Troubleshooting
This section offers troubleshooting options for Carrier-related issues.
This section includes:
FortiOS Carrier diagnose commands
Applying IPS signatures to IP packets within GTP-U tunnels
GTP packets are not moving along your network
FortiOS Carrier diagnose commands
This section includes diagnose commands specific to FortiOS Carrier features such as GTP.
GTP related diagnose commands
This CLI command allows you to gain information on GTP packets, logs, statistics, and other information.
diag firewall gtp <command>
| apn list <gtp_profile> | The APN list entries in the specified GTP profile |
| auth-ggsns show <gtp_profile> | The authorized GGSNs entries for the specified GTP profile. Any GGSNs not on this list will not be recognized. |
| auth-sgsns show <gtp_profile> | The authorized SGSNs list entries for the specified GTP profile. Any SGSNs not on this list will not be recognized. |
| handover-grp show <gtp_
profile> |
The handover group showing the range of allowed handover group IP addresses. The handover group acts like a whitelist of allowed GTP addresses with a default deny at the end — if the GTP address is not on the list, it is denied. |
| ie-remove-policy list <gtp_ profile> | List of IE policies in the IE removal policy for this GTP profile. The information displayed includes the message count for this policy, the length of the SGSN, the list of IEs, and list of SGSN IP addresses. |
| imsi list <gtp_profile> | IMSI filter entries for this GTP profile. The information displayed includes the message count for this filter, length of the IMSI, the length of the APN and IMSI, and of course the IMSI and APN values. |
| invalid-sgsns-to-long list <gtp_ profile> | List of SGSNs that do not match the filter criteria. These SGSNs will be logged. |
| ip-policy list <gtp_profile> | List the IP policies including message count for each policy, the action to take, the source and destination IP addresses or ranges, and masks. |
Applying IPS signatures to IP packets within GTP-U tunnels
| noip-policy <gtp_profile> | List the non-IP policies including the message count, which mode, the action to take, and the start and end protocols to be used by decimal number. |
| path {list | flush} | Select list or flush.
List the GTP related paths in FortiOS Carrier memory. Flush the GTP related paths from memory. |
| policy list <gtp_policy> | The GTP advanced filter policy information for this GTP profile. The information displayed for each entry includes a count for messages matching this filter, a hexidecimal mask of which message types to match, the associated flags, action to take on a match, APN selection mode, MSISDN, RAT types, RAI, ULI, and IMEI. |
| profile list | Displays information about the configured GTP profiles.
You will not be able to see the bulk of the information if you do not log the output to a file. |
| runtime-stat flush | Select to flush the GTP runtime statistics from memory. |
| stat | Display the GTP runtime statistics — details on current GTP activity. This information includes how many tunnels are active, how many GTP profiles exist, how many IMSI filter entries, how many APN filter entries, advanced policy filter entries, IE remove policy filter entries, IP policy filter entries, clashes, and dropped packets. |
| tunnel {list | flush} | Select one of list or flush.
List lists all the GTP tunnels currently active. Flush clears the list of active GTP tunnels. This does not clear the clash counter displayed in the stat command. |
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!