>
    Configure 5G for a Cellular Interface
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Configure Interfaces
    4. Cellular Interfaces
    5. Configure 5G for a Cellular Interface
    Download PDF

    Configure 5G for a Cellular Interface

    Table of Contents

    Configure 5G for a Cellular Interface

    Learn how to configure a cellular interface for 5G.
    You can enable 4G/5G capability using the PA-415-5G, which contains an integrated 5G module. This configuration provides an interface for a primary internet connection or for redundancy as a link through the cellular interface.
    The 5G module requires PAN-OS version 11.1 or later versions.
    Configuring a 5G cellular interface provides data connectivity using the 5G mobile network. If the 5G network is unavailable, the firewall automatically switches to the 4G or 3G network.
    On initialization, the modem is active and the radio option isn't enabled by default. If one or more SIM cards are available and you enable the radio option, the firewall attempts to establish a packet session using the SIM card that you configure in the APN profile for the primary SIM slot.
    If there is no custom APN profile, the firewall uses the
    auto
     APN profile.
    To Upgrade 5G Firmware, download the firmware updates from the Customer Support Portal and install them on the firewall.
    The 5G cellular interface supports the following capabilities:
    • Routing (including BGP, BFD, and static routes)
      The 5G cellular interface supports load balancing with weighted round-robin. The legacy routing stack does not support BGP on the dynamic IP interface; as an alternative, use the loopback interface.
    • IPv4
    • Layer 3 interfaces
    • Layer 2 encapsulation
    • Tunneling and VPN (including IKE, IPSec, and GRE)
      The 5G cellular interface supports GRE using the loopback interface.
    • NAT
    • PBF
      The 5G cellular interface does not support symmetric return.
    • Zones and Zone Protection profiles
    • DoS Protection policy
    • Tunnel inspection
    • Service routes using loopback interfaces
    • HA active/passive (session sync and session continuity are not supported)
    The 5G cellular interface does not support the following capabilities:
    • IPv6
    • ECMP
    • Multi-vsys
    • HA active/active
    • Jumbo frame
    • OSPF
    • SD-WAN
    • Multicast or ACL offloading
    1. Create an Access Point Name (APN) profile.
      You must configure the APN profile correctly to enable internet access. The APN profile defines the network or networks that the device is permitted to access and determines whether the device receives a dynamic or static IP address. To allow access to data services, some mobile virtual network operators (MVNOs) require a separate APN profile in addition to the APN profile for the network carrier. Based on the carrier, you may also need to enable additional security measures to restrict the APN to authenticated users.
    2. Configure dynamic NAT Security policy rules using dynamic IP addresses to allow the 5G traffic.
    3. Configure a cellular interface.
      1. Select
        Network
        Interfaces
        Cellular
        .
        For Panorama, select
        Network
        . Select the template you want to use, then select
        Interfaces
        Cellular
        . You can add a configuration for a device using a template and then apply that template to other devices.
      2. (Panorama only) Select the
        Slot
        .
        Select
        Slot 1
         for a non-chassis model.
      3. Select the
        Interface Name
         you want to use.
      4. (Optional) Enter a
        Comment
         to describe the interface.
      5. Select a
        Netflow Profile
         or create a
        New Netflow Profile
        .
    4. Configure the 5G connection.
      1. On the
        Config
         tab, select the
        Virtual Router
         where you want to assign the interface or create a
        New Virtual Router
        .
      2. Select the
        Logical Router
         where you want to assign the interface or create a
        New Logical Router
        .
      3. Select the
        Security Zone
         or create a
        New Zone
        .
      4. Select the modem
        Radio
         setting.
        This option allows you to reset the radio settings during troubleshooting.
        To enable the GPS option, you must enable the
        Radio
         option as well as the
        GPS
         option.
        • Off
          —(Default value) Disables the radio setting and the cellular interface.
        • On
          —Enables the radio setting and the cellular interface.
      5. Select the
        GPS
         setting.
        • Off
          —(Default value) Disables the GPS setting.
        • On
          —Enables the GPS setting.
      6. Select the
        Primary SIM Slot
        .
        By default, the firewall uses the card in slot 1 (
        SIM1
        ) to attempt connectivity with the network. If you configure a second SIM slot, the firewall automatically attempts connectivity with the network using the secondary SIM if connectivity using the primary SIM is not successful. You can optionally configure the second slot (SIM2) as the
        Primary SIM Slot
        .
    5. Configure the IPv4 settings.
      1. On the
        IPv4
         tab, select whether you want to
        Automatically create default route pointing to network provided default gateway
        .
        This option is enabled by default and creates a default route to the default gateway provided by the network.
      2. Specify the
        Default Route Metric
        .
        The default is 10; the range is 1—65535.
    6. On the
      Advanced
       tab, select the
      Link State
      .
      • auto
        —The interface is available only if there is a peer connection.
      • up
        —The interface is available.
      • down
        —The interface isn't available.
    7. Configure the SIM settings.
      1. Add
         the
        SIM Settings
        .
      2. Specify the
        Slot
        .
        Only one SIM slot can be active at a time. By default,
        SIM1
         is the active SIM slot. The modem uses this SIM to search for network connectivity. If the firewall can't establish a session within 5 minutes, it attempts to establish the session using the alternate SIM slot.
      3. To require a PIN to prevent unauthorized use of the SIM slots, enter a
        Pin
        , then
        Confirm Pin
        .
        You can also require a PIN to access the SIM; for more information, see step 16.
      4. Select the
        APN Profile
        .
        Specify the APN profile that you want the SIM card to use by default. The SIM slot uses this APN profile unless you override it with a custom APN profile. If you don't specify an APN profile, the firewall uses the default
        auto
         APN profile. If you need to specify a custom APN profile, you can do so in step 8.a
      5. Click
        OK
        .
