Start a conversation Sign in
Start a conversation
  1. NewNet
  2. NewNet - Lithium
  3. Articles

Excluding conflicting Mobile and Land GTs from FWL check

Overview

You are an Operator which is both a Mobile and Land company, and you have different GTs to the land SMSC and to the mobile SMSC. You have SMSC Conflict check activated. The FWL compares the SRI-SM message Calling GT on the SCCP with the SMSC address on the MAP, and, if they are not equal, it blocks the message.

Hence you find that a lot of SRI-SM messages are getting blocked because the MAP have the land SMSC GT, and the SCCP have the land SMSC. You would like to exclude the same from the FWL check. You may also wish to know if it is possible to allow only the conflicting GTs between the Mobile and Land of your own GTs, but blocking conflicting GTs which arrive with their own Land GT and other abroad GTs.

Solution

You can consider the following alternatives to address this scenario.

1. Whitelist SMSC GTs

You can create a whitelist of SMSC GTs for which the FWL will skip the MT spoofing check. This functionality enables you to fine-tune the MT traffic that the FWL considers to be trusted. To enable this functionality:

  1. In the MGR, go to Routing ➤ Lists and create a list of the GTs of the SMSCs for which the FWL should skip the spoofing check.
  2. In the semi-static configuration file, set the tpconfig attribute firewalltrustedsmsclist to the name of the list.
  3. In the MGR, go to Firewall ➤ MT ➤ Properties, select the name of the list created in the first step in the dropdown for Trusted SMSC SCCP CgPA List.
    If the SCCP CgPA GT address of an incoming SendRoutingInfoForSm exists in this Trusted SMSC SCCP CgPA List, then the SMSC is considered trusted and the corresponding MT Forward SM received with the same IMSI as returned in SendRoutingInfoForSm response is also considered trusted.

2. Configure the Response to MT Spoofing

The FWL received an SRI-SM or MtForwardSm with an SMSC address at the SCCP level that belongs to a different network from the SMSC address at the MAP level.

You can set the attribute firewallmtactionforconflictingaddress to pass - Allow the Mobile Messaging system to continue processing the message.

 

Please note that selective blocking of conflicting addresses is not possible in the FWL settings. If you choose option 1 above, it will ignore conflicting addresses between the Mobile and Land network of their own GTs, as well as the conflicting addresses between their Land network and other abroad GTs.

 

Related Article: MT Spoofing Overview 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments