Fortinet black logo

New Features

GTPv2 in policy  6.2.1

Copy Link
Copy Doc ID 761d83e3-4a7b-11e9-94bf-00505692583a:18715
Download PDF

GTPv2 in policy 6.2.1

You can use GTPv2 in the policy section of GTP profile .

GTPv2 is available for the following advanced fields only:

  • apnmember
  • apn-sel-mode
  • messages
  • max-apn-restriction
  • imsi-prefix
  • msisdn-prefix
  • rat-type
  • mei
  • uli

GTPv2 support includes the following changes for overall GTP support:

  • rai is no longer supported in any GTP version.
  • uli can coexist with CGI/SAI/RAI/TAI/ECGI/LAI, each of which has the pattern MCC.MNC.ID or MCC.MNC.ID.ID2.
  • mei can take IMEI (15 digit) or IMEISV (16 digits). Previous versions only supported IMEISV (16 digits).
To configure the new policy-v2 for firewall gtp:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
            next
        end
    next
end
To configure the new uli format:

This example matches packet with TAI 510-519.01-09.d02a and ECGI 505.02.1409900-14099ff.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set uli "0" "0" "0" "51*.01-09.d02a" "505.02.14099*"
            next
        end
    next
end
To configure the GTPv2 message type:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req create-ses-res modify-bearer-req modify-bearer-res
            next
        end
    next
end
To configure the rat-type:

This example shows the type virtual and nbiot.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set rat-type virtual nbiot
            next
        end
    next
end

GTPv2 in policy 6.2.1

You can use GTPv2 in the policy section of GTP profile .

GTPv2 is available for the following advanced fields only:

  • apnmember
  • apn-sel-mode
  • messages
  • max-apn-restriction
  • imsi-prefix
  • msisdn-prefix
  • rat-type
  • mei
  • uli

GTPv2 support includes the following changes for overall GTP support:

  • rai is no longer supported in any GTP version.
  • uli can coexist with CGI/SAI/RAI/TAI/ECGI/LAI, each of which has the pattern MCC.MNC.ID or MCC.MNC.ID.ID2.
  • mei can take IMEI (15 digit) or IMEISV (16 digits). Previous versions only supported IMEISV (16 digits).
To configure the new policy-v2 for firewall gtp:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
            next
        end
    next
end
To configure the new uli format:

This example matches packet with TAI 510-519.01-09.d02a and ECGI 505.02.1409900-14099ff.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set uli "0" "0" "0" "51*.01-09.d02a" "505.02.14099*"
            next
        end
    next
end
To configure the GTPv2 message type:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req create-ses-res modify-bearer-req modify-bearer-res
            next
        end
    next
end
To configure the rat-type:

This example shows the type virtual and nbiot.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set rat-type virtual nbiot
            next
        end
    next
end