Mobile Network Infrastructure Feature Support
Table of Contents
Expand all | Collapse all
- CN-Series Firewalls
- MFA Vendor Support
-
- Cloud Identity Engine Cipher Suites
-
- PAN-OS 11.2 GlobalProtect Cipher Suites
- PAN-OS 11.2 IPSec Cipher Suites
- PAN-OS 11.2 IKE and Web Certificate Cipher Suites
- PAN-OS 11.2 Decryption Cipher Suites
- PAN-OS 11.2 Administrative Session Cipher Suites
- PAN-OS 11.2 HA1 SSH Cipher Suites
- PAN-OS 11.2 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 11.2 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 11.1 GlobalProtect Cipher Suites
- PAN-OS 11.1 IPSec Cipher Suites
- PAN-OS 11.1 IKE and Web Certificate Cipher Suites
- PAN-OS 11.1 Decryption Cipher Suites
- PAN-OS 11.1 Administrative Session Cipher Suites
- PAN-OS 11.1 HA1 SSH Cipher Suites
- PAN-OS 11.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 11.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 11.0 GlobalProtect Cipher Suites
- PAN-OS 11.0 IPSec Cipher Suites
- PAN-OS 11.0 IKE and Web Certificate Cipher Suites
- PAN-OS 11.0 Decryption Cipher Suites
- PAN-OS 11.0 Administrative Session Cipher Suites
- PAN-OS 11.0 HA1 SSH Cipher Suites
- PAN-OS 11.0 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 11.0 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 10.2 GlobalProtect Cipher Suites
- PAN-OS 10.2 IPSec Cipher Suites
- PAN-OS 10.2 IKE and Web Certificate Cipher Suites
- PAN-OS 10.2 Decryption Cipher Suites
- PAN-OS 10.2 Administrative Session Cipher Suites
- PAN-OS 10.2 HA1 SSH Cipher Suites
- PAN-OS 10.2 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 10.2 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 10.1 GlobalProtect Cipher Suites
- PAN-OS 10.1 IPSec Cipher Suites
- PAN-OS 10.1 IKE and Web Certificate Cipher Suites
- PAN-OS 10.1 Decryption Cipher Suites
- PAN-OS 10.1 Administrative Session Cipher Suites
- PAN-OS 10.1 HA1 SSH Cipher Suites
- PAN-OS 10.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 10.1 Cipher Suites Supported in FIPS-CC Mode
-
- PAN-OS 9.1 GlobalProtect Cipher Suites
- PAN-OS 9.1 IPSec Cipher Suites
- PAN-OS 9.1 IKE and Web Certificate Cipher Suites
- PAN-OS 9.1 Decryption Cipher Suites
- PAN-OS 9.1 Administrative Session Cipher Suites
- PAN-OS 9.1 HA1 SSH Cipher Suites
- PAN-OS 9.1 PAN-OS-to-Panorama Connection Cipher Suites
- PAN-OS 9.1 Cipher Suites Supported in FIPS-CC Mode
- Prisma Access
- Strata Cloud Manager and Panorama Feature Parity
- User-ID Agent
- Terminal Server (TS) Agent
- Strata Logging Service Software Compatibility
- Cortex XDR
- Endpoint Security Manager (ESM)
- IPv6 Support by Feature
- Mobile Network Infrastructure Feature Support
Mobile Network Infrastructure Feature Support
Review the Palo Alto Networks Next-Generation Firewall models and PAN-OS® software
versions that support GTP, SCTP, 5G, PFCP, and RADIUS Security, as well as 3GPP Technical
Standards.
Review the lists of Specific Palo Alto Networks firewall models and PAN-OS® software
versions that support GTP, SCTP, 5G, PFCP, and RADIUS Security, as well as 3GPP
Technical Standards:
- PAN-OS Releases by Model that Support GTP, SCTP, and 5G Security
- PAN-OS Releases by Model that Support Intelligent Security Correlation (PFCP, RADIUS, and GTP)
- 3GPP TS References for GTP Security
- 3GPP TS References for 5G Security
- 3GPP TS References for 5G Multi-Edge Security
- 3GPP TS References for UE-to-IP Address Correlation with PFCP in 4G
PAN-OS Releases by Model that Support GTP, SCTP, and 5G Security
The following table lists which firewall models and PAN-OS software
versions support the following security methods:
- General Packet Radio Service (GPRS) Tunnelling Protocol (GTP) security
- Stream Control Transmission Protocol (SCTP) security
- 5G security
Firewall Model
|
PAN-OS 9.1 (GTP and SCTP)
|
PAN-OS 10.1 (GTP, SCTP, and 5G)
|
PAN-OS 10.2 (GTP, SCTP, and 5G)
|
PAN-OS 11.0 (GTP, SCTP, and 5G)
|
PAN-OS 11.1 (GTP, SCTP, and 5G)
|
PAN-OS 11.2 (GTP, SCTP, and 5G)
|
---|---|---|---|---|---|---|
VM-Series Firewalls
|
√
|
√
|
√
|
√
|
√
|
√
|
CN-Series Firewalls*
|
—
|
√
|
√
|
√
|
√
|
√
|
PA-7500 Firewalls (Standalone only) |
—
|
—
|
—
|
—
|
√
|
√
|
PA-7000 Series Firewalls that use three of the following
cards**:
|
√
|
√
|
√
|
√
|
√
|
√
|
PA-5410, PA-5420, and PA-5430 Firewalls
|
—
|
—
|
√
|
√
|
√
|
√
|
PA-5440 Firewalls
|
—
|
—
|
—
|
√
|
√
|
√
|
PA-5445 Firewalls
|
—
|
—
|
—
|
—
|
√
|
√
|
PA-5450 Firewalls
|
—
|
√
|
√
|
√
|
√
|
√
|
PA-5200 Series Firewalls
|
√
|
√
|
√
|
√
|
√
|
√
|
PA-3430 and PA-3440 Firewalls
|
—
|
—
|
√
|
√
|
√
|
√
|
* CN-Series Daemonset mode supports GTP, SCTP, and 5G security in PAN-OS 10.1 and
later PAN-OS versions. Additionally, CN-Series firewalls running PAN-OS 10.2 and
later PAN-OS versions support GTP, SCTP, and 5G security in both K8s cloud-native
network (CNF) mode and Daemonset mode.
** To verify that your PA-7000 Series firewall is installed with the cards that
support GTP and SCTP, use the show chassis inventory CLI
command. However, it is possible that cards are installed but are not functional
if your firewall does not account for all dependencies. Refer to the PA-7000 Series Firewall Hardware
Reference for installation instructions and to review the
dependencies for each card.
PAN-OS Releases by Model that Support Intelligent Security Correlation (PFCP, RADIUS, and GTP)
The following table lists which firewall models and PAN-OS software
versions support Intelligent Security Correlation:
- Packet Forwarding Control Protocol (PFCP)
- Remote Authentication Dial-In User Service (RADIUS)
- General Packet Radio Service (GPRS) Tunnelling Protocol (GTP)
Firewall Model
|
PAN-OS 11.0 (PFCP* and RADIUS**)
|
PAN-OS 11.1 (PFCP and RADIUS
|
PAN-OS 11.2 (PFCP, RADIUS, and GTP)
|
---|---|---|---|
VM-Series Firewalls
|
√
|
√
|
√
|
CN-Series Firewalls
|
√
|
√
|
√
|
PA-7000 Series Firewalls that use three of the following
cards***:
|
√
|
√
|
√
|
PA-5410, PA-5420, PA-5430, PA-5440, and PA-5450 Firewalls
|
√
|
√
|
√
|
PA-5445 Firewalls
|
—
|
√
|
√
|
PA-5200 Series Firewalls
|
—
|
√
|
√
|
PA-3430 and PA-3440 Firewalls
|
√
|
√
|
√
|
* In PAN-OS 11.0, we support only 4G CUPS architecture for Intelligent
Security with PFCP.
** We support Intelligent Security with RADIUS in PAN-OS 11.0.2 and all
later PAN-OS versions.
*** To verify that your PA-7000 Series firewall is installed with the cards that
support PFCP, RADIUS, and GTP, use the show chassis
inventory CLI command. However, it is possible that cards are
installed but are not functional if your firewall does not account for all
dependencies. Refer to the PA-7000 Series Firewall Hardware
Reference for installation instructions and to review the
dependencies for each card.
3GPP TS References for GTP Security
3GPP TS references for GTP security on firewalls that support GTP
security.
Protocol | 3GPP TS | 3GPP TS Release | |
---|---|---|---|
PAN-OS 10.2
PAN-OS 10.1
|
GTPv2-C
|
29.274
|
Up to 15.2
|
GTPv1-C
|
29.060
|
Up to 15.5.0
| |
GTP-U
|
29.281
|
Up to 15.0.0
| |
—
|
43.129
|
15.0.0
| |
—
|
23.401
|
15.12.0
| |
PAN-OS 9.1
|
GTPv2-C
|
29.274
|
Up to 15.2
|
GTPv1-C
|
29.060
|
Up to 15.1
| |
GTP-U
|
29.281
|
Up to 15.0.0
| |
GTPv1-C
|
29.060
|
Up to 13.4
| |
GTP-U
|
29.281
|
Up to 13.0
|
3GPP TS References for 5G Security
3GPP Technical Standards references for 5G network slice, 5G subscriber ID, and 5G
equipment ID security on firewalls that support GTP security.
- Procedures for the 5G System (5GS)
- 5GS Session Management Services
3GPP TS | 3GPP TS Release | |
---|---|---|
PAN-OS 10.2
PAN-OS 10.1
|
23.502
|
Up to 15.5.0
|
29.502
|
Up to 15.4.0
|
3GPP TS References for 5G Multi-Edge Security
5G Multi-Edge Security supports Packet
Forwarding Control Protocol (PFCP) messages over N4 interfaces for the following
technical specifications in the 3GPP TS release:
- Interface between the Control Plane and the User Plane nodes
3GPP Technical Standards reference for 5G Multi-Edge Security on firewalls that
support 5G MEC Security:
3GPP TS | 3GPP TS Release | |
---|---|---|
PAN-OS 10.2
PAN-OS 10.1
|
29.244
|
Up to 16.5.0
|
3GPP TS References for UE-to-IP Address Correlation with PFCP in 4G
The below table provides the 3GPP Technical Standards reference for firewalls that
leverage User Equipment (UE)-to-IP Address Correlation using the Packet Forwarding
Control Protocol (PFCP) for 4G network traffic.
3GPP TS | 3GPP TS Release | |
---|---|---|
PAN-OS 11.0
|
23.214
|
Up to 16.2.0
|
29.244
|
Up to 16.9.1
|