Fortinet black logo

FortiOS Carrier

GTPv0/v1 message rate limiting

GTPv0/v1 message rate limiting

You can apply GTP v0/v1 message rate limiting in a GTP profile from the GUI or CLI.

  • From the GUI, create or edit a GTP profile, select Message rate limit (packets per second), and set the limit for one or more GTPv0/v1 message types.

  • From the CLI you can use the following command to apply GTPv0/v1 message rate limiting to a GTP profile.

config firewall gtp

set rate-sampling-interval <interval>

set rate-limit-mode {per-profile | per-stream | per-apn}

set warning-threshold <percent>

set user-plane-message-rate-limit 0

edit <name>

config message-rate-limit

set echo-request <limit>

set echo-reponse <limit>

set version-not-support <limit>

set create-pdp-request <limit>

set create-pdp-response <limit>

set update-pdp-request <limit>

set update-pdp-response <limit>

set delete-pdp-request <limit>

set delete-pdp-response <limit>

set create-aa-pdp-request <limit>

set create-aa-pdp-response <limit>

set delete-aa-pdp-request <limit>

set delete-aa-pdp-response <limit>

set error-indication <limit>

set pdu-notify-request <limit>

set pdu-notify-response <limit>

set pdu-notify-rej-request <limit>

set pdu-notify-rej-response <limit>

set support-ext-hdr-notify <limit>

set send-route-request <limit>

set send-route-response <limit>

set failure-report-request <limit>

set failure-report-response <limit>

set note-ms-request <limit>

set note-ms-response <limit>

set identification-request <limit>

set identification-response <limit>

set sgsn-context-request <limit>

set sgsn-context-response <limit>

set sgsn-context-ack <limit>

set fwd-relocation-request <limit>

set fwd-relocation-response <limit>

set fwd-relocation-complete <limit>

set relocation-cancel-request <limit>

set relocation-cancel-response <limit>

set fwd-srns-context <limit>

set fwd-reloc-complete-ack <limit>

set fwd-srns-context-ack <limit>

set ran-info <limit>

set mbms-notify-request <limit>

set mbms-notify-response <limit>

set mbms-notify-rej-request <limit>

set mbms-notify-rej-response <limit>

set create-mbms-request <limit>

set create-mbms-response <limit>

set update-mbms-request <limit>

set update-mbms-response <limit>

set delete-mbms-request <limit>

set delete-mbms-response <limit>

set mbms-reg-request <limit>

set mbms-reg-response <limit>

set mbms-de-reg-request <limit>

set mbms-de-reg-response <limit>

set mbms-ses-start-request <limit>

set mbms-ses-start-response <limit>

set mbms-ses-stop-request <limit>

set mbms-ses-stop-response <limit>

set g-pdu <limit>

end

rate-sampling-interval set how often, in seconds, to sample the rate. The range is 1 to 3600 and the default is 1 second.

rate-limit-mode select whether the rate limiting is applied per-profile (the default), per-stream, or per-apn.

warning-threshold set the rate limiting warning threshold in the range 0 to 99 percent. The default is 0 percent.

<limit> is the message limit in packets per second. The range is 0 to 4294967295. The default for all message types is 0, which is no rate limiting.

GTPv0/v1 message rate limiting

You can apply GTP v0/v1 message rate limiting in a GTP profile from the GUI or CLI.

  • From the GUI, create or edit a GTP profile, select Message rate limit (packets per second), and set the limit for one or more GTPv0/v1 message types.

  • From the CLI you can use the following command to apply GTPv0/v1 message rate limiting to a GTP profile.

config firewall gtp

set rate-sampling-interval <interval>

set rate-limit-mode {per-profile | per-stream | per-apn}

set warning-threshold <percent>

set user-plane-message-rate-limit 0

edit <name>

config message-rate-limit

set echo-request <limit>

set echo-reponse <limit>

set version-not-support <limit>

set create-pdp-request <limit>

set create-pdp-response <limit>

set update-pdp-request <limit>

set update-pdp-response <limit>

set delete-pdp-request <limit>

set delete-pdp-response <limit>

set create-aa-pdp-request <limit>

set create-aa-pdp-response <limit>

set delete-aa-pdp-request <limit>

set delete-aa-pdp-response <limit>

set error-indication <limit>

set pdu-notify-request <limit>

set pdu-notify-response <limit>

set pdu-notify-rej-request <limit>

set pdu-notify-rej-response <limit>

set support-ext-hdr-notify <limit>

set send-route-request <limit>

set send-route-response <limit>

set failure-report-request <limit>

set failure-report-response <limit>

set note-ms-request <limit>

set note-ms-response <limit>

set identification-request <limit>

set identification-response <limit>

set sgsn-context-request <limit>

set sgsn-context-response <limit>

set sgsn-context-ack <limit>

set fwd-relocation-request <limit>

set fwd-relocation-response <limit>

set fwd-relocation-complete <limit>

set relocation-cancel-request <limit>

set relocation-cancel-response <limit>

set fwd-srns-context <limit>

set fwd-reloc-complete-ack <limit>

set fwd-srns-context-ack <limit>

set ran-info <limit>

set mbms-notify-request <limit>

set mbms-notify-response <limit>

set mbms-notify-rej-request <limit>

set mbms-notify-rej-response <limit>

set create-mbms-request <limit>

set create-mbms-response <limit>

set update-mbms-request <limit>

set update-mbms-response <limit>

set delete-mbms-request <limit>

set delete-mbms-response <limit>

set mbms-reg-request <limit>

set mbms-reg-response <limit>

set mbms-de-reg-request <limit>

set mbms-de-reg-response <limit>

set mbms-ses-start-request <limit>

set mbms-ses-start-response <limit>

set mbms-ses-stop-request <limit>

set mbms-ses-stop-response <limit>

set g-pdu <limit>

end

rate-sampling-interval set how often, in seconds, to sample the rate. The range is 1 to 3600 and the default is 1 second.

rate-limit-mode select whether the rate limiting is applied per-profile (the default), per-stream, or per-apn.

warning-threshold set the rate limiting warning threshold in the range 0 to 99 percent. The default is 0 percent.

<limit> is the message limit in packets per second. The range is 0 to 4294967295. The default for all message types is 0, which is no rate limiting.