We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure an ISP using a WWAN Modem

  • Last updated on

For locations without land-based Internet connection, or as a backup in case the land-based ISP connections fail, you can use a Wireless WAN modem to connect to a wireless network. Configure the connection settings and introduce a network route via the WWAN interface. You can operate the WWAN link in active or standby mode. With active mode, the link is automatically brought up with the network activation process. When operating the link in standby mode, the link is manually brought up and down by a command script.

umts_wan.png

Before You Begin

  • Connect a supported (e.g., Barracuda 3G Modem) to the USB port of the Barracuda NextGen Firewall F-Series.
  • You need the APN configurations settings for your mobile broadband provider.
  • (optional) PIN code to unlock your SIM card.

Step 1. Configure Connection Details

Configure the settings for your UMTS card and specify the connection details.

  1. Go to CONFIGURATION > Configuration Tree > Box > Network.
  2. In the left menu, select Wireless WAN.
  3. Click Lock.
  4. Set Enable WWAN to Yes.
     enable_wwan.png

  5. To use the WWAN modem as a backup connection, set Standby Mode to Yes.

    Standby connections must be started by a command line script. For more information, see below section Operating a WWAN link in standby mode.

  6. Select your WWAN modem from the Modem list. E.g., Barracuda 3G Modem M30 [USB].
  7. Select the interface associated with the UMTS card from the Modem Interface list.
  8. Enter the Access Point Name (APN) as suggested by your provider.
    conn_details.png
  9. If your SIM card has a PIN code to unlock, enter the SIM PIN.

  10. If required, enter the Phone Number. (Do not enter the # sign.)

    If your mobile broadband provider does not assign a number that ends in 1, switch to Advanced Configuration Mode and change the Context Identifier setting in the PDP Context section accordingly.

Step 2. Configure Authentication

Select an authentication method and enter the PPP credentials provided by your ISP. You can also set up dynamic DNS.

  1. In the Authentication section, select the Authentication Method that is used for the connection.
  2. In the User Access ID field, enter the principal account name (PPP username) assigned to you by your provider.
  3. If your provider assigned a sub-ID to you, enter it in the User Access Sub-ID field. Do not enter the # sign.
  4. Enter the PPP Access Password assigned to you by your ISP.
  5. Select Use ProviderDNS to use the DNS servers assigned by your provider. To use dynamic DNS, select Use Dynamic DNS and click Set. The Dynamic DNS Params window opens.
    1. Select a dynamic DNS Service Type. For information on DynDNS service types, see http://www.dyndns.com/services/.
    2. Enter the Dyn DNS Name that was registered on dyndns.org.
    3. Enter the User Access ID and Password for accessing the dyndns.org service.
  6. Click OK.

Step 3. Configure Routing Settings

Configure the routes and routing tables for the WWAN link.

  1. In the Routing section,
    • Disable Own Routing Table to only insert routes in the main and default tables, or
    • Enable Own Routing Table to use policy routing. With policy routing, a new umts1 table is introduced.
      1. To use the IP address dynamically assigned by your ISP as the source network for policy routing, select Use Assigned IP. Until the ISP has successfully assigned an address, the rule uses 0.0.0.0 as a source address.
      2. In the Source Networks table, add source networks or single hosts that will point to the umts1 table (IP address/netmask notation; for a single host, enter 32 as netmask (e.g., 192.168.0.55/32).
  2. Enable Create Default Route to automatically introduce the default route assigned by the provider.
    conn_details02.png 
    • When disabling Create Default Route, you must add Target Networks that are supposed to be reachable through this link.

      The NextGen Firewall uses IP address 8.8.8.8 for probing. You must add 8.8.8.8 to the Target Networks table. Should you define another reachable IP below, in the Connection Monitoring > Reachable IPs table, this address must also be added to the Target Networks.

