Anti–Overbilling

Gi Firewall IP Address             The IP address of the unit’s interface configured as a Gi gateway.

Port                                             The SG security port number. The default port number is port 21123.

Change this number if your system uses a different SG port.

Interface                                     Select the unit interface configured as a Gi gateway.

Security Context ID                   Enter the security context ID. This ID must match the ID entered on the server Gi firewall. The default security context ID is 696.

 

Log options

All the GTP logs are treated as a subtype of the event logs. To enable GTP logging, you must:

• configure the GTP log settings in a GTP profile
• enable GTP logging when you configure log and report settings.

 

To enable GTP logging after a GTP profile has been configured

1. Go to Log & Report > Log Settings.

2. Select Event Logging, and select GTP service event.

3. Select Apply.

 

Log

Log Frequency                          Enter the number of messages to drop between logged messages.

An overflow of log messages can sometimes occur when logging rate-lim- ited GTP packets exceed their defined threshold. To conserve resources on the syslog server and the Carrier-enabled FortiGate unit, you can specify that some log messages are dropped. For example, if you want only every twentieth message to be logged, set a logging frequency of 20. This way, 20 messages are skipped and the next logged.

Acceptable frequency values range from 0 to 2147483674. When set to ‘0’, no messages are skipped.

Forwarded Log                         Select to log forwarded GTP packets.

Denied Log                                Select to log GTP packets denied or blocked by this GTP profile.

Rate Limited Log                      Select to log rate-limited GTP packets.

State Invalid Log                       Select to log GTP packets that have failed stateful inspection.

Tunnel Limit Log                      Select to log packets dropped because the maximum limit of GTP tunnels for the destination GSN is reached.

Extension Log                           Select to log extended information about GTP packets. When enabled, this additional information will be included in log entries:

• IMSI
• MSISDN
• APN
• Selection Mode
• SGSN address for signaling
• SGSN address for user data
• GGSN address for signaling
• GGSN address for user data

Traffic count Log                      Select to log the total number of control and user data messages received from and forwarded to the GGSNs and SGSNs that the unit protects.

The unit can report the total number of user data and control messages received from and forwarded to the GGSNs and SGSNs it protects. Altern- ately, the total size of the user data and control messages can be reported in bytes. The unit differentiates between traffic carried by each GTP tunnel, and also between GTP-User and GTP-Control messages.

The number of messages or the number of bytes of data received from and forwarded to the SGSN or GGSN are totaled and logged if a tunnel is deleted.

When a tunnel is deleted, the log entry contains:

• Timestamp
• Interface name (if applicable)
• SGSN IP address
• GGSN IP address
• TID
• Tunnel duration time in seconds
• Number of messages sent to the SGSN
• Number of messages sent to the GGSN

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!