Security Virtual Network Functions (VNFs)

Consolidated Security VNF Across 4G and 5G Infrastructure

From Physical (4G) to Hybrid (4.5G) to Virtual (5G) Mobile Infrastructure Security

5G aims to provide a flexible platform to integrate vertical industries and a wide range of services and applications such as autonomous driving, robotics, augmented and virtual reality, remote healthcare, and more. For such services and use cases, security technology and architecture must be natively integrated into the overall hybrid and virtual architecture to appropriate internal and external security services.

From 4G to 5G, the evolution of mobile telecommunications technology and services are driven by evolution in architecture and component technology. A true evolution to 5G must be achieved by pursuing both continued technological evolution built upon the existing LTE/LTE-A and a completely new revolution of technology. This evolution consists of two fundamental technological enablers:

  • Virtual network functions (VNFs), as well as software-defined, programmable network functions and infrastructure resources.
  • Domain and multi-domain management and orchestration: management and network orchestration (MANO).

As mobile operators evolve their infrastructures from 4G to 5G, the security technology and implementation must also evolve, as shown below:

 

4G Security Implementation          

  • Static and centralized architecture
  • Physical network functions (PNFs)
  • Scalability via hardware/ASICs

4.5G/LTE-A Security Implementation

  • Semi-dynamic hybrid ecosystem
  • More distributed architecture
  • Hybrid security infrastructure (PNFs and VNFs)
  • Integration with SDN and orchestration
  • Added dynamic/on-demand scalability

5G Security Implementation          

  • Highly distributed, virtual ecosystem (VNFs)
  • Strong SDN and orchestration integration
  • Embedded with core services (e.g., network slicing and mobile edge computing)
  • Dynamic/on-demand scalability
  • Network slices increasing the attack surface 

 

Fortinet and European Telecommunications Standards Institute's (ETSI'S) Network Function Virtualizat

For core functionality and service delivery, migration to 5G infrastructure will rely on ETSI's NFV architecture to domain and sub-domain service delivery, management, and orchestration. The following diagram outlines Fortinet's integration within the ETSI architecture:

mobile-carrier-diagrams-etsi-nfv-architecture.jpg

A Wide Range of Security VNFs

Fortinet VNFs provide a rich set of security functions for hybrid and virtual mobile infrastructure as the examples outlined below:

VNF Name

Security Functions

Areas of Implementation

FortiGate-VM

NGFW, UTM, CG-NAT, SCTP and GTP firewalling, Diameter verification, SecGW, SIP application layer gateway (ALG)

EPC/5G-NGC to UDP connectivity (e.g., Internet, IMS, third-party partners), roaming interface, RAN to EPC/5G-NGC, edge cloud (MEC)

FortiWeb-VM

Web application firewall

Secure web applications in Telco cloud, edge cloud (MEC), and third-party clouds. Web application security managed services

FortiMail-VM

Secure email gateway

Email security managed services

FortiSandbox-VM

Advanced threat detection and mitigation

ATP managed security services

FortiManager-VM

Network/element manager

Operator's SOC/NOC, NFV element manager

FortiAnalyzer-VM

Log management and analytics

Operator's SOC/NOC

FortiSIEM-VM

NOC/SOC SIEM and analytics

Operator's SOC/NOC

Our VNFs support all modern acceleration technologies, such as Data Plane Development Kit (DPDK), single root I/O virtualization SR-IOV, and Advanced Encryption Standard New Instructions (AES-NI). Plus, they have the smallest VNF footprint available, booting within seconds and delivering storage efficiencies for maximum performance.

Integration with VNF MANO

All Fortinet VNFs have demonstrated deep integration within life cycle operations, allowing communication service providers (CSPs) to confidently deliver security as a service to their customers and within their networks. Fortinet's VNFs span all major NFVIs, major MANOs, and major public cloud providers. Through Fortinet Technology Partners and Fabric-Ready Partner programs, our customers have a wide choice of already-integrated security VNFs within their Network Exposure Function (NEF) and operational ecosystems. Vendors include Amdocs, Cisco, Ciena, Ericsson, Cloudify, Nokia, Cisco, Ubiqube, Rift.io, VMware, and more. This flexible and rich ecosystem of integrated partners reduces cost and increases time-to-market to deliver dynamic, on-demand and zero-touch security services to the CSP's internal network or to its customers as a form of managed service.