Expand all | Collapse all
End-of-Life (EoL)
5G Security
Topics related to 5G security on supported next-generation
firewalls.
You can enable three types of security
on supported firewalls to protect 5G networks: network slice security,
equipment ID security, and subscriber ID security. Security policy
rules and correlation based on 5G network slice, equipment ID, and
subscriber ID are supported on:
PA-7000 Series firewalls that use the PA-7000-100G-NPC,
and the PA-7050-SMC-B card or PA-7080-SMC-B card, and the PA-7000-LFC
card (the firewall must use all three cards)
PA-5200 Series firewalls
VM-700, VM-500, VM-300, and VM-100 firewalls
PAN-OS supports the following HTTP/2 control messages on an N11
interface. From these messages the firewall extracts the identifiers
(such as Equipment ID, Subscriber ID, and Network Slice SST) in
order to correlate traffic to a specific user at the N3 interface and
to match the identifiers to Security policy rules.
Nsmf_PDUSession_CreateSMContext Request
Nsmf_PDUSession_CreateSMContext Response
Nsmf_PDUSession_UpdateSMContext Request
Nsmf_PDUSession_UpdateSMContext Response
Nsmf_PDUSession_ReleaseSMContext Request
Nsmf_PDUSession_ReleaseSMContext Response
Namf_Communication_N1N2MessageTransfer Request
Namf_Communication_N1N2MessageTransfer Response
Learn about each type of 5G security that you plan to configure: