
User Guide for Cisco Security Manager 4.4
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
A GTP map object lets you change the default configuration values used for GTP application inspection.
The GTP protocol is designed to provide security for wireless connections to TCP/IP networks such as
the Internet. You can use a GTP map to control timeout values, message sizes, tunnel counts, and GTP
versions traversing the security appliance.
Tip GTP inspection requires a special license. If you do not have the required license, you will see device
errors if you try to deploy a GTP map.
Navigation Path
Select Manage > Policy Objects, then select Maps > Policy Maps > Inspect > GTP from the Object
Type selector. Right-click inside the work area, then select New Object, or right-click a row and select
Edit Object.
Related Topics
Understanding Map Objects, page 6-72
Configuring Protocols and Maps for Inspection, page 17-21
Field Reference
Table 17-21 Add and Edit GTP Map Dialog Boxes
Element Description
Name The name of the policy object. A maximum of 40 characters is allowed.
Description A description of the policy object. A maximum of 200 characters is
Parameters tab
Country and Network Codes
The three-digit Mobile Country Code (mcc) and Mobile Network Code
(mnc) to include in the map. The codes are 000 to 999.
To add codes, click the Add button and fill in the dialog box.
To edit a row, select it and click the Edit button.
To delete a row, select it and click the Delete button.
Permit Response Table The Network/Host policy objects for which you will allow GTP
responses from a GSN that is different from the one to which the
response was sent.
To add objects, click the Add button and fill in the dialog box. For
more information, see Add and Edit Permit Response Dialog
Boxes, page 17-42.
To edit a row, select it and click the Edit button.
To delete a row, select it and click the Delete button.
Request Queue The maximum requests allowed in the queue. When the limit has been
reached and a new request arrives, the request that has been in the queue
for the longest time is removed. Values are 1-9999999. The default is
Tunnel Limit The maximum number of tunnels allowed.