Overview
This article explains the configuration details to whitelist recipient IMSIs in MT Spoofing.
Whitelist Recipient IMSIs
You can create a whitelist of recipient IMSI ranges for which the FWL will skip the MT spoofing check. This type of whitelist is useful for subscribers who, through the use of Multi-SIM, have multiple IMSIs associated with the one MSISDN. Whitelisting the IMSIs prevents blocking of the messages that these subscribers originate. However, because the messages will not be checked for MT spoofing, the whitelist should be used with care.
Note: The ranges specified in the recipient IMSI whitelist must not overlap with the ranges specified for IMSI scrambling.
Learn more about the whitelist recipient IMSIs in the Firewall Guide available in the NewNet Download Center.
Process
There are two ways to bypass MT Spoofing, both of them in the MGR GUI: using the firewall or the routing configuration.
Firewall Configuration
The configuration of Whitelist Recipient IMSIs is done in the MGR GUI under Firewall > MT > Properties.
The Whitelist Recipient IMSI is different from a normal list, as seen below.
The value can be checked in the TE element command line.
$ tp_walk fwPropNoSpoofCheckWhiteListedRecipientImsi
fwPropNoSpoofCheckWhiteListedRecipientImsi.0 = STRING: "51501,51502,51503,51504,51505"
According to the MGR manual, up to 20 IMSI prefixes can be provisioned, separated by commas.
Routing Configuration
Another way to bypass MT Spoofing is by using Whitelist SMSC GTs. You can create a whitelist for SMSC GTs that you trust for which the MT Spoof Check will be skipped. Make sure you completely trust the SMSC GTs that you will put in the whitelist because no MT Spoof check is performed on all MT messages coming from this SMSC.
To enable the functionality, follow the steps below:
-
In the MGR GUI, navigate to Routing > Others > List and create a list containing the GTs of the SMSCs for which the FWL should skip the spoofing check.
-
Set the
tpconfig
attribute in the MGR semi-static configuration file, common_config.txt.-
In the master MGR, backup the common_config.txt file in
/usr/TextPass/etc
. -
Set the
tpconfig
attribute to be equal to the list you created in step 1.firewalltrustedsmsclist="<list name in step 1>"
-
Validate the common_config.txt.
$ tp_config --validatecommonconfig common_config.txt
-
Go to all the Traffic Element nodes (including all instances, if applicable) and restart TextPass process to apply changes.
-
After the restart, verify the parameter value.
$ tp_walk firewalltrustedsmsclist
-