Per-Stream Rate Limiting
FortiOS 5.2 supports per-stream rate limiting of GTP and the ability to apply rate limiting separately for GTPv0 and GTPv1, as well as for GTPv2.
This feature required the addition of the following CLI commands: message-rate-limit-v0, message-rate-limit-v1, and message-rate-limit-v2. The commands message-rate-limit-v0 and message-rate-limit-v1 are only visible when rate-limit-mode is set to per-stream, while message-rate-limit is visible when rate-limit-mode is set to per-profile. The command message-rate-limit-v2 is always visible, since GTPv2 message numbering and naming are different from GTPv0/v1.
The following features have also been added:
• Warning limit support.
• Per-version message rate limiting.
• A log for rate limiting warning called rate-limited-warning.
In addition, FortiOS Carrier now indicates the GTP version in rate limiting log messages and writes a rate limiting warning log message when a packet exceeds the rate limiting threshold.
Syntax
config firewall gtp
edit <name>
set rate-limit-mode {per-profile | per-stream}
set warning-threshold {0-99}
config {message-rate-limit-v0 | message-rate-limit-v1 | message-rate-limit-v2}
set create-pdp-request <rate-limit>
set delete-pdp-request <rate-limit>
set echo-request <rate-limit>
end
end
end