Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Junos CLI Reference CLI Reference S

Junos CLI Reference

keyboard_arrow_up
close
keyboard_arrow_left
Junos CLI Reference
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

show security gtp profile

date_range 19-Nov-23
arrow_backward
arrow_forward

Syntax

content_copy zoom_out_map
   show security gtp profile (profile-name | all)

Description

Use this command to display the GTP configuration. IP addresses in GPRS tunneling protocol (GTP) message on Gp or the S8 interface are validated with the configured IP group list to prevent attacks. The GTP firewall determines the IP addresses in GTP messages and matches with the configured IP group list. Based on the match criteria, valid GTP messages are forwarded to Packet and Forwarding Engine, and invalid GTP messages are dropped.

From Junos OS Release 20.4R1 onwards, show security gprs gtp configuration is replaced by show security gtp profile <profile_name>. The identifier option is replaced by profile-name in Junos OS Release 20.4R1.

Options

  • profile-name —Displays specific GTP profile.

  • all —Displays all the GTP profile list.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security gtp profile GTP command. Output fields are listed in the approximate order in which they appear.

Table 1: show security gtp profile GTP

Field Name

Field Description

Index

An internal number associated with the GTP message.

Min Message Length

Displays minimum message payload length (in bytes).

Max Message Length

Displays maximum message payload length (in bytes).

Timeout

Elapsed time without activity after which the profile is terminated.

Rate Limit Alarm Threshold

Rate Limit Drop Threshold

Displays limit rate of control traffic to any GSN defined in a GTP profile.

A drop threshold option and an alarm threshold option reduces the duplicate drop logs for destination GSN.

Remove R6Remove R7Remove R8Remove R9

Displays count of IEs that are removed from GTP messages.

Deny Nested GTP

Represents the deny of nested GTP profiles.

Validated

Represents validated address of the end user.

Restart Path

Represents the restart status of the GTP path.

Log Forwarded

Represents packets that the security device transmitted because it was valid.

Log event

A packet that the security device dropped because it failed stateful inspection, log alarms, and tunnel management events.

Log Prohibited

packet that the security device dropped because it was invalid.

Log Ratelimited

A packet that the security device dropped because it exceeded the maximum rate limit of the destination GSN.

Drop AA Create PDU

Represents Create AA PDU Context Request and Create AA PDU Context Response messages.

Drop AA Delete PDU

Represents Delete AA PDP Context Request and Delete AA PDP Context Response messages.

Drop Bearer Resource

Represents Bearer Resource Command and Bearer Resource Failure messages.

Drop Change Notification

Represents Change Notification Request and Change Notification Response messages.

Drop Config Transfer

Represents Configuration Transfer Tunnel messages.

Drop Context

Represents Context Request and Context Response messages.

Drop Create Bear

Represents Create Bearer Request and Create Bearer Response messages.

Drop Create Data Forwarding

Represents Create Indirect Data Forwarding Request and Create Indirect Data Forwarding Response messages.

Drop Create PDU

Represents Create PDU Context Request and Create PDU Context Response messages.

Drop Create Session

Represents Create Session Request and Create Session Response messages.

Drop Create Forwarding Tnl

Represents Create Forwarding Tunnel Request and Create Forwarding Tunnel Response messages.

Drop CS Paging

Represents CS Paging Indication messages.

Drop Data Record

Represents Data Record Request and Data Record Response messages.

Drop Delete Bearer

Represents Delete Bearer Request and Delete Bearer Response messages.

Drop Delete Command

Represents Delete Bearer Command and Delete Bearer Failure messages.

Drop Delete Data Forwarding

Represents Delete Indirect Data Forwarding Request and Delete Indirect Data Forwarding Response messages.

Drop Delete PDN

Represents Delete PDN Connection Set Request and Delete PDN Connection Set Response messages

Drop Delete PDP

Represents Delete PDP Context Request and Delete PDP Context Response messages.

Drop Delete Session

Represents Delete Session Request and Delete Session Response messages.

Drop Detach

Represents Detach Notification and Detach Acknowledgement messages.

Drop Downlink Notification

Represents Downlink Data Notification, Downlink Data Acknowledgement, and Downlink Data Notification Failure Indication messages.

Drop Echo

Represents Echo Request and Echo Response messages.

Drop Error Indication

Represents Error Indication messages.

Drop Failure Report

Represents Failure Report Request and Failure Report Response messages.

Drop FWD Access

Represents Forward Access Context Notification and Forward Access Context Acknowledgment messages.

Drop FWD Relocation

Represents Forward Relocation Request, Forward Relocation Response, Forward Relocation Complete, and Forward Relocation Complete Acknowledge messages.

Drop FWD SRNS Context

Represents Forward SRNS Context Request and Forward SRNS Context Response messages.

Drop G-PDU

Represents G-PDU and T-PDU messages.

