Fortinet white logo
Fortinet white logo

Handbook

6.0.0

FortiOS Carrier diagnose commands

FortiOS Carrier diagnose commands

This section includes diagnose commands specific to FortiOS Carrier features such as GTP.

GTP related diagnose commands

This CLI command allows you to gain information on GTP packets, logs, statistics, and other information.

diag firewall gtp <command>

apn list <gtp_profile> The APN list entries in the specified GTP profile
auth-ggsns show <gtp_profile> The authorized GGSNs entries for the specified GTP profile. Any GGSNs not on this list will not be recognized.
auth-sgsns show <gtp_profile> The authorized SGSNs list entries for the specified GTP profile. Any SGSNs not on this list will not be recognized.
handover-grp show <gtp_profile> The handover group showing the range of allowed handover group IP addresses. The handover group acts like an allowlist of allowed GTP addresses with a default deny at the end — if the GTP address is not on the list, it is denied.
ie-remove-policy list <gtp_profile> List of IE policies in the IE removal policy for this GTP profile. The information displayed includes the message count for this policy, the length of the SGSN, the list of IEs, and list of SGSN IP addresses.
imsi list <gtp_profile> IMSI filter entries for this GTP profile. The information displayed includes the message count for this filter, length of the IMSI, the length of the APN and IMSI, and of course the IMSI and APN values.
invalid-sgsns-to-long list <gtp_profile> List of SGSNs that do not match the filter criteria. These SGSNs will be logged.
ip-policy list <gtp_profile> List the IP policies including message count for each policy, the action to take, the source and destination IP addresses or ranges, and masks.
noip-policy <gtp_profile> List the non-IP policies including the message count, which mode, the action to take, and the start and end protocols to be used by decimal number.
path {list | flush} Select list or flush.

List the GTP related paths in FortiOS Carrier memory.

Flush the GTP related paths from memory.
policy list <gtp_policy> The GTP advanced filter policy information for this GTP profile. The information displayed for each entry includes a count for messages matching this filter, a hexidecimal mask of which message types to match, the associated flags, action to take on a match, APN selection mode, MSISDN, RAT types, RAI, ULI, and IMEI.
profile list Displays information about the configured GTP profiles.

You will not be able to see the bulk of the information if you do not log the output to a file.
runtime-stat flush Select to flush the GTP runtime statistics from memory.
stat Display the GTP runtime statistics — details on current GTP activity. This information includes how many tunnels are active, how many GTP profiles exist, how many IMSI filter entries, how many APN filter entries, advanced policy filter entries, IE remove policy filter entries, IP policy filter entries, clashes, and dropped packets.
tunnel {list | flush} Select one of list or flush.

List lists all the GTP tunnels currently active.

Flush clears the list of active GTP tunnels. This does not clear the clash counter displayed in the stat command.

FortiOS Carrier diagnose commands

FortiOS Carrier diagnose commands

This section includes diagnose commands specific to FortiOS Carrier features such as GTP.

GTP related diagnose commands

This CLI command allows you to gain information on GTP packets, logs, statistics, and other information.

diag firewall gtp <command>

apn list <gtp_profile> The APN list entries in the specified GTP profile
auth-ggsns show <gtp_profile> The authorized GGSNs entries for the specified GTP profile. Any GGSNs not on this list will not be recognized.
auth-sgsns show <gtp_profile> The authorized SGSNs list entries for the specified GTP profile. Any SGSNs not on this list will not be recognized.
handover-grp show <gtp_profile> The handover group showing the range of allowed handover group IP addresses. The handover group acts like an allowlist of allowed GTP addresses with a default deny at the end — if the GTP address is not on the list, it is denied.
ie-remove-policy list <gtp_profile> List of IE policies in the IE removal policy for this GTP profile. The information displayed includes the message count for this policy, the length of the SGSN, the list of IEs, and list of SGSN IP addresses.
imsi list <gtp_profile> IMSI filter entries for this GTP profile. The information displayed includes the message count for this filter, length of the IMSI, the length of the APN and IMSI, and of course the IMSI and APN values.
invalid-sgsns-to-long list <gtp_profile> List of SGSNs that do not match the filter criteria. These SGSNs will be logged.
ip-policy list <gtp_profile> List the IP policies including message count for each policy, the action to take, the source and destination IP addresses or ranges, and masks.
noip-policy <gtp_profile> List the non-IP policies including the message count, which mode, the action to take, and the start and end protocols to be used by decimal number.
path {list | flush} Select list or flush.

List the GTP related paths in FortiOS Carrier memory.

Flush the GTP related paths from memory.
policy list <gtp_policy> The GTP advanced filter policy information for this GTP profile. The information displayed for each entry includes a count for messages matching this filter, a hexidecimal mask of which message types to match, the associated flags, action to take on a match, APN selection mode, MSISDN, RAT types, RAI, ULI, and IMEI.
profile list Displays information about the configured GTP profiles.

You will not be able to see the bulk of the information if you do not log the output to a file.
runtime-stat flush Select to flush the GTP runtime statistics from memory.
stat Display the GTP runtime statistics — details on current GTP activity. This information includes how many tunnels are active, how many GTP profiles exist, how many IMSI filter entries, how many APN filter entries, advanced policy filter entries, IE remove policy filter entries, IP policy filter entries, clashes, and dropped packets.
tunnel {list | flush} Select one of list or flush.

List lists all the GTP tunnels currently active.

Flush clears the list of active GTP tunnels. This does not clear the clash counter displayed in the stat command.