FortiOS Carrier includes two methods for limiting the number of GTP tunnels that can be operating at one time.
- You can add a tunnel limit to a GTP profile. All traffic processed by that GTP profile cannot open more tunnels than this configured tunnel limit.
- You can create global tunnel limits and add these tunnel limits to GTP profiles. This global tunnel limit applies to all traffic processed by all of the GTP profiles configured with that same global tunnel limit.
You can combine both methods of tunnel limiting in the same GTP profile. If you do this, the two tunnel limiting features keep separate track of the number of tunnels, and the number of tunnels allowed is limited by the first limiter to reach its limit.
Limiting the number of GTP tunnels can help prevent a form of denial of service attack on your network. This attack involves opening more tunnels than the network can handle and consuming extra network resources. By limiting the number of tunnels at any one time, this form of attack will be avoided.