Table of Contents
Advertisement
Configuring GTP Objects
Configuring Info
Copyright © 2010, Juniper Networks, Inc.
type will have a special dialog that allows you to edit the value contained within. After
saving the change, it is reflected in all rules using that object.
Open Log Viewer
You can open the Log Viewer from any rule in the policy. NSM will open the Log Viewer
screen to display only those logs that were generated as a result of the selected rule.
This option is available only if the policy has not been edited since the last time it was
pushed to a device. Otherwise, the action is displayed as disabled. You can right-click
the policy to access this option.
To enable a security device to manage GTP traffic, you must create a GTP object and
then apply it to a security policy rule. The rule with the GTP object defines how the device
handles GTP packets: If a GTP packet matches the rule, the device attempts to further
match the packet data with the parameters set in the GTP object.
For detailed information on GTP, refer to the Concepts & Examples ScreenOS Reference
Guide, Volume 13: General Packet Radio Service.
Using GTP objects, you can configure multiple rules that enforce different GTP
configurations in the same security policy. For example, you can configure a security
policy that enables a device to control GTP traffic differently based on source and
destination zones and addresses, action, and so on.
You configure GTP objects in the Object Manager. From the main navigation tree, select
Object Manager > GTP Objects, then click the Add icon to display the New GTP Object
configuration screens. For each object, you can configure the following settings:
"Configuring Info" on page 381
"Configuring Traffic Logging and Counting" on page 383
"Configuring IMSI Prefix and APN Filtering" on page 384
"Configuring GTP Message Filtering" on page 386
"Configuring Subscriber Tracing (Lawful Interception)" on page 386
The following sections detail each GTP setting. For an example on creating a GTP object,
see "Example: Creating a GTP Object" on page 386.
The Info settings define the basic properties of the GTP object, and specify how the
security device should handle GTP messages and tunnels.
Limiting GTP Message Length
To limit the length of a GTP message, you can specify the minimum and maximum
number of bytes permitted in a message length field. In the GTP header, the message
length field indicates the length of the GTP payload. It does not include the length of the
GTP header itself, the UDP header, or the IP header.
Chapter 8: Configuring Objects
381
Advertisement
Table of Contents
