Fortinet white logo
Fortinet white logo

Handbook

6.0.0

Encapsulated IP traffic filtering options

Encapsulated IP traffic filtering options

You can use encapsulated IP traffic filtering to filter GTP sessions based on information contained in the data stream. to control data flows within your infrastructure. You can configure IP filtering rules to filter encapsulated IP traffic from mobile stations by identifying the source and destination policies. For more information, see When to use encapsulated IP traffic filtering.

Expand Encapsulated IP Traffic Filtering in the GTP profile to reveal the options.

Encapsulated IP Traffic Filtering
Enable IP Filter Select to enable encapsulated IP traffic filtering options.
Default IP Action Select the default action for encapsulated IP traffic filtering. If you select Allow, all sessions are allowed except those blocked by individual encapsulated IP traffic filters. If you select Deny, all sessions are blocked except those allowed by individual encapsulated IP traffic filters.
Source Select a source IP address from the configured firewall IP address or address group lists. Any encapsulated traffic originating from this IP address will be a match if the destination also matches.
Destination Select a destination IP address from the configured firewall IP address or address group lists. Any encapsulated traffic being sent to this IP address will be a match if the destination also matches.
Action The type of action that will be taken.

Select to Allow or Deny encapsulated traffic between this source and Destination.
Edit Modifies the source, destination or action settings.
Add IP Policy Adds a new encapsulated IP traffic filter. When you select Add IP Policy, the New window appears which allows you to configure IP policy settings.
New (window)
Source Select the source firewall address or address group.
Destination Select the destination firewall address or address group.
Action Select Allow or Deny.

Encapsulated IP traffic filtering options

Encapsulated IP traffic filtering options

You can use encapsulated IP traffic filtering to filter GTP sessions based on information contained in the data stream. to control data flows within your infrastructure. You can configure IP filtering rules to filter encapsulated IP traffic from mobile stations by identifying the source and destination policies. For more information, see When to use encapsulated IP traffic filtering.

Expand Encapsulated IP Traffic Filtering in the GTP profile to reveal the options.

Encapsulated IP Traffic Filtering
Enable IP Filter Select to enable encapsulated IP traffic filtering options.
Default IP Action Select the default action for encapsulated IP traffic filtering. If you select Allow, all sessions are allowed except those blocked by individual encapsulated IP traffic filters. If you select Deny, all sessions are blocked except those allowed by individual encapsulated IP traffic filters.
Source Select a source IP address from the configured firewall IP address or address group lists. Any encapsulated traffic originating from this IP address will be a match if the destination also matches.
Destination Select a destination IP address from the configured firewall IP address or address group lists. Any encapsulated traffic being sent to this IP address will be a match if the destination also matches.
Action The type of action that will be taken.

Select to Allow or Deny encapsulated traffic between this source and Destination.
Edit Modifies the source, destination or action settings.
Add IP Policy Adds a new encapsulated IP traffic filter. When you select Add IP Policy, the New window appears which allows you to configure IP policy settings.
New (window)
Source Select the source firewall address or address group.
Destination Select the destination firewall address or address group.
Action Select Allow or Deny.