Fortinet black logo

CLI Reference

config firewall gtp

config firewall gtp

Note

This command is available for model(s): FortiGate 3500F, FortiGate 4200F, FortiGate 4201F, FortiGate 4400F, FortiGate 4401F.

It is not available for: FortiGate 1000D, FortiGate 100EF, FortiGate 100E, FortiGate 100F, FortiGate 101E, FortiGate 101F, FortiGate 1100E, FortiGate 1101E, FortiGate 140E-POE, FortiGate 140E, FortiGate 1500DT, FortiGate 1500D, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 201E, FortiGate 201F, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000D, FortiGate 300E, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3501F, FortiGate 3600E, FortiGate 3601E, FortiGate 3700D, FortiGate 3800D, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 40F 3G4G, FortiGate 40F, FortiGate 5001E1, FortiGate 5001E, FortiGate 500E, FortiGate 501E, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 60E DSLJ, FortiGate 60E DSL, FortiGate 60E-POE, FortiGate 60E, FortiGate 60F, FortiGate 61E, FortiGate 61F, FortiGate 70F, FortiGate 71F, FortiGate 800D, FortiGate 80E-POE, FortiGate 80E, FortiGate 80F Bypass, FortiGate 80F-POE, FortiGate 80F, FortiGate 81E-POE, FortiGate 81E, FortiGate 81F-POE, FortiGate 81F, FortiGate 900D, FortiGate 90E, FortiGate 91E, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiGateRugged 70F 3G4G, FortiGateRugged 70F, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 60E DSLJ, FortiWiFi 60E DSL, FortiWiFi 60E, FortiWiFi 60F, FortiWiFi 61E, FortiWiFi 61F, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

Configure GTP.

config firewall gtp
    Description: Configure GTP.
    edit <name>
        set addr-notify {ipv4-address-any}
        config apn
            Description: APN.
            edit <id>
                set apnmember <name1>, <name2>, ...
                set action [allow|deny]
                set selection-mode {option1}, {option2}, ...
            next
        end
        set apn-filter [enable|disable]
        set authorized-ggsns {string}
        set authorized-ggsns6 {string}
        set authorized-sgsns {string}
        set authorized-sgsns6 {string}
        set comment {var-string}
        set context-id {integer}
        set control-plane-message-rate-limit {integer}
        set default-apn-action [allow|deny]
        set default-imsi-action [allow|deny]
        set default-ip-action [allow|deny]
        set default-noip-action [allow|deny]
        set default-policy-action [allow|deny]
        set denied-log [enable|disable]
        set echo-request-interval {integer}
        set extension-log [enable|disable]
        set forwarded-log [enable|disable]
        set global-tunnel-limit {string}
        set gtp-in-gtp [allow|deny]
        set gtpu-denied-log [enable|disable]
        set gtpu-forwarded-log [enable|disable]
        set gtpu-log-freq {integer}
        set half-close-timeout {integer}
        set half-open-timeout {integer}
        set handover-group {string}
        set handover-group6 {string}
        set ie-allow-list-v0v1 {string}
        set ie-allow-list-v2 {string}
        config ie-remove-policy
            Description: IE remove policy.
            edit <id>
                set sgsn-addr {string}
                set sgsn-addr6 {string}
                set remove-ies {option1}, {option2}, ...
            next
        end
        set ie-remover [enable|disable]
        config ie-validation
            Description: IE validation.
            set imsi [enable|disable]
            set rai [enable|disable]
            set reordering-required [enable|disable]
            set ms-validated [enable|disable]
            set selection-mode [enable|disable]
            set nsapi [enable|disable]
            set charging-ID [enable|disable]
            set end-user-addr [enable|disable]
            set mm-context [enable|disable]
            set pdp-context [enable|disable]
            set gsn-addr [enable|disable]
            set msisdn [enable|disable]
            set qos-profile [enable|disable]
            set apn-restriction [enable|disable]
            set rat-type [enable|disable]
            set uli [enable|disable]
            set ms-tzone [enable|disable]
            set imei [enable|disable]
            set charging-gateway-addr [enable|disable]
        end
        config imsi
            Description: IMSI.
            edit <id>
                set mcc-mnc {string}
                set msisdn-prefix {string}
                set apnmember <name1>, <name2>, ...
                set action [allow|deny]
                set selection-mode {option1}, {option2}, ...
            next
        end
        set imsi-filter [enable|disable]
        set interface-notify {string}
        set invalid-reserved-field [allow|deny]
        set invalid-sgsns-to-log {string}
        set invalid-sgsns6-to-log {string}
        set ip-filter [enable|disable]
        config ip-policy
            Description: IP policy.
            edit <id>
                set srcaddr {string}
                set dstaddr {string}
                set srcaddr6 {string}
                set dstaddr6 {string}
                set action [allow|deny]
            next
        end
        set log-freq {integer}
        set log-gtpu-limit {integer}
        set log-imsi-prefix {string}
        set log-msisdn-prefix {string}
        set max-message-length {integer}
        set message-filter-v0v1 {string}
        set message-filter-v2 {string}
        config message-rate-limit
            Description: Message rate limiting.
            set echo-request {integer}
            set echo-reponse {integer}
            set version-not-support {integer}
            set create-pdp-request {integer}
            set create-pdp-response {integer}
            set update-pdp-request {integer}
            set update-pdp-response {integer}
            set delete-pdp-request {integer}
            set delete-pdp-response {integer}
            set create-aa-pdp-request {integer}
            set create-aa-pdp-response {integer}
            set delete-aa-pdp-request {integer}
            set delete-aa-pdp-response {integer}
            set error-indication {integer}
            set pdu-notify-request {integer}
            set pdu-notify-response {integer}
            set pdu-notify-rej-request {integer}
            set pdu-notify-rej-response {integer}
            set support-ext-hdr-notify {integer}
            set send-route-request {integer}
            set send-route-response {integer}
            set failure-report-request {integer}
            set failure-report-response {integer}
            set note-ms-request {integer}
            set note-ms-response {integer}
            set identification-request {integer}
            set identification-response {integer}
            set sgsn-context-request {integer}
            set sgsn-context-response {integer}
            set sgsn-context-ack {integer}
            set fwd-relocation-request {integer}
            set fwd-relocation-response {integer}
            set fwd-relocation-complete {integer}
            set relocation-cancel-request {integer}
            set relocation-cancel-response {integer}
            set fwd-srns-context {integer}
            set fwd-reloc-complete-ack {integer}
            set fwd-srns-context-ack {integer}
            set ran-info {integer}
            set mbms-notify-request {integer}
            set mbms-notify-response {integer}
            set mbms-notify-rej-request {integer}
            set mbms-notify-rej-response {integer}
            set create-mbms-request {integer}
            set create-mbms-response {integer}
            set update-mbms-request {integer}
            set update-mbms-response {integer}
            set delete-mbms-request {integer}
            set delete-mbms-response {integer}
            set mbms-reg-request {integer}
            set mbms-reg-response {integer}
            set mbms-de-reg-request {integer}
            set mbms-de-reg-response {integer}
            set mbms-ses-start-request {integer}
            set mbms-ses-start-response {integer}
            set mbms-ses-stop-request {integer}
            set mbms-ses-stop-response {integer}
            set g-pdu {integer}
        end
        config message-rate-limit-v0
            Description: Message rate limiting for GTP version 0.
            set echo-request {integer}
            set create-pdp-request {integer}
            set delete-pdp-request {integer}
        end
        config message-rate-limit-v1
            Description: Message rate limiting for GTP version 1.
            set echo-request {integer}
            set create-pdp-request {integer}
            set delete-pdp-request {integer}
        end
        config message-rate-limit-v2
            Description: Message rate limiting for GTP version 2.
            set echo-request {integer}
            set create-session-request {integer}
            set delete-session-request {integer}
        end
        set min-message-length {integer}
        set miss-must-ie [allow|deny]
        set monitor-mode [enable|disable|...]
        set noip-filter [enable|disable]
        config noip-policy
            Description: No IP policy.
            edit <id>
                set type [etsi|ietf]
                set start {integer}
                set end {integer}
                set action [allow|deny]
            next
        end
        set out-of-state-ie [allow|deny]
        set out-of-state-message [allow|deny]
        config per-apn-shaper
            Description: Per APN shaper.
            edit <id>
                set apn {string}
                set version {integer}
                set rate-limit {integer}
            next
        end
        config policy
            Description: Policy.
            edit <id>
                set apnmember <name1>, <name2>, ...
                set messages {option1}, {option2}, ...
                set apn-sel-mode {option1}, {option2}, ...
                set max-apn-restriction [all|public-1|...]
                set imsi-prefix {string}
                set msisdn-prefix {string}
                set rat-type {option1}, {option2}, ...
                set imei {string}
                set action [allow|deny]
                set rai {string}
                set uli {string}
            next
        end
        set policy-filter [enable|disable]
        config policy-v2
            Description: Apply allow or deny action to each GTPv2-c packet.
            edit <id>
                set apnmember <name1>, <name2>, ...
                set messages {option1}, {option2}, ...
                set apn-sel-mode {option1}, {option2}, ...
                set max-apn-restriction [all|public-1|...]
                set imsi-prefix {string}
                set msisdn-prefix {string}
                set rat-type {option1}, {option2}, ...
                set mei {string}
                set action [allow|deny]
                set uli {string}
            next
        end
        set port-notify {integer}
        set rat-timeout-profile {string}
        set rate-limit-mode [per-profile|per-stream|...]
        set rate-limited-log [enable|disable]
        set rate-sampling-interval {integer}
        set remove-if-echo-expires [enable|disable]
        set remove-if-recovery-differ [enable|disable]
        set reserved-ie [allow|deny]
        set send-delete-when-timeout [enable|disable]
        set send-delete-when-timeout-v2 [enable|disable]
        set spoof-src-addr [allow|deny]
        set state-invalid-log [enable|disable]
        set sub-second-interval [0.5|0.25|...]
        set sub-second-sampling [enable|disable]
        set traffic-count-log [enable|disable]
        set tunnel-limit {integer}
        set tunnel-limit-log [enable|disable]
        set tunnel-timeout {integer}
        set unknown-version-action [allow|deny]
        set user-plane-message-rate-limit {integer}
        set warning-threshold {integer}
    next
end

