Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Documentation Search

    Enabling Inspection of GTP Traffic

    You can use the command-line interface (CLI) or Network and Security Manager (NSM) to enable inspection of GPRS tunnelling protocol (GTP) encapsulated traffic. To enable inspection of encapsulated traffic, the IDP engine must first decapsulate it.

    To enable and configure decapsulation from the CLI:

    1. Log into the CLI as admin and enter su - to switch to root.
    2. Enter the following command to enable decapsulation:

      [root@defaulthost admin]# scio const -s s0 set sc_gtp_decapsulation 1
      scio: setting sc_gtp_decapsulation to 0x1

      By default, the IDP engine decapsulates one layer.

    3. Optional. Change the maximum decapsulation to two layers by entering the following command:

      [root@defaulthost admin]# scio const -s s0 set sc_max_decapsulation 2
      scio: setting sc_max_decapsulation to 0x2

      You can also use the scio const command to change defaults for the timeout at which the IDP engine closes the GTP tunnel and for the maximum number of concurrent GTP tunnels the IDP engine can handle.

    Changes you make to kernel constants from the CLI do not persist across restarts. To make your change persistent:

    1. Open the /usr/idp/device/bin/user_funcs file in a text editor, such as vi.
    2. Add the constant below the line user_start_end(). For example:
      $SCIO const -s s0 set sc_gtp_decapsulation 1
    3. Save the file.
    4. Restart the IDP engine:

      [root@defaulthost admin]# restart

      Restarting the IDP engine can take several moments.

    You can also use Network and Security Manager (NSM) Device Manager to turn on the GTP decapsulation feature. However, you cannot use NSM to change the decapsulation layer setting.

    Figure 1 shows the location of the GTP support setting in NSM.

    Figure 1: NSM Device Manager: GTP Support Setting

    Image s036728.gif

    To enable GTP decapsulation (NSM):

    1. In the NSM Device Manager, double-click the IDP Series device to display the device configuration editor.
    2. Click Sensor Settings.
    3. Click the Run-Time Parameters tab.
    4. Expand the Run-Time Parameters group.
    5. Select Enable GTP decapsulation support.
    6. Click OK.
    7. Push the updated configuration from NSM to the IDP Series device.

    Published: 2011-02-08