Thursday, August 26, 2010

FortiNet 3G Redundacy

Changing the default distance on the 3G connection

FGT# conf sys modem
FGT# set distance <1-255>
FGT# end

You need one default route for each interface. Indicate which route is preferable by specifying the distance - the lower distance route is declared active and placed in the routing table.

Determining whether link is down (ping servers)Define the ping server - this is a device that will respond to ping thereby indicating whether that link is up. It is usually recommended that you use the next hop / gateway device as your ping server.

Define the ping server under System>Network>Edit Interface.

Firewall policies
You must define duplicate firewall policies to ensure that after traffic fails over, it is permitted through the firewall. For example, Internal>WAN1 & Internal>WAN2.

Setting up the modem for NZ (Vodafone)

config system modem
set status enable
set mode redundant
set connect-timeout 30
set interface "wan1"
set phone1 "*99***1#" #This is specific to Vodafone
set extra-init1 "AT&FE0V1X1&D2&C1S0=0" #This appears to be specific to Vodafone E220
set distance 100
config system interface
edit "wan1"
set detectserver "" #Find some reliable upstream server to ping test

3G Telecom Settings

set phone1 "#777"
set username1 "mobile@jamamobile"
set passwd1 "telecom"
#No “extra-init1” is necessary

Notes to Self: 

Dont forget the ping server!

Currently 3G redundancy only works for one interface , eg one internet connection, so in the case of VPN redundancy and multiple connection to the internet, place the redundancy on the last resort connection. 

No comments:

Post a Comment