Drop Identification

Represents Identification Request and Identification Response messages.

Drop MBMS Sess Start

Represents MBMS Session Start Request and MBMS Session Start Response messages.

Drop MBMS Sess Stop

Represents MBMS Session Stop Request and MBMS Session Stop Response messages.

Drop MBMS Sess Update

Represents MBMS Session Update Request and MBMS Session Update Response messages.

Drop Modify Bearer

Represents Modify Bearer Request and Modify Bearer Response messages.

Drop Modify Command

Represents Modify Bearer Command and Modify Bearer Failure messages.

Drop Node Alive

Represents Node Alive Request and Node Alive Response messages.

Drop Note MS Present

Represents Note MS GPRS Present Request and Note MS GPRS Present Response messages.

Drop PDU Notification

Represents PDU Notification request and PDU Notification response messages.

Drop Ran Info

Represents Ran Info Relay messages.

Drop Redirection

Represents Redirection Request and Redirection Response messages.

Drop Release Access

Drop Relocation Cancel

Represents Relocations Cancel Request and Relocation Cancel Response messages.

Drop Resume

Represents Resume Notification and Resume Acknowledgement messages.

Drop Send Route

Represents Send Route Info Request and Send Route Info Response messages.

Drop SGSN Context

Represents SGSN Context Request and SGSN Context Response messages.

Drop Stop Paging

Represents Stop Paging Indication messages.

Drop Supported Extension

Represents Supported Extension Headers Notification messages.

Drop Suspend

Represents Suspend Notification and Suspend Acknowledgement messages.

Drop Trace Session

Represents Trace Session Activation in GTP.

Drop Update Bearer

Represents Update Bearer Request and Update Bearer Response messages.

Drop Update PDN

Represents Update PDN Set Connection Request and PDN Set Connection Response messages.

Drop Update PDP

Represents Update PDP Request and Update PDP Response messages.

Drop Ver Not Supported

Represents Version Not Supported messages.

Handover group name

Name of the handover IP address group.

NE group name

Name of the network equipment group.

UE group name

Name of the user equipment group.

Must-IE profile V1

Represents GTPv1 Must-IE check.

Must-IE profile V2

Represents GTPv2 Must-IE check.

Remove-ie-set V1

Represents GTPv1 IE Removal.

Remove-ie-set V2

Represents GTPv2 IE Removal.

Listening-mode

Represents listening-mode for GTP inspection.

Sample Output

Refer the following sample outputs for Junos OS 20.3R1 or previous releases

show security gtp configuration all (GTP Profile)

content_copy zoom_out_map
user@host> show security gtp configuration all
GTP Profile List (id, name):
            1 GTP

show security gtp configuration 1 (GTP Profile)

content_copy zoom_out_map
user@host>  show security gtp configuration 1
Profile Details:

        Index                       : 1
        Min Message Length          : 0
        Max Message Length          : 65535
        Timeout                     : 1000
        Rate Limit                  : 0
        Request Timeout             : 0
        Remove IE V1                : 172, 180, 181, 182, 183, 184, 199
        Remove IE V2                : 255
        Deny Nested GTP             : 0
        Validated                   : 0
        Passive learning enable     : 0
        Restart Path                : 0
        Log Forwarded               : 0
        Log State Invalid           : 0
        Log Prohibited              : 0
        Log Ratelimited             : 0
        Frequency Number            : 0
        Drop AA Create PDU          : 0
        Drop AA Delete PDU          : 0
        Drop Bearer Resource        : 0
        Drop Change Notification    : 0
        Drop Config Transfer        : 0
        Drop Context                : 0
        Drop Create Bear            : 0
        Drop Create Data Forwarding : 0
        Drop Create PDU             : 0
        Drop Create Session         : 0
        Drop Create Forwarding Tnl  : 0
        Drop CS Paging              : 0
        Drop Data Record            : 0
        Drop Delete Bearer          : 0
        Drop Delete Command         : 0 
        Drop Delete Data Forwarding : 0 
        Drop Delete PDN             : 0 
        Drop Delete PDP             : 0 
        Drop Delete Session         : 0 
        Drop Detach                 : 0 
        Drop Downlink Notification  : 0
        Drop Echo                   : 0
        Drop Error Indication       : 0
        Drop Failure Report         : 0
        Drop FWD Access             : 0
        Drop FWD Relocation         : 0
        Drop FWD SRNS Context       : 0
        Drop G-PDU                  : 0
        Drop Identification         : 0
        Drop MBMS Sess Start        : 0
        Drop MBMS Sess Stop         : 0
        Drop MBMS Sess Update       : 0
        Drop Modify Bearer          : 0
        Drop Modify Command         : 0
        Drop Node Alive             : 0
        Drop Note MS Present        : 0
        Drop PDU Notification       : 0
        Drop Ran Info               : 0
        Drop Redirection            : 0
        Drop Release Access         : 0
        Drop Relocation Cancel      : 0
        Drop Resume                 : 0
        Drop Send Route             : 0
        Drop SGSN Context           : 0
        Drop Stop Paging            : 0
        Drop Supported Extension    : 0
        Drop Suspend                : 0
        Drop Trace Session          : 0
        Drop Update Bearer          : 0
        Drop Update PDN             : 0
        Drop Update PDP             : 0
        Drop Ver Not Supported      : 0
        Handover group name         : N/A
        NE group name               : N/A
        UE group name               : N/A
        Must-ie profile V1          : msgie-v1
        Must-ie profile V2          : msgie-v2
        Remove-ie-set V1            : ieset-v1-r7
        Remove-ie-set V2            : ieset-v2

