Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mmorcali
New Contributor

How can I perform GTP (GPRS Tunneling Protocal) filtering on Fortigate 201F?

 

Hi,

 

I want to filter GTP traffic on the Fortigate 201F device used in the Telco system. When I examine the forward traffic logs, I only see GTP as the protocol. Ssh, ping, data, etc., are coming over GTP. However, I want to allow data access and block ping access. How can I do this?

 

Thanks

2 Solutions
ozkanaltas
Valued Contributor III

Hello @mmorcali ,

 

I don't have an experience with GTP traffic, but I did some research. 

 

According to my research, you can inspect GTP traffic with a FortiCarrier add-on license. But this license just sells for above 2600F,3000F, and VM08 models. Because of that, it seems you can't inspect GTP traffic on 201F. 

 

https://docs.fortinet.com/document/fortigate/7.4.3/fortios-carrier/263536/fortios-carrier-gtp-protec...

 

 

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortios-carrier-licence.pdf

 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
saleha
Staff
Staff

Hello,

 

Thank you for reaching out. IF you are only looking to create firewall policy based on GTP, you will need to create a GTP profile first:

https://docs.fortinet.com/document/fortigate/7.4.3/fortios-carrier/638010/configuring-gtp-profiles

config firewall gtp

edit <name>

set ...

end

If you are planning in the future to involve fortigate in GTP more I recommend upgraded license for fortios carrier which is limited to supported models:
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortios-carrier-licence.pdf

https://docs.fortinet.com/document/fortigate/7.4.3/fortios-carrier/263536/fortios-carrier-gtp-protec...

 

Thank you,

saleha

View solution in original post

2 REPLIES 2
ozkanaltas
Valued Contributor III

Hello @mmorcali ,

 

I don't have an experience with GTP traffic, but I did some research. 

 

According to my research, you can inspect GTP traffic with a FortiCarrier add-on license. But this license just sells for above 2600F,3000F, and VM08 models. Because of that, it seems you can't inspect GTP traffic on 201F. 

 

https://docs.fortinet.com/document/fortigate/7.4.3/fortios-carrier/263536/fortios-carrier-gtp-protec...

 

 

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortios-carrier-licence.pdf

 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
saleha
Staff
Staff

Hello,

 

Thank you for reaching out. IF you are only looking to create firewall policy based on GTP, you will need to create a GTP profile first:

https://docs.fortinet.com/document/fortigate/7.4.3/fortios-carrier/638010/configuring-gtp-profiles

config firewall gtp

edit <name>

set ...

end

If you are planning in the future to involve fortigate in GTP more I recommend upgraded license for fortios carrier which is limited to supported models:
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortios-carrier-licence.pdf

https://docs.fortinet.com/document/fortigate/7.4.3/fortios-carrier/263536/fortios-carrier-gtp-protec...

 

Thank you,

saleha

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors