GTP Event Types and Severity
GTP events have categorized by their severity; the firewall generates GTP logs when GTP events occur.
The firewall generates GTP logs when the following events occur, and these events are displayed both in the logs and on the GTP Events widget on the ACCMobile Network Activity. With the exception of the GTP session start and GTP session end logs, GTP logs are triggered by the GTP protection profile configuration. The session start and session end logs are generated when you enable logging in Security policy rules.
|Severity||GTP Event Type Description|
|GTP-U tunnel alert limit|
|High||GTPv1 message failed stateful inspection|
|Abnormal GTPv1-C message with missing mandatory IE|
|Abnormal GTPv1-C message with invalid IE|
|Abnormal GTPv1-C message with invalid header|
|Abnormal GTPv1-C message with out of order IE|
|Abnormal GTPv1-C message with unsupported message type|
|Other abnormal GTPv1-C message|
|GTPv2 message failed stateful inspection|
|Abnormal GTPv2-C message with invalid header|
|Abnormal GTPv2-C message with missing mandatory IE|
|Abnormal GTPv2-C message with invalid IE|
|Abnormal GTPv2-C message with out of order IE|
|Abnormal GTPv2-C message with unsupported message type|
|Other abnormal GTPv2-C message|
|Abnormal GTP-U message with missing mandatory IE|
|Abnormal GTP-U message with invalid IE|
|Abnormal GTP-U message with invalid header|
|Abnormal GTP-U message with out of order IE|
|Abnormal GTP-U message with unsupported message type|
|Other abnormal GTP-U message|
|GTP-U tunnel block limit|
|End user IP address spoofing|
|Low||GTP message matched by IMSI-Prefix filter|
|GTP message matched by RAT filter|
|GTP message matched by APN filter|
|Informational||GTPv1-C tunnel management message|
|GTPv1-C path management message|
|GTPv1-C other message|
|GTPv2-C tunnel management message|
|GTPv2-C path management message|
|GTPv2-C other message|
|GTP-U tunnel management message|
|GTP-U path management message|
|GTP-U G-PDU message|
|GTP session start|
|GTP session end|
Get a Packet Capture of a GTP Event
Get a packet capture of a GTP event, such as GTP-in-GTP, to troubleshoot an abnormal GTP packet. ...
GTP Protection Profile
Use these fields to create a GTP Protection profile to define how the firewall inspects, validates, and filters GTP traffic. ...
GTP Event Packet Capture
Get a packet capture of a single GTP event, such as GTP-in-GTP, end user IP spoofing, or abnormal GTP messages, to help troubleshoot GTP. ...
Objects > Security Profiles > GTP Protection
Objects > Security Profiles > GTP Protection The GTP Protection profile enables the firewall to inspect GTP traffic. To view this profile, you must enable ...
Content Inspection Features
Describes all the exciting new content inspection capabilities in PAN-OS® 9.0. ...
GPRS Tunneling Protocol (GTP)
The overview page for GTP content including navigation links for everything about GTP. ...
Monitor GTP Traffic
Monitor GTP traffic passing through a Palo Alto Networks firewall by viewing Mobile Network Activity on the ACC and by running predefined and custom reports. ...
Configure GTP Stateful Inspection
Enable GTP security, configure a GTP Protection profile, and attach the profile to a Security policy rule to secure GTP traffic. ...