USB/Ethernet interface (for USB key/modem)

USB/Ethernet interfaces are used in remote connections when your modem is directly connected to the firewall’s USB port. You can add only one USB/Modem interface on your firewall.

A USB/Ethernet interface is automatically created whenever a HUAWEI 4G USB modem that supports the HiLink feature is connected to the firewall and then configured. If you are using another USB modem, a modem profile must be configured before a USB/Ethernet interface can be created.

NOTE
If your modem must be plugged into the firewall's Ethernet port or serial port (PPPoE/PPTP modem), refer to PPPoE/PPTP modem interface.

Modem profile control panel

Click on Edit > Modem profiles to open the control panel of a modem profile. Two modem profiles can be defined; select one of them.

Status

ON / OFF Set the switch to ON / OFF to enable/disable the modem profile.

General settings

Name Enter a name for the modem profile.
Model Enter the model of the modem for which the profile is being created (open text field).
Vendor ID ID specific to each modem vendor (Vendorid or VID). This is a hexadecimal string.
Initial product ID Product ID (Productidinit) after it has been recognized as a USB storage device. This parameter is specific to each modem model.
Target product ID ID representing the product when it is in modem mode (ProductId or PID). This parameter is specific to each modem model.
MessageContent for modem mode This is a character string that allows the firewall to detect the USB device connected as a modem (ModeSwitchString).

Advanced configuration

Configuration command port This is the number of the dedicated serial port for sending configuration commands ("AT" commands) to the modem. The most common value is 0.
Monitoring command port This is the number of the dedicated serial port for sending monitoring commands ("AT" commands) to the modem. The most common value is 1.
Initialization string no. 1, 2 and 3

These strings are optional and allow you to send "AT" configuration commands to the modem before it is used.

EXAMPLES
ATZ: command to reinitialize the modem
AT^CURC=0: command that allows periodic messages to be disabled)

USB/Ethernet interface control panel (for USB sticks/modems)

Configuring profiles When no modem profiles are defined or active, a message will prompt you to configure a modem profile. For further information, refer to the section Modem profile control panel

General settings

Name Name of the interface. Cannot be changed.
Comments Allows you to enter comments regarding the interface.
This interface is

An interface can be:

  • Internal (protected): when this option is selected, this means that the interface is protected (a shield appears). a protected interface only accepts packets coming from a known address range, such as a directly connected network or a network defined by a static route. This protection includes remembering machines that have logged on to this interface, conventional traffic security mechanisms (TCP) and implicit rules for services offered by the firewall such as DHCP.

  • External (public): choosing this option indicates that the interface does not benefit from the protection of a protected interface and can therefore receive packets coming from any address range (which are not assigned to internal interfaces). This type of interface is used mainly to connect the firewall to the Internet.

Address range

Dynamic IP (obtained by DHCP)

When this option is selected, the IP address of the interface will be defined by DHCP. An Advanced DHCP properties zone appears with the following parameters:

  • DNS name (optional): a fully qualified DHCP host name (FQDN) can be indicated for the DHCP request.

    If a value is entered in this field and the external DHCP server has the option of automatically updating the DNS server, the DHCP server automatically updates the DNS server with the name of the firewall, its assigned IP address and allocated lease time (field below).

  • Requested lease time (seconds): in addition to the DNS name, enter the duration for which the IP address is kept before renegotiation.

  • Request domain name servers from the DHCP server and create host objects: select this parameter so that the firewall will retrieve DNS servers from the DHCP server (access provider, for example) that provided its IP address. When this option is selected, two objects will be created: Firewall_<interface name>_dns1 and Firewall_<interface name>_dns2. They can then be used in the configuration of the DHCP service. So if the firewall provides the users on its network with a DHCP service, the users will also benefit from the DNS servers given by the access provider.

Fixed IP (static)

When this option is selected, the IP address of the interface will be static. A grid appears, in which you must add the IP address and its subnet mask. Several IP addresses and associated masks can be added if aliases need to be created, for example. These aliases allow you to use the firewall as a central routing point. As such, an interface can be connected to various sub-networks with a different address range.

If you add several IP addresses (aliases) to the same address range, these addresses must all have the same mask. Reloading the network configuration will apply this mask to the first address and a /32 mask to the addresses that follow.