5G Security
Topics related to 5G security on supported next-generation
firewalls.
You can enable three types of security
on supported firewalls to protect 5G networks: network slice security,
equipment ID security, and subscriber ID security. Security policy
rules and correlation based on 5G network slice, equipment ID, and
subscriber ID are supported on:
- PA-7000 Series firewalls that use the PA-7000-100G-NPC,
and the PA-7050-SMC-B card or PA-7080-SMC-B card, and the PA-7000-LFC
card (the firewall must use all three cards)
- PA-5200 Series firewalls
- VM-700, VM-500, VM-300, and VM-100 firewalls
PAN-OS supports the following HTTP/2 control messages on an N11
interface. From these messages the firewall extracts the identifiers
(such as Equipment ID, Subscriber ID, and Network Slice SST) in
order to correlate traffic to a specific user at the N3 interface
and to match the identifiers to Security policy rules.
- Nsmf_PDUSession_CreateSMContext Request
- Nsmf_PDUSession_CreateSMContext Response
- Nsmf_PDUSession_UpdateSMContext Request
- Nsmf_PDUSession_UpdateSMContext Response
- Nsmf_PDUSession_ReleaseSMContext Request
- Nsmf_PDUSession_ReleaseSMContext Response
- Namf_Communication_N1N2MessageTransfer Request
- Namf_Communication_N1N2MessageTransfer Response
Learn about each type of 5G security that you plan to configure: