FortiCarrier Encapsulated IP traffic filtering options

Encapsulated IP traffic filtering options

You can use encapsulated IP traffic filtering to filter GTP sessions based on information contained in the data stream. to control data flows within your infrastructure. You can configure IP filtering rules to filter encapsulated IP traffic from mobile stations by identifying the source and destination policies. For more information, see When to use encapsulated IP traffic filtering.

Expand Encapsulated IP Traffic Filtering in the GTP profile to reveal the options.

Encapsulated IP Traffic Filtering
Enable IP Filter                       Select to enable encapsulated IP traffic filtering options.
Default IP Action Select the default action for encapsulated IP traffic filtering. If you select Allow, all sessions are allowed except those blocked by individual encapsulated IP traffic filters. If you select Deny, all sessions are blocked except those allowed by individual encapsulated IP traffic filters.
Select a source IP address from the configured firewall IP address or

Source                                   address group lists. Any encapsulated traffic originating from this IP address will be a match if the destination also matches.

Destination                             Select a destination IP address from the configured firewall IP address or address group lists. Any encapsulated traffic being sent to this IP address will be a match if the destination also matches.
The type of action that will be taken.

Action

Select to Allow or Deny encapsulated traffic between this source and Destination.

Edit                                        Modifies the source, destination or action settings.
Adds a new encapsulated IP traffic filter. When you select Add IP Policy,

Add IP Policy the New window appears which allows you to configure IP policy settings.

New (window)
Source                                  Select the source firewall address or address group.
Destination                            Select the destination firewall address or address group.
Action                                    Select Allow or Deny.
This entry was posted in FortiCarrier on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.