Cellusys GTP Firewall

The GTP Firewall supports monitoring and control of all GTP-C traffic, and ensures all traffic is coming from verified sources and meets all necessary credentials, thereby preventing interception and other attacks which GRX and IPX infrastructures may be vulnerable to. GTP-C is used to set up, maintain, and tear down the data and control tunnels in GPRS Tunneling Protocol (GTP) which channel data packets between two nodes in 2.5G, 3G, and 4G networks.

Description

The GTP Firewall supports monitoring and control of all GTP-C traffic, and ensures all traffic is coming from verified sources and meets all necessary credentials, thereby preventing interception and other attacks which GRX and IPX infrastructures may be vulnerable to. GTP-C is used to set up, maintain, and tear down the data and control tunnels in GPRS Tunneling Protocol (GTP) which channel data packets between two nodes in 2.5G, 3G, and 4G networks.

Unified or Independent

GTP Firewall provides full control over the signalling stack from IP to GTP with consistent processing of rules and reporting over all protocols.

Integration is inline and simple, requiring no network configuration on PS nodes. For the core network, the GTP Firewall is transparent on L3.

GTP Firewall can be deployed standalone or can be complemented with additional protocols as additional modules of the Protect Unified Signalling Firewall as needed in the future.

  • All modules intercept both national and international messages
  • Uses REST API integration
  • All Cellusys products support virtual deployment or can be installed on our customized servers

 

All Categories

GSMA FS.20 categorizes GTP messages into three types. In addition to low-level filtering at the IP and transport layers, there are three categories of message filtering. GTP Firewall screens all categories of messages.

  • Category 1 looks at the type of message being sent on the individual interface
  • Category 2 messages are from any inbound roamer’s home network to a visited network
  • Category 3 are from outbound roamers in the visited network to their home network. Most messages fall into this category

 

Accessible Reporting

  • Equipped with powerful (yet agile) reporting and alerting features, not only will your network be secure, you can be sure to have the most accurate information about your network traffic and security at your fingertips.
  • Customize real-time alerts to be notified the moment a threat occurs.
  • Everyone on your team can be provided proper access levels and customise reports to suit their individual needs (no matter their level of technical expertise) thanks to the intuitive GUI.
  • Easily set alerts or publish reports as broad as GTP session success rates or drill down to monitor the behaviour of a particular subscriber IMSI. Troubleshoot VIP complaints and monitor message volumes with the touch of a button.

 

Additional Checks

Cross-protocol checks mitigate complex threat scenarios. Due to internal correlation, each rule has access to relevant fields of the GTP-C messages even if the field is not present in the original message (such as IMSI in PDP-Context-Delete Messages).

The firewall can drop GTP-C packets, modify message attributes, or generate error messages and return these to the message source. Also, it can rate limit messages from a given source or range of sources or on any message attribute.

In order to apply additional checks, the firewall can send external queries to determine real subscriber location based on any given parameter of a GTP-C packet.

Signalling Providers and Signalling Hubs

Signalling is your business — at least make it secure. We have provided many Tier 1 signalling hubs with the capability to control and secure their signalling.

Compliance

Fully compliant to GSMA FS.20

In response to security threats on the GPRS Exchange (GRX) and Internet Protocol Exchange (IPX), the GSMA published FS.20 GPRS Tunnelling Protocol (GTP) Security guidelines in February of 2017. It has been updated each year with Version 4.0 published in November of 2019. The document outlines known attacks involving GTP through GRX or IPX and recommends countermeasures. GSMA guidelines are often the basis for public policy and regulation regarding signalling security.

Additional information

Brand

Cellusys

Type

SS7/SMS Firewall