Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 27642 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LTE modem with passthrough of external IP address

dma0

Hi there. I am having some challenges in terms of finding a suitable LTE modem to use with Sophos XG. I currently have a Huawei B882 hub that is connected to an ethernet port on the computer running XG. Unfortunately the problem with this device is that it uses NAT and lacks through a passthrough mode (i.e. so the external IP address is not presented to XG). In other words, the usual problems arise with double-NAT.

For some reason, I seem to be having trouble finding a suitable LTE device that has a passthrough mode or is just a "bare" modem. I'm in Canada, and the devices offered by my service provider include the following:

  • Novatel Wireless MiFi 7000
  • Novatel Wireless MiFi 6630
  • HUAWEI LTE E8372 Hotspot Turbo Stick
  • ZTE MF275R Turbo Hub

I looked into each of these devices and it appears none of them have passthrough. The Huawei device seemed promising because it happened to be on the compatibility list for XG, which I thought was interesting because I would have thought the double-NAT issue would still arise. That being said, I was a bit hesitant to purchase it to conclusively find out.

I was just curious how others manage to deal with this particular issue. For example, does the XG have something to manage this when using dongles (in contrast to the hub I'm currently using)? Is there a way to configure things to avoid the problem? Any thoughts or suggestions would be most appreciated. 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    So when you plug the device on the XG interface what will happen? It gives an IP address to the XG interface or a private address through its DHCP. I am trying to understand your requirement before suggesting you an answer.

    Thanks

  • 0 in reply to sachingurung

    Thank you Sachin. It would be the latter. My current device does not pass through the public IP address assigned by my ISP to XG. It instead assigns XG a private IP address using DHCP.  I have not found a way to get my current device to just pass through the public IP address.

    My understanding is that the other devices I listed above also do the same thing - namely, no pass through mode.

    I am wondering if there is a way to overcome this with the Huawei stick listed above, insofar as it's on the compatibility list. Or alternatively, if there is an LTE device that is available in North America, is compatible with XG and can pass through a public IP address.

  • +1 in reply to dma0

    A year ago, I evaluated a device for the same requirements. We are recommending Zyxel LTE4506 to our customers. This device can act as a bridge, passing trough the ISP's "public" IP Adress.

    Public in "" because ISP in Switzerland often do not give you a public IP in 3G/4G. If your ISP does different, you'll feel lucky with that device.

     

    Edit: I've just seen 3 of your Devices mentioned in your post above are USB-3G/4G Sticks. For professional environments, I'm strongly disadvising to use kind of these, because they are known to cause problems with firmware etc. etc. Using a 3G Router with RJ45 Interface can prevent you from any of those problems. Even if you use XG Firewall in Cluster mode, this Solution is still suitable.

  • 0 in reply to HuberChristian

    Thank you very much Huber. That's exactly the sort of thing I was looking for. Now to see if I can find one here...

  • 0 in reply to dma0

    In case anyone is interested, I ended up purchasing a Netgear LB1120 LTE Modem. It has a bridge mode that exposes the external IP address to Sophos. In testing it attached directly to a PC, worked like a charm.

    Unfortunately one issue I have with it when attached to the Sophos is that it seems to be going up and down every few minutes. Checking the dgd.log file indicates that pings keep failing (then succeeding, then failing, etc.). Not sure if that's an issue with the modem, the LTE carrier or Sophos. I've tried tweaking the MTU to 1476 (as recommended by the carrier) and changing the ping IP address to a nearby dedicated ping service provider, but neither seems to have helped. Rather unfortunate. If anyone has any suggestions they would be most appreciated.

  • 0 in reply to dma0

    Sorry forgot to mention that I got the Netgear because it was more readily available (and cheaper) in North America as compared to the Zyxel.

  • 0 in reply to dma0

    Dma0, I have the exact same setup as you and I’m have the same ping problems. Did you get this problem resolved?

Reply Children
  • 0 in reply to nappe12

    Unfortunately no. I've just decided to live with it. Even though I get the messages, when it fails over to LTE I don't see much in the way of actual interruption (if any), so it's more an annoyance than anything else.

    I should also mention that the most recent firmware update for the Netgear reduces the frequency of the up/down messages quite a bit. Instead of a dozen times a day, it now only happens once every 2-8 days.

    Lastly, I should mention that I vaguely recall something similar to this happening on my old UTM install. I was more obsessive compulsive back then, and ultimately figured out that it was due to a problem or incompatibility with a specific feature of a specific Intel NIC (which happens to be the one I had), but it could be fixed by SSHing into UTM and manually changing a NIC setting (which had to be redone each time the firmware was upgraded). Can't say it's the same thing with XG and at this point haven't bothered looking into it further because I'm now older and lazier. 

    Sorry I couldn't be of more help.