Comments on: Experiences with the Verizon Wireless Network Extender

By: Dan Strom

Dan Strom — Thu, 28 Jul 2011 13:09:54 +0000

Jim-
I would suggest putting a sniffer on the ethernet segment between your network extender and the fortigate. Watch the packets that are being sent and make sure there are rules in the firewall to allow them to pass. Take note of the destination IP address. Then watch outside the firewall for packets from that IP address. You should be able to reverse-engineer the connection to the point you can get traffic to pass successfully.

One of the problems with the network extender is that there is a complete lack of technical documentation available to the end-user.

Good luck!
- Dan

By: Jim Perry

Jim Perry — Thu, 28 Jul 2011 03:07:54 +0000

I have an older model network extender that the power supply died on. while searching for a replacement, i got verizon to ship me a new extender. For the life of me, i cannot get the second one to connect. I am behind a fortigate fg-60 firewall and required no special firewall rules for the original (since back in service – functioning flawlessly), however the newer one will not sync up with big red. They are both behind the same firewall. Have you ever discovered anything else technically related to what this thing wants for access? It is in my account and authorized, yet it does not want to connect. this is the replacement to the second one, and so far no better than the original replacement i ordered. meanwhile, the “old” model is workin just fine in the house. i want to get the other one working in my shop.

Thanks for the info!

By: Interested

Interested — Wed, 28 Jul 2010 01:43:00 +0000

Well I believe a Man-in-the-Middle could work on the IPSEC? I would think that is beyond the scope of my skills tho

But I am disapointed the ipsec prevents you from setting up QOS. If you cant control your packets, how can you configure your router for Interweaving & Fragmenting? (here’s a simple explaination link)
https://learningnetwork.cisco.com/thread/1800
Answer is you can’t.

Also, is anyone aware of the cisco product, hwic-3g-cdma-v.
A cisco 2600 router is cheap nowadays, and if the ipsec tunnel ends in the network extender, then this device should circumvent ipsec all together.

By: d.strom, cissp, gsec, gsna

d.strom, cissp, gsec, gsna — Wed, 07 Jul 2010 13:29:54 +0000

I took mine down due to insufficient bandwidth from my fixed wireless ISP. It built an IPSec tunnel using standard IPSec ports. I was not that thrilled that I had to expose the IP for the device thru my firewall. And you are right,Verizon tech support was useless.

By: PJF

PJF — Wed, 07 Jul 2010 08:26:13 +0000

Thanks for the article, any update on what ports and protocol it’s using?

Obviously the lack of EVDO support is the ultimate failure of this device.

I’m doing some sniffing myself on my OpenBSD router so I can setup QoS and send the traffic out through a different ISP.

Tech support over at Verizon seems to be clueless.

By: Chris

Chris — Sat, 10 Apr 2010 19:26:36 +0000

I wish I had found your post before having to figure all this out but you are exactly right. I’m also part of the Alltel migration so I need the hybrid PRL to have service at my house. There is an Alltel tower less than 5 miles from me so I have great service when I’m at home. The service is not so good at my parents home so I purchased the Network Extender to leave there and when on the Verizon only PRL it works great. However when I leave there I need the hybrid PRL again.

While on the hybrid PRL the Network Extender works intermittently so I did the OTAP *228 option 2 but that did not change the PRL. I guess If I keep the Network Extender then I would have to call Verizon every time I needed to use it. IMO that would not be practical.

Any suggestions would be appreciated.

- Chris