Fortinet white logo
Fortinet white logo

FortiOS Carrier

IE removal

IE removal

In some roaming scenarios, FortiOS Carrier can be installed on the border of the PLMN and the IPX/GRX. In this configuration, FortiOS Carrier supports information element (IE) removal policies to remove any combination of R6 IEs (RAT, RAI, ULI, IMEI-SV and APN restrictions) prior to forwarding the messages to the HGGSN (proxy mode).

You can use the following command to enable IE removal and add IE removal policies to a GTP profile:

config firewall gtp

edit <name>

set ie-remover enable

config ie-remove-policy

edit <id>

set sgsn-addr <ipv4-firewall-address>

set sgsn-addr6 <ipv6-firewall-address>

set remove-ies {apn-restriction rat-type rai uli imei}

end

sgsn-addr select an IPv4 firewall address or address group to match the SGSNs or SGW addresses in the traffic for which to remove IEs. The default is all.

sgsn-addr6 select an IPv6 firewall address or address group to match the SGSNs or SGW addresses in the traffic for which to remove IEs. The default is all.

remove-ies select one or more of the following IEs to be removed: apn-restriction rat-type rai uli imei. All of the IE types are selected by default.

From the GUI:

  1. To create a new IE removal policy in a GTP profile, open IE removal policy and select Create New.
  2. Select an SGSN address from the list of firewall addresses and address groups.
  3. Select one or more of the following IEs to be removed.

    • APN
    • ULI
    • RAT Type
    • IMEI
    • RAI
  4. Select OK to save the IE removal policy.

IE removal

IE removal

In some roaming scenarios, FortiOS Carrier can be installed on the border of the PLMN and the IPX/GRX. In this configuration, FortiOS Carrier supports information element (IE) removal policies to remove any combination of R6 IEs (RAT, RAI, ULI, IMEI-SV and APN restrictions) prior to forwarding the messages to the HGGSN (proxy mode).

You can use the following command to enable IE removal and add IE removal policies to a GTP profile:

config firewall gtp

edit <name>

set ie-remover enable

config ie-remove-policy

edit <id>

set sgsn-addr <ipv4-firewall-address>

set sgsn-addr6 <ipv6-firewall-address>

set remove-ies {apn-restriction rat-type rai uli imei}

end

sgsn-addr select an IPv4 firewall address or address group to match the SGSNs or SGW addresses in the traffic for which to remove IEs. The default is all.

sgsn-addr6 select an IPv6 firewall address or address group to match the SGSNs or SGW addresses in the traffic for which to remove IEs. The default is all.

remove-ies select one or more of the following IEs to be removed: apn-restriction rat-type rai uli imei. All of the IE types are selected by default.

From the GUI:

  1. To create a new IE removal policy in a GTP profile, open IE removal policy and select Create New.
  2. Select an SGSN address from the list of firewall addresses and address groups.
  3. Select one or more of the following IEs to be removed.

    • APN
    • ULI
    • RAT Type
    • IMEI
    • RAI
  4. Select OK to save the IE removal policy.