GTP comprises control plane (GTP-C), user plane (GTP-U), and charging (GTP' derived from GTP-C) traffic transferred on UDP/IP. View the PAN-OS releases by model that support GTP and the 3GPP Technical Standards that GTPv1-C, GTPv2-C, and GTP-U support.

Enabling GTP security on Palo Alto Networks^® firewalls allows you to protect the mobile core network infrastructure from malformed GTP packets, denial of service attacks, and out-of-state GTP messages, and also allows you to protect mobile subscribers from spoofed IP packets and overbilling attacks.

GTPv1-C is defined in 3GPP TS 29.060. It is used on a Gn interface, that is, the interface between GPRS support nodes (GSNs) within a public land mobile network (PLMN), and also across a Gp interface between GSNs in different PLMNs. It is also used for roaming and inter access mobility between Gn/Gp SGSNs and mobility management entities (MMEs). GTPv1-C carries various types of control plane signaling messages. The registered port number for GTPv1-C is 2123.

GTPv2-C is defined in 3GPP TS 29.274. It is used on various EPC (Evolved Packet Core) signaling interfaces, such as S5, S8, and S11. GTPv2-C carries various types of control plane signaling messages. The registered port number for GTPv2-C is 2123.

GTP-U is defined in 3GPP TS 29.281. It encapsulates and routes user plane traffic across multiple user plane interfaces such as S1, S5, S8, and N3 (for 5G). GTP-U messages are either user plane or signaling messages. The registered port number for GTP-U is 2152.

NAT is not supported for GTP tunnel IP addresses with GTP stateful inspection.

Tunnel acceleration provides hardware offloading to reduce the time it takes to perform flow lookups and allows the tunnel traffic to be distributed more efficiently based on the inner traffic. You can Disable Tunnel Acceleration for ease of troubleshooting.

Continue to GTP Deployments and Configure GTP Stateful Inspection.