config firewall gtp

Parameter

Description

Type

Size

Default

addr-notify

overbilling notify address

ipv4-address-any

Not Specified

0.0.0.0

apn-filter

apn filter

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

authorized-ggsns

Authorized GGSN/PGW group.

string

Maximum length: 79

authorized-ggsns6

Authorized GGSN/PGW IPv6 group.

string

Maximum length: 79

authorized-sgsns

Authorized SGSN/SGW group.

string

Maximum length: 79

authorized-sgsns6

Authorized SGSN/SGW IPv6 group.

string

Maximum length: 79

comment

Comment.

var-string

Maximum length: 255

context-id

Overbilling context.

integer

Minimum value: 0 Maximum value: 4294967295

696

control-plane-message-rate-limit

control plane message rate limit

integer

Minimum value: 0 Maximum value: 4294967295

0

default-apn-action

default apn action

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

default-imsi-action

default imsi action

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

default-ip-action

default action for encapsulated IP traffic

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

default-noip-action

default action for encapsulated non-IP traffic

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

default-policy-action

default advanced policy action

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

denied-log

log denied

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

echo-request-interval

echo request interval (in seconds)

integer

Minimum value: 0 Maximum value: 4294967295

0

extension-log

log in extension format

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

forwarded-log

log forwarded

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

global-tunnel-limit

Global tunnel limit.

string

Maximum length: 63

gtp-in-gtp

gtp in gtp

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

gtpu-denied-log

Enable/disable logging of denied GTP-U packets.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

gtpu-forwarded-log

Enable/disable logging of forwarded GTP-U packets.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

gtpu-log-freq

Logging of frequency of GTP-U packets.

integer

Minimum value: 0 Maximum value: 4294967295

0

half-close-timeout

Half-close tunnel timeout (in seconds).

integer

Minimum value: 1 Maximum value: 30

10

half-open-timeout

Half-open tunnel timeout (in seconds).

integer

Minimum value: 1 Maximum value: 300

300

handover-group

Handover SGSN/SGW group.

string

Maximum length: 79

handover-group6

Handover SGSN/SGW IPv6 group.

string

Maximum length: 79

ie-allow-list-v0v1

IE allow list.

string

Maximum length: 63

ie-allow-list-v2

IE allow list.

string

Maximum length: 63

ie-remover

IE removal policy.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

imsi-filter

imsi filter

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

interface-notify

overbilling interface

string

Maximum length: 15

invalid-reserved-field

Invalid reserved field in GTP header

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

invalid-sgsns-to-log

Invalid SGSN group to be logged

string

Maximum length: 79

invalid-sgsns6-to-log

Invalid SGSN IPv6 group to be logged.

string

Maximum length: 79

ip-filter

IP filter for encapsulted traffic

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

log-freq

Logging of frequency of GTP-C packets.

