MM1 message flood and duplicate message blocking of received messages
MMS protection profiles
- Open TCP session
- Send full MM4-forward.req message
Without ‘.’ on single line
- Reset TCP session
MMS protection profiles
An MMS protection profile is a group of settings that you can apply to an MMS session matched by a security policy.
MMS protection profiles are easy to configure and can be used by more than one security policy. You can configure a single MMS protection profile for the different traffic types handled by a set of security policies that Bypassing MMS protection profile filtering based on carrier endpoints
require identical protection levels and types. This eliminates the need to repeatedly configure those same MMS protection profile settings for each individual security policy.
For example, while traffic between trusted and untrusted networks might need strict protection, traffic between trusted internal addresses might need only moderate protection. You would configure two separate MMS protection profiles to provide the different levels of protection: one for traffic between trusted networks, and one for traffic between trusted and untrusted networks.
Once you have configured the MMS Protection Profile, you need to add it to a security policy to apply the profile to MMS traffic.
Bypassing MMS protection profile filtering based on carrier endpoints
You can use carrier endpoint filtering to exempt MMS sessions from MMS protection profile filtering. Carrier endpoint filtering matches carrier endpoints in MMS sessions with carrier endpoint patterns. If you add a carrier endpoint pattern to a filter list and set the action to exempt from all scanning, all messages from matching carrier endpoints bypass MMS protection profile filtering. See Bypassing message flood protection based on user’s carrier endpoints.
Applying MMS protection profiles to MMS traffic
To apply an MMS protection profile you must first create the MMS protection profile and then add the MMS protection profile to a security policy by enabling the Carrier security profile. The MMS protection profile then applies itself to the traffic accepted by that security policy.
MMS protection profiles can contain settings relevant to many different services. Each security policy uses the subset of the MMS protection profile settings that apply to the sessions accepted by the security policy. In this way, you might define just one MMS protection profile that can be used by many security policies, each policy using a different or overlapping subset of the MMS protection profile.
To add an MMS protection profile to a security policy
- Go to Security Profiles > MMS Profile.
- Select Create New to add an MMS protection profile.
- Configure as needed, and save.
- Go to Policy & Objects > IPv4 Policy.
- Select Create New to add a security policy, or select an existing policy and Edit to add the MMS profile.
- Configure the security policy as required.
- Enable MMS Profile, and select the MMS profile to add to the security policy.
- Select OK.
GTP basic concepts
GPRS currently supports data rates from 9.6kbps to more than 100 kbps, and is best suited for burst forms of traffic. GPRS involves both radio and wired components. The mobile phone sends the message to a base station
unit (radio based), and the base station unit sends the message to the carrier network and eventually Internet (wired carrier network).
The network system then either sends the message back to a base station and to the destination mobile unit, or forwards the message to the proper carrier’s network where it gets routed to the mobile unit.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!