Carrier web-based manager settings
APN filtering options
An Access Point Name (APN) is an Information Element (IE) included in the header of a GTP packet. It provides information on how to reach a network.
An APN has the following format:
- <network_id> is a network identifier or name that identifies the name of a network, for example, example.com
- [.mnc<mnc_int>.mcc<mcc_int>.gprs] is the optional operator identifier that uniquely identifies the operator’s PLMN, for example mnc123.mcc456.gprs.
Combining these two examples results in a complete APN of internet.mnc123.mcc456.gprs.
By default, the unit permits all APNs. However, you can configure APN filtering to restrict roaming subscribers’ access to external networks.
APN filtering applies only to the GTP create pdp request messages. The unit inspects GTP packets for both APN and selected modes. If both parameters match and APN filter entry, the unit applies the filter to the traffic. Additionally, the unit can filter GTP packets based on the combination of an IMSI prefix and an APN.
You cannot add an APN when creating a new profile.
Enable APN Filter Select to enable APN filtering.
Default APN Action Select the default action for APN filtering. If you select Allow, all sessions are allowed except those blocked by individual APN filters. If you select Deny, all sessions are blocked except those allowed by individual APN fil- ters.
Value The APN to be filtered.
Mode The type of mode chosen that indicates where the APN originated and whether the Home Location Register (HLR) has verified the user sub- scription:
Action The type of action that will be taken.
Edit Modifies the settings within the filter. When you select Edit, the Edit win- dow appears, which allows you to modify the settings of the APN.
Delete Removes the APN from the list within the table, in the APN Filtering sec- tion.
Add APN Adds a new APN filter to the list. When you select Add APN, the New win- dow appears, which allows you to configure the APN settings.
New APN page
Value Enter an APN to be filtered. You can include wild cards to match multiple APNs. For example, the value internet* would match all APNs that being with internet.
Select one or more of the available modes to indicate where the APN ori- ginated and whether the Home Location Register (HLR) has verified the user subscription.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Leave a Reply