Fortinet black logo

FortiOS Carrier

Setting up GTP tunnel filters

Setting up GTP tunnel filters

You can use the following commands to set up a GTP tunnel filter that is applied to the diagnose firewall gtp tunnel list and the diagnose firewall gtp tunnel flush commands.

diagnose firewall gtp tunnel filter [filter]

diagnose firewall gtp tunnel filter [clear]

diagnose firewall gtp tunnel filter [negate]

[filter] can be one or more of the following:

vd <index> enter the index of a VDOM to match the GTP tunnels passing through the specified VDOM.

gtp-profile <name> enter a GTP profile name to match the GTP tunnels being processed by the GTP profile.

version { 0 | 1 | 2} enter a GTP version to match the GTP tunnels being processed by the GTP profile.

imsi <imsi> enter an MSI to match GTP tunnels using this IMSI.

msisdn <msisdn> enter an MSISDN to match the GTP tunnels using this MSISDN.

ms-addr <ip-address> enter the IP address of a mobile user to match the GTP tunnels carrying data for this user.

apn <name> enter an APN to match the GTP tunnels using this APN.

f-teid-c <teid> <address> enter a TEID ID of the control plane F-TEID and an IP address of the control plane F-TEID to match the GTP tunnels using this control plane TEID and IP address. Only applies only to GTPv1 and v2 tunnels.

f-teid-u <teid> <address> TEID ID of the data plane F-TEID and IP address of the data plane F-TEID to match the GTP tunnels using this data plane TEID and IP address. Only applies only to GTPv1 and v2 tunnels.

[clear] clear the current filter. Entering clear with no parameters completely clears the filter. You can include individual filter options to clear parts of the filter. For example, clear imsi deletes the imsi part of the current filter.

[negate [vd] [gtp-profile] [version] [imsi] [msisdn] [ms-addr]] invert some of the settings in the current filter. Entering negate with no parameters inverts all parts of the current filter that can be inverted. You can include individual filter options to invert parts of the filter. For example, negate imsi inverts the imsi part of the current filter.

Setting up GTP tunnel filters

You can use the following commands to set up a GTP tunnel filter that is applied to the diagnose firewall gtp tunnel list and the diagnose firewall gtp tunnel flush commands.

diagnose firewall gtp tunnel filter [filter]

diagnose firewall gtp tunnel filter [clear]

diagnose firewall gtp tunnel filter [negate]

[filter] can be one or more of the following:

vd <index> enter the index of a VDOM to match the GTP tunnels passing through the specified VDOM.

gtp-profile <name> enter a GTP profile name to match the GTP tunnels being processed by the GTP profile.

version { 0 | 1 | 2} enter a GTP version to match the GTP tunnels being processed by the GTP profile.

imsi <imsi> enter an MSI to match GTP tunnels using this IMSI.

msisdn <msisdn> enter an MSISDN to match the GTP tunnels using this MSISDN.

ms-addr <ip-address> enter the IP address of a mobile user to match the GTP tunnels carrying data for this user.

apn <name> enter an APN to match the GTP tunnels using this APN.

f-teid-c <teid> <address> enter a TEID ID of the control plane F-TEID and an IP address of the control plane F-TEID to match the GTP tunnels using this control plane TEID and IP address. Only applies only to GTPv1 and v2 tunnels.

f-teid-u <teid> <address> TEID ID of the data plane F-TEID and IP address of the data plane F-TEID to match the GTP tunnels using this data plane TEID and IP address. Only applies only to GTPv1 and v2 tunnels.

[clear] clear the current filter. Entering clear with no parameters completely clears the filter. You can include individual filter options to clear parts of the filter. For example, clear imsi deletes the imsi part of the current filter.

[negate [vd] [gtp-profile] [version] [imsi] [msisdn] [ms-addr]] invert some of the settings in the current filter. Entering negate with no parameters inverts all parts of the current filter that can be inverted. You can include individual filter options to invert parts of the filter. For example, negate imsi inverts the imsi part of the current filter.