Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiOS Carrier

    7.6.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.6
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.9
    5.6.0

    IE removal

    IE removal

    In some roaming scenarios, FortiOS Carrier can be installed on the border of the PLMN and the IPX/GRX. In this configuration, FortiOS Carrier supports information element (IE) removal policies to remove any combination of R6 IEs (RAT, RAI, ULI, IMEI-SV and APN restrictions) prior to forwarding the messages to the HGGSN (proxy mode).

    You can use the following command to enable IE removal and add IE removal policies to a GTP profile:

    config firewall gtp

    edit <name>

    set ie-remover enable

    config ie-remove-policy

    edit <id>

    set sgsn-addr <ipv4-firewall-address>

    set sgsn-addr6 <ipv6-firewall-address>

    set remove-ies {apn-restriction rat-type rai uli imei}

    end

    sgsn-addr select an IPv4 firewall address or address group to match the SGSNs or SGW addresses in the traffic for which to remove IEs. The default is all.

    sgsn-addr6 select an IPv6 firewall address or address group to match the SGSNs or SGW addresses in the traffic for which to remove IEs. The default is all.

    remove-ies select one or more of the following IEs to be removed: apn-restriction rat-type rai uli imei. All of the IE types are selected by default.

    From the GUI:

    1. To create a new IE removal policy in a GTP profile, enable IE removal policy and select Create New.
    2. Select an SGSN address from the list of firewall addresses and address groups.

    3. Select one or more of the following IEs to be removed.

      • APN Restriction
      • ULI
      • RAT
      • IMEI
      • RAI
    4. Select OK to save the IE removal policy.
    Previous
    Next

    IE removal

    IE removal

    In some roaming scenarios, FortiOS Carrier can be installed on the border of the PLMN and the IPX/GRX. In this configuration, FortiOS Carrier supports information element (IE) removal policies to remove any combination of R6 IEs (RAT, RAI, ULI, IMEI-SV and APN restrictions) prior to forwarding the messages to the HGGSN (proxy mode).

    You can use the following command to enable IE removal and add IE removal policies to a GTP profile:

    config firewall gtp

    edit <name>

    set ie-remover enable

    config ie-remove-policy

    edit <id>

    set sgsn-addr <ipv4-firewall-address>

    set sgsn-addr6 <ipv6-firewall-address>

    set remove-ies {apn-restriction rat-type rai uli imei}

    end

    sgsn-addr select an IPv4 firewall address or address group to match the SGSNs or SGW addresses in the traffic for which to remove IEs. The default is all.

    sgsn-addr6 select an IPv6 firewall address or address group to match the SGSNs or SGW addresses in the traffic for which to remove IEs. The default is all.

    remove-ies select one or more of the following IEs to be removed: apn-restriction rat-type rai uli imei. All of the IE types are selected by default.

    From the GUI:

    1. To create a new IE removal policy in a GTP profile, enable IE removal policy and select Create New.
    2. Select an SGSN address from the list of firewall addresses and address groups.

    3. Select one or more of the following IEs to be removed.

      • APN Restriction
      • ULI
      • RAT
      • IMEI
      • RAI
    4. Select OK to save the IE removal policy.
    Previous
    Next