To enable GTP logging after a GTP profile has been configured
- Go to Log & Report > Log Settings.
- Select Event Logging, and select GTP service event.
- Select Apply.
|Log Frequency||Enter the number of messages to drop between logged messages.
An overflow of log messages can sometimes occur when logging ratelimited GTP packets exceed their defined threshold. To conserve resources on the syslog server and the Carrier-enabled FortiGate unit, you can specify that some log messages are dropped. For example, if you want only every twentieth message to be logged, set a logging frequency of 20. This way, 20 messages are skipped and the next logged.
Acceptable frequency values range from 0 to 2147483674. When set to ‘0’, no messages are skipped.
|Forwarded Log||Select to log forwarded GTP packets.|
|Denied Log||Select to log GTP packets denied or blocked by this GTP profile.|
|Rate Limited Log||Select to log rate-limited GTP packets.|
|State Invalid Log||Select to log GTP packets that have failed stateful inspection.|
|Tunnel Limit Log||Select to log packets dropped because the maximum limit of GTP tunnels for the destination GSN is reached.|
|Extension Log||Select to log extended information about GTP packets. When enabled, this additional information will be included in log entries:
• Selection Mode
• SGSN address for signaling
• SGSN address for user data
• GGSN address for signaling
• GGSN address for user data
|Traffic count Log||Select to log the total number of control and user data messages received from and forwarded to the GGSNs and SGSNs that the unit protects.
The unit can report the total number of user data and control messages received from and forwarded to the GGSNs and SGSNs it protects. Alternately, the total size of the user data and control messages can be reported in bytes. The unit differentiates between traffic carried by each GTP tunnel, and also between GTP-User and GTP-Control messages.
The number of messages or the number of bytes of data received from and forwarded to the SGSN or GGSN are totaled and logged if a tunnel is deleted.
When a tunnel is deleted, the log entry contains:
• Interface name (if applicable)
• SGSN IP address
• GGSN IP address
• Tunnel duration time in seconds
• Number of messages sent to the SGSN
• Number of messages sent to the GGSN
Specifying logging types
You can configure the unit to log GTP packets based on their status with GTP traffic logging.
The status of a GTP packet can be any of the following 5 states:
- Forwarded – a packet that the unit transmits because the GTP policy allows it l Prohibited – a packet that the unit drops because the GTP policy denies it l Rate-limited – a packet that the unit drops because it exceeds the maximum rate limit of the destination GSN l State-invalid – a packet that the unit drops because it failed stateful inspection l Tunnel-limited – a packet that the unit drops because the maximum limit of GTP tunnels for the destination GSN is reached.
The following information is contained in each log entry:
- Timestamp l Source IP address l Destination IP address l Tunnel Identifier (TID) or Tunnel Endpoint Identifier (TEID) l Message type
- Packet status: forwarded, prohibited, state-invalid, rate-limited, or tunnel-limited l Virtual domain ID or name l Reason to be denied if applicable.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU