Chapter 4 FortiOS Carrier : GTP message type filtering : Configuring message type filtering in FortiOS Carrier
  
Configuring message type filtering in FortiOS Carrier
GPRS Tunnelling Protocol (GTP) is a group of IP-based communications protocols used to carry General Packet Radio Service (GPRS) traffic within Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS) networks. It allows carriers to transport actual cellular packets over their network via tunneling.
In the CLI, there is a keyword for each type of GTP message for both message filtering, and for message rate limiting.
 
GTP message rate limiting is only accessible from the CLI using the command configure firewall gtp .
To configure GTP message type filtering - web-based manager
1. Go to Security Profiles > Carrier > GTP Profile.
2. Select Create New.
3. Enter a name for this profile such as msg_type_filtering.
4. Select Message Type Filtering to expand it.
5. For each type of message in the list, select Allow or Deny. All messages are set to Allow by default.
 
Fortinet best practices dictate that the unknown message action should be set to Deny for security reasons as this will block malformed messages.
6. Optionally select and configure any other GTP features for this profile, such as logging.
7. Select OK to save the profile.
8. Apply the msg_type_filtering profile a security policy configured for GTP tunnel traffic.
To configure GTP message filtering and block Unknown Message Action messages- CLI
config firewall gtp
edit msg_type_filtering
config message-filter
set unknown-message-action deny
next
end
end