Generate Mobile Network Reports
You can view daily reports or configure and schedule custom reports on mobile network activity. The predefined Mobile Network Reports allow you to view a daily summary on some key events. For example, GTP Security Events report provides a view of the high and critical severity logs only.
For a detailed and granular report over a longer time-period, you can generate custom reports. In a custom report, you can filter for a specific value within an attribute in the log.
- Access the predefined Mobile Network Reports.
- Select MonitorReports.
- To view a report, expand the Mobile Network
Reports category on the right side of the page and select
a report name. You can select from the following reports:
By default, the firewall displays data for the previous calendar day and includes a maximum of 1,000 rows. To view reports for other dates, select a date in the calendar at the bottom right of the page. You can export the report to PDF, CSV, or XML.
- Attackers /Victims—Lists who is sending the detected threat along with the IMSI and IMEI information of the user. The directionality may be the opposite of the traffic log as a user may initiate an outbound connection to a web server and receive a malicious file from the server, making the destination address in the traffic log the attacker, and the source in the threat log.
- Malicious WildFire Submissions—Lists the files that received a malicious verdict based on WildFire cloud analysis.
- Users Visiting Malicious URL—Lists the mobile subscribers who visited URLs categorized as malicious.
- GTP Events Summary—Lists a summary of all GTP events logged on the firewall.
- GTP Security Events—Lists GTP events with high and critical severity only.
- GTPv1 Causes—Lists GTPv1 rejection causes logged on the firewall, if you have enabled GTPv1 stateful inspection.
- GTPv2 Causes—Lists GTPv2 rejection causes logged on the firewall, if you have enabled GTPv2 stateful inspection.
- GTP Spoofed End User IP—Lists the GTP End User IP Address spoofing events.
- Configure and schedule custom reports.
- Select MonitorManage Custom Reports.
- Click Add and then enter a Name for the report. See custom reports for details on setting up the report. The following example is a 30-day report that uses the GTP Summary log database. The query builder narrows the data in the report to include only logs with the specified combination of the serving network Mobile Country Codes (MCC) and Mobile Network Codes (MNC). The columns in the example report include IMSI, IMEI, GTP Cause Code, RAT, APN, Action and Count.
Monitor GTP Traffic
Monitor GTP Traffic When you enable logging in a security policy rule, the firewall generates a traffic log for when traffic matches the criteria defined ...
GTP Information on the ACC
GTP Information on the ACC The Mobile Network Activity tab on the Application Command Center ( ACC ) includes widgets that visual represent GTP log ...
GTP Cause Values in Logs
GTP Cause Values in Logs When you enable logging, GTP-C request and response messages include Information Element (IE) values that indicates whether a message has ...
GPRS Tunneling Protocol (GTP) Security
GPRS Tunneling Protocol (GTP) Security Mobile Network Operators use the GPRS Tunneling Protocol (GTP) on various interfaces in Roaming, Radio Access Network, and within the ...
Objects > Security Profiles > GTP Protection
Objects > Security Profiles > GTP Protection The GTP Protection profile enables the firewall to inspect GTP traffic. To view this profile, you must enable ...
ACC Tabs Network Activity —Displays an overview of traffic and user activity on your network. It focuses on the top applications being used, the top ...
Configure GTP Stateful Inspection
Configure GTP Stateful Inspection Mobile Network Operators use the GPRS Tunneling Protocol (GTP) on various interfaces in Roaming, Radio Access Network, and within the packet ...
GTP Protection Profile
GTP Protection Profile The GTP Protection profile ( Objects Security Profiles GTP Protection ) enables the firewall to inspect GTP traffic. The options in the ...
GTP Event Types and Severity
GTP Event Types and Severity The firewall generates GTP logs when the following events occur, and these events are displayed both in the logs and ...