Focus
Focus
Table of Contents
End-of-Life (EoL)

5G Security

Topics related to 5G security on supported next-generation firewalls.
You can enable three types of security on supported firewalls to protect 5G networks: network slice security, equipment ID security, and subscriber ID security. Security policy rules and correlation based on 5G network slice, equipment ID, and subscriber ID are supported on:
  • PA-7000 Series firewalls that use the PA-7000-100G-NPC, and the PA-7050-SMC-B card or PA-7080-SMC-B card, and the PA-7000-LFC card (the firewall must use all three cards)
  • PA-5200 Series firewalls
  • VM-700, VM-500, VM-300, and VM-100 firewalls
PAN-OS supports the following HTTP/2 control messages on an N11 interface. From these messages the firewall extracts the identifiers (such as Equipment ID, Subscriber ID, and Network Slice SST) in order to correlate traffic to a specific user at the N3 interface and to match the identifiers to Security policy rules.
  • Nsmf_PDUSession_CreateSMContext Request
  • Nsmf_PDUSession_CreateSMContext Response
  • Nsmf_PDUSession_UpdateSMContext Request
  • Nsmf_PDUSession_UpdateSMContext Response
  • Nsmf_PDUSession_ReleaseSMContext Request
  • Nsmf_PDUSession_ReleaseSMContext Response
  • Namf_Communication_N1N2MessageTransfer Request
  • Namf_Communication_N1N2MessageTransfer Response
Learn about each type of 5G security that you plan to configure: