Huawei E3372 USB LTE modem in HiLink mode
Hi all,
Are there any plans to fully support Huawei E3372 USB LTE modem in HiLink mode, including its LTE connection management?
It seems original E3372 modems (firmware 21.x and below) presented themselves to the host as USB serial (COM) devices, over which the host (PC or Firebox) would run PPP or NCM connection to the ISP.
However, current generation of E3372 sticks come with "HiLink" firmware 22.x, which instead presents the modem to the host as a USB network (RNDIS) device, with modem itself acting as a mini-gateway - it has built-in DHCP and HTTP servers, gives out IP4 address to the host in 192.168.8.0/24 range with 192.168.8.1 default GW, performs NAT, and can be managed via its web interface.
I was pleasantly surprised that my Firebox (firmware 12.2.1) recognized the modem, obtained IP4, and let me set it up as another external interface with fail-over from our main ISP - multi-wan, link monitor, SD-WAN (well, PBR for me), etc.
The kicker is that actual LTE connection state is now managed exclusively through modem's web interface - as opposed to "dialing" PPP/NCM connection with original "serial" modems - and Firebox has no clue how to do it. I can manually open modem's web UI in a browser from a LAN PC and toggle (connect/disconnect) it, but I'd prefer Firebox to manage it automatically to keep LTE data usage to a minimum ($$$).
Any plans on adding connection management to Fireware? It would amount to issuing (via curl) specific HTTP requests to modem's default GW address. I can supply HTTP traces of relevant actions if needed.
Thanks,
Paul
Answers
Hi Paul,
Thanks for writing.
We currently have a feature request in place for what looks like your modem:
FBX-16458 -- Huawei E3372 USB LTE Modem Variant (VID: 12d1 PID:1f1e)
We can verify the VID/PID of the device if plugged into the Firebox via support file, but you'd want to open a case to do that, as that would be viewable by anyone on the forums. If you're able to verify it yourself and it matches VID: 12d1 PID:1f1e, then this is currently being worked on.
Currently, firebox support for all modems is to simply open the connection in the event of failover. Any connection throttling/limits at a certain point would need to be worked out with your carrier or set up on the modem ahead of connection to the firewall.
Thank you,
-James Carson
WatchGuard Customer Support
Hi James,
Thank you for following up. I already have a support case #01274042 open, and had uploaded support file for it. I'm not getting any traction with that ticket, however - which is why I posted here. Could you give it a look?
Thanks again,
Paul
Hi @Paul
I'll ask that the support team pushes that up for you. It looks like they've escalated that case to a team that can assist you already.
Thank you,
-James Carson
WatchGuard Customer Support
James,
Thanks for following up, the ticket indeed appears to have been "escalated", but it looks like every Watchguard support tech - 3 so far - has a reading comprehension problem.
Any chance you could put me in touch with Watchguard product planning people responsible for USB modem support feature set?
Regards,
Paul
I just posted a new discussion about this, then found this one. 100% agree with this discussion. The 4G software needs to be reviewed.
Its embarrassing to supplied a new firewall but then have to provide additional bolt-ons (Netgear LB2120's or Nighthawks, or Netcomms/Dlinks) to run the 4G option due to software limitations. It also increases the chances of failure due to something being disconnected.
Hi @DaveDave
Due to the varying markets and regulatory requirements, it's not really feasible for WatchGuard to offer a cellular "bolt on" modem for the firebox. The best approach we've found so far is to support the devices available in each market as we can.
If you have a device that's not supported yet, we'd be happy to look into supporting it in the future.
-James Carson
WatchGuard Customer Support
To close the loop on this thread, I ended up manually leaving the USB modem LTE connection always on - which it maintained even through a Firebox reboot - and setting up a combination of multi-WAN fallback and policy-based routing (SD-WAN in Fireware 12.3+) to keep traffic normally flowing through our ISP interface, fall over to LTE when ISP is down, and fall back to ISP once its link recovers.