Secure Mobile Roaming Services

Securing Roaming Partners’ Connectivity for 4G's S8 and 5G's NG8/NG16

Roaming Partners' Connectivity Security Challenges

The growing adoption of massive scale technologies such as IoT, coupled with regulatory and competitive drivers such as the European "Roam Like at Home" directive, drive the need for massive scalability for mobile roaming partners’ connectivity and interoperability.

Throughout the evolution of 4G to 5G networks, GPRS Tunneling Protocol (GTP) and Diameter have been used for roaming partners’ connectivity, authentication, authorization, and accounting. This makes them a potential ideal attack vector in the mobile network.

GTP and Diameter-based attacks on the roaming interfaces in both EPC and 5G-NGC may result in:

  • Accounting/billing manipulation
  • Denial of service (DoS)
  • Connection to restricted core components

 

mobile-carrier-clouds-roaming-fortios-gtp.jpg

FortiGate: The Leading GTP Firewall and Diameter Verification Solution

Providing carrier-grade performance and scalability, FortiGate enables mobile operators to cost-effectively secure their roaming partners’ connectivity against GTP-based attacks. Fortinet's GTP firewall should be placed where GTP traffic and sessions originate and terminate. It inspects both the GTP-C (control plane) and GTP-U (data plane) packets that, together, constitute the GPRS Tunneling Protocol. Fortinet's GTP firewall implementation is carrier grade in its ability to scale and provide high availability (HA) without impacting its ability to provide effective protection.

FortiGate provides Diameter verification via the detection and logging of malformed packets and unexpected Diameter message types, which can be used to analyze traffic and detect and block attacks.


 

file

GTP and Diameter Security Implementation: Physical (PNF) or Virtual Network Function (VNF)

FortiGate’s GTP and Diameter capabilities can be implemented as a PNF with HA and the highest proven scalability. Fortinet’s custom security processors provide hardware acceleration to meet today and tomorrow’s traffic and session volume.

The same capabilities are provided by FortiGate virtual machines (VMs) acting as VNFs. With the industry’s smallest footprint and fastest boot time, they provide a GTP Firewalling and Diameter verification VNF for 4G/4.5G and 5G environments. Dynamic and massive auto scaling is achieved via proven integration with software-defined networking (SDN) and European Telecommunications Standards Institute (ETSI) NFV management and orchestration (MANO) platforms such as Amdocs, Ciena’s Blue Planet, HPE, Ericsson, Nokia, Cisco, more.

file

SDN Integration

Fortinet technology and Fabric-Ready Partner programs ensure SDN integration via Fortinet SDN Connectors and Fortinet APIs (available via the Fortinet Developer Network). These include integration with Nuage Networks, Cisco ACI, and VMware NSX.