Configuring message type filtering in FortiOS Carrier

GPRS Tunnelling Protocol (GTP) is a group of IP-based communications protocols used to carry General Packet

Radio Service (GPRS) traffic within Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS) networks. It allows carriers to transport actual cellular packets over their network via tunneling.

In the CLI, there is a keyword for each type of GTP message for both message filtering, and for message rate limiting.

To configure GTP message type filtering – web-based manager

1. Go to Security Profiles > GTP Profile.
2. Select Create New.
3. Enter a name for this profile such as msg_type_filtering.
4. Select Message Type Filtering to expand it.
5. For each type of message in the list, select Allow or Deny. All messages are set to Allow by default.
6. Optionally select and configure any other GTP features for this profile, such as logging.
7. Select OK to save the profile.
8. Apply the msg_type_filtering profile a security policy configured for GTP tunnel traffic.

To configure GTP message filtering and block Unknown Message Action messages- CLI

config firewall gtp edit msg_type_filtering config message-filter set unknown-message-action deny

next

end end

Configuring message type filtering in FortiOS Carrier

Message Type Fields

Each of the following message types can be allowed or denied by your Carrier-enabled FortiGate unit depending on your carrier network and GTP traffic.