GTP Tunnel Management Service V0 and V1

GTP Tunnel Management Service V0 and V1 - Match PDP

What can I do here?

Use this window to define a GTP-specific security policy. Set which prefixes or other identifiers to allow onto your network.

Note - We recommend that you create a new service and do not change the pre-defined service gtp_v1_default.

Getting Here - Object Explorer > New > Service > GTP Service > GTP V0/V1 > Match PDP

Matched PDP Contexts

In addition to the source and destination IP addresses of the GTP traffic, it is possible to further match PDP Contexts according to IMSI Prefix, APN, Selection Mode, MS-ISDN, and LDAP. Either specify a value for the parameter, or select Any.

Tell me about the fields...

Matched PDP Contexts

Match specific IMSI Prefix - to specify an allowable subscriber identity prefix or select Any to allow all prefixes access. The subscriber identity prefix is usually of the form Country and Operator, for example, 23477 (where 234 is the MCC and 77 is the MNC). Alternatively, select Any to allow all prefixes access.
Match specific Access Point Name - to specify an APN object or select Any to allow all APNs access.
Match specific Selection Mode - to specify the origin of the APN that appears in the create PDP context request. There are three types of APN selection modes:
- 0 - verified is where either the MS or the network selects the APN, and the system verifies that the MS is subscribed to this APN.
- 1 - MS - not verified is where the MS selects the APN, and the system does not verify whether the MS is subscribed to this APN.
- 2 - Network - not verified is where the network selects the APN, and the system does not verify whether the MS is subscribed to this APN.
Match specific MS-ISDN Prefix - to specify an MS-ISDN prefix or select Any to allow all prefixes access. An example of an MS-ISDN prefix is 447788.
Match with LDAP Group - allows you to specify an LDAP group, sorted by two main attributes.
- according to IMSI or MS-ISDN - allows you to identify whether a user belongs to a specific LDAP group by IMSI or MS-ISDN.