In the following network topology, to apply security policy to
user and control traffic, the firewall must be positioned on the
4G/LTE interfaces, including the Control Plane (S11) and User Plane
(S1-U), as well as the 3G interfaces which include the Control Plane
(Gn [SGSN-MME]) and the Control and User Plane (Gn [SGSN-GGSN]).
You must enable
enable GTP Security for
complete subscriber level and equipment level visibility and policy
control for threat and traffic in their network.