Fortinet white logo
Fortinet white logo

FortiOS Carrier

Filtering S10 interface Mobility Management tunnels

Filtering S10 interface Mobility Management tunnels

FortiOS Carrier supports applying GTP profile features to GTP tunnels on S10 interface traffic based on Mobility Management Messages defined in 3GPP TS 29.274 section 7.3 and used in inter-LTE/MME handover scenarios.

S10 interface support includes message filtering of the following GTPv2 messages on S10 interfaces:

  • Context Request (130).

  • Context Response (131).

  • Context Acknowledge (132).

  • Forward Relocation Request (133).

  • Forward Relocation Response (134).

  • Forward Relocation Complete Notification (135).

  • Forward Relocation Complete Acknowledge (136).

To configure GTPv2 message filtering on S10 interfaces, the config gtp message-filter-v2 command includes the following new options:

config gtp message-filter-v2

edit 1

set context-req-res-ack {allow | deny}

set forward-relocation-req-res {allow | deny}

set forward-relocation-cmp-notif-ack {allow | deny}

end

Message filtering option

GTPv2 message types and values

context-req-res-ack

Context request (130), Context response (131), Context acknowledge (132).

forward-relocation-req-res

Forward relocation request (133), Forward relocation response (134).

forward-relocation-cmp-notif-ack

Forward relocation complete notification (135), Forward relocation complete acknowledge (136).

For more information on GTPv2 message filtering, see GTPv2 message filtering.

GTPv2 Forward Relocation Request (133) S10 interface sample FortiOS Carrier log message:

11: date=2021-09-21 time=17:15:24 eventtime=1632269724462225064 tz="-0700" logid="1400041223" type="gtp" subtype="gtp-all" level="information" vd="vdom1" profile="gtp685663" status="forwarded" version=2 msg-type=133 from=10.201.1.1 to=10.101.1.1 srcport=2123 dstport=2123 seqnum=4 tunnel-idx=0 imsi="280220000000001" msisdn="unknown" apn="ssenoauth146" selection="apns-vrf" imei-sv="unknown" end-usr-address=10.0.0.1 headerteid=0 snetwork="280.22" cpaddr=10.201.1.1 cpteid=1000000 uli="unknown"

Filtering S10 interface Mobility Management tunnels

Filtering S10 interface Mobility Management tunnels

FortiOS Carrier supports applying GTP profile features to GTP tunnels on S10 interface traffic based on Mobility Management Messages defined in 3GPP TS 29.274 section 7.3 and used in inter-LTE/MME handover scenarios.

S10 interface support includes message filtering of the following GTPv2 messages on S10 interfaces:

  • Context Request (130).

  • Context Response (131).

  • Context Acknowledge (132).

  • Forward Relocation Request (133).

  • Forward Relocation Response (134).

  • Forward Relocation Complete Notification (135).

  • Forward Relocation Complete Acknowledge (136).

To configure GTPv2 message filtering on S10 interfaces, the config gtp message-filter-v2 command includes the following new options:

config gtp message-filter-v2

edit 1

set context-req-res-ack {allow | deny}

set forward-relocation-req-res {allow | deny}

set forward-relocation-cmp-notif-ack {allow | deny}

end

Message filtering option

GTPv2 message types and values

context-req-res-ack

Context request (130), Context response (131), Context acknowledge (132).

forward-relocation-req-res

Forward relocation request (133), Forward relocation response (134).

forward-relocation-cmp-notif-ack

Forward relocation complete notification (135), Forward relocation complete acknowledge (136).

For more information on GTPv2 message filtering, see GTPv2 message filtering.

GTPv2 Forward Relocation Request (133) S10 interface sample FortiOS Carrier log message:

11: date=2021-09-21 time=17:15:24 eventtime=1632269724462225064 tz="-0700" logid="1400041223" type="gtp" subtype="gtp-all" level="information" vd="vdom1" profile="gtp685663" status="forwarded" version=2 msg-type=133 from=10.201.1.1 to=10.101.1.1 srcport=2123 dstport=2123 seqnum=4 tunnel-idx=0 imsi="280220000000001" msisdn="unknown" apn="ssenoauth146" selection="apns-vrf" imei-sv="unknown" end-usr-address=10.0.0.1 headerteid=0 snetwork="280.22" cpaddr=10.201.1.1 cpteid=1000000 uli="unknown"