Mobile Infrastructure Security Features
Focus
Focus

Mobile Infrastructure Security Features

Table of Contents

Mobile Infrastructure Security Features

Learn more about all the new mobile infrastructure security features in PAN-OS 11.1.

Intelligent Security with PFCP for N6 and SGI Use Cases

November 2023
  • Introduced in PAN-OS 11.1.0
As enterprises migrate their networks to 5G, this transition provides the potential for vulnerability to some of the security risks associated with 5G. As an unprecedented number of devices connect to enterprise and government networks, this increases the potential for attacks and other threats.
Intelligent Security (also known as User Equipment to IP address Correlation, or UEIP) helps correlate user equipment (UE) information with IP addresses by mapping the subscriber ID and equipment ID to the IP address associated with traffic from the UE. This helps to ensure consistent policy rule enforcement in your mobile network Security policy. Intelligent Security with PFCP for N6 and SGI deployments now provides enforcement for Security policy rules that are based on:
  • the 5G subscriber ID
  • the 5G equipment ID
  • the 5G network slice ID for a 5G or hybrid (5G and 4G) LTE network
Administrators now have multiple deployment options for correlating IP addresses and user equipment, including on perimeter interfaces (such as N6 for 5G and SGI for a 4G or LTE network).
To support the new deployment options, enable the User Plane with GTP-U encapsulation option if you're using the N1 or S1U interface or disable the option for SGi, N6, or RADIUS deployments. In addition, support for UE-to-IP mapping is now available for the PA-7000b and PA-5450 platforms.
This enables network administrators to extend Zero Trust policy rules for their 5G and 4G networks by consistently verifying all subscribers, equipment, applications, and data based on content and subscriber activity.