Chapter 4 FortiOS Carrier : Carrier web-based manager settings : GTP Profile : APN filtering options
  
APN filtering options
An Access Point Name (APN) is an Information Element (IE) included in the header of a GTP packet. It provides information on how to reach a network.
An APN has the following format:
<network_id>[.mnc<mnc_int>.mcc<mcc_int>.gprs]
Where:
<network_id> is a network identifier or name that identifies the name of a network, for example, example.com or internet.
[.mnc<mnc_int>.mcc<mcc_int>.gprs] is the optional operator identifier that uniquely identifies the operator’s PLMN, for example mnc123.mcc456.gprs.
Combining these two examples results in a complete APN of internet.mnc123.mcc456.gprs.
By default, the unit permits all APNs. However, you can configure APN filtering to restrict roaming subscribers' access to external networks.
APN filtering applies only to the GTP create pdp request messages. The unit inspects GTP packets for both APN and selected modes. If both parameters match and APN filter entry, the unit applies the filter to the traffic.
Additionally, the unit can filter GTP packets based on the combination of an IMSI prefix and an APN. For more information, see “Basic filtering options”.
 
You cannot add an APN when creating a new profile.
 
APN Filtering section on the New GTP Profile page
Enable APN Filter
Select to enable APN filtering.
Default APN Action
Select the default action for APN filtering. If you select Allow, all sessions are allowed except those blocked by individual APN filters. If you select Deny, all sessions are blocked except those allowed by individual APN filters.
Value
The APN to be filtered.
Mode
The type of mode chosen that indicates where the APN originated and whether the Home Location Register (HLR) has verified the user subscription:
Action
The type of action that will be taken.
Edit
Modifies the settings within the filter. When you select Edit, the Edit window appears, which allows you to modify the settings of the APN.
Delete
Removes the APN from the list within the table, in the APN Filtering section.
Add APN
Adds a new APN filter to the list. When you select Add APN, the New window appears, which allows you to configure the APN settings.
New APN page
Value
Enter an APN to be filtered. You can include wild cards to match multiple APNs. For example, the value internet* would match all APNs that being with internet.
Mode
Select one or more of the available modes to indicate where the APN originated and whether the Home Location Register (HLR) has verified the user subscription.
 
Mobile Station provided
MS-provided APN, subscription not verified, indicates that the mobile station (MS) provided the APN and that the HLR did not verify the user's subscription to the network.
 
Network provided
Network-provided APN, subscription not verified, indicates that the network provided a default APN because the MS did not specify one, and that the HLR did not verify the user's subscription to the network.
 
Subscription Verified
MS or Network-provided APN, subscription verified, indicates that the MS or the network provided the APN and that the HLR verified the user's subscription to the network
Action
Select Allow or Deny.