Fortinet black logo

FortiOS Carrier

Adding IE allow lists to GTP profiles

Adding IE allow lists to GTP profiles

You can add an IE allow list to a GTP profile to allow GTP packets that contain out of state IEs in selected message types. Normally messages with out-of-state IEs would be blocked. But it you want to be able to allow some out-of-state IEs, you can add them to an IE allow list that contains pairs of allowed out-of-state IEs and message types. Then you can add this allow list to a GTP profile.

You can use the following command to create IE allow lists:

config gtp ie-white-list

edit <ie-allow-list-name>

config entries

edit <index>

set message <id>

set ie <id>

next

edit <index>

set message <id>

set ie <id>

end

You can use the following command to apply an IE allow list to GTPv0/v1 or GTPv2 traffic accepted by GTP profile:

config firewall gtp

edit <name>

set ie-white-list-v0v1 <ie-allow-list-name>

set ie-white-list-v2 <ie-allow-list-name>

end

Adding IE allow lists to GTP profiles

You can add an IE allow list to a GTP profile to allow GTP packets that contain out of state IEs in selected message types. Normally messages with out-of-state IEs would be blocked. But it you want to be able to allow some out-of-state IEs, you can add them to an IE allow list that contains pairs of allowed out-of-state IEs and message types. Then you can add this allow list to a GTP profile.

You can use the following command to create IE allow lists:

config gtp ie-white-list

edit <ie-allow-list-name>

config entries

edit <index>

set message <id>

set ie <id>

next

edit <index>

set message <id>

set ie <id>

end

You can use the following command to apply an IE allow list to GTPv0/v1 or GTPv2 traffic accepted by GTP profile:

config firewall gtp

edit <name>

set ie-white-list-v0v1 <ie-allow-list-name>

set ie-white-list-v2 <ie-allow-list-name>

end