Manage Prisma SASE 5G
Table of Contents
Manage Prisma SASE 5G
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The SASE 5G solution extends the Prisma Access security capabilities to 5G
networks, enabling service providers to offer comprehensive Zero Trust security for
enterprise data over 5G-connected devices. To integrate security with 5G core networks,
SASE 5G uses Prisma Access to provide agentless security
services for 5G-connected devices.
The Prisma SASE 5G solution helps deliver managed SASE services for both large
enterprises and midmarket customers, supporting secure internet access, remote access,
SaaS security, and private app security use cases. This solution integrates with 5G
network authentication and authorization mechanisms, enabling you to orchestrate
Security policy rules based on the International Mobile Equipment Identity (IMEI),
International Mobile Subscriber Identity (IMSI), and Access Point Name (APN) using the
5G endpoint's SIM card. This integration allows for seamless security enforcement across
5G networks, including roaming scenarios.
Prisma Access secures 5G traffic using a Security Processing Node (SPN).
After 5G traffic enters the SPN, Prisma Access identifies the traffic based on IMEI,
IMSI, and APN, synchronizes the mobile users' identity using the Cloud Identity Engine, and authenticates the
users' 5G devices using RADIUS. Using Palo Alto Networks Security policy rules, you can
write policy rules based on users and user groups to allow and deny traffic for both
private and public apps. You can also use Advanced Threat Prevention, Advanced URL Filtering, Advanced WildFire, and other advanced security capabilities
that integrate with Prisma Access to make sure that access to your private and
public apps are secure.
Prisma SASE 5G separates traffic into a control plane and a data plane.
- The Data Plane uses the backbone to establish connectivity between the 5G
network and Prisma Access. This backbone enables egress traffic forwarding to
Prisma Access, where you can use Security policy rules to enforce security
before egressing the traffic to public and private apps.You can use either your service provider's backbone (interconnect) or specify traffic to use either your interconnect or the Prisma Access backbone in a hybrid backbone deployment. You select the egress method when you configure Prisma SASE 5G in the Prisma Access web interface.
- The Control Plane manages authentication and authorization from the 5G Network, using RADIUS authentication based on IMEI, IMSI, and APN credentials from the 5G Network.