Focus
Focus
Table of Contents

GTP Deployments

GTP deployments on a Palo Alto Networks firewall include RAN security, roaming security, Non-3GPP Access security, and cellular IoT security.
When deploying a Palo Alto Networks firewall that supports GTP security to inspect GTP traffic, you must determine the connection points or 3GPP interfaces on the mobile network that you want the firewall to secure:
  • GTPv1-C is used on Gn and Gp interfaces of the Universal Mobile Telecommunication System (UMTS) and GPRS.
  • GTPv2-C is used across various Evolved Packet Core (EPC) signaling interfaces, such as S5, S8, and S11.
  • GTP-U is used across various EPC signaling interfaces, such as S1-U, S5, S8, and on Gn and Gp interfaces of the UMTS and GPRS.
Deploy the firewalls in an active/passive HA. (Active/active HA is not supported.)
To inspect GTP traffic, you can deploy the firewall for the following:
Those topologies reference the following mobile network nodes in the EPC:
  • Mobility Management Entity (MME) that manages the mobile device connection to Long-Term Evolution (LTE) and other mobile networks
  • Serving Gateway (SGW) that routes the data packets
  • Packet Data Network Gateway (PGW) that connects the mobile user to external packet networks