|
Note
|
This is the help page for using an external 3G wireless WAN interface on the SonicWALL
UTM appliance. For help with using an external analog modem interface, see “Modem” section
.
|
This chapter describes how to configure the 3G wireless WAN interface on the SonicWALL UTM appliance. It contains the following sections:
This section provides an overview of 3G. It contains the following sections:
Some SonicWALL security appliances support 3G (Third Generation) Wireless WAN connections that utilize data connections over 3G Cellular networks. The 3G connection can be used for:
|
•
|
Temporary networks where a pre-configured connection may not be available, such as
trade-shows and kiosks.
|
Wireless Wide Area Networks provide untethered remote network access through the use of mobile or cellular data networks. While legacy cellular networks, such as GSM, were only able to provide data rates of about 14 Kbps, today's emerging 3G technologies (such as UMTS and HSDPA) provide theoretical data rates of up to 10 Mbps, rivaling many wired technologies.
The cellular networks powering Wireless Wide Area Networking have been evolving very quickly, and as a result comprise many different implementations. Fundamentally, they fall into two protocols:
|
•
|
GSM - Global System for Mobile Communication
- The most widely used protocol outside of the Americas. GSM is often regarded as less susceptible to signal degradation indoors. Although GSM is used both in the Americas and the rest of the world, the American implementation operates on a different frequency, and interoperability is not guaranteed unless explicitly supported by the equipment.
|
|
•
|
CDMA - Code Division Multiple Access
- The most widely used protocol in the Americas. CDMA has capacity advantages over GSM, but congestion tends to reduce its operating range.
|
The WAN Connection Model setting provides flexible control over WAN connectivity on SonicWALL appliances with 3G. Accessible from the Network > Interfaces page of the management interface, the WAN Connection Model settings allows the administrator to precisely control the behavior of the 3G connection. The three settings are as follows:
|
•
|
3G Only
– For use when the 3G is the only WAN connection in use on the appliance.
|
|
•
|
Ethernet Only
– For use when the 3G is to be disabled. The Ethernet WAN (the WAN port, OPT port, or both) is the only WAN connection in use on the appliance.
|
|
•
|
Ethernet with 3G Failover
– For use when both the 3G and the Ethernet WAN (the WAN port, OPT port, or both) are to serve as WAN connections on the appliance.
|
In addition to the WAN Connection Model setting, the following changes were also introduced in SonicOS Enhanced 3.6 (and later versions) to optimize the operation of the 3G interface:
|
•
|
To more accurately reflect the operation of WAN load balancing and Failover sub-system,
the WAN Failover & LB
page has been renamed to Ethernet LB
.
|
|
•
|
Failover between the Ethernet WAN (the WAN port, OPT port, or both) and the 3G is
supported through the WAN Connection Model
setting, but Load-balancing is currently only supported on Ethernet WAN interfaces. 3G interface traffic statistics will continue to be displayed in the WAN Load Balancing Statistics table on the Network > Ethernet LB
page.
|
|
•
|
The WAN Load-balancing and Failover sub-system is now permanently enabled for more
transparent support of the WAN Connection Model
setting. This was previously controlled by the Enable Load Balancing
setting on the WAN Failover & LB
page.
|
|
•
|
3G interface probe monitoring appears on the
3G > Settings
page under the 3G Interface
Monitoring
heading. (Ethernet WAN interface probe settings is unchanged on the Network
> Ethernet LB
page under the WAN Interfaces Monitoring
section.)
|
When the WAN Connection Model is set to Ethernet with 3G Failover , the WAN (Ethernet) interface is the primary connection. If the WAN interface fails, the SonicWALL appliance fails over to the 3G interface.
|
Note
|
It is important to note that the WAN-to-3G failover pro
cess is different for the three different 3G Connection Profile dial types: Persistent
, Dial on Data
, and Manual Dial
.
|
The following sections describe the three different methods of WAN-to-3G failover:
The following diagram depicts the sequence of events that occur when the WAN ethernet connection fails and the 3G Connection Profile is configured for Persistent Connection .
|
1.
|
Primary Ethernet connection available
– The Ethernet WAN interface is connected and used as the primary connection. 3G is never connected while the Ethernet WAN interface is available (unless an explicit route has been configured which specifies 3G as the destination interface).
|
|
2.
|
Primary Ethernet connection fails
– The 3G connection is initiated and remains in an “always-on” state while the Ethernet WAN connection is down.
|
If a secondary Ethernet WAN (the OPT port) is configured, the appliance will first failover to the secondary Ethernet WAN before failing over to the 3G. In this situation, 3G failover will only occur when both the WAN and OPT paths are unavailable.
