripts listed above to enable the WWAN connection.