  3. Use the Remote Peer IP override mechanism if your provider does not assign a remote gateway IP address.
  4. If your default route should be set dynamically when the WWAN connection is established, add 0.0.0.0/0 to the Target Networks table.
  5. When the OSPF/RIP/BGP service is used, select Advertise Route.
  6. Select a Trust Level to define which IP address types are counted by the firewall for traffic on this interface.
  7. Enable Clone Routes to clone the dynamic routes to the main or default table if Create Default Route is disabled. This setting is useful for setups where application-based selection (explicit binding in a firewall rule) of a traffic path is supposed to coexist with link failover (proxy dynamic).
  8. Specify a Route Metric to assign a preference number to the routes to the specified target networks or if multiple dynamic links are available. To use your WWAN uplink as a backup connection (provider failover), enter a value larger than 0.
  9. Enable GRE with Assigned IP to register the assigned IP address for IP protocol 47.

Step 4. Configure Connection Monitoring

Configure connection monitoring by entering a list of health check targets that are only reachable through this connection. Should the ping to these health check targets fail, the Barracuda NextGen Firewall F-Series will terminate and reestablish the connection until the monitoring target IP addresses are reachable again.

  1. In the Connection Monitoring section, select the Monitoring method:
    • LCP – If ping fails, the dial in daemon is probed directly via LCP.
    • ICMP – The Barracuda NextGen Firewall F-Series probes the Reachable IPs and. if there is no response, the gateway.

    • StrictLCP – No ICMP probing occurs.  

  2. Enter one or more Reachable IPs to monitor the availability of the connection. The target IP addresses should only be accessible via this connection.

    Do not use the Modem Error Policy setting for USB modems such as the Barracuda M10 USB modem. To reset the bus for PCMCIA type modems on persistent error conditions, select Reset-Modem.

  3. Select the Unreachable Action to be taken if the connection cannot be established. The following options are available:
    • Restart – Restarts the connection.
    • Increase-Metric – Changes the preference for WWAN routes until the probe succeeds.
  4. Click OK.

  5. Click Send Changes and Activate.

Your WWAN connection is now active and the IP address assigned by your ISP is visible on the CONTROL > Network page. All status icons next to the ppp5 interface are green, indicating an active connection. If the WWAN connection is your primary uplink, the default route pointing to the ppp5 interface is also created. If more than one default route is present, the connection with the lowest route metric is used.

Step 5. Activate Network Changes

You must activate the network changes to bring up the WWAN connection.

  1. Go to CONTROL > Box.
  2. In the left menu, expand the Network section and click Activate new network configuration.
  3. Select Failsafe. The 'Failsafe Activation Succeeded' message is displayed after your new network configurations have been successfully activated.

Your WWAN connection is now active and the IP address assigned by your ISP is visible on the CONTROL > Network page. All status icons next to the ppp5 interface are green, indicating an active connection. If the WWAN connection is your primary uplink, the default route pointing to the ppp5 interface is also created. If more than one default route is present, the connection with the lowest route metric is used.

Operating a WWAN Link in Standby Mode

Enable Standby Mode in the link configuration if the WWAN connection is used as a backup connection. In standby mode, the activation and subsequent monitoring of the link must be triggered externally. Standby mode also lets you combine HA setups for HA WWAN connections.

  1. The WWAN routes are set to pending, and the Barracuda NextGen Firewall F-Series does not check whether they are established.
  2. The configuration is completely run through but the connection is not yet established. 

Standby connection can only be started by a command line script. Example usage:

  • Start WWAN connections – /etc/phion/dynconf/network/openumts start first &
  • Stop WWAN connections – /etc/phion/dynconf/network/openumts stop first &

To enable link operation in standby mode,

  1. On the Wireless WAN page, enable Standby Mode.
  2. Select Register in Standby. This accelerates the dial-in process when the link is fully activated.
  3. In the Connection Details, enable Active GSM Channel to register on the WWAN network. No data connection is established when registering on the WWAN network.
  4. Click Send Changes and Activate.

You can now use the command line scripts listed above to enable the WWAN connection.

Last updated on