* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Service Providers](https://www.paloaltonetworks.com.au/blog/category/service-providers/)
* Secure Mobile Roaming: Ju...

# Secure Mobile Roaming: Just in Time to "Roam Like at Home"

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F10%2Fsp-secure-mobile-roaming-just-time-roam-like-home%2F)  
[](https://twitter.com/share?text=Secure+Mobile+Roaming%3A+Just+in+Time+to+%E2%80%9CRoam+Like+at+Home%E2%80%9D&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F10%2Fsp-secure-mobile-roaming-just-time-roam-like-home%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F10%2Fsp-secure-mobile-roaming-just-time-roam-like-home%2F&title=Secure+Mobile+Roaming%3A+Just+in+Time+to+%E2%80%9CRoam+Like+at+Home%E2%80%9D&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2017/10/sp-secure-mobile-roaming-just-time-roam-like-home/&ts=markdown)  
\[\](mailto:?subject=Secure Mobile Roaming: Just in Time to “Roam Like at Home”)  
Link copied  
By [Stuart Borgman](https://www.paloaltonetworks.com/blog/author/stuart-borgman/?ts=markdown "Posts by Stuart Borgman")  
Oct 09, 2017  
5 minutes  
[Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)  
[GPRS Tunneling Protocol](https://www.paloaltonetworks.com/blog/tag/gprs-tunneling-protocol/?ts=markdown)  
[GTP](https://www.paloaltonetworks.com/blog/tag/gtp/?ts=markdown)  
[mobile roaming](https://www.paloaltonetworks.com/blog/tag/mobile-roaming/?ts=markdown)  
[Mobility](https://www.paloaltonetworks.com/blog/tag/mobility/?ts=markdown)

In July 2017, we added an important release to our [service provider portfolio](http://www.paloaltonetworks.com/solutions/industries/service-providers/mobile-network-operators.html). It extended the reach of the Next-Generation Security Platform to inspect the network tunnels that traverse mobile networks. Defined by the 3GPP mobile standards body, GPRS Tunneling Protocol tunnels are used in all mobile networks.

GTP tunnels build the veins and arteries of the mobile network, reaching from the mobile device through the radio access network and onto the packet core of the network. They even extend beyond the network boundary to connect third-party roaming partner networks. While there are different release versions, there are two primary types of GTP tunnels: control and user. Control tunnels are used to establish and maintain communication. User tunnels carry customer data.

The use of these tunnels has not been lost on those who have malicious intent. Both the control and user tunnels create opportunities to disrupt or extort. The data tunnels provide a highway for malware to traverse the network undetected -- the mobile handset being the obvious target. Google Android is the most widely deployed mobile device operating system and the focus for many malware developers. Faketoken and [SpyDealer](https://www.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/) are two recent examples, designed to silently install on Android devices to collect personal data, record phone calls, control cameras and make purchases via applications. The resulting implications are wide.

GTP control tunnel vulnerabilities are less obvious but equally potent. Many risks focus on triggering behavior that overloads network signaling. Every device connected to the network is dependent on correctly functioning signaling processes. If signaling is disrupted or overloaded, service disruption can take place. Service disruption could be network-wide. Signaling threats can be subtle, with objectives that are difficult to detect. The more a device needs to make or respond to a signaling request, the more battery power is required. In the evolving IoT world, batteries are being asked to support devices over many years. Change the behavior of the signaling level, and these devices could be rendered useless within a fraction of their intended life span. The result could be a much shorter replacement cycle, with the associated cost to replace devices.

This is where Palo Alto Networks can make the difference. We can look deep inside the GTP control and user tunnels to ensure the protocols are behaving correctly, determine if signaling requests are legitimate, and inspect the data for threats and malware. If a device shows indicators of compromise, our platform can use signaling information to identify the SIM card and handset hardware number to allow the operator to apply a prevention strategy. The opportunity is to protect the customer and, ultimately, their own network. The platform can be positioned strategically in the network to inspect the GTP tunnels at key points in the network -- for example, the radio access network -- to look for threats from user devices. It can also protect at the roaming interconnection point, where operators connect.

It's worth noting that as we developed this functionality, European regulators had their own strategic plan. Many had become frustrated by the mobile roaming costs across Europe, concerned about inflated rates to roam within the European Economic Area, or EEA. Consumers complained throughout the summer about returning home from holidays to large mobile phone bills when a game or application had consumed a large volume of data and generated an expensive bill. Terms and conditions meant they had no option but to pay. Stories like these encouraged self-regulation, and some consumers disabled mobile roaming, searching for reliable Wi-Fi as soon as they took their devices out for use. The result was low data roaming between mobile operators.

On June 15, [European regulatory authorities](http://europa.eu/rapid/press-release_MEMO-17-885_en.htm) abolished charges for temporary roaming within the EEA, promoting the change as "Roam Like at Home." Tariffs in one's home country now applied across Europe. Millions of European travelers were liberated. Unlimited mobile phone data packages now apply across Europe. The impact has been significant. Wi-Fi is no longer as important. 4G is often as good as or better than Wi-Fi. For many mobile operators, the data being transferred across mobile operator roaming exchanges has exploded.

What this means for operators is that a once relatively easy-to-manage part of their network has suddenly become more complex. The step change in roaming traffic has surprised many operators. It is likely that the traffic growth will continue as customers become accustomed to the new rules. It is equally likely that an increase in roaming traffic will change the threat landscape. Those who want to damage the reputation of the operator now have a new point of attack. Service disruption to the roaming network could now impact a lot more customers and have greater implications.

The timing of the European regulatory changes with the introduction of new Palo Alto Networks mobile security functionality was purely coincidental, but it could be serendipitous if it can be used to protect an increasingly critical point in the mobile network.

For more information on Palo Alto Networks advanced GTP features for service providers, download the white paper "[Extended Application-Layer Visibility Across Multiple Mobile Network Peering Points](https://www.paloaltonetworks.com/resources/techbriefs/application-layer-visibility-mobile-network)."

*** ** * ** ***

## Related Blogs

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Silent No More: Mobile Roamers Spur a Security Evolution](https://www.paloaltonetworks.com.au/blog/2018/11/sp-silent-no-mobile-roamers-spur-security-evolution/)

### [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Automate Visibility and Harness the Power](https://www.paloaltonetworks.com.au/blog/2017/11/sp-automate-visibility-harness-power/)

### [IoT](https://www.paloaltonetworks.com/blog/category/iot/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Let's Prevent 5G "Boundless Connectivity" From Providing "Boundless Opportunity" for Cybercriminals](https://www.paloaltonetworks.com.au/blog/2017/07/sp-lets-prevent-5g-boundless-connectivity-providing-boundless-opportunity-cybercriminals/)

### [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Boundless Connectivity: Security in the Mobile Ecosystem](https://www.paloaltonetworks.com.au/blog/2017/07/sp-boundless-connectivity-security-mobile-ecosystem/)

### [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### MNOs Want Better Security: Achieving Threat Prevention in a Hyper-Connected 5G Environment](https://www.paloaltonetworks.com.au/blog/2017/06/sp-mnos-want-better-security-achieving-threat-prevention-hyper-connected-5g-environment/)

### [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Prisma Cloud Expands Runtime Protection to Azure Serverless Functions](https://www.paloaltonetworks.com.au/blog/cloud-security/azure-serverless/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language