ZTE mf820 LTE modem and FortiGate 60E

By TommyboyNL on Tuesday 12 March 2019 07:00 - Comments (2)
Category: -, Views: 491

Well, tonight I had fun... I only had to spend 4 hours to get a modem on the Supported Modems List working on my FortiGate 60E firewall. Let me tell you about it...

The goal:
To implement a back-up internet connection over 4G/LTE.

The reason:
Frankly, I don't have a good reason. I've got cable internet from Ziggo, which hasn't failed me a single time in the 30 months I've been living here. I just wanted to know if I could get it to work.

The hard- and software:
- FortiGate 60E running FortiOS 6.0.4
- ZTE mf820 4G USB modem
- Vodafone YOU prepaid SIM

The process:
- Buy a cheap (€9) ZTE mf820 LTE dongle with SIMlock on www.marktplaats.nl
- Try multiple unlocking services because the first three can't find/generate an unlock code
- Fix the SIM-connector because the contacts were bad (just had to bend them up a little)
- Configure the f*cker on the FortiGate
- ???
- Profit.

What went wrong was that I thought "It's a 4G/LTE dongle, I need the config system lte-modem command". WRONG. Just stick to the config system modem command and you'll save yourself almost 4 hours.
Getting the mf820 working together with a Vodafone YOU SIM from The Netherlands is as simple as:
code:
1
2
3
4
5
6
7
8
config system modem
    set status enable
    set auto-dial enable (optional)
    set phone1 "*99#"
    set extra-init1 "AT+CGDCONT=1,\"IP\",\"live.vodafone.com\"," (optional, READ!)
    set authtype1 pap
    set distance 100 (optional, but highly recommended)
end


You can skip the set extra-init1 command, but in that case you will once need to configure the APN in your modem manually before running the above commands:
code:
1
2
3
4
5
6
FortiARGH # diagnose sys modem com /dev/ttyusb1
Serial port: /dev/ttyusb1
Do not run this command when modem is dialing or connected!
Press Ctrl+W to exit.
AT+CGDCONT=1,"IP","live.vodafone.com",
OK


Dialing-up will take about a minute, so be patient if you don't immediately see an IP address appear on your modem interface.

Troubleshooting tips:
To check if your modem is being detected:
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
FortiARGH # fnsysctl cat /proc/bus/usb/devices

T:  Bus=02 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#=  1 Spd=5000 MxCh= 1
B:  Alloc=  0/800 us ( 0%), #Int=  0, #Iso=  0
D:  Ver= 3.00 Cls=09(hub  ) Sub=00 Prot=03 MxPS= 9 #Cfgs=  1
P:  Vendor=1d6b ProdID=0003 Rev= 3.02
S:  Manufacturer=Linux 3.2.16 xhci-hcd
S:  Product=xHCI Host Controller
S:  SerialNumber=f3008000.usb3
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=  0mA
I:* If#= 0 Alt= 0 #EPs= 1 Cls=09(hub  ) Sub=00 Prot=00 Driver=hub
E:  Ad=81(I) Atr=03(Int.) MxPS=   4 Ivl=256ms

T:  Bus=01 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#=  1 Spd=480  MxCh= 1
B:  Alloc=  0/800 us ( 0%), #Int=  0, #Iso=  0
D:  Ver= 2.00 Cls=09(hub  ) Sub=00 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=1d6b ProdID=0002 Rev= 3.02
S:  Manufacturer=Linux 3.2.16 xhci-hcd
S:  Product=xHCI Host Controller
S:  SerialNumber=f3008000.usb3
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=  0mA
I:* If#= 0 Alt= 0 #EPs= 1 Cls=09(hub  ) Sub=00 Prot=00 Driver=hub
E:  Ad=81(I) Atr=03(Int.) MxPS=   4 Ivl=256ms

T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  3 Spd=480  MxCh= 0
D:  Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=19d2 ProdID=0167 Rev= 0.00
S:  Manufacturer=ZTE,Incorporated
S:  Product=ZTE LTE Technologies MSM
C:* #Ifs= 5 Cfg#= 1 Atr=c0 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=usbserial_generic
E:  Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=usbserial_generic
E:  Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms
I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=usbserial_generic
E:  Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=usbserial_generic
E:  Ad=84(I) Atr=03(Int.) MxPS=  64 Ivl=2ms
E:  Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E:  Ad=86(I) Atr=03(Int.) MxPS=  64 Ivl=2ms
E:  Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=4ms


code:
1
2
3
4
5
FortiARGH # diagnose sys modem external-modem
External modem vendor: ZTE
External modem vendor id: 19d2
External modem model : MF820
External modem product id: 0167


Open a serial connection, and type ATI<enter>. This will display amongst others the modem type and IMEI:
code:
1
2
3
4
5
6
7
8
9
10
11
12
FortiARGH # diagnose sys modem com /dev/ttyusb1
Serial port: /dev/ttyusb1
Do not run this command when modem is dialing or connected!
Press Ctrl+W to exit.
ATI
Manufacturer: ZTE INCORPORATED
Model: +CGMM: "MF820"
Revision: BD_ZTE_MF820V1.0.0B13
IMEI: 3567680********
+GCAP: +CGSM,+DS,+ES

OK

You might need to talk to a different serial port, try 2 if 1 doesn't give any output.

Details about the connected modem:
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
FortiARGH # diagnose sys modem query
USB status: Connected
manufacturer: ZTE INCORPORATED
model: +CGMM: "MF820"
IMEI number: 3567680********
SIM state: Unknown
service status: Unknown
signal level: 3/4
network name: vodafone NL
network type: E-UTRAN
location area code:
active profile(AT&V):
&C: 2; &D: 2; &E: 0; &F: 0; &S: 0; &W: 0; E: 1; L: 0; M: 0; Q: 0; V: 1;
X: 1; Z: 0; \Q: 3; \S: 0; \V: 0; O: 0; S0: 0; S2: 43; S3: 13; S4: 10;
S5: 8; S6: 2; S7: 90; S8: 2; S9: 6; S10: 14; S11: 95; S30: 0; S103: 1;
S104: 1; +ZPREFMODE: 0; +ZSNT: 0,0,0; +FCLASS: 0; +ICF: 3,3; +IFC: 2,2;
+IPR: 115200; +DR: 0; +DS: 0,0,2048,6; +CMEE: 0; +WS46: 12; +CFUN:;
+CCLK: ""; +CBST: 0,0,1;
+CRLP: (61,61,48,6,0),(61,61,48,6,1),(240,240,52,6,2);
+CV120: 1,1,1,0,0,0; +CHSN: 0,0,0,0; +CSSN: 0,0; +CREG: 0; +CGREG: 0;
+CEREG: 0;  +CSCS: "IRA"; +CSTA: 129; +CR: 0; +CRC: 0;
+CGDCONT: (1,"IP","","0.0.0.0",0,0); +CGDSCONT: ; +CGTFT: ; +CGEQREQ: ;
+CGEQMIN: ; +CGEQOS: ; +CGQREQ: ; +CGQMIN: ; +CGEREP: 0,0;
+CGDATA: "PPP"; +CGCLASS: "A"; +CGSMS: 1; +CSMS: 0; +CMGF: 0; +CSAS: 0;
+CRES: 0; +CSCA: "+316540881000",145; +CSMP: ,,0,0; +CSDH: 0;
+CSCB: 0,"",""; +FDD: 0; +FAR: 0; +FCL: 0; +FIT: 0,0; +ES: ,,;
+ESA: 0,,,,0,0,255,; +CMOD: 0; +CEMODE: 0; +CVHU: 1; +CPIN: ,;
+CMEC: 0,0,0,0; +CIND: 0,3,1,0,0,0,1,0; +CMER: 0,0,0,0,0; +CGATT: 1;
+CGACT: 0;  +CPBS: "SM"; +CPMS: "ME","ME","ME"; +CNMI: 2,1,0,2,0;
+CMMS: 0; +FTS: 0; +FRS: 0; +FTH: 3; +FRH: 3; +FTM: 96; +FRM: 96;
+CCUG: 0,0,0; +COPS: 0,0,""; +CUSD: 0; +CAOC: 1; +CCWA: 0;
+CPOL: 0,2,"",0,0,0,0; +CPLS: 0; +CTZR: 0; +CTZU: 0; +CLIP: 0; +COLP: 0;
+CDIP: 0; +CLIR: 0; +VTS: 0; *CNTI: 0



Is the interface up on system level:
code:
1
2
3
4
5
6
7
8
FortiARGH # fnsysctl ifconfig modem
modem   Link encap:Point-Point Protocol
        inet addr:100.111.41.158  Mask:255.255.255.255
        UP POINTOPOINT RUNNING NOARP ALLMULTI MULTICAST  MTU:1500  Metric:1
        RX packets:302 errors:0 dropped:0 overruns:0 frame:0
        TX packets:370 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:1000
        RX bytes:74124 (72.4 KB)  TX bytes:55517 (54.2 KB)



To follow the whole dial-up process, first disable the modem from the CLI:
code:
1
2
3
config system modem
set status disable
end

Run the following command in a seperate terminal window:
code:
1
2
3
4
FortiARGH # diagnose debug application modemd 255
Debug messages will be on for 30 minutes.

FortiARGH # diagnose debug enable

And now enable the modem again:
code:
1
2
3
config system modem
set status enable
end

The above command will result in something like this (will take about a minute):
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
modemd: Starting modemd.
reset_cur_modem_info:1573
modemd: redials:0  isp:0 dev:/dev/ttyusb0 tel:*99#
modemd: query 3G modem info
get_cur_modem_info:1663 force=1 inited=0
recv 0:
recv 10: NO CARRIER
send 9: AT+CGMI

recv 7: AT+CGMI
recv 16: ZTE INCORPORATED
recv 0:
recv 2: OK
send 9: AT+CGMM

recv 7: AT+CGMM
recv 14: +CGMM: "MF820"
recv 0:
recv 2: OK
send 9: AT+CGSN

recv 7: AT+CGSN
recv 15: 3567680********
recv 0:
recv 2: OK
send 12: AT^SYSINFO

recv 10: AT^SYSINFO
recv 5: ERROR
send 10: AT+CREG?

recv 8: AT+CREG?
recv 10: +CREG: 0,1
recv 0:
recv 2: OK
send 10: AT+COPS?

recv 8: AT+COPS?
recv 26: +COPS: 0,0,"vodafone NL",7
recv 0:
recv 2: OK
send 8: AT+CSQ

recv 6: AT+CSQ
recv 11: +CSQ: 20,99
recv 0:
recv 2: OK
send 6: AT&V

recv 4: AT&V
recv 71: &C: 2; &D: 2; &E: 0; &F: 0; &S: 0; &W: 0; E: 1; L: 0; M: 0; Q: 0; V: 1;
recv 69: X: 1; Z: 0; \Q: 3; \S: 0; \V: 0; O: 0; S0: 0; S2: 43; S3: 13; S4: 10;
recv 70: S5: 8; S6: 2; S7: 90; S8: 2; S9: 6; S10: 14; S11: 95; S30: 0; S103: 1;
recv 71: S104: 1; +ZPREFMODE: 0; +ZSNT: 0,0,0; +FCLASS: 0; +ICF: 3,3; +IFC: 2,2;
recv 67: +IPR: 115200; +DR: 0; +DS: 0,0,2048,6; +CMEE: 0; +WS46: 12; +CFUN:;
recv 24: +CCLK: ""; +CBST: 0,0,1;
recv 54: +CRLP: (61,61,48,6,0),(61,61,48,6,1),(240,240,52,6,2);
recv 69: +CV120: 1,1,1,0,0,0; +CHSN: 0,0,0,0; +CSSN: 0,0; +CREG: 0; +CGREG: 0;
recv 54: +CEREG: 0;  +CSCS: "IRA"; +CSTA: 129; +CR: 0; +CRC: 0;
recv 66: +CGDCONT: (1,"IP","live.vodafone.com","0.0.0.0",0,0); +CGDSCONT: ;
recv 66: +CGTFT: ; +CGEQREQ: ; +CGEQMIN: ; +CGEQOS: ; +CGQREQ: ; +CGQMIN: ;
recv 65: +CGEREP: 0,0; +CGDATA: "PPP"; +CGCLASS: "A"; +CGSMS: 1; +CSMS: 0;
recv 71: +CMGF: 0; +CSAS: 0; +CRES: 0; +CSCA: "+316540881000",145; +CSMP: ,,0,0;
recv 72: +CSDH: 0; +CSCB: 0,"",""; +FDD: 0; +FAR: 0; +FCL: 0; +FIT: 0,0; +ES: ,,;
recv 62: +ESA: 0,,,,0,0,255,; +CMOD: 0; +CEMODE: 0; +CVHU: 1; +CPIN: ,;
recv 69: +CMEC: 0,0,0,0; +CIND: 0,3,1,0,0,0,1,2; +CMER: 0,0,0,0,0;  +CGATT: 1;
recv 64: +CGACT: 0; +CPBS: "SM"; +CPMS: "ME","ME","ME"; +CNMI: 2,1,0,2,0;
recv 65: +CMMS: 0; +FTS: 0; +FRS: 0; +FTH: 3; +FRH: 3; +FTM: 96; +FRM: 96;
recv 58: +CCUG: 0,0,0; +COPS: 0,0,""; +CUSD: 0; +CAOC: 1; +CCWA: 0;
recv 72: +CPOL: 0,2,"",0,0,0,0; +CPLS: 0; +CTZR: 0; +CTZU: 0; +CLIP: 0; +COLP: 0;
recv 37: +CDIP: 0; +CLIR: 0; +VTS: 0; *CNTI: 0
recv 0:
recv 2: OK
modemd: scan usb device
modem_list_load(/etc/modem_list.conf)
custom_list_load()
act_driver(): serial driver attached (ret=22)
modemd: after detect new modem: 19d2:0167
modemd: run_state_machine state 0(uninit)
modemd: modem state changed: 0(uninit) -> 1(inactive)
modemd: Launch modem due to auto-dial.
modemd: Begin dialing: redials left = 99999
modemd: dev=/dev/ttyusb0 tel=*99#
modemd: modem state changed: 1(inactive) -> 2(dialing)
chat: abort on (BUSY)
chat: abort on (NO DIAL TONE)
chat: abort on (NO DIALTONE)
chat: abort on (NO ANSWER)
chat: abort on (ERROR)
chat: send (atz^M)
chat: expect (OK)
chat: atz^M^M
chat: OK
chat:  -- got it

chat: send (ath0^M)
chat: abort on (NO CARRIER)
chat: expect (OK)
chat: ^M
chat: ath0^M^M
chat: OK
chat:  -- got it

chat: send (ats7=90^M)
chat: timeout set to 90 seconds
chat: expect (OK)
chat: ^M
chat: ats7=90^M^M
chat: OK
chat:  -- got it

chat: send (AT+CGDCONT=1,"IP","live.vodafone.com",^M)
chat: expect (OK)
chat: ^M
chat: AT+CGDCONT=1,"IP","live.vodafone.com",^M^M
chat: OK
chat:  -- got it

chat: send (atdt*99#^M)
chat: expect (CONNECT)
chat: ^M
chat: atdt*99#^M^M
chat: CONNECT
chat:  -- got it

