Chapter 4 FortiOS Carrier : Configuring GTP on FortiOS Carrier : GTP support on the Carrier-enabled FortiGate unit : GTP stateful inspection
  
GTP stateful inspection
Apart from the static inspection (checking the packet header), the FortiOS Carrier firewall performs stateful inspection.
Stateful inspection provides enhanced security by keeping track of communications sessions and packets over a period of time. Both incoming and outgoing packets are examined. Outgoing packets that request specific types of incoming packets are tracked; only those incoming packets constituting a proper response are allowed through the firewall.
The FortiOS Carrier firewall can also index the GTP tunnels to keep track of them.
Using the enhanced Carrier traffic policy, the FortiOS Carrier firewall can block unwanted encapsulated traffic in GTP tunnels, such as infrastructure attacks. Infrastructure attacks involve attempts by an attacker to connect to restricted machines, such as GSN devices, network management systems, or mobile stations. If these attmpts to connect are detected, they are to be flagged immediately by the firewall .