In this article:
Before you Begin
- Connect a supported (e.g., Barracuda 3G Modem) to the USB port of the Barracuda NG Firewall.
- You need the APN configurations settings for your mobile broadband provider.
- (optional) PIN code to unlock your SIM card.
Step 1. Configure Connection Details
Configure the settings for your UMTS card and specify the connection details.
- Open the Network page (Config > Full Config > Box).
- In the left menu, select UMTS/3G.
- Click Lock.
Set UMTS/3G Enabled to Yes.
To use the 3G modem as a backup connection, set Standby Mode to Yes.
- Select your UMTS/3G modem from the UMTS/3G Modem Card list. E.g., Barracuda 3G Modem
- Select the interface associated with the UMTS card from the Modem Interface list.
- Enter the Access Point Name (APN) as suggested by your provider.
If your SIM card has a PIN code to unlock, enter the SIM PIN.
If required, enter the Phone Number. (Do not enter the # sign.)
Step 2. Configure Authentication
Select an authentication method and enter the PPP credentials provided by your ISP. You can also set up dynamic DNS.
- In the Authentication section, select the Authentication Method that is used for the connection.
- In the User Access ID field, enter the principal account name (PPP username) assigned to you by your provider.
- If your provider assigned a sub-ID to you, enter it in the User Access Sub-ID field. Do not enter the # sign.
- Enter the PPP Access Password assigned to you by your ISP.
- Select Use ProviderDNS to use the DNS servers assigned by your provider. To use dynamic DNS, select Use Dynamic DNS and click Set. The Dynamic DNS Params window opens.
- Select a dynamic DNS Service Type. For information on DynDNS service types, see http://www.dyndns.com/services/.
- Enter the Dyn DNS Name that was registered on dyndns.org.
- Enter the User Access ID and Password for accessing the dyndns.org service.
- Click OK.
Step 3. Configure Routing Settings
Configure the routes and routing tables for the UMTS link.
- In the Routing section,
- Disable Own Routing Table to only insert routes in the main and default tables, or
- Enable Own Routing Table to use policy routing. With policy routing, a new table named 'umts1' is introduced to the main routing table where UMTS routes are inserted.
- To use the IP address dynamically assigned by your ISP as the source network for policy routing, select Use Assigned IP. Until the ISP has successfully assigned an address, the rule uses 0.0.0.0 as a source address.
- In the Source Networks table, add source networks or single hosts that will point to the 'umts1' table (IP address/netmask notation; for a single host, enter 32 as netmask (e.g., 192.168.0.55/32).
- Enable Create Default Route to automatically introduce the default route assigned by the provider.
- When disabling Create Default Route, you must add Target Networks that are supposed to be reachable through this link.
- Use the Remote Peer IP override mechanism if your provider does not assign a remote gateway IP address.
- If your default route should be set dynamically when the xDSL connection is established, add
0.0.0.0/0to the Target Networks table.
- When the OSPF/RIP/BGP service is used, select Advertise Route.
- Select a Trust Level to define which IP address types are counted by the firewall for traffic on this interface.
- Enable Clone Routes to clone the dynamic routes to the main or default table if Create Default Route is disabled. This setting is useful for setups where application-based selection (explicit binding in a firewall rule) of a traffic path is supposed to coexist with link failover (proxy dynamic).
- Specify a Route Metric to assign a preference number to the routes to the specified target networks or if multiple dynamic links are available. To use your UMTS uplink as a backup connection (provider failover), enter a value larger than 0.
- Enable GRE with Assigned IP to register the assigned IP address for IP protocol 47.
Step 4. Configure Connection Monitoring
Configure connection monitoring by entering a list of health check targets that are only reachable through this connection. Should the ping to these health check targets fail, the Barracuda NG Firewall will terminate and reestablish the connection until the monitoring target IP addresses are reachable again.
- In the Connection Monitoring section, select the Monitoring method:
- LCP – If ping fails, the dial in daemon is probed directly via LCP.
ICMP – The Barracuda NG Firewall probes the Reachable IPs and. if there is no response, the gateway.
StrictLCP – No ICMP probing occurs.
Enter one or more Reachable IPs to monitor the availability of the connection. The target IP addresses should only be accessible via this connection.
- Select the Unreachable Action to be taken if the connection cannot be established. The following options are available:
- Restart – Restarts the connection.
- Increase-Metric – Changes the preference for UTMS/3G routes until the probe succeeds.
- Click Send Changes and Activate.
Your UMTS/3G connection is now active and the IP address assigned by your ISP is visible on the CONTROL > Network page. All status icons next to the ppp5 interface are green, indicating an active connection. If the UMTS/3G connection is your primary uplink, the default route pointing to the ppp5 interface is also created. If more than one default route is present, the connection with the lowest route metric is used.
Step 5. Activate Network Changes
You must activate the network changes to bring up the xDSL connection.
- Open the Box page (Control > Box).
- In the left menu, expand the Network section and click Activate new network configuration.
- Select Failsafe. The 'Failsafe Activation Succeeded' message is displayed after your new network configurations have been successfully activated.
Your xDSL connection is now active and the IP address assigned by your ISP is visible on the CONTROL > Network page. All status icons next to the ppp1 interface are green, indicating an active connection. If the xDSL connection is your primary uplink, the default route pointing to the ppp1 interface is also created. If more than one default route is present, the connection with the lowest route metric is used.
Operating an UMTS/3G Link in Standby Mode
Enable Standby Mode in the link configuration if the UTMS/3G connection is used as a backup connection. In standby mode, the activation and subsequent monitoring of the link must be triggered externally. Standby mode also lets you combine HA setups for HA UMTS/3G connections.
- The UMTS/3G routes are set to pending, and the Barracuda NG Firewall does not check whether they are established.
- The configuration is completely run through but the connection is not yet established.
Standby connection can only be started by a command line script. Example usage:
- Start UMTS connections -
/etc/phion/dynconf/network/openumts start first &
- Stop UMTS connections -
/etc/phion/dynconf/network/openumts stop first &
To enable link operation in standby mode,
- On the UMTS/3G page, enable Standby Mode.
- Select Register in Standby. This accelerates the dial-in process when the link is fully activated.
- In the UMTS/3G Connection Details, enable Active GSM Channel to register on the 3G network. No data connection is established when registering on the 3G network.
- Click Send Changes and Activate.
You can now use the command line scripts listed above to enable the UMTS/3G connection.