Origin Realm and Destination Realm Whitelist Screening (RealmWLScr)
This countermeasure screens the ingress diameter request message to check if the received Origin-Realm and Destination-Realm are allowed from the ingress Peer or. This ingress diameter message screening is done for both Inbound Roaming Subscribers and Outbound Roaming Subscribers.
This countermeasure also screens the egress diameter request message to check if DSR is allowed to send a diameter request message with the given Destination-Realm. The egress diameter message screening is only done for Inbound Roaming Subscribers.
Screening of ingress diameter message for Origin-Realm, screening of ingress diameter message for Destination-Realm, and screening of egress diameter message for Destination-Realm can be enabled/disabled independently.
- The Origin-Realm of the ingress diameter message is not configured as Foreign network’s Realm.
- The Destination-Realm of the ingress diameter message is not configured as Home network’s Realm.
- For an Inbound Roamer, the Destination-Realm of the egress diameter message is not configured as Foreign network’s Realm.
Note:
Appropriate ART configuration needs to be done for routing the egress request messages (only toward foreign networks) to DSA so that screening of egress diameter message for Destination-Realm can be performed. See ART Configuration for DSA for more details.Apart from the mandatory configuration discussed in DSA Mandatory Configuration, configure the following tables for this countermeasure:
- Realm_List Table: For configuring allowable Realm and Peer list combinations for Home network and Foreign network which are used by this countermeasure for screening.
- System_Config_Options Table:
Option for enabling/disabling screening of the following:
- ingress diameter message for Origin-Realm
- ingress diameter message for Destination-Realm
- egress diameter message for Destination-Realm