Fortinet black logo

Handbook

Configuring Anti-overbilling in FortiOS Carrier

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:833457
Download PDF

Configuring Anti-overbilling in FortiOS Carrier

GPRS over billing attacks can be prevented with a properly configured Carrier-enabled FortiGate unit.

Over billing can occur when a subscriber returns his IP address to the IP pool. Before the billing server closes it, the subscriber's session is still open and vulnerable. If an attacker takes control of the subscriber's IP address, he can send or receive data and the subscriber will be billed for the traffic.

Over billing can also occur when an available IP address is reassigned to a new mobile station (MS). Subsequent traffic by the previous MS may be forwarded to the new MS. The new MS would then be billed for traffic it did not initiate.

Anti-overbilling with FortiOS Carrier

The Carrier-enabled FortiGate unit can be configured to assist with anti-overbilling measures. These measures ensure that the customer is only billed for connection time and data transfer that they actually use.

Anti-overbilling on the Carrier-enabled FortiGate unit involves:

  • the administrator configuring the over billing settings in the GTP profile to notify the Gi firewall when a GTP tunnel is deleted
  • the unit clearing the sessions when the Gi firewall receives a notification from the Gn/Gp firewall about a GTP tunnel being deleted This way, the Gi firewall prevents over billing by blocking traffic initiated by other users.

The three locations to configure anti-overbilling options include:

  • Network > Interface — Edit a specific interface. Towards the bottom of the Edit Interface page, in the Status section, you can toggle Gi Gatekeeper.
  • System > Settings — In the Gi Gatekeeper Settings section, set the Context ID and Port that anti-overbilling will take place on.
  • Security Profiles > GTP Profile — Edit a specific GTP Profile. In the Anti-Overbilling section, edit the Gi Firewall IP address, Port, Interface and Security Context ID, to use for anti-overbilling measures.

For detailed options, see Anti-Overbilling options.

Configuring Anti-overbilling in FortiOS Carrier

GPRS over billing attacks can be prevented with a properly configured Carrier-enabled FortiGate unit.

Over billing can occur when a subscriber returns his IP address to the IP pool. Before the billing server closes it, the subscriber's session is still open and vulnerable. If an attacker takes control of the subscriber's IP address, he can send or receive data and the subscriber will be billed for the traffic.

Over billing can also occur when an available IP address is reassigned to a new mobile station (MS). Subsequent traffic by the previous MS may be forwarded to the new MS. The new MS would then be billed for traffic it did not initiate.

Anti-overbilling with FortiOS Carrier

The Carrier-enabled FortiGate unit can be configured to assist with anti-overbilling measures. These measures ensure that the customer is only billed for connection time and data transfer that they actually use.

Anti-overbilling on the Carrier-enabled FortiGate unit involves:

  • the administrator configuring the over billing settings in the GTP profile to notify the Gi firewall when a GTP tunnel is deleted
  • the unit clearing the sessions when the Gi firewall receives a notification from the Gn/Gp firewall about a GTP tunnel being deleted This way, the Gi firewall prevents over billing by blocking traffic initiated by other users.

The three locations to configure anti-overbilling options include:

  • Network > Interface — Edit a specific interface. Towards the bottom of the Edit Interface page, in the Status section, you can toggle Gi Gatekeeper.
  • System > Settings — In the Gi Gatekeeper Settings section, set the Context ID and Port that anti-overbilling will take place on.
  • Security Profiles > GTP Profile — Edit a specific GTP Profile. In the Anti-Overbilling section, edit the Gi Firewall IP address, Port, Interface and Security Context ID, to use for anti-overbilling measures.

For detailed options, see Anti-Overbilling options.