: Intelligent Security and the UEIP Database
Focus
Focus

Intelligent Security and the UEIP Database

Table of Contents

Intelligent Security and the UEIP Database

Learn about the UEIP database that Intelligent Security uses for correlating IP addresses and user equipment.
Mobile network administrators use identifiers to create zero trust policies that apply to each subscriber, equipment, application and piece of data in 5G and 4G/ LTE networks. These identifiers include the following:
  • Subscriber ID, also known as the International Mobile Subscriber Identity (IMSI)
  • 5G Subscriber Permanent Identifier (SUPI)
  • Equipment ID, also known as International Mobile Equipment Identity (IMEI)
  • Permanent Equipment Identifier (PEI)
For example, administrators may want to create security policy for the following use cases:
  • To apply subscriber and equipment identity-based security in an enterprise 5G network
  • To apply advanced L7 security control for critical infrastructure equipment connected to 5G networks
  • To allow a service provider to offer advanced threat prevention service to its enterprise 5G customers
Intelligent Security correlates user equipment (UE) information with IP addresses by mapping the 5G or 4G subscriber, 5G or 4G equipment, and 5G network slice to the IP address associated with traffic from the UE, ensuring consistent security policy enforcement in your mobile network.
The firewall obtains the UE-to-IP address mappings and adds them to a database on the firewall, which it queries for the correlated mobile user information to enforce security policy. The firewall supports multiple sources to obtain the UE-to-IP address mappings, including PFCP and RADIUS.
  • To view the UE-to-IP address mappings, use the following CLI command: show ueip all
    For this command, the source (src) can be gtp,pfcp or radius, depending on the deployment type.
  • To view other information about the UEIP database (such as timeout or the maximum number of entries), use the following command: show ueip info
  • To view the number of active unique IMSIs, use the following CLI command: show ueip active-imsi
  • To change the timeout, use the following CLI command (where value is the number of minutes): set ueip timeout <value>
    For this command, the range is 1—1440 minutes and the default value is 1440.