Direct IP is a public IP address that is assigned to a computing device, which allows the device to directly access the internet.
When an LTE modem is enabled in FortiOS, a DHCP interface is created. As a result, the FortiGate can acquire direct IP (which includes IP, DNS, and gateway) from the LTE network carrier.
Since some LTE modems require users to input the access point name (APN) for the LTE network, the LTE modem configuration allows you to set the APN.
LTE modems can only be enabled by using the CLI.
- Enable the LTE modem:
config system lte-modem set status enable end
- Check that the LTE interface was created:
config system interface edit "wwan" set vdom "root" set mode dhcp set status down set distance 1 set type physical set snmp-index 23 next end
Shortly after the LTE modem joins its carrier network,
wwanis enabled and granted direct IP:
config system interface edit wwan get name : wwan .... ip : 100.112.75.43 255.255.255.248 .... status : up .... defaultgw : enable DHCP Gateway : 100.112.75.41 Lease Expires : Thu Feb 21 19:33:27 2019 dns-server-override : enable Acquired DNS1 : 18.104.22.168 Acquired DNS2 : 22.214.171.124 ....
PCs can reach the internet via the following firewall policy:
config firewall policy edit 5 set name "LTE" set srcintf "port9" set dstintf "wwan" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set utm-status enable set fsso disable set nat enable next end
When an LTE modem is enabled, you can view the LTE interface in the GUI and check the acquired IP, DNS, and gateway.
Go to Network > Interfaces.
Double-click the LTE interface to view the properties.
Look in the Address section to see the Obtained IP/Netmask, Acquired DNS, and Default Gateway.
Go to Policy & Objects > Firewall Policy.
Edit the LTE policy.
In the Outgoing Interface field, select the interface (
wwanin this example).
Configure the rest of the policy as needed.
Most LTE modems have a preset APN in their SIM card. Therefore, the APN does not need to be set in the FortiOS configuration. In cases where the internet cannot be accessed, consult with your carrier and set the APN in the LTE modem configuration (for example, inet.bell.ca):
config system lte-modem set status enable set apn "inet.bell.ca" end
Some models, such as the FortiGate 30E-3G4G, have built-in LTE modems. In this scenario, the LTE modem is enabled by default. The firewall policy via the LTE interface is also created by default. Once you plug in a SIM card, your network devices can connect to the internet.
config system lte-modem set status enable set extra-init '' set manual-handover disable set force-wireless-profile 0 set authtype none set apn '' set modem-port 255 set network-type auto set auto-connect disable set gpsd-enabled disable set data-usage-tracking disable set gps-port 255 end
config firewall policy .... edit 3 set srcintf "internal" set dstintf "wwan" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set nat enable next end