View GTP logs to gain visibility into the traffic that
mobile subscribers generate.
GTP logs are event-based logs that include
information on a wide range of GTP attributes, including GTP event
type, GTP message type, GTP event code, GTP interface, Tunnel ID,
Subscriber ID (IMSI), the end-user IP address, in addition to TCP/IP
information that the next-generation firewall identifies, such as
application, source and destination address, and timestamp. GTP
logs, along with traffic, threat, URL filtering, and WildFire® Submissions
logs (if you have enabled GTP-U content inspection), give you visibility
into the data (IP packet encapsulated in GTP-U packet) traffic generated
by individual mobile subscribers.
The IP address assigned
to a mobile subscriber is dynamic and can change whenever the user
equipment is powered on or off, or when the user equipment attaches
to a different packet gateway on the same PLMN or a different PLMN
(when the subscriber is roaming). To identify the mobile subscriber
who generated the traffic, you need a way to associate the IP address
with a unique attribute for each subscriber. With stateful GTP-C
inspection and GTP-U content inspection, you can correlate the unique
identity (IMSI and IMEI) for each subscriber with the dynamically
assigned subscriber's IP address, and this association makes it
possible to identify the (GTP-U) traffic generated by each mobile
subscriber.