Unauthorized PLMN access—IMSI prefix filtering

The PLMN of a subscriber's home network is identified by combining the Mobile Country Code (MCC) and the Mobile Network Code (MNC). MCC-MNC is also known as the IMSI prefix. IMSI prefix acts as a PLMN identifier.

GTP IMSI prefixes filters can be configured to deny GTP incoming traffic from invalid roaming partners. Conversely, the filters can be configured to allow only incoming traffic from those network operators that have signed roaming agreements. The GTP packets with IMSI prefixes that do not match the configured prefixes are dropped.

An IMSI filter entry can also be optionally combined with an SGSN or SGW IP address (or IP address prefix list) to further restrict allowed IMSI prefix traffic to specific SGSN or SGW nodes.

*A:Dut-C>config>app-assure>group>
+---gtp-filter <gtp-filter-name> [create]
|   +---imsi-apn-filter //NEW and all its children attributes
|   |   +---default-action {permit|deny} //default permit
|   |   +---entry <entry-id: 1031..2030> create
|   |   |       + mcc-mnc-prefix <string of 1 to 6 decimal digits>
|   |   |       |---no mcc-mnc-prefix
|   |   |       + src-gsn ip-prefix-list <ip-prefix-list>
|   |   |       + src-gsn <ip address prefix
|   |   |       |---no src-gsn
|   |   |       + action {permit|deny} //default permit
|   |   +---no entry <entry-id>

An IMSI filter, an APN, and an SGSN Address can be used together to filter GTP packets.

By default, AA FW does not perform IMSI prefix filtering.