Configuring IMSI filtering in FortiOS Carrier

Leave a reply

Configuring IMSI filtering in FortiOS Carrier

In many ways the IMSI on a GPRS network is similar to an IP address on a TCP/IP network. Different parts of the number provide different pieces of information. This concept is used in IMSI filtering on FortiOS Carrier.

To configure IMSI filtering go to Security Profiles > GTP Profile and expand IMSI filtering.

While both the APN and MCC-MCN fields are optional, without using one of these fields the IMSI entry will not be useful as there is no information for the filter to match.

Enable IMSI Filter                     Select to turn on IMSI filtering.

Default IMSI Action

Select Allow or Deny. This action will be applied to all IMSI numbers except as indicated in the IMSI list that is displayed.

The default value is Allow.

APN                                             The Access Point Number (APN) to filter on.

This field is optional.

MCCMNC

The Mobile Country Code (MCC) and Mobile Network Code (MNC) to filter on. Together these numbers uniquely identify the carrier and network of the GGSN being used.

This field is optional.

Mode                                           Select the source of the IMSI information as one or more of the following:

Mobile Station provided – the IMSI number comes from the mobile sta- tion the mobile device is connecting to.

Network provided – the IMSI number comes from the GPRS network which could be a number of sources such as the SGSN, or HLR.

Subscription Verified – the IMSI number comes from the user’s home network which has verified the information.

While Subscription Verified is the most secure option, it may not always be available. Selecting all three options will ensure the most complete cov- erage.

Action                                         Select the action to take when this IMSI information is encountered. Select one of Allow or Deny.

Delete Icon                                 Select the delete icon to remove this IMSI entry.

Edit Icon                                     Select the edit icon to change information for this IMSI entry.

Add IMSI                                    Select to add an IMSI to the list. Not active while creating GTP profile, only when editing an existing GTP profile.

Save all changes before adding IMSIs. A warning to this effect will be dis- played when you select the Add IMSI button.

This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.