Category Archives: FortiCarrier

FortiCarrier Web Based Manager Settings

Carrier web-based manager settings

The Carrier menu provides settings for configuring FortiOS Carrier features within the Security Profiles menu. These features include MMS and GTP profiles.

In Security Profiles > Carrier, you can configure profiles and settings for MMS and GTP. In the Carrier menu, you can configure an MMS profile and then apply it to a security policy. You can also configure GTP profiles and apply those to security policies as well.

This topic includes the following:

MMS profiles

Since MMS profiles can be used by more than one security policy, you can configure one profile for the traffic types handled by a set of security policies requiring identical protection levels and types, rather than repeatedly configuring those same profile settings for each individual security policy.

If the security policy requires authentication, do not select the MMS profile in the security policy. This type of profile is specific to the authenticating user group. For details on configuring the profile associated with the user group, see User Groups in the Authentication guide.

For example, while traffic between trusted and untrusted networks might need strict protection, traffic between trusted internal addresses might need moderate protection. To provide the different levels of protection, you might configure two separate protection profiles: one for traffic between trusted networks, and one for traffic between trusted and untrusted networks.

Once you have configured the MMS profile, you can then apply the profile to MMS traffic by applying it to a security policy.

MMS profiles can contain settings relevant to many different services. Each security policy uses the subset of the MMS profile settings that apply to the sessions accepted by the security policy. In this way, you might define just one MMS profile that can be used by many security policies, each policy using a different or overlapping subset of the MMS profile.

The MMS Profile page contains options for each of the following:

l MMS scanning l MMS Bulk Email Filtering Detection l MMS Address Translation l MMS Notifications l DLP Archive l Logging

FortiCarrier Introduction

Introduction

FortiOS Carrier provides all the features found on FortiGate units plus added features specific to carrier networks. These features are explained in this document and include dynamic profiles and groups, Multimedia messaging service (MMS) protection, and GPRS Tunneling Protocol (GTP) protection.

This chapter contains the following sections:

  • Before you begin l How this guide is organized

Before you begin

Before you begin ensure that:

  • You have administrative access to the web-based manager and/or CLI. l The Carrier-enabled FortiGate unit is integrated into your network. l The operation mode has been configured.

How this guide is organized

This FortiOS Handbook chapter contains the following sections:

Overview of FortiOS Carrier features provides an overview of the three major topics for FortiOS Carrier — Dynamic Profiles, MMS, and GTP.

Carrier web-based manager settings describes the web-based manager interface of FortiOS Carrier specific features.

MMS Security features describes FortiOS security features as they apply to MMS including MMS virus scanning, MMS file filtering, MMS content-based Antispam protection, and MMS DLP archiving.

Message flood protection describes setting thresholds to protect your MMS servers from receiving too many messages from the same sender.

Duplicate message protection describes setting thresholds to protect your MMS servers from receiving the same message from more than one sender.

Configuring GTP on FortiOS Carrier explains configuration of the more basic FortiOS Carrier GTP features.

GTP message type filtering explains this feature, and how to configure it on FortiOS Carrier.

GTP identity filtering explains this feature, and how to configure it on FortiOS Carrier.

Troubleshooting provides answer to common FortiOS Carrier GTP issues.

Overview

Overview of FortiOS Carrier features

FortiOS Carrier specific features include Multimedia messaging service (MMS) protection, and GPRS Tunneling Protocol (GTP) protection.

All FortiGate units, carrier-enabled or not, are capable of handling Stream Control Transmission Protocol (SCTP) traffic, which is a protocol designed for and primarily used in Carrier networks.

This section includes:

Overview

Registering FortiOS Carrier

MMS background

How FortiOS Carrier processes MMS messages

MMS protection profiles

Bypassing MMS protection profile filtering based on carrier endpoints

Applying MMS protection profiles to MMS traffic

GTP basic concepts

GPRS network common interfaces

Packet flow through the GPRS network SCTP