To configure an AA GTP-c firewall for S8 or Gn

Purpose

Perform this procedure to configure a firewall for AA GTP-c traffic associated with an S8 or Gn interface that is bound to to an ISA-AA group or partition.

Steps
Configure GTP parameters on the ISA-AA group and partition
 

Configure the GTPC Database parameter:

  1. On the Equipment tree, expand [NE]→Logical Groups→ISA-AA Groups→ISA-AA Group n.

  2. Right-click on the ISA-AA Group n icon and choose Properties. The ISA-AA Group (Edit) form opens.

  3. On the General tab, in the Group panel, change the GTP Tunnel Database parameter value from 0 to 100 or vice versa.

If you are using 7750 SR NEs, configure the Minimum ISA Generation parameter value to 2.

This configuration is not required for VSR NEs.

Click on the ISA-AA Partitions tab.

Click Create or select an existing partition entry and click Properties. The ISA-AA Group Partition (Create|Edit) form opens.

On the General tab, in the GTP panel, configure the GTPC Inspection parameter value to Enabled.

Close the ISA-AA Group and ISA-AA Group Partition forms.

Configure AA GTP filter
 

Choose Policies→ISA Policies→Application Assurance from the NFM-P main menu. The Application Assurance Policies form opens.

Click Create→AA GTP Filter or select an AA GTP filter and click Properties. The AA GTP Filter (Create | Edit) form opens.

Configure the following parameters to Enabled:

  • Validate GTP Tunnels

  • Validate Sequence Number

  • Validate Source IP Address

10 

Click on the GTP in GTP tab and configure the default action for GTP in GTP packets.

11 

Click on the GTP V2 Message Type tab and configure the default action for packets that do not match any GTP V2 message type entries.

12 

Configure GTP V2 message type entries:

  1. Click on the Entries subtab.

  2. Click Create and configure the parameters.

  3. Create additional GTP V2 message type entries as needed.

13 

Click on the IMSI APN Filter tab and configure the default action for packets that do not match any IMSI APN filter entries.

14 

Configure IMSI APN Filter entries:

  1. Click on the Entries subtab.

  2. Click Create and configure the parameters.

  3. Create additional IMSI APN Filter entries as needed.

15 

Distribute the policy to NEs, as required.

16 

Close the AA GTP Filter (Create | Edit) form.

End of steps