integer

Minimum value: 0 Maximum value: 4294967295

0

log-gtpu-limit

the user data log limit

integer

Minimum value: 0 Maximum value: 512

0

log-imsi-prefix

IMSI prefix for selective logging.

string

Maximum length: 15

log-msisdn-prefix

the msisdn prefix for selective logging

string

Maximum length: 15

max-message-length

max message length

integer

Minimum value: 0 Maximum value: 4294967295

1452

message-filter-v0v1

Message filter.

string

Maximum length: 63

message-filter-v2

Message filter.

string

Maximum length: 63

min-message-length

min message length

integer

Minimum value: 0 Maximum value: 4294967295

0

miss-must-ie

Missing mandatory information element

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

monitor-mode

GTP monitor mode.

option

-

vdom

Option

Description

enable

Enable GTP monitor mode.

disable

Disable GTP monitor mode.

vdom

Enable/disable GTP monitor mode based on VDOM setting.

name

Profile name.

string

Maximum length: 63

noip-filter

non-IP filter for encapsulted traffic

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

out-of-state-ie

Out of state information element.

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

out-of-state-message

Out of state GTP message

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

policy-filter

Advanced policy filter

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

port-notify

overbilling notify port

integer

Minimum value: 0 Maximum value: 65535

21123

rat-timeout-profile

RAT timeout profile.

string

Maximum length: 63

rate-limit-mode

GTP rate limit mode.

option

-

per-profile

Option

Description

per-profile

Per-profile rate limiting.

per-stream

Per-stream rate limiting.

per-apn

Per-APN rate limiting.

rate-limited-log

log rate limited

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

rate-sampling-interval

rate sampling interval

integer

Minimum value: 1 Maximum value: 3600

1

remove-if-echo-expires

remove if echo response expires

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

remove-if-recovery-differ

remove upon different Recovery IE

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

reserved-ie

reserved information element

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

send-delete-when-timeout

send DELETE request to path endpoints when GTPv0/v1 tunnel timeout.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

send-delete-when-timeout-v2

send DELETE request to path endpoints when GTPv2 tunnel timeout.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

spoof-src-addr

Spoofed source address for Mobile Station.

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

state-invalid-log

log state invalid

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

sub-second-interval

Sub-second interval.

option

-

0.5

Option

Description

0.5

Sub-second interval of 0.5 seconds.

0.25

Sub-second interval of 0.25 seconds.

0.1

Sub-second interval of 0.1 seconds.

sub-second-sampling

Enable/disable sub-second sampling.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

traffic-count-log

log tunnel traffic counter

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

tunnel-limit

tunnel limit

integer

Minimum value: 0 Maximum value: 4294967295

0

tunnel-limit-log

tunnel limit

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

tunnel-timeout

Established tunnel timeout (in seconds).

integer

Minimum value: 0 Maximum value: 4294967295

86400

unknown-version-action

action for unknown gtp version

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

user-plane-message-rate-limit

user plane message rate limit

integer

Minimum value: 0 Maximum value: 4294967295

0

warning-threshold

Warning threshold for rate limiting.

integer

Minimum value: 0 Maximum value: 99

0

config apn

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

apnmember <name>

APN member.

APN name.

string

Maximum length: 79

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

selection-mode

APN selection mode.

option

-

ms net vrf

Option

Description

ms

Mobile Station provided APN.

net

Network provided APN.

vrf

Subscription verified.

config ie-remove-policy

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

sgsn-addr

SGSN address name.

string

Maximum length: 79

all

sgsn-addr6

SGSN IPv6 address name.

string

Maximum length: 79

all

remove-ies

GTP IEs to be removed.

option

-

apn-restriction rat-type rai uli imei

Option

Description

apn-restriction

APN Restriction.

rat-type

RAT Type.

rai

RAI.

uli

ULI.

imei

IMEI.

config ie-validation

Parameter

Description

Type

Size

Default

imsi

Validate IMSI.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

rai

Validate RAI.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

reordering-required

Validate re-ordering required.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

ms-validated

Validate MS validated.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

selection-mode

Validate selection mode.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

nsapi

Validate NSAPI.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

charging-ID

Validate charging ID.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

end-user-addr

Validate end user address.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

mm-context

Validate MM context.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

pdp-context

Validate PDP context.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

gsn-addr

Validate GSN address.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

msisdn

Validate MSISDN.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

qos-profile

Validate Quality of Service(QoS) profile.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

apn-restriction

Validate APN restriction.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

rat-type

Validate RAT type.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

uli

Validate user location information.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

ms-tzone

Validate MS time zone.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

imei

Validate IMEI(SV).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

charging-gateway-addr

Validate charging gateway address.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

config imsi

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

mcc-mnc

MCC MNC.

string

Maximum length: 15

msisdn-prefix

MSISDN prefix.

string

Maximum length: 15

apnmember <name>

APN member.

APN name.

string

Maximum length: 79

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

selection-mode

APN selection mode.

option

-

ms net vrf

Option

Description

ms

Mobile Station provided APN.

net

Network provided APN.

vrf

Subscription verified.

config ip-policy

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

srcaddr

Source address name.

string

Maximum length: 79

dstaddr

Destination address name.

string

Maximum length: 79

srcaddr6

Source IPv6 address name.

string

Maximum length: 79

dstaddr6

Destination IPv6 address name.

string

Maximum length: 79

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

config message-rate-limit

Parameter

Description

Type

Size

Default

echo-request

Rate limit for echo requests (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

echo-reponse

Rate limit for echo response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

version-not-support

Rate limit for version not supported (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-pdp-request

Rate limit for create PDP context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-pdp-response

Rate limit for create PDP context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

update-pdp-request

Rate limit for update PDP context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

update-pdp-response

Rate limit for update PDP context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-pdp-request

Rate limit for delete PDP context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-pdp-response

Rate limit for delete PDP context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-aa-pdp-request

Rate limit for create AA PDP context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-aa-pdp-response

Rate limit for create AA PDP context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-aa-pdp-request

Rate limit for delete AA PDP context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-aa-pdp-response

Rate limit for delete AA PDP context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

error-indication

Rate limit for error indication (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

pdu-notify-request

Rate limit for PDU notify request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

pdu-notify-response

Rate limit for PDU notify response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

pdu-notify-rej-request

Rate limit for PDU notify reject request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

pdu-notify-rej-response

Rate limit for PDU notify reject response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

support-ext-hdr-notify

Rate limit for support extension headers notification (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

send-route-request

Rate limit for send routing information for GPRS request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

send-route-response

Rate limit for send routing information for GPRS response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

failure-report-request

Rate limit for failure report request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

failure-report-response

Rate limit for failure report response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

note-ms-request

Rate limit for note MS GPRS present request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

note-ms-response

Rate limit for note MS GPRS present response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

identification-request

Rate limit for identification request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

identification-response

Rate limit for identification response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

sgsn-context-request

Rate limit for SGSN context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

sgsn-context-response

Rate limit for SGSN context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

sgsn-context-ack

Rate limit for SGSN context acknowledgement (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-relocation-request

Rate limit for forward relocation request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-relocation-response

Rate limit for forward relocation response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-relocation-complete

Rate limit for forward relocation complete (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

relocation-cancel-request

Rate limit for relocation cancel request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

relocation-cancel-response

Rate limit for relocation cancel response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-srns-context

Rate limit for forward SRNS context (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-reloc-complete-ack

Rate limit for forward relocation complete acknowledge (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-srns-context-ack

Rate limit for forward SRNS context acknowledge (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

ran-info

Rate limit for RAN information relay (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-notify-request

Rate limit for MBMS notification request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-notify-response

Rate limit for MBMS notification response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-notify-rej-request

Rate limit for MBMS notification reject request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-notify-rej-response

Rate limit for MBMS notification reject response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-mbms-request

Rate limit for create MBMS context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-mbms-response

Rate limit for create MBMS context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

update-mbms-request

Rate limit for update MBMS context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

update-mbms-response

Rate limit for update MBMS context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-mbms-request

Rate limit for delete MBMS context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-mbms-response

Rate limit for delete MBMS context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-reg-request

Rate limit for MBMS registration request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-reg-response

Rate limit for MBMS registration response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-de-reg-request

Rate limit for MBMS de-registration request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-de-reg-response

Rate limit for MBMS de-registration response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-ses-start-request

Rate limit for MBMS session start request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-ses-start-response

Rate limit for MBMS session start response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-ses-stop-request

Rate limit for MBMS session stop request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-ses-stop-response

Rate limit for MBMS session stop response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

g-pdu

Rate limit for G-PDU (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

config message-rate-limit-v0

Parameter

Description

Type

Size

Default

echo-request

Rate limit (packets/s) for echo request.

integer

Minimum value: 0 Maximum value: 4294967295

0

create-pdp-request

Rate limit (packets/s) for create PDP context request.

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-pdp-request

Rate limit (packets/s) for delete PDP context request.

integer

Minimum value: 0 Maximum value: 4294967295

0

config message-rate-limit-v1

Parameter

Description

Type

Size

Default

echo-request

Rate limit (packets/s) for echo request.

integer

Minimum value: 0 Maximum value: 4294967295

0

create-pdp-request

Rate limit (packets/s) for create PDP context request.

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-pdp-request

Rate limit (packets/s) for delete PDP context request.

integer

Minimum value: 0 Maximum value: 4294967295

0

config message-rate-limit-v2

Parameter

Description

Type

Size

Default

echo-request

Rate limit (packets/s) for echo request.

integer

Minimum value: 0 Maximum value: 4294967295

0

create-session-request

Rate limit (packets/s) for create session request.

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-session-request

Rate limit (packets/s) for delete session request.

integer

Minimum value: 0 Maximum value: 4294967295

0

config noip-policy

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

type

Protocol field type.

option

-

etsi

Option

Description

etsi

ESTI.

ietf

IETF.

start

Start of protocol range.

integer

Minimum value: 0 Maximum value: 255

0

end

End of protocol range.

integer

Minimum value: 0 Maximum value: 255

0

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

config per-apn-shaper

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

apn

APN name.

string

Maximum length: 63

version

GTP version number: 0 or 1.

integer

Minimum value: 0 Maximum value: 1

1

rate-limit

Rate limit (packets/s) for create PDP context request.

integer

Minimum value: 0 Maximum value: 1000000

0

config policy

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

apnmember <name>

APN member.

APN name.

string

Maximum length: 79

messages

GTP messages.

option

-

create-req

Option

Description

create-req

Create PDP context request.

create-res

Create PDP context response.

update-req

Update PDP context request.

update-res

Update PDP context response.

apn-sel-mode

APN selection mode.

option

-

ms net vrf

Option

Description

ms

Mobile Station provided APN.

net

Network provided APN.

vrf

Subscription verified.

max-apn-restriction

Maximum APN restriction value.

option

-

all

Option

Description

all

All.

public-1

Public-1.

public-2

Public-2.

private-1

Private-1.

private-2

Private-2.

imsi-prefix

IMSI prefix.

string

Maximum length: 15

msisdn-prefix

MSISDN prefix.

string

Maximum length: 15

rat-type

RAT Type.

option

-

any

Option

Description

any

Any RAT.

utran

UTRAN.

geran

GERAN.

wlan

WLAN.

gan

GAN.

hspa

HSPA.

eutran

EUTRAN.

virtual

Virtual.

nbiot

NB-IoT.

imei

IMEI pattern.

string

Maximum length: 40

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

rai

RAI pattern.

string

Maximum length: 40

uli

ULI pattern.

string

Maximum length: 40

config policy-v2

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

apnmember <name>

APN member.

APN name.

string

Maximum length: 79

messages

GTP messages.

option

-

create-ses-req

Option

Description

create-ses-req

Create session request.

create-ses-res

Create session response.

modify-bearer-req

Modify bearer request.

modify-bearer-res

Modify bearer response.

apn-sel-mode

APN selection mode.

option

-

ms net vrf

Option

Description

ms

Mobile Station provided APN.

net

Network provided APN.

vrf

Subscription verified.

max-apn-restriction

Maximum APN restriction value.

option

-

all

Option

Description

all

All.

public-1

Public-1.

public-2

Public-2.

private-1

Private-1.

private-2

Private-2.

imsi-prefix

IMSI prefix.

string

Maximum length: 15

msisdn-prefix

MSISDN prefix.

string

Maximum length: 15

rat-type

RAT Type.

option

-

any

Option

Description

any

Any RAT.

utran

UTRAN.

geran

GERAN.

wlan

WLAN.

gan

GAN.

hspa

HSPA.

eutran

EUTRAN.

virtual

Virtual.

nbiot

NB-IoT.

ltem

LTE-M.

nr

NR.

mei

MEI pattern.

string

Maximum length: 40

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

uli

GTPv2 ULI patterns (in order of CGI SAI RAI TAI ECGI LAI).

string

Maximum length: 40

config firewall gtp

Note

This command is available for model(s): FortiGate 3500F, FortiGate 4200F, FortiGate 4201F, FortiGate 4400F, FortiGate 4401F.

It is not available for: FortiGate 1000D, FortiGate 100EF, FortiGate 100E, FortiGate 100F, FortiGate 101E, FortiGate 101F, FortiGate 1100E, FortiGate 1101E, FortiGate 140E-POE, FortiGate 140E, FortiGate 1500DT, FortiGate 1500D, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 201E, FortiGate 201F, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000D, FortiGate 300E, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3501F, FortiGate 3600E, FortiGate 3601E, FortiGate 3700D, FortiGate 3800D, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 40F 3G4G, FortiGate 40F, FortiGate 5001E1, FortiGate 5001E, FortiGate 500E, FortiGate 501E, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 60E DSLJ, FortiGate 60E DSL, FortiGate 60E-POE, FortiGate 60E, FortiGate 60F, FortiGate 61E, FortiGate 61F, FortiGate 70F, FortiGate 71F, FortiGate 800D, FortiGate 80E-POE, FortiGate 80E, FortiGate 80F Bypass, FortiGate 80F-POE, FortiGate 80F, FortiGate 81E-POE, FortiGate 81E, FortiGate 81F-POE, FortiGate 81F, FortiGate 900D, FortiGate 90E, FortiGate 91E, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiGateRugged 70F 3G4G, FortiGateRugged 70F, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 60E DSLJ, FortiWiFi 60E DSL, FortiWiFi 60E, FortiWiFi 60F, FortiWiFi 61E, FortiWiFi 61F, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

Configure GTP.

config firewall gtp
    Description: Configure GTP.
    edit <name>
        set addr-notify {ipv4-address-any}
        config apn
            Description: APN.
            edit <id>
                set apnmember <name1>, <name2>, ...
                set action [allow|deny]
                set selection-mode {option1}, {option2}, ...
            next
        end
        set apn-filter [enable|disable]
        set authorized-ggsns {string}
        set authorized-ggsns6 {string}
        set authorized-sgsns {string}
        set authorized-sgsns6 {string}
        set comment {var-string}
        set context-id {integer}
        set control-plane-message-rate-limit {integer}
        set default-apn-action [allow|deny]
        set default-imsi-action [allow|deny]
        set default-ip-action [allow|deny]
        set default-noip-action [allow|deny]
        set default-policy-action [allow|deny]
        set denied-log [enable|disable]
        set echo-request-interval {integer}
        set extension-log [enable|disable]
        set forwarded-log [enable|disable]
        set global-tunnel-limit {string}
        set gtp-in-gtp [allow|deny]
        set gtpu-denied-log [enable|disable]
        set gtpu-forwarded-log [enable|disable]
        set gtpu-log-freq {integer}
        set half-close-timeout {integer}
        set half-open-timeout {integer}
        set handover-group {string}
        set handover-group6 {string}
        set ie-allow-list-v0v1 {string}
        set ie-allow-list-v2 {string}
        config ie-remove-policy
            Description: IE remove policy.
            edit <id>
                set sgsn-addr {string}
                set sgsn-addr6 {string}
                set remove-ies {option1}, {option2}, ...
            next
        end
        set ie-remover [enable|disable]
        config ie-validation
            Description: IE validation.
            set imsi [enable|disable]
            set rai [enable|disable]
            set reordering-required [enable|disable]
            set ms-validated [enable|disable]
            set selection-mode [enable|disable]
            set nsapi [enable|disable]
            set charging-ID [enable|disable]
            set end-user-addr [enable|disable]
            set mm-context [enable|disable]
            set pdp-context [enable|disable]
            set gsn-addr [enable|disable]
            set msisdn [enable|disable]
            set qos-profile [enable|disable]
            set apn-restriction [enable|disable]
            set rat-type [enable|disable]
            set uli [enable|disable]
            set ms-tzone [enable|disable]
            set imei [enable|disable]
            set charging-gateway-addr [enable|disable]
        end
        config imsi
            Description: IMSI.
            edit <id>
                set mcc-mnc {string}
                set msisdn-prefix {string}
                set apnmember <name1>, <name2>, ...
                set action [allow|deny]
                set selection-mode {option1}, {option2}, ...
            next
        end
        set imsi-filter [enable|disable]
        set interface-notify {string}
        set invalid-reserved-field [allow|deny]
        set invalid-sgsns-to-log {string}
        set invalid-sgsns6-to-log {string}
        set ip-filter [enable|disable]
        config ip-policy
            Description: IP policy.
            edit <id>
                set srcaddr {string}
                set dstaddr {string}
                set srcaddr6 {string}
                set dstaddr6 {string}
                set action [allow|deny]
            next
        end
        set log-freq {integer}
        set log-gtpu-limit {integer}
        set log-imsi-prefix {string}
        set log-msisdn-prefix {string}
        set max-message-length {integer}
        set message-filter-v0v1 {string}
        set message-filter-v2 {string}
        config message-rate-limit
            Description: Message rate limiting.
            set echo-request {integer}
            set echo-reponse {integer}
            set version-not-support {integer}
            set create-pdp-request {integer}
            set create-pdp-response {integer}
            set update-pdp-request {integer}
            set update-pdp-response {integer}
            set delete-pdp-request {integer}
            set delete-pdp-response {integer}
            set create-aa-pdp-request {integer}
            set create-aa-pdp-response {integer}
            set delete-aa-pdp-request {integer}
            set delete-aa-pdp-response {integer}
            set error-indication {integer}
            set pdu-notify-request {integer}
            set pdu-notify-response {integer}
            set pdu-notify-rej-request {integer}
            set pdu-notify-rej-response {integer}
            set support-ext-hdr-notify {integer}
            set send-route-request {integer}
            set send-route-response {integer}
            set failure-report-request {integer}
            set failure-report-response {integer}
            set note-ms-request {integer}
            set note-ms-response {integer}
            set identification-request {integer}
            set identification-response {integer}
            set sgsn-context-request {integer}
            set sgsn-context-response {integer}
            set sgsn-context-ack {integer}
            set fwd-relocation-request {integer}
            set fwd-relocation-response {integer}
            set fwd-relocation-complete {integer}
            set relocation-cancel-request {integer}
            set relocation-cancel-response {integer}
            set fwd-srns-context {integer}
            set fwd-reloc-complete-ack {integer}
            set fwd-srns-context-ack {integer}
            set ran-info {integer}
            set mbms-notify-request {integer}
            set mbms-notify-response {integer}
            set mbms-notify-rej-request {integer}
            set mbms-notify-rej-response {integer}
            set create-mbms-request {integer}
            set create-mbms-response {integer}
            set update-mbms-request {integer}
            set update-mbms-response {integer}
            set delete-mbms-request {integer}
            set delete-mbms-response {integer}
            set mbms-reg-request {integer}
            set mbms-reg-response {integer}
            set mbms-de-reg-request {integer}
            set mbms-de-reg-response {integer}
            set mbms-ses-start-request {integer}
            set mbms-ses-start-response {integer}
            set mbms-ses-stop-request {integer}
            set mbms-ses-stop-response {integer}
            set g-pdu {integer}
        end
        config message-rate-limit-v0
            Description: Message rate limiting for GTP version 0.
            set echo-request {integer}
            set create-pdp-request {integer}
            set delete-pdp-request {integer}
        end
        config message-rate-limit-v1
            Description: Message rate limiting for GTP version 1.
            set echo-request {integer}
            set create-pdp-request {integer}
            set delete-pdp-request {integer}
        end
        config message-rate-limit-v2
            Description: Message rate limiting for GTP version 2.
            set echo-request {integer}
            set create-session-request {integer}
            set delete-session-request {integer}
        end
        set min-message-length {integer}
        set miss-must-ie [allow|deny]
        set monitor-mode [enable|disable|...]
        set noip-filter [enable|disable]
        config noip-policy
            Description: No IP policy.
            edit <id>
                set type [etsi|ietf]
                set start {integer}
                set end {integer}
                set action [allow|deny]
            next
        end
        set out-of-state-ie [allow|deny]
        set out-of-state-message [allow|deny]
        config per-apn-shaper
            Description: Per APN shaper.
            edit <id>
                set apn {string}
                set version {integer}
                set rate-limit {integer}
            next
        end
        config policy
            Description: Policy.
            edit <id>
                set apnmember <name1>, <name2>, ...
                set messages {option1}, {option2}, ...
                set apn-sel-mode {option1}, {option2}, ...
                set max-apn-restriction [all|public-1|...]
                set imsi-prefix {string}
                set msisdn-prefix {string}
                set rat-type {option1}, {option2}, ...
                set imei {string}
                set action [allow|deny]
                set rai {string}
                set uli {string}
            next
        end
        set policy-filter [enable|disable]
        config policy-v2
            Description: Apply allow or deny action to each GTPv2-c packet.
            edit <id>
                set apnmember <name1>, <name2>, ...
                set messages {option1}, {option2}, ...
                set apn-sel-mode {option1}, {option2}, ...
                set max-apn-restriction [all|public-1|...]
                set imsi-prefix {string}
                set msisdn-prefix {string}
                set rat-type {option1}, {option2}, ...
                set mei {string}
                set action [allow|deny]
                set uli {string}
            next
        end
        set port-notify {integer}
        set rat-timeout-profile {string}
        set rate-limit-mode [per-profile|per-stream|...]
        set rate-limited-log [enable|disable]
        set rate-sampling-interval {integer}
        set remove-if-echo-expires [enable|disable]
        set remove-if-recovery-differ [enable|disable]
        set reserved-ie [allow|deny]
        set send-delete-when-timeout [enable|disable]
        set send-delete-when-timeout-v2 [enable|disable]
        set spoof-src-addr [allow|deny]
        set state-invalid-log [enable|disable]
        set sub-second-interval [0.5|0.25|...]
        set sub-second-sampling [enable|disable]
        set traffic-count-log [enable|disable]
        set tunnel-limit {integer}
        set tunnel-limit-log [enable|disable]
        set tunnel-timeout {integer}
        set unknown-version-action [allow|deny]
        set user-plane-message-rate-limit {integer}
        set warning-threshold {integer}
    next
end

