Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring Traffic Logging and Counting
380
Sequence Number value for each following G-PDU it sends. The value resets to zero
when it reaches 65535.
The receiving GGSN sets its counter to zero. When it receives a valid G-PDU, it
increments its counter by one. The counter resets to zero when it reaches 65535. The
receiving GGSN compares the Sequence Number in the arriving packet with the
sequence number in its counter: If the numbers correspond, the GGSN forwards the
packet; if they differ, the GGSN drops the packet.
To enable the device to validate sequence numbers for the GGSN, enable Sequence
Number Validation. By default, validation is disabled.
Filtering GTP-in-GTP Packets
To enable a security device to detect and drop a GTP packet that contains another GTP
packet in its message body, enable GTP in GTP Denied.
Removing GTP R6 Informational Elements
GTP R6 contains additional Informational Elements (IEs) that support 3GPP networks:
RAT, RAI, ULI, IMEI-SV, and APN Restriction. These new IEs are not supported on 2GPP
networks. You can tell the firewall to strip out these elements when traffic passes from
a 3GPP network to a 2GPP network.
To enable GTP traffic to flow between 3GPP and 2GPP networks, enable Remove r6 IE.
Inspecting Tunnel Endpoint IDs
You can configure the security device to perform Deep Inspection on the tunnel endpoint
IDs (TEID) in G-PDU data messages.
To perform Deep Inspection on tunnel endpoint IDs, enable TEID DI.
When you enable traffic logging and counting for a GTP object, the security device
generates log entries for deleted GTP tunnels and GTP traffic events.
Traffic Counting
A security device can count the number of user data and control messages (or bytes of
data), received from and forwarded to the GGSNs and SGSNs that the device protects.
The device counts traffic for each GTP tunnel separately, and differentiates GTP-User
and GTP-Control messages.
To enable counting, select Count By Message or Count By Byte. When counting is enabled
and tunnel is deleted, the device counts and logs the total number of messages or bytes
of data that it received from and forwarded to the SGSN or GGSN.
To view log entries for deleted GTP tunnels, use the Log Viewer.
Traffic Logging
A security device creates log entries for GTP events based on the status of the GTP
packet. For each event type, you can also specify how much information (basic or
extended) you want about each packet.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