    8. Define the
      APN Profile
      .
      1. Add
         the default
        APN Profile
        .
        If necessary, override the default APN profile for the specified slot by selecting an APN profile.
      2. Select the
        Authentication Type
         for the connection to the APN.
        • None
          —(Default) The firewall does not require authentication for the connection to the APN.
        • CHAP
          —Use Challenge Handshake Authentication Protocol (CHAP) to connect to the APN.
        • PAP
          —Use Password Authentication Protocol (PAP) to connect to the APN.
        • auto
          —Allow the firewall to automatically detect the authentication type based on the service provider. If the connection to the initial authentication type isn't successful, the firewall attempts the connection with the alternate authentication type.
      3. Enter the
        APN
        .
      4. Enter the
        Username
        .
      5. Enter the
        Password
         then
        Confirm Password
        .
      6. Click
        OK
        .
    9. Configure additional information, such as maximum transmission units (MTU), based on your network requirements.
      1. Select the
        Other Info
         tab.
      2. Select a
        Management Profile
        .
      3. Specify the
        MTU
         in bytes.
        The default value is 1428 bytes; the range is 576—1500 bytes.
      4. If you want to adjust the packet size due to latency, you can
        Adjust TCP MSS
         to configure the Maximum Segment Size and specify the
        IPv4 MSS Adjustment
         value.
        The default is 40; the range is 40—300.
      5. Click
        OK
        .
    10. Commit
       your changes.
      You must commit your changes, ensure the interface is enabled, and that connectivity is successful before the following information is available on the firewall or Panorama.
    11. Use widgets to monitor your cellular interface.
      1. Select
        Dashboard
        Widgets
        System
        Cellular Interfaces
        .
      2. View information about the cellular interface, such as the signal strength. To view more information, hover over the icon.
      3. Select
        Dashboard
        Widgets
        System
        Interfaces
        .
        The cellular interface, along with your other configured interfaces, displays in the widget. To view more information, hover over the icon.
    12. Verify your configuration's operational information is correct.
      To view the statistics and operational information using Panorama, first select the device, then select the information you want to view.
      1. Select the cellular interface you configured then click
        More Info
        Operational
        .
      2. Select
        Show Modem Info
         to verify the modem information (such as IMEI and FSN).
      3. Select
        Show SIM Info
         to verify the SIM information, such as the number of SIM cards and their IMSI numbers.
      4. Select
        Show Network Access Info
         to verify the network access information (for example, frequency band and cell ID).
      5. Select
        Show Location Info
         to verify the GPS information, such as status, latitude, and longitude.
        You must enable GPS to view this information.
    13. View information about activity on the cellular interface.
      1. Select the cellular interface you configured then click
        More Info
        Statistics
        .
      2. Select
        Show Signal Info
         to view the signal information (such as RSSI and RSRP).
      3. Select
        Show Traffic Info
         to view the traffic information, such as bytes, drops, errors, and overflows for receiving and transmitting.
      4. Select
        Show Misc Info
         to view other information including the number of modem and radio resets, switchovers, and network disconnects.
    14. Monitor information about the current session on the cellular interface.
      1. Select the
        IP runtime info
         for the cellular interface.
      2. View the
        Data Session Details
         such as IP address, gateway info, and primary and secondary DNS interfaces.
      3. (Panorama only) If you use Panorama, you can view the cellular interface by selecting
        Panorama
        Managed Devices
        Summary
        .
    15. View the firmware information for the interface.
      1. Select the
        Running Firmware
         for the cellular interface.
      2. View the
        Firmware Details
         including current version, primary rate interface (PRI) version, and a list of PRIs with their respective firmware versions, PRI versions, and carriers.
    16. (Recommended) For additional security, enable a PIN for your SIM card.
      The SIM PIN prevents unauthorized use of SIM cards. If you enable a SIM PIN, the SIM requires you to enter the PIN code to unlock the SIM for the modem to access the cellular network and start data sessions.
      After three unsuccessful attempts to unlock the SIM, the SIM is inaccessible until you enter a Personal Unblock Key (PUK). When the active SIM is inaccessible, an automatic switchover to a secondary SIM, if present, occurs. For more information, see step 17.
      1. Configure
         a
        SIM PIN
        .
      2. Ensure that you
        Enable
         the PIN as the
        SIM PIN Operation
        .
      3. Select the
        SIM Slot
         that contains the SIM card where you want to enable the PIN.
      4. Enter the
        PIN
         and click
        Configure
        .
    17. If you enabled the SIM PIN, manage SIM PIN operations.
      You must enable a SIM PIN before you can configure a new PIN, disable the PIN, or unblock the PIN.
      • To disable the SIM PIN, select
        Disable
         as the
        SIM PIN Operation
        , confirm the
        SIM Slot
        , enter the
        PIN
        , and click
        Configure
        .
      • To configure a new PIN, select
        Change
         as the
        SIM PIN Operation
        , confirm the
        SIM Slot
        , enter the
        PIN
         and the
        New PIN
        , and click
        Configure
        .
      • To unblock a PIN, select
        Unblock
         as the
        SIM PIN Operation
        , confirm the
        SIM Slot
        , enter the
        New PIN
         and the Personal Unblock Key (
        PUK
        ), and click
        Configure
        .
    18. To switch from the active SIM card to a different SIM card, complete the following steps.
      1. Select
        Network
        Interfaces
        Cellular
        .
      2. Click
        Switchover
        .
      3. Confirm
         that you want to switch the current SIM card.
      4. Close
         the notification window that displays to confirm the SIM card change.
      5. After the SIM card change completes (around 40-60 seconds), verify the change using the Dashboard widget (see step 11.c).

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.