Refer the following sample output for Junos OS 20.4R1 or later releases.

show security gtp profile name (listening-mode, rate-limit, log event)

content_copy zoom_out_map
user@host> show security gtp profile gtp1
  Profile Details:

        Index                       : 1
        Min Message Length          : 0
        Max Message Length          : 65535
        Timeout                     : 1000
        Rate Limit Alarm Threshold  : 400
        Rate Limit Drop Threshold   : 800
  Rate Limit GTPv0 Message	: 16, 18, 20, 22, 24
  Rate Limit GTPv1 Message	: 16, 20
  Rate Limit GTPv2 Message	: 32, 34, 36, 95, 99
        Request Timeout             : 6
        Deny Nested GTP             : 0
        Validated                   : 1
……
	  APN Control			: apn1

Refer the following sample output for Junos OS 21.2R1 or later releases.

show security gtp profile name (listening-mode, rate-limit, log event)

content_copy zoom_out_map
user@host> show security gtp profile gtp1
Profile Details:
 
        Index                       : 1
        Min Message Length          : 0
        Max Message Length          : 65535
        Timeout                     : 1000
        Rate Limit Alarm Threshold  : 2
        Rate Limit Drop Threshold   : 0
        Request Timeout             : 0
        GTP-in-GTP Denied           : 1
        User Tunnel Validation      : 1
        Sequnecy Number Validation  : 1
        End User Address Validation : 1
        Listening-mode              : enabled
        Restart Path                : 0
        Log Forwarded               : 0
        Log Event                   : 1
        Log Prohibited              : 0
        Log Ratelimited             : 0
        Log GTP-U                   : none
        Drop AA Create PDU          : 0
        Drop AA Delete PDU          : 0
        Drop Bearer Resource        : 0
        Drop Change Notification    : 0
        Drop Config Transfer        : 0
        Drop Context                : 0
        Drop Create Bear            : 0
        Drop Create Data Forwarding : 0
        Drop Create PDU             : 0
        Drop Create Session         : 0
        Drop Create Forwarding Tnl  : 0
        Drop CS Paging              : 0
        Drop Data Record            : 0
        Drop Delete Bearer          : 0
        Drop Delete Command         : 0
        Drop Delete Data Forwarding : 0
        Drop Delete PDN             : 0
        Drop Delete PDP             : 0
        Drop Delete Session         : 0
        Drop Detach                 : 0
        Drop Downlink Notification  : 0
        Drop Echo                   : 0
        Drop Error Indication       : 0
        Drop Failure Report         : 0
        Drop FWD Access             : 0
        Drop FWD Relocation         : 0
        Drop FWD SRNS Context       : 0
        Drop G-PDU                  : 0
        Drop Identification         : 0
        Drop MBMS Sess Start        : 0
        Drop MBMS Sess Stop         : 0
        Drop MBMS Sess Update       : 0
        Drop Modify Bearer          : 0
        Drop Modify Command         : 0
        Drop Node Alive             : 0
        Drop Note MS Present        : 0
        Drop PDU Notification       : 0
        Drop Ran Info               : 0
        Drop Redirection            : 0
        Drop Release Access         : 0
        Drop Relocation Cancel      : 0
        Drop Resume                 : 0
        Drop Send Route             : 0
        Drop SGSN Context           : 0
        Drop Stop Paging            : 0
        Drop Supported Extension    : 0
        Drop Suspend                : 0
        Drop Trace Session          : 0
        Drop Update Bearer          : 0
        Drop Update PDN             : 0
        Drop Update PDP             : 0
        Drop Ver Not Supported      : 0
        Handover group name         : N/A
        NE group name               : N/A
        UE group name               : N/A
        Must-ie profile V1          : N/A
        Must-ie profile V2          : N/A
        Remove-ie-set V1            : N/A
        Remove-ie-set V2            : N/A

Release Information

Command introduced in Junos OS Release 19.3R1. The identifier option is replaced by profile-name in Junos OS Release 20.4R1.

arrow_backward PREVIOUS show security gtp message-list
NEXT arrow_forward show security gtp rate-limit default
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top