LTE WAN Failover with Sophos XG

Living in the land of moose and trees, power outages are a way of life. Either you’re fortunate enough to have an automatic standby generator, like a Generac, or you have a portable generator with the beloved “widowmaker” cobbled extension cord.

The problem with power outages here as opposed to somewhere like Texas is the outages up here are often due to trees coming down on the lines – which also takes down cable internet.

Of course we can tether our mobile phones to our laptops but that doesn’t do anything for the RokuTV, aka “The Babysitter”. And anyone who has let a 3 year old use their laptop understands why using my Macbook Pro 2013 nor my wife’s i7 Asus Zenbook are not options. We could also just let her use her Amazon Fire tablet, aka “The Other Babysitter”, but that’s just too easy, ok!?

On our Generac I am running a DIY-project that monitors and controls the outage and exercise cycles. While the exercise cycles are of little importance, I do want to know if the power goes out while I’m away from the house. The notification is controlled by a small box that is roughly 50 feet away from the house so no amount of tethering will work there.

Running a Sophos XG135w gives me a few options. If this were the XG135, and not the -w version with integrated wireless, I could get an LTE add-on card that just needs a SIM card and some minor setup. Alas, because I have built-in wireless, an all-one-box is not an option. Truthfully, even if it were an option, those add-on cards are very expensive.

Apparently prices have gone up…I blame COVID…they used to be around $80 but now around $100, the Netgear LB1120 is an LTE modem that outputs via ethernet as opposed to many of the other modem options that are basically fancy hotspots.

So you put your activated SIM card into the LB1120. I’ve used this model with Google Fi which runs on US Cellular, T-Mobile, and Sprint. We don’t have Sprint up here in the North Pole but USC and TMo are decent enough. I’m now running it with a VZW SIM and holy cow! The signal strength is so much better. I was getting about 2 bars with any carrier on Google Fi and I now get 4 bars on VZW.

Once the activated SIM card is inserted, plug in the power and plug in the ethernet cable to your computer. Power on the device. Navigate to http://192.168.5.1 (default) and login using the password printed on the bottom of the modem (varies by device).

The only required change is to set the LB1120 as Bridge as Router is default. If you’re running Google Fi, you’ll need to set the APN to h2g2. Next time I’m doing maintenance, I’ll take screenshots since I need to either remove the modem from the network or let a failover occur.

Once your changes are made, shutdown the LB1120. Plug in an ethernet cable from the LB1120 to a port on the XG135w. I used Port 8 for no real reason. Port 1 is screen-printed LAN, Port 2 WAN and Port 3 DMZ. Since these are only screen-prints and we can configure these ports however we want, it’s really only my OCD that keeps me from using Port 3. So yes, Port 8. Could I have used Port 4? Sure. But it’s Port 8.

Port 1 – LAN
Port 2 – WAN
Port 3 – DMZ
Port 8 – LTE

Ok, so once you have the physical connections made, login to the XG. https://172.16.16.16:4444, default.

Network> Interfaces> Select the port that is connected to the LB1120. In my case, Port 8.

XG_Interfaces

I changed the name to LTE, again, OCD. Name the interface whatever you want.
Network Zone: WAN
IP assignment: DHCP
Gateway Name: DHCP_LTE_GW Name this whatever you want. I chose to keep with the default naming convention for the gateway.
Save.

Network> WAN Link Manager> Because we selected WAN as the Network Zone previously, we will notice the new Gateway shown.

Click on the new IPv4 Gateway. Mine is named DHCP_LTE_GW.

Set the Interface Type. This will be a Backup connection so I will unsurprisingly select “Backup”

Set the Interface Details according to your needs. The verbiage is nice and simple so you can tune this to your usage.
Activate this Gateway: If DHCP_Port2_GW fails.
Action on Activation: Inherit the weight of failed active gateway.
Action on Fallback: Serve all connections through restored gateway.
Save.

I left the Failover Rules at default.

That should do it. I tested my setup by unplugging my cable modem and it did, indeed, fail over appropriately. It happened fast enough that Netflix didn’t buffer and my beloved, possessed offspring didn’t even notice! The speedtest showed 14Mbps which isn’t amazing by cable standards but when you consider this is Verizon going through trees, to my cellular booster on my metal roof, to and out my indoor dome cellular booster antenna, and into my LTE modem in my basement.

Leave a Reply

Your email address will not be published. Required fields are marked *