Carrier web-based manager settings

APN filtering options

An Access Point Name (APN) is an Information Element (IE) included in the header of a GTP packet. It provides information on how to reach a network.

An APN has the following format:

<network_id>[.mnc<mnc_int>.mcc<mcc_int>.gprs]

Where:

  • <network_id> is a network identifier or name that identifies the name of a network, for example, example.com

or internet.

  • [.mnc<mnc_int>.mcc<mcc_int>.gprs] is the optional operator identifier that uniquely identifies the operator’s PLMN, for example mnc123.mcc456.gprs.

 

Combining these two examples results in a complete APN of internet.mnc123.mcc456.gprs.

By default, the unit permits all APNs. However, you can configure APN filtering to restrict roaming subscribers’ access to external networks.

APN filtering applies only to the GTP create pdp request messages. The unit inspects GTP packets for both APN and selected modes. If both parameters match and APN filter entry, the unit applies the filter to the traffic. Additionally, the unit can filter GTP packets based on the combination of an IMSI prefix and an APN.

You cannot add an APN when creating a new profile.

APN Filtering

Enable APN Filter                      Select to enable APN filtering.

Default APN Action                    Select the default action for APN filtering. If you select Allow, all sessions are allowed except those blocked by individual APN filters. If you select Deny, all sessions are blocked except those allowed by individual APN fil- ters.

Value                                            The APN to be filtered.

Mode                                            The type of mode chosen that indicates where the APN originated and whether the Home Location Register (HLR) has verified the user sub- scription:

Action                                          The type of action that will be taken.

Edit                                              Modifies the settings within the filter. When you select Edit, the Edit win- dow appears, which allows you to modify the settings of the APN.

Delete                                          Removes the APN from the list within the table, in the APN Filtering sec- tion.

Add APN                                      Adds a new APN filter to the list. When you select Add APN, the New win- dow appears, which allows you to configure the APN settings.

New APN page

Value                                            Enter an APN to be filtered. You can include wild cards to match multiple APNs. For example, the value internet* would match all APNs that being with internet.

Mode

Select one or more of the available modes to indicate where the APN ori- ginated and whether the Home Location Register (HLR) has verified the user subscription.

This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.