config firewall gtp

Parameter

Description

Type

Size

Default

addr-notify

overbilling notify address

ipv4-address-any

Not Specified

0.0.0.0

apn-filter

apn filter

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

authorized-ggsns

Authorized GGSN/PGW group.

string

Maximum length: 79

authorized-ggsns6

Authorized GGSN/PGW IPv6 group.

string

Maximum length: 79

authorized-sgsns

Authorized SGSN/SGW group.

string

Maximum length: 79

authorized-sgsns6

Authorized SGSN/SGW IPv6 group.

string

Maximum length: 79

comment

Comment.

var-string

Maximum length: 255

context-id

Overbilling context.

integer

Minimum value: 0 Maximum value: 4294967295

696

control-plane-message-rate-limit

control plane message rate limit

integer

Minimum value: 0 Maximum value: 4294967295

0

default-apn-action

default apn action

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

default-imsi-action

default imsi action

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

default-ip-action

default action for encapsulated IP traffic

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

default-noip-action

default action for encapsulated non-IP traffic

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

default-policy-action

default advanced policy action

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

denied-log

log denied

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

echo-request-interval

echo request interval (in seconds)

integer

Minimum value: 0 Maximum value: 4294967295

0

extension-log

log in extension format

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

forwarded-log

log forwarded

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

global-tunnel-limit

Global tunnel limit.

string

Maximum length: 63

gtp-in-gtp

gtp in gtp

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

gtpu-denied-log

Enable/disable logging of denied GTP-U packets.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

gtpu-forwarded-log

Enable/disable logging of forwarded GTP-U packets.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

gtpu-log-freq

Logging of frequency of GTP-U packets.

integer

Minimum value: 0 Maximum value: 4294967295

0

half-close-timeout

Half-close tunnel timeout (in seconds).

integer

Minimum value: 1 Maximum value: 30

10

half-open-timeout

Half-open tunnel timeout (in seconds).

integer

Minimum value: 1 Maximum value: 300

300

handover-group

Handover SGSN/SGW group.

string

Maximum length: 79

handover-group6

Handover SGSN/SGW IPv6 group.

string

Maximum length: 79

ie-allow-list-v0v1

IE allow list.

string

Maximum length: 63

ie-allow-list-v2

IE allow list.

string

Maximum length: 63

ie-remover

IE removal policy.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

imsi-filter

imsi filter

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

interface-notify

overbilling interface

string

Maximum length: 15

invalid-reserved-field

Invalid reserved field in GTP header

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

invalid-sgsns-to-log

Invalid SGSN group to be logged

string

Maximum length: 79

invalid-sgsns6-to-log

Invalid SGSN IPv6 group to be logged.

string

Maximum length: 79

ip-filter

IP filter for encapsulted traffic

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

log-freq

Logging of frequency of GTP-C packets.

integer

Minimum value: 0 Maximum value: 4294967295

0

log-gtpu-limit

the user data log limit

integer

Minimum value: 0 Maximum value: 512

0

log-imsi-prefix

IMSI prefix for selective logging.

string

Maximum length: 15

log-msisdn-prefix

the msisdn prefix for selective logging

string

Maximum length: 15

max-message-length

max message length

integer

Minimum value: 0 Maximum value: 4294967295

1452

message-filter-v0v1

Message filter.

string

Maximum length: 63

message-filter-v2

Message filter.

string

Maximum length: 63

min-message-length

min message length

integer

Minimum value: 0 Maximum value: 4294967295

0

miss-must-ie

Missing mandatory information element

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

monitor-mode

GTP monitor mode.

option

-

vdom

Option

Description

enable

Enable GTP monitor mode.

disable

Disable GTP monitor mode.

vdom

Enable/disable GTP monitor mode based on VDOM setting.

name

Profile name.

string

Maximum length: 63

noip-filter

non-IP filter for encapsulted traffic

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

out-of-state-ie

Out of state information element.