|
3.
|
Reestablishing Primary Ethernet Connectivity After Failover
– When the Ethernet WAN connection (either the WAN port or the OPT port, if so configured) becomes available again, all LAN-to-WAN traffic is automatically routed back to the available Ethernet WAN connection. This includes active connections and VPN connections. The 3G connection is closed.
|
|
Caution
|
It is not recommended to configure a policy-based route that uses the 3G connection when
the WAN Connection Model
is set for Ethernet with 3G Failover
. If a policy-based route is configured to use the 3G connection, the connection will remain up until the Maximum Connection Time (if configured) is reached.
|
The following diagram depicts the sequence of events that occur when the WAN ethernet connection fails and the 3G Connection Profile is configured for Dial on Data .
|
1.
|
Primary Ethernet connection available
– The Ethernet WAN interface is connected and used as the primary connection. 3G is never connected while the Ethernet WAN interface is available (unless an explicit route has been configured which specifies 3G as the destination interface).
|
|
2.
|
Primary Ethernet Connection Fails
– The 3G connection is not established until qualifying outbound data attempts to pass through the SonicWALL appliance.
|
|
3.
|
3G Connection Established
– The 3G connection is established when the device or a network node attempts to transfer qualifying data to the Internet. The 3G connection stays enabled until the Maximum Connection Time (if configured) is reached
.
|
|
4.
|
Reestablishing WAN Ethernet Connectivity After Failover
– When an Ethernet WAN connection becomes available again, all LAN-to-WAN traffic is automatically routed back to the available Ethernet WAN connection. The 3G connection is closed.
|
|
Caution
|
It is not recommended to configure a policy-based route that uses the 3G connection when
the WAN Connection Model
is set for Ethernet with 3G Failover
. If a policy-based route is configured to use the 3G connection, the connection will remain up until the Maximum Connection Time (if configured) is reached.
|
The following diagram depicts the sequence of events that occur when the WAN ethernet connection fails and the 3G Connection Profile is configured for Manual Dial .
|
Caution
|
It is not recommended to use a
Manual Dial
3G Connection Profile when the WAN
Connection Model
is set for Ethernet with 3G Failover
. The Manual Dial
3G Connection Profile is only intended to be used when the device's WAN Connection Model is set to 3G
Only
in the Network > Interfaces
page.
|
|
1.
|
Primary Ethernet Connection Available
- The Ethernet WAN is connected and used as the primary connection. 3G is never connected while the Ethernet WAN connection is available.
|
|
2.
|
Primary Ethernet Connection Fails
- The 3G connection is not established until the administrator manually enables the connection.
|
|
3.
|
3G Connection Established
– A 3G connection is established when the administrator manually enables the connection on the SonicWALL appliance. The 3G connection stays enabled until the administrator manually disables the connection.
|
|
4.
|
Reestablishing WAN Ethernet Connectivity After Failover
– Regardless of whether the an Ethernet connection becomes available again, all LAN-to-WAN traffic will still use the
manually enabled 3G connection
until the connection is manually disabled by the administrator. After a manual disconnect, the available Ethernet connection will be used.
|
To use the 3G interface you must have a 3G PC card and a contract with a wireless service provider. Because both GSM and CDMA provide virtually the same performance, a 3G service provider should be selected based primarily on the availability of supported hardware. SonicOS Enhanced (3.6 and later versions) supports the 3G PC cards listed online at:
http://www.sonicwall.com/us/products/cardsupport.html
SonicOS Enhanced supports the following 3G Wireless network providers (this list is subject to change):
|
•
|
|
•
|
|
•
|
|
•
|
|
•
|
Before configuring the 3G interface, you must complete the following prerequisites:
|
•
|
Insert the 3G PC card into the SonicWALL appliance
before
powering on the SonicWALL security appliance.
|
|
Note
|
The 3G PC card should only be inserted or removed when the SonicWALL security
appliance is powered off.
|
For information on configuring these prerequisites, see the SonicWALL Getting Started Guide for your model.
The following sections describe how to configure the 3G interface on the SonicWALL appliance:
Most of the 3G settings can also be configured on the Network > Interfaces page. 3G Connection Profiles can only be configured on the 3G > Connection Profiles page.
The 3G > Status page displays the current status of 3G on the SonicWALL appliance. It indicates the status of the 3G connection, the current active WAN interface, or the current backup WAN interface. It also displays IP address information, DNS server addresses, the current active dial up profile, and the current signal strength.