GTP Event Types and Severity

GTP events have categorized by their severity; the firewall generates GTP logs when GTP events occur.
The firewall generates GTP logs when the following events occur, and these events are displayed both in the logs and on the GTP Events widget on the ACCMobile Network Activity. With the exception of the GTP session start and GTP session end logs, GTP logs are triggered by the GTP protection profile configuration. The session start and session end logs are generated when you enable logging in Security policy rules.
SeverityGTP Event Type Description
CriticalGTP-in-GTP
GTP-U tunnel alert limit
High GTPv1 message failed stateful inspection
Abnormal GTPv1-C message with missing mandatory IE
Abnormal GTPv1-C message with invalid IE
Abnormal GTPv1-C message with invalid header
Abnormal GTPv1-C message with out of order IE
Abnormal GTPv1-C message with unsupported message type
Other abnormal GTPv1-C message
GTPv2 message failed stateful inspection
Abnormal GTPv2-C message with invalid header
Abnormal GTPv2-C message with missing mandatory IE
Abnormal GTPv2-C message with invalid IE
Abnormal GTPv2-C message with out of order IE
Abnormal GTPv2-C message with unsupported message type
Other abnormal GTPv2-C message
Abnormal GTP-U message with missing mandatory IE
Abnormal GTP-U message with invalid IE
Abnormal GTP-U message with invalid header
Abnormal GTP-U message with out of order IE
Abnormal GTP-U message with unsupported message type
Other abnormal GTP-U message
GTP-U tunnel block limit
End user IP address spoofing
LowGTP message matched by IMSI-Prefix filter
GTP message matched by RAT filter
GTP message matched by APN filter
InformationalGTPv1-C tunnel management message
GTPv1-C path management message
GTPv1-C other message
GTPv2-C tunnel management message
GTPv2-C path management message
GTPv2-C other message
GTP-U tunnel management message
GTP-U path management message
GTP-U G-PDU message
GTP session start
GTP session end

Related Documentation