GTP stateful inspection
Apart from static inspection (checking the packet header), FortiOS Carrier performs stateful inspection.
Stateful inspection provides enhanced security by keeping track of communications sessions and packets over a period of time. Both incoming and outgoing packets are examined. Outgoing packets that request specific types of incoming packets are tracked; only those incoming packets constituting a proper response are allowed through the firewall.
When you add a GTP profile to a FortiOS Carrier firewall policy, the firewall also indexes GTP tunnels to keep track of them. Firewall policies that include a GTP profile can block unwanted encapsulated traffic in GTP tunnels, such as infrastructure attacks. Infrastructure attacks involve attempts by an attacker to connect to restricted machines, such as GSN devices, network management systems, or mobile base stations. If these attempts to connect are detected, they are flagged immediately by the firewall.