Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiOS Carrier

MM1 and MM7 address translation options

The sender’s carrier endpoint is used to provide logging and reporting details to the mobile operator and to identify the sender of infected content.

When MMS messages are transmitted, the From field may or may not contain the sender's address. When the address is not included, the sender information will not be present in the logs and FortiOS will not be able to notify the user if the message is blocked unless the sender's address is made available elsewhere in the request.

FortiOS can extract the sender's address from an extended HTTP header field in the HTTP request. This field must be added to the HTTP request before it is received by FortiOS. If this field is present, it will be used instead of the sender's address in the MMS message for logging and notification. If this header field is present when a message is retrieved, it will be used instead of the To address in the message. If this header field is not present, FortiOS uses the content of the To header field instead.

Alternatively, FortiOS can extract the sender’s address from a cookie.

You can configure MMS address translation to extract the sender’s carrier endpoint so that it can be added to log and notification messages. You can configure MMS address translation settings to extract carrier endpoints from HTTP header fields or from cookies. You can also configure MMS address translation to add an endpoint prefix to the extracted carrier endpoints.

config firewall mms profile

edit <name>

set mm1-addr-source

set mm7-addr-source

set mm1-addr-hdr

set mm7-addr-hdr

set mm1-convert-hex

set mm7-convert-hex

set carrier-endpoint-prefix

set carrier-endpoint-prefix-string

set carrier-endpoint-prefix-range-min

set carrier-endpoint-prefix-range-max

end

MMS Address Translation

mm1-addr-source

mm7-addr-source

Extract the sender’s address source from the HTTP Header Field (http-header) or a Cookie.

mm1-addr-hdr

mm7-addr-hdr

Enter the sender address identifier that includes the carrier endpoint. The default identifier is x-up-calling-line-id.

If the sender address source is http-header, the address and its identifier in the HTTP request header takes the format:

<Sender Address Identifier>: <MSISDN_value>

Where the <MSISDN_value> is the carrier endpoint. For example, the HTTP header might contain:

x-up-calling-line-id: 6044301297

where x-up-calling-line-id would be the Sender Address Identifier.

If the sender address source is cookie, the address and its identifier in the HTTP request header’s cookie field takes the format of attribute-value pairs:

Cookie: id=<cookie-id>;

<Sender Address Identifier>=<MSISDN Value>

For example, the HTTP request headers might contain:

Cookie: id=0123jf!a;x-up-calling-line-id=6044301297

where x-up-calling-line-id would be the sender address identifier.

mm1-convert-hex

mm7-convert-hex

Enable to convert the sender address from ASCII to hexadecimal or from hexadecimal to ASCII. This is required by some applications.
carrier-endpoint-prefix Enable to add the country code to the extracted carrier endpoint, such as the MSISDN, for logging and notification purposes. You can limit the number length for the test numbers used for internal monitoring without a country code.
carrier-endpoint-prefix-string Enter a carrier endpoint prefix to be added to all carrier endpoints. Use the prefix to add extra information to the carrier endpoint in the log entry.
carrier-endpoint-prefix-range-min Enter the minimum length of the country code information being added. If this and Maximum Length are set to zero (0), length is not limited.
carrier-endpoint-prefix-range-max Enter the maximum length of the country code information being added. If this and Minimum Length are set to zero (0), length is not limited.

MM1 and MM7 address translation options

The sender’s carrier endpoint is used to provide logging and reporting details to the mobile operator and to identify the sender of infected content.

When MMS messages are transmitted, the From field may or may not contain the sender's address. When the address is not included, the sender information will not be present in the logs and FortiOS will not be able to notify the user if the message is blocked unless the sender's address is made available elsewhere in the request.

FortiOS can extract the sender's address from an extended HTTP header field in the HTTP request. This field must be added to the HTTP request before it is received by FortiOS. If this field is present, it will be used instead of the sender's address in the MMS message for logging and notification. If this header field is present when a message is retrieved, it will be used instead of the To address in the message. If this header field is not present, FortiOS uses the content of the To header field instead.

Alternatively, FortiOS can extract the sender’s address from a cookie.

You can configure MMS address translation to extract the sender’s carrier endpoint so that it can be added to log and notification messages. You can configure MMS address translation settings to extract carrier endpoints from HTTP header fields or from cookies. You can also configure MMS address translation to add an endpoint prefix to the extracted carrier endpoints.

config firewall mms profile

edit <name>

set mm1-addr-source

set mm7-addr-source

set mm1-addr-hdr

set mm7-addr-hdr

set mm1-convert-hex

set mm7-convert-hex

set carrier-endpoint-prefix

set carrier-endpoint-prefix-string

set carrier-endpoint-prefix-range-min

set carrier-endpoint-prefix-range-max

end

MMS Address Translation

mm1-addr-source

mm7-addr-source

Extract the sender’s address source from the HTTP Header Field (http-header) or a Cookie.

mm1-addr-hdr

mm7-addr-hdr

Enter the sender address identifier that includes the carrier endpoint. The default identifier is x-up-calling-line-id.

If the sender address source is http-header, the address and its identifier in the HTTP request header takes the format:

<Sender Address Identifier>: <MSISDN_value>

Where the <MSISDN_value> is the carrier endpoint. For example, the HTTP header might contain:

x-up-calling-line-id: 6044301297

where x-up-calling-line-id would be the Sender Address Identifier.

If the sender address source is cookie, the address and its identifier in the HTTP request header’s cookie field takes the format of attribute-value pairs:

Cookie: id=<cookie-id>;

<Sender Address Identifier>=<MSISDN Value>

For example, the HTTP request headers might contain:

Cookie: id=0123jf!a;x-up-calling-line-id=6044301297

where x-up-calling-line-id would be the sender address identifier.

mm1-convert-hex

mm7-convert-hex

Enable to convert the sender address from ASCII to hexadecimal or from hexadecimal to ASCII. This is required by some applications.
carrier-endpoint-prefix Enable to add the country code to the extracted carrier endpoint, such as the MSISDN, for logging and notification purposes. You can limit the number length for the test numbers used for internal monitoring without a country code.
carrier-endpoint-prefix-string Enter a carrier endpoint prefix to be added to all carrier endpoints. Use the prefix to add extra information to the carrier endpoint in the log entry.
carrier-endpoint-prefix-range-min Enter the minimum length of the country code information being added. If this and Maximum Length are set to zero (0), length is not limited.
carrier-endpoint-prefix-range-max Enter the maximum length of the country code information being added. If this and Minimum Length are set to zero (0), length is not limited.