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

out-of-state-message

Out of state GTP message

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

policy-filter

Advanced policy filter

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

port-notify

overbilling notify port

integer

Minimum value: 0 Maximum value: 65535

21123

rat-timeout-profile

RAT timeout profile.

string

Maximum length: 63

rate-limit-mode

GTP rate limit mode.

option

-

per-profile

Option

Description

per-profile

Per-profile rate limiting.

per-stream

Per-stream rate limiting.

per-apn

Per-APN rate limiting.

rate-limited-log

log rate limited

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

rate-sampling-interval

rate sampling interval

integer

Minimum value: 1 Maximum value: 3600

1

remove-if-echo-expires

remove if echo response expires

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

remove-if-recovery-differ

remove upon different Recovery IE

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

reserved-ie

reserved information element

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

send-delete-when-timeout

send DELETE request to path endpoints when GTPv0/v1 tunnel timeout.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

send-delete-when-timeout-v2

send DELETE request to path endpoints when GTPv2 tunnel timeout.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

spoof-src-addr

Spoofed source address for Mobile Station.

option

-

deny

Option

Description

allow

Allow setting.

deny

Deny setting.

state-invalid-log

log state invalid

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

sub-second-interval

Sub-second interval.

option

-

0.5

Option

Description

0.5

Sub-second interval of 0.5 seconds.

0.25

Sub-second interval of 0.25 seconds.

0.1

Sub-second interval of 0.1 seconds.

sub-second-sampling

Enable/disable sub-second sampling.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

traffic-count-log

log tunnel traffic counter

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

tunnel-limit

tunnel limit

integer

Minimum value: 0 Maximum value: 4294967295

0

tunnel-limit-log

tunnel limit

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

tunnel-timeout

Established tunnel timeout (in seconds).

integer

Minimum value: 0 Maximum value: 4294967295

86400

unknown-version-action

action for unknown gtp version

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

user-plane-message-rate-limit

user plane message rate limit

integer

Minimum value: 0 Maximum value: 4294967295

0

warning-threshold

Warning threshold for rate limiting.

integer

Minimum value: 0 Maximum value: 99

0

config apn

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

apnmember <name>

APN member.

APN name.

string

Maximum length: 79

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

selection-mode

APN selection mode.

option

-

ms net vrf

Option

Description

ms

Mobile Station provided APN.

net

Network provided APN.

vrf

Subscription verified.

config ie-remove-policy

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

sgsn-addr

SGSN address name.

string

Maximum length: 79

all

sgsn-addr6

SGSN IPv6 address name.

string

Maximum length: 79

all

remove-ies

GTP IEs to be removed.

option

-

apn-restriction rat-type rai uli imei

Option

Description

apn-restriction

APN Restriction.

rat-type

RAT Type.

rai

RAI.

uli

ULI.

imei

IMEI.

config ie-validation

Parameter

Description

Type

Size

Default

imsi

Validate IMSI.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

rai

Validate RAI.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

reordering-required

Validate re-ordering required.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

ms-validated

Validate MS validated.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

selection-mode

Validate selection mode.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

nsapi

Validate NSAPI.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

charging-ID

Validate charging ID.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

end-user-addr

Validate end user address.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

mm-context

Validate MM context.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

pdp-context

Validate PDP context.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

gsn-addr

Validate GSN address.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

msisdn

Validate MSISDN.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

qos-profile

Validate Quality of Service(QoS) profile.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

apn-restriction

Validate APN restriction.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

rat-type

Validate RAT type.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

uli

Validate user location information.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

ms-tzone

Validate MS time zone.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

imei

Validate IMEI(SV).

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

charging-gateway-addr

Validate charging gateway address.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

config imsi

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

mcc-mnc

MCC MNC.

string

Maximum length: 15

msisdn-prefix

MSISDN prefix.

string

Maximum length: 15

apnmember <name>

APN member.

APN name.

string

Maximum length: 79

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

selection-mode

APN selection mode.

option

-

ms net vrf

Option

Description

ms

Mobile Station provided APN.

net

Network provided APN.

vrf

Subscription verified.

config ip-policy

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

srcaddr

Source address name.

string

Maximum length: 79

dstaddr

Destination address name.

string

Maximum length: 79

srcaddr6

Source IPv6 address name.

string

Maximum length: 79

dstaddr6

Destination IPv6 address name.

string

Maximum length: 79

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

config message-rate-limit

Parameter

Description

Type

Size

Default

echo-request

Rate limit for echo requests (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

echo-reponse

Rate limit for echo response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

version-not-support

Rate limit for version not supported (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-pdp-request

Rate limit for create PDP context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-pdp-response

Rate limit for create PDP context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

update-pdp-request

Rate limit for update PDP context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

update-pdp-response

Rate limit for update PDP context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-pdp-request

Rate limit for delete PDP context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-pdp-response

Rate limit for delete PDP context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-aa-pdp-request

Rate limit for create AA PDP context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-aa-pdp-response

Rate limit for create AA PDP context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-aa-pdp-request

Rate limit for delete AA PDP context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-aa-pdp-response

Rate limit for delete AA PDP context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

error-indication

Rate limit for error indication (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

pdu-notify-request

Rate limit for PDU notify request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

pdu-notify-response

Rate limit for PDU notify response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

pdu-notify-rej-request

Rate limit for PDU notify reject request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

pdu-notify-rej-response

Rate limit for PDU notify reject response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

support-ext-hdr-notify

Rate limit for support extension headers notification (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

send-route-request

Rate limit for send routing information for GPRS request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

send-route-response

Rate limit for send routing information for GPRS response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

failure-report-request

Rate limit for failure report request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

failure-report-response

Rate limit for failure report response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

note-ms-request

Rate limit for note MS GPRS present request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

note-ms-response

Rate limit for note MS GPRS present response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

identification-request

Rate limit for identification request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

identification-response

Rate limit for identification response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

sgsn-context-request

Rate limit for SGSN context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

sgsn-context-response

Rate limit for SGSN context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

sgsn-context-ack

Rate limit for SGSN context acknowledgement (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-relocation-request

Rate limit for forward relocation request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-relocation-response

Rate limit for forward relocation response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-relocation-complete

Rate limit for forward relocation complete (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

relocation-cancel-request

Rate limit for relocation cancel request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

relocation-cancel-response

Rate limit for relocation cancel response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-srns-context

Rate limit for forward SRNS context (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-reloc-complete-ack

Rate limit for forward relocation complete acknowledge (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

fwd-srns-context-ack

Rate limit for forward SRNS context acknowledge (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

ran-info

Rate limit for RAN information relay (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-notify-request

Rate limit for MBMS notification request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-notify-response

Rate limit for MBMS notification response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-notify-rej-request

Rate limit for MBMS notification reject request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-notify-rej-response

Rate limit for MBMS notification reject response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-mbms-request

Rate limit for create MBMS context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

create-mbms-response

Rate limit for create MBMS context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

update-mbms-request

Rate limit for update MBMS context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

update-mbms-response

Rate limit for update MBMS context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-mbms-request

Rate limit for delete MBMS context request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-mbms-response

Rate limit for delete MBMS context response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-reg-request

Rate limit for MBMS registration request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-reg-response

Rate limit for MBMS registration response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-de-reg-request

Rate limit for MBMS de-registration request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-de-reg-response

Rate limit for MBMS de-registration response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-ses-start-request

Rate limit for MBMS session start request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-ses-start-response

Rate limit for MBMS session start response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-ses-stop-request

Rate limit for MBMS session stop request (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

mbms-ses-stop-response

Rate limit for MBMS session stop response (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

g-pdu

Rate limit for G-PDU (packets per second).

integer

Minimum value: 0 Maximum value: 4294967295

0

config message-rate-limit-v0

Parameter

Description

Type

Size

Default

echo-request

Rate limit (packets/s) for echo request.

integer

Minimum value: 0 Maximum value: 4294967295

0

create-pdp-request

Rate limit (packets/s) for create PDP context request.

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-pdp-request

Rate limit (packets/s) for delete PDP context request.

integer

Minimum value: 0 Maximum value: 4294967295

0

config message-rate-limit-v1

Parameter

Description

Type

Size

Default

echo-request

Rate limit (packets/s) for echo request.

integer

Minimum value: 0 Maximum value: 4294967295

0

create-pdp-request

Rate limit (packets/s) for create PDP context request.

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-pdp-request

Rate limit (packets/s) for delete PDP context request.

integer

Minimum value: 0 Maximum value: 4294967295

0

config message-rate-limit-v2

Parameter

Description

Type

Size

Default

echo-request

Rate limit (packets/s) for echo request.

integer

Minimum value: 0 Maximum value: 4294967295

0

create-session-request

Rate limit (packets/s) for create session request.

integer

Minimum value: 0 Maximum value: 4294967295

0

delete-session-request

Rate limit (packets/s) for delete session request.

integer

Minimum value: 0 Maximum value: 4294967295

0

config noip-policy

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

type

Protocol field type.

option

-

etsi

Option

Description

etsi

ESTI.

ietf

IETF.

start

Start of protocol range.

integer

Minimum value: 0 Maximum value: 255

0

end

End of protocol range.

integer

Minimum value: 0 Maximum value: 255

0

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

config per-apn-shaper

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

apn

APN name.

string

Maximum length: 63

version

GTP version number: 0 or 1.

integer

Minimum value: 0 Maximum value: 1

1

rate-limit

Rate limit (packets/s) for create PDP context request.

integer

Minimum value: 0 Maximum value: 1000000

0

config policy

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

apnmember <name>

APN member.

APN name.

string

Maximum length: 79

messages

GTP messages.

option

-

create-req

Option

Description

create-req

Create PDP context request.

create-res

Create PDP context response.

update-req

Update PDP context request.

update-res

Update PDP context response.

apn-sel-mode

APN selection mode.

option

-

ms net vrf

Option

Description

ms

Mobile Station provided APN.

net

Network provided APN.

vrf

Subscription verified.

max-apn-restriction

Maximum APN restriction value.

option

-

all

Option

Description

all

All.

public-1

Public-1.

public-2

Public-2.

private-1

Private-1.

private-2

Private-2.

imsi-prefix

IMSI prefix.

string

Maximum length: 15

msisdn-prefix

MSISDN prefix.

string

Maximum length: 15

rat-type

RAT Type.

option

-

any

Option

Description

any

Any RAT.

utran

UTRAN.

geran

GERAN.

wlan

WLAN.

gan

GAN.

hspa

HSPA.

eutran

EUTRAN.

virtual

Virtual.

nbiot

NB-IoT.

imei

IMEI pattern.

string

Maximum length: 40

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

rai

RAI pattern.

string

Maximum length: 40

uli

ULI pattern.

string

Maximum length: 40

config policy-v2

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

apnmember <name>

APN member.

APN name.

string

Maximum length: 79

messages

GTP messages.

option

-

create-ses-req

Option

Description

create-ses-req

Create session request.

create-ses-res

Create session response.

modify-bearer-req

Modify bearer request.

modify-bearer-res

Modify bearer response.

apn-sel-mode

APN selection mode.

option

-

ms net vrf

Option

Description

ms

Mobile Station provided APN.

net

Network provided APN.

vrf

Subscription verified.

max-apn-restriction

Maximum APN restriction value.

option

-

all

Option

Description

all

All.

public-1

Public-1.

public-2

Public-2.

private-1

Private-1.

private-2

Private-2.

imsi-prefix

IMSI prefix.

string

Maximum length: 15

msisdn-prefix

MSISDN prefix.

string

Maximum length: 15

rat-type

RAT Type.

option

-

any

Option

Description

any

Any RAT.

utran

UTRAN.

geran

GERAN.

wlan

WLAN.

gan

GAN.

hspa

HSPA.

eutran

EUTRAN.

virtual

Virtual.

nbiot

NB-IoT.

ltem

LTE-M.

nr

NR.

mei

MEI pattern.

string

Maximum length: 40

action

Action.

option

-

allow

Option

Description

allow

Allow setting.

deny

Deny setting.

uli

GTPv2 ULI patterns (in order of CGI SAI RAI TAI ECGI LAI).

string

Maximum length: 40