Bug ID 1011133: Protocol Inspection compliance check 10208 gtp_disallowed_message_types does not take GTP version into account

Last Modified: Apr 24, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 16.1.4,,,, 17.0.0,,

Opened: Apr 13, 2021

Severity: 3-Major


GTP version 1 and GTP version 2 disagree on message type designations, so blocking a given message type has a different meaning depending on the GTP version.


The device might drop GTP message types that are not intended to be dropped.


Compliance check 10208 is configured in an environment where different versions of GTP traffic might be encountered.


If the environment supports/expects only GTP version 1 or version 2 traffic, use compliance check 10223 gtp_disallowed_version to exclude all traffic from the unexpected GTP type to eliminate the message type ambiguity.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips