Anti–overbilling with FortiOS Carrier

The Carrier-enabled FortiGate unit can be configured to assist with anti-overbilling measures. These measures ensure that the customer is only billed for connection time and data transfer that they actually use.

Anti-overbilling on the Carrier-enabled FortiGate unit involves:

• the administrator configuring the overbilling settings in the GTP profile to notify the Gi firewall when a GTP tunnel is deleted
• the unit clearing the sessions when the Gi firewall receives a notification from the Gn/Gp firewall about a GTP tunnel being deleted This way, the Gi firewall prevents overbilling by blocking traffic initiated by other users. The three locations to configure anti-overbilling options include:
• System > Network > Interface > Gi Gatekeeper — edit an interface, and enable to monitor Gi anti-overbilling traffic on this interface
• System > Admin > Settings > Gi Gatekeeper Settings — set the context ID and port that anti-overbilling will take place on.
• Security Profiles > Carrier > GTP Profile > Anti-Overbilling — the IP address, port, interface and context ID to use for anti-overbilling measures.

For detailed options, see Anti-Overbilling options.

Logging events on the Carrier-enabled FortiGate unit

Logging on the Carrier-enabled FortiGate unit is just like logging on any other FortiOS unit. The only difference with FortiOS Carrier is that there are a few additional events that you can log beyond the regular ones. These additional events are covered here.

To enable FortiOS Carrier logging, go to Log&Report > Event Log, and ensure GTP service event is enabled. Once this option is selected, the logging options under Security Profiles > Carrier > GTP Profile will be active.

To change FortiOS Carrier specific logging event settings, go to Security Profiles > Carrier > GTP Profile and edit a GTP profile. Expand the Log section to change the settings. For detailed options, see Log options.

The following information is contained in each log entry:

Timestamp                                   The time and date when the log entry was recorded

Source IP address                       The sender’s IP address.

Destination IP address               The reciever’s IP address. The sender-receiver pair includes a mobile phone on the GPRS local network, and a device on a network external to the GPRS network, such as the Internet.

Tunnel Identifier (TID)

Tunnel Endpoint Identifier (TEID)

An identifier for the start and endpoints of a GTP tunnel. This information uniquely defines all tunnels. It is important for billing information based

on the length of time the tunnel was active and how much data passed over the tunnel.

Message type                               For available message types, see Common message types on carrier net- works.

Packet status What action was performed on the packet. This field matches the logging options while you are configuring GTP logging. See Anti-overbilling with FortiOS Carrier on page 772.

The status can be one of forwarded, prohibited, state-invalid, rate-limited, or tunnel-limited

Virtual domain ID or name         A Carrier-enabled FortiGate unit can be divided into multiple virtual units, each being a complete and self-contained virtual FortiCarrier unit. This field indicates which virtual domain (VDOM) was responsible for the log entry. If VDOMs are not enabled on your unit, this field will be root.