Billions of subscribers use 4G/LTE mobile networks, often to connect the Internet of Things. Networks require context-aware security to prevent financial and operational risks for service providers and enterprise customers using private 4G networks. Malware that infects User Equipment (UE), including smart phones, tablets, laptops connected via a dongle, and cellular IoT devices, could prevent the UE from accessing the mobile network and could be part of a botnet launching an attack against the mobile network infrastructure.

The impact of such malware to the customer includes battery exhaustion damage to the device, degraded service, excessive billing, and more. The impact to the service provider can include customer churn, help desk calls, billing issues, and excessive use of network resources by compromised subscribers and devices. Detection of these threats in 4G/LTE mobile networks requires identification of compromised equipment; prevention requires the ability to apply network security based on equipment ID, which is an International Mobile Equipment Identity (IMEI).

You can use GTP security to investigate a security event related to a device or equipment in a 4G network when you have the IMEI. You can look at the traffic, threat, URL filtering and WildFire^® logs and reports.

You can also apply network security based on the equipment identity of any device or equipment that is trying to access your 4G network. You can secure such things as:

The following graphic illustrates two 4G deployment options. In the first option, the firewall is on the S11 and S1-U interfaces. S11 is the interface between the MME and SGW; S1-U is the interface between the eNodeB and SGW in the 4G/LTE network. In the second option, the firewall is on the S5/S8 interfaces, which are between the SGW and PGW in the 4G/LTE network.

You can apply the following per equipment ID: application control, Antivirus, Anti-Spyware, URL filtering, intrusion prevention, and advanced threat prevention with WildFire based on an IMEI or a group of IMEIs.

Security policy rules allow you to specify external dynamic lists (EDLs) that can specify IMEIs so that you can dynamically add IMEIs to the rule.

When deciding which firewall model to purchase, consider the total number of 3G, 4G, and 5G network identifiers (Subscriber IDs and Equipment IDs) you need to include as EDL entries or static entries. The table in 5G Equipment ID and Subscriber ID Security provides capacities of EDL entries and static entries for each firewall model.