Fortinet black logo

FortiOS Carrier

When to use APN, basic (IMSI), or policy (advanced) filtering

When to use APN, basic (IMSI), or policy (advanced) filtering

At first glance APN, IMSI, and advanced filtering have parts in common. For example, two can filter on APN, and another two can filter on IMSI. The difficulty is knowing when to use which type of filtering.

Filtering type Filter on the following data: When to use this type of filtering
APN APN Filter based on GTP tunnel start or destination
Basic (IMSI) IMSI, MCC-MNC Filter based on subscriber information
Policy (Advanced) PDP context, APN, IMSI, MSISDN, RAT type, ULI, RAI, IMEI When you want to filter based on:

• user phone number (MSISDN)
• what wireless technology the user employed • to get on the network (RAT type)
• user location (ULI and RAI)
• handset ID, such as for stolen phones (IMEI)

APN filtering is very specific — the only identifying information that is used to filter is the APN itself. This will always be present in GTP tunnel traffic, so all GTP traffic can be filtered using this value.

Basic (IMSI) filtering can use a combination of the APN and MCC-MNC numbers. The MCC and MNC are part of the APN, however filtering on MCC-MNC separately allows you to filter based on country and carrier instead of just the destination of the GTP Tunnel.

Policy (Advanced) filtering can go into much deeper detail covering PDP contexts/Sessions, MSISDN, IMEI, and more not to mention APN, and IMSI as well. If you can’t find the information in APN or IMSI that you need to filter on, then use Advanced filtering.

When to use APN, basic (IMSI), or policy (advanced) filtering

At first glance APN, IMSI, and advanced filtering have parts in common. For example, two can filter on APN, and another two can filter on IMSI. The difficulty is knowing when to use which type of filtering.

Filtering type Filter on the following data: When to use this type of filtering
APN APN Filter based on GTP tunnel start or destination
Basic (IMSI) IMSI, MCC-MNC Filter based on subscriber information
Policy (Advanced) PDP context, APN, IMSI, MSISDN, RAT type, ULI, RAI, IMEI When you want to filter based on:

• user phone number (MSISDN)
• what wireless technology the user employed • to get on the network (RAT type)
• user location (ULI and RAI)
• handset ID, such as for stolen phones (IMEI)

APN filtering is very specific — the only identifying information that is used to filter is the APN itself. This will always be present in GTP tunnel traffic, so all GTP traffic can be filtered using this value.

Basic (IMSI) filtering can use a combination of the APN and MCC-MNC numbers. The MCC and MNC are part of the APN, however filtering on MCC-MNC separately allows you to filter based on country and carrier instead of just the destination of the GTP Tunnel.

Policy (Advanced) filtering can go into much deeper detail covering PDP contexts/Sessions, MSISDN, IMEI, and more not to mention APN, and IMSI as well. If you can’t find the information in APN or IMSI that you need to filter on, then use Advanced filtering.