chat: send (^M)
modemd: modem_ppp_start:382 primary
SND: LCP Configure_Request id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 7CCF1AEA] [Protocol_Field_Compression] [Address-and-Control-Field-Compression]
modemd: run_state_machine state 2(dialing)
RCV: LCP Configure_Request id(27) len(25) [Asnync_Control_Character_Map 00 00 00 00] [Authentication_Protocol CHAP algorithm=MD5] [Magic_Number 038F0519] [Protocol_Field_Compression] [Address-and-Control-Field-Compression]
lcp_reqci: returning CONFNAK.
SND: LCP Configure_Nak id(27) len(8) [Authentication_Protocol PAP]
RCV: LCP Configure_Ack id(1) len(20) [Asnync_Control_Character_Map 00 00 00 00] [Magic_Number 7CCF1AEA] [Protocol_Field_Compression] [Address-and-Control-Field-Compression]
RCV: LCP Configure_Request id(28) len(24) [Asnync_Control_Character_Map 00 00 00 00] [Authentication_Protocol PAP] [Magic_Number 038F0519] [Protocol_Field_Compression] [Address-and-Control-Field-Compression]
lcp_reqci: returning CONFACK.
SND: LCP Configure_Ack id(28) len(24) [Asnync_Control_Character_Map 00 00 00 00] [Authentication_Protocol PAP] [Magic_Number 038F0519] [Protocol_Field_Compression] [Address-and-Control-Field-Compression]
SND: LCP Echo_Request id(0) len(8) [Magic_Number 7ccf1aea]
lcp_up: with mtu 1400
SND: PAP Authentication_Request id(1) peerid(len=0, )
RCV: LCP Discard_Request id(29) len(8)
RCV: LCP Echo_Reply id(0) len(12) [Magic_Number 038f0519]
RCV: PAP Authentication_Ack id(1) packet_len=5, message_len=0
SND: IPCP Configure_Request id(1) [IP_Address 0.0.0.0] [Primary_DNS_IP_Address 0.0.0.0] [Secondary_DNS_IP_Address 0.0.0.0]
RCV: IPCP Configure_Request id(18)
ipcp: returning Configure-NAK
SND: IPCP Configure_Nak id(18) [IP_Address 0.0.0.0]
RCV: IPCP Configure_Nak id(1) [IP_Address 100.111.41.158] [Primary_DNS_IP_Address 62.140.140.251] [Secondary_DNS_IP_Address 62.140.138.233]
SND: IPCP Configure_Request id(2) [IP_Address 100.111.41.158] [Primary_DNS_IP_Address 62.140.140.251] [Secondary_DNS_IP_Address 62.140.138.233]
RCV: IPCP Configure_Request id(19)
ipcp: returning Configure-ACK
SND: IPCP Configure_Ack id(19)
RCV: IPCP Configure_Ack id(2) [IP_Address 100.111.41.158] [Primary_DNS_IP_Address 62.140.140.251] [Secondary_DNS_IP_Address 62.140.138.233]
ipcp: up ppp:0x55c1b000 caller:0x5ec64560 tun:-1
Could not determine remote IP address: defaulting to 10.64.64.64Cannot determine ethernet address for proxy ARP
local  IP address 100.111.41.158
remote IP address 10.64.64.64
primary   DNS address 62.140.140.251
secondary DNS address 62.140.138.233
modemd: primary PPP link is up.
modemd: run_state_machine state 2(dialing)
modemd: modem state changed: 2(dialing) -> 3(connected)
modemd: run_state_machine state 3(connected)
modemd: run_state_machine state 3(connected)
modemd: run_state_machine state 3(connected)
modemd: run_state_machine state 3(connected)
modemd: run_state_machine state 3(connected)
SND: LCP Echo_Request id(1) len(8) [Magic_Number 7ccf1aea]
RCV: LCP Echo_Reply id(1) len(12) [Magic_Number 038f0519]
modemd: run_state_machine state 3(connected)
modemd: run_state_machine state 3(connected)
modemd: run_state_machine state 3(connected)
modemd: run_state_machine state 3(connected)

Stop this output with the following commands:
code:
1
2
diagnose debug disable
diagnose debug reset



Just in case:
Yes, I know I didn't hide my "public" IP. However, this is a very dynamic Carrier-Grade NAT IP, so you can be sure that that IP has changed by now. This also means that it is not possible to receive any incoming connections from the internet over the modem interface.

Tweakers vormt samen met Tweakers Elect, Hardware.Info, Autotrack, Nationale Vacaturebank, Intermediair en Independer de Persgroep Online Services B.V.
Alle rechten voorbehouden © 1998 - 2019 Hosting door True