Fortinet black logo

FortiOS Carrier

Protecting Against GTP-Based Attacks: The Carrier Grade GTP Firewall

Protecting Against GTP-Based Attacks: The Carrier Grade GTP Firewall

With the evolution of the mobile network so has GTP evolved. The awareness to the potential of GTP-based attacks has led mobile core vendors to harden their software to better deal with potential attacks. Alongside this evolution, network security vendors, such as Fortinet, have led the way in providing GTP-aware firewalls to secure and protect the different versions of the GTP protocol from potential attacks.

A GTP firewall should be placed where GTP traffic and sessions originate and terminate, and has to inspect both the GTP-C (Control Plane) and GTP-U (Data Plane) packets that, together, constitute the GPRS Tunneling Protocol.

For example, the GTP firewall could be placed in line between the SGSN / SGW and the GGSN / PGW which are the initiator and terminator of the GTP traffic. One of the main roles of GTP firewalls is also to be able to support roaming between different versions of GTP without interrupting the service.

The GTP firewall must be carrier grade in its ability to scale and provide high availability without impact its ability to provide effective protection.

The most relevant GTP-related security documents published by the GSMA are FS.20 GTP Security and FS.37 GTP-U Security.

Protecting Against GTP-Based Attacks: The Carrier Grade GTP Firewall

With the evolution of the mobile network so has GTP evolved. The awareness to the potential of GTP-based attacks has led mobile core vendors to harden their software to better deal with potential attacks. Alongside this evolution, network security vendors, such as Fortinet, have led the way in providing GTP-aware firewalls to secure and protect the different versions of the GTP protocol from potential attacks.

A GTP firewall should be placed where GTP traffic and sessions originate and terminate, and has to inspect both the GTP-C (Control Plane) and GTP-U (Data Plane) packets that, together, constitute the GPRS Tunneling Protocol.

For example, the GTP firewall could be placed in line between the SGSN / SGW and the GGSN / PGW which are the initiator and terminator of the GTP traffic. One of the main roles of GTP firewalls is also to be able to support roaming between different versions of GTP without interrupting the service.

The GTP firewall must be carrier grade in its ability to scale and provide high availability without impact its ability to provide effective protection.

The most relevant GTP-related security documents published by the GSMA are FS.20 GTP Security and FS.37 GTP-U Security.