Fortinet Document Library

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

GTPv2 in policies

You can use GTPv2 in the policy section of a GTP profile.

GTPv2 is only available for the following advanced fields:

  • apnmember
  • apn-sel-mode
  • messages
  • max-apn-restriction
  • imsi-prefix
  • msisdn-prefix
  • rat-type
  • mei
  • uli

GTPv2 support includes the following changes for overall GTP support:

  • rai is no longer supported in any GTP version.
  • uli can coexist with CGI, SAI, RAI, TAI, ECGI, or LAI, each of which has the pattern MCC.MNC.ID or MCC.MNC.ID.ID2.
  • mei can take IMEI (15 digits) or IMEISV (16 digits).
To configure a new GTPv2 policy:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
            next
        end
    next
end
To configure the new ULI format:

This example matches packets with TAI 510-519.01-09.d02a and ECGI 505.02.1409900-14099ff.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set uli "0" "0" "0" "51*.01-09.d02a" "505.02.14099*"
            next
        end
    next
end
To configure the GTPv2 message type:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req create-ses-res modify-bearer-req modify-bearer-res
            next
        end
    next
end
To configure the RAT type:

This example includes virtual and NB-IoT types.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set rat-type virtual nbiot
            next
        end
    next
end

GTPv2 in policies

You can use GTPv2 in the policy section of a GTP profile.

GTPv2 is only available for the following advanced fields:

  • apnmember
  • apn-sel-mode
  • messages
  • max-apn-restriction
  • imsi-prefix
  • msisdn-prefix
  • rat-type
  • mei
  • uli

GTPv2 support includes the following changes for overall GTP support:

  • rai is no longer supported in any GTP version.
  • uli can coexist with CGI, SAI, RAI, TAI, ECGI, or LAI, each of which has the pattern MCC.MNC.ID or MCC.MNC.ID.ID2.
  • mei can take IMEI (15 digits) or IMEISV (16 digits).
To configure a new GTPv2 policy:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
            next
        end
    next
end
To configure the new ULI format:

This example matches packets with TAI 510-519.01-09.d02a and ECGI 505.02.1409900-14099ff.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set uli "0" "0" "0" "51*.01-09.d02a" "505.02.14099*"
            next
        end
    next
end
To configure the GTPv2 message type:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req create-ses-res modify-bearer-req modify-bearer-res
            next
        end
    next
end
To configure the RAT type:

This example includes virtual and NB-IoT types.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set rat-type virtual nbiot
            next
        end
    next
end