Example: Enabling GTP Inspection in Policies (CLI)

In this example, you configure interfaces and create addresses and two policies to allow bidirectional traffic between two networks within the same PLMN. You also apply a GTP inspection object to the policies.

  1. Enable GTP:

    user@host# set security gprs gtp enableuser@host# commituser@host# exituser@host# request system reboot

    Note: GTP is disabled by default. The device must be restarted after enabling GTP.

  2. Create the GTP inspection object:

    user@host# set security gprs gtp profile gtp1

  3. Configure interfaces:

    user@host# set interfaces ge-0/0/1 unit 0 family inet address 2.0.0.254/8user@host# set interfaces ge-0/0/2 unit 0 family inet address 3.0.0.254/8

  4. Configure security zones:

    user@host# set security zones security-zone sgsn interfaces ge-0/0/1.0user@host# set security zones security-zone sgsn host-inbound-traffic system-services alluser@host# set security zones security-zone sgsn host-inbound-traffic protocols all user@host# set security zones security-zone ggsn interfaces ge-0/0/2.0user@host# set security zones security-zone ggsn host-inbound-traffic system-services alluser@host# set security zones security-zone ggsn host-inbound-traffic protocols all

  5. Specify addresses:

    user@host# set security zones security-zone sgsn address-book address local-sgsn 2.0.0.5/32 user@host# set security zones security-zone ggsn address-book address remote–ggsn 3.0.0.6/32

  6. Enable the GTP service in the security policies:

    user@host# set security policies from-zone sgsn to-zone ggsn policy sgsn_to_ggsn match source-address local-sgsn destination-address remote–ggsn application junos-gprs-gtpuser@host# set security policies from-zone sgsn to-zone ggsn policy sgsn_to_ggsn then permit application-services gprs-gtp-profile gtp1user@host# set security policies from-zone ggsn to-zone sgsn policy ggsn_to_sgsn match source-address remote–ggsn destination-address local–sgsn application junos-gprs-gtpuser@host# set security policies from-zone ggsn to-zone sgsn policy sgsn_to_ggsn then permit application-services gprs-gtp-profile gtp1

Related Topics

Junos OS Feature Support Reference for SRX Series and J Series Devices

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.