Teltonika TRB140

I recently had extended connection timeout issues with my ISP, and my trusty T70 failed over to the 4G dongle. However, the ISP that provides the 4G service is insanely expensive (Australian WatchGuard users will know which one I mean) and WatchGuard has a very limited pool of USB dongles to choose from and only one of which seems to work in Australia (the other one is no longer available).

So, I spoke to another college, who does not use a WatchGuard box, but uses a Teltonika TRB 140 Gateway plugged into an Ethernet port on their Firewall appliance.

No problem I says, anything that box can do, the WatchGuard T70 can do.

After a few days, I am still not able to connect the TRB140 to the T70. I have tried NAT mode, bridge mode and pass-through mode on the TRB140. I have also tried DHCP and static IP mode on the FireBox, but no luck.

The only other reference to a Teltonika device and WatchGuard was using a router mode RUT90 and a T20.

Has anyone else managed to get one of these things connected to a WatchGuard box?

Adrian from Australia

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    I've heard of customers using a similar Netgear device -- as far as the firewall is concerned at that point it's just a normal external interface.

    If the upstream Teltonika device is loosing connection, you should be able to verify it as such by plugging a computer, etc, directly into it. Since the Firebox isn't controlling the connection status of the USB dongle anymore, it will just assume the connection is up if link is up (unless link monitor is configured and link-monitor fails.)

    The dwindling number of 4G USB devices was the reason for the LTE module for the T80.

    If your provider has a USB dongle that we don't specifically support I'd suggest opening a support case with the details for it and we can work on getting it added to the supported devices list.

    -James Carson
    WatchGuard Customer Support

  • Thank you for the response James.

    A computer plugged into the TRB140 device works perfectly. I agree with your comment that the FireBox should just see it as a normal external device. Clearly, I have missed something obvious and I need to do some more thinking here.

    Also, thanks for the advice on the USB dongles. It is nice to know that this is a potential direction for me.

    Adrian from Australia

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @xxup
    Without any other info to work on, my hunch is that the upstream device is shutting the connection down unless it sees something specific (perhaps a internet connectivity check from windows, or a DNS query) and simply not bringing it back up till it sees that again.

    If you're able to, I would suggest querying the manufacturer of that device and asking what specifically it's looking to see /if/ that is the case.

    For example, when the firebox is controlling the 4G USB dongle, it will actually hang up the connection (or disconnect it) rather than leaving it on/open at all times. When the connection is needed, the firebox dials the connect command that's specified for that modem type to make the connection start. Since the TRB140 is doing all that transparently, it's likely waiting for something to happen to do that.

    Once we know what it is, it should be trivial to make a PBR/SDWAN type rule to force what it's looking for out that connection to get it online.

    -James Carson
    WatchGuard Customer Support

  • edited June 23

    Thank you for your help James.

    I apologise for the delay with my response. The past three weeks have been a nightmare and now I have &^%&^$% COVID, so I am quarantined at home! Anyway, I had a whole afternoon of consciousness to work on this problem that crept up to #1 on the to do list.

    I dragged out an out of support T35-W NFR box (updated with 12.5.9 Update 2) and factory reset the box, and followed these steps:
    1. Obtain the MAC address of a spare (and not a POE port - the Ethernet port supports a non-standard POE and can self-destruct) on the Firebox. You also need to have one port set to the default 10.0.1.1 address so that you can connect via a PC and check that everything is working.
    2. Set the Firebox port to Type External and DHCP - no other changes to the default except to give the port a name (e.g. External-4G) and a description.
    3. Connect the USB cable from a PC to the TRB140.
    4. Log into the TRB 140 portal using the default settings.
    5. On the TRB 140, which was previously also factory reset, I set the timezone and changed the Mobile Mode to "Passthrough" and added the MAC address of the FireBox port obtained in step 1. Save these settings and wait for a minute or so.
    6. Power down the TRB140 and remove the USB cable.
    7. Connect a cat6 cable from the Firebox port to the Ethernet port on the TRB140. Connect a PC to the LAN port on the Firebox and no connection in the WAN port.
    8. Switch on the TRB 140 and wait about 5 mins.
    9. Switch on the Firebox and wait for it to boot.
    10. From the PC log into the WebUI, traverse to Dashboard > Interfaces and you should see the External-4G port is now working with a populated IP address.

    So why did it not work when I tried this weeks ago?
    1. I attempted to do this in a production environment thinking that this will take 5 minutes - and broke one of my own golden rules. Even when I realised that two hours had passed, I did not fall back to basics.

    1. The Firebox that was used for the original configuration attempt is one that sits in front of three other Fireboxes. The problem is that the second external port will not populate while the External link is up. I did think of this and pulled the External link late at night, but it still did not work.

    2. That Firebox is also configured to autoblock IP addresses that generate unhandled external packets that try to do naughty things. I noticed, while watching the T35-W that the TRB140 sends a port 67 packet briefly and I suspect that the Firebox blocked the TRB140's traffic thereafter.

    Anyway, it all works now and I have given myself the "slap of awareness".

    Adrian from Australia

Sign In to comment.