USB modem configuration
I am planning to set up a backup Internet connection on Firebox T15 with Pantech UML295 USB modem for the first time.
I have two questions so far:
Should I request any specifics from Verizon to configure this on Firebox?
Will I be able to use this for failover of BOVPN Gateway and BPOVPN Virtual Interface?
Thank you.
0
Sign In to comment.
Answers
Hi @maestro
So long as the device meets the specs here, it should work with no issue:
https://techsearch.watchguard.com/KB/?type=KBArticle&SFDCID=kA2F00000000LNXKA2&lang=en_US
Pantech UML295
Vendor ID: 0x10a9
Product ID: 0x6064
(the vendor ID and product ID are how the USB modem identify itself to the piece of hardware it's plugged into.)
The only thing you'll need to add to the VPN is the new gateway for the modem interface. If it's DHCP, adding a dynamic IP will likely be your best bet. See: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/vpn_nat_c.html?
-James Carson
WatchGuard Customer Support
Thank you, James.
I will see how it goes. Firs time is always interesting
I also need a failover of BOVPN Virtual Interface for AWS tunnel, and not sure about this either.
I read "In Fireware v12.1 and higher, the modem is available as an external interface, and modem failover is enabled. The modem has a higher metric (lower priority) than other external interfaces. If all other external interfaces become unavailable, traffic automatically fails over to the modem interface."
Does this mean I do not need to configure multi-wan and link monitor?
I probably have to, otherwise if ISPs router connected to the other external interface is powered on, the traffic will never go out of modem, even when there are Internet issues at that ISP?
When you add a Modem, it is not included as an active member of the default Multi-WAN option - Routing Table. I see no need to modify it, because:
"If all other external interfaces become unavailable, traffic automatically fails over to the modem interface." automatically
From the "Configure a Modem Interface" page, it says "To prevent unwanted bandwidth consumption, link monitor is not enabled for modem interfaces by default." I see no need to enable it, since the Modem will only be used as a backup when the primary is down.
Yes, I meant enabling link monitor on the other external interface, not the modem interface.
The external interface will go down only when the device connected to it (ISP router) is off as much as I understand. But when there are Internet connection issues at the ISP, the ISP router does not really power off, so, Firebox will keep sending the traffic to ISP router, if link monitor is not configured to ping some external IP or TCP 80 lets say www.google.com.
Am I missing something?
Yes, I would set up Link Monitor on the primary WAN interface to something upstream from your local ISP device.
I see. So, yes - to link monitor on the primary WAN interface, but no - to adding modem to multi-wan in failover mode?
Setting up multi-wan failover mode allows to configure some other options like "Gradual Failback" or multi-wan notifications.
I think that is a good idea?
Yes
re. gradual failback - that is a cost of your Modem service & the speed of the Modem link vs the advantage that Gradual Failback gives your Moden based connections