Direct IP support for LTE/4G

Direct IP is a public IP address that is assigned to a computing device, which allows the device to directly access the internet.

When an LTE modem is enabled in FortiOS, a DHCP interface is created. As a result, the FortiGate can acquire direct IP (which includes IP, DNS, and gateway) from the LTE network carrier.

Since some LTE modems require users to input the access point name (APN) for the LTE network, the LTE modem configuration allows you to set the APN.


LTE modems can only be enabled by using the CLI.

To enable direct IP support using the CLI:
  1. Enable the LTE modem:
    config system lte-modem
      set status enable
  2. Check that the LTE interface was created:
    config system interface
      edit "wwan"
        set vdom "root"
        set mode dhcp
        set status down
        set distance 1
        set type physical
        set snmp-index 23

    Shortly after the LTE modem joins its carrier network, wwan is enabled and granted direct IP:

    config system interface
        edit wwan
    name                : wwan
    ip                  :
    status              : up
    defaultgw           : enable
    DHCP Gateway        :
    Lease Expires       : Thu Feb 21 19:33:27 2019
    dns-server-override : enable
    Acquired DNS1       :
    Acquired DNS2       :

    PCs can reach the internet via the following firewall policy:

    config firewall policy
      edit 5
        set name "LTE"
        set srcintf "port9"
        set dstintf "wwan"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set fsso disable
        set nat enable

Sample LTE interface

When an LTE modem is enabled, you can view the LTE interface in the GUI and check the acquired IP, DNS, and gateway.

To view the LTE interface in the GUI:
  1. Go to Network > Interfaces.

  2. Double-click the LTE interface to view the properties.

  3. Look in the Address section to see the Obtained IP/Netmask, Acquired DNS, and Default Gateway.