Fortinet Document Library

Version:


Table of Contents

New Features

6.2.0
Download PDF
Copy Link

GTPv2 in policy  6.2.1

You can use GTPv2 in the policy section of GTP profile .

GTPv2 is available for the following advanced fields only:

  • apnmember
  • apn-sel-mode
  • messages
  • max-apn-restriction
  • imsi-prefix
  • msisdn-prefix
  • rat-type
  • mei
  • uli

GTPv2 support includes the following changes for overall GTP support:

  • rai is no longer supported in any GTP version.
  • uli can coexist with CGI/SAI/RAI/TAI/ECGI/LAI, each of which has the pattern MCC.MNC.ID or MCC.MNC.ID.ID2.
  • mei can take IMEI (15 digit) or IMEISV (16 digits). Previous versions only supported IMEISV (16 digits).
To configure the new policy-v2 for firewall gtp:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
            next
        end
    next
end
To configure the new uli format:

This example matches packet with TAI 510-519.01-09.d02a and ECGI 505.02.1409900-14099ff.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set uli "0" "0" "0" "51*.01-09.d02a" "505.02.14099*"
            next
        end
    next
end
To configure the GTPv2 message type:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req create-ses-res modify-bearer-req modify-bearer-res
            next
        end
    next
end
To configure the rat-type:

This example shows the type virtual and nbiot.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set rat-type virtual nbiot
            next
        end
    next
end

GTPv2 in policy  6.2.1

You can use GTPv2 in the policy section of GTP profile .

GTPv2 is available for the following advanced fields only:

  • apnmember
  • apn-sel-mode
  • messages
  • max-apn-restriction
  • imsi-prefix
  • msisdn-prefix
  • rat-type
  • mei
  • uli

GTPv2 support includes the following changes for overall GTP support:

  • rai is no longer supported in any GTP version.
  • uli can coexist with CGI/SAI/RAI/TAI/ECGI/LAI, each of which has the pattern MCC.MNC.ID or MCC.MNC.ID.ID2.
  • mei can take IMEI (15 digit) or IMEISV (16 digits). Previous versions only supported IMEISV (16 digits).
To configure the new policy-v2 for firewall gtp:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
            next
        end
    next
end
To configure the new uli format:

This example matches packet with TAI 510-519.01-09.d02a and ECGI 505.02.1409900-14099ff.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set uli "0" "0" "0" "51*.01-09.d02a" "505.02.14099*"
            next
        end
    next
end
To configure the GTPv2 message type:
config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req create-ses-res modify-bearer-req modify-bearer-res
            next
        end
    next
end
To configure the rat-type:

This example shows the type virtual and nbiot.

config firewall gtp
    edit "gtpv2"
        config policy-v2
            edit 1
                set messages create-ses-req
                set rat-type virtual nbiot
            next
        end
    next
end