Many types of firewalls are often categorized by system protection, form factor, network placement, and data filtering method. Regarding 5G, Firewalls protect different network layers — especially in the Service-Based Architecture (SBA) of 5G Core.
This includes:
- Perimeter Firewall (Traditional Role)
It protects 5G infrastructure from external threats and is deployed at the edge of the operator’s core network. It works similarly to legacy firewalls but must handle new protocols and high-throughput traffic. - Service-Based Architecture (SBA) Firewall
Unique to 5G Core networks as the SBA uses HTTP/2 and REST APIs to allow Network Functions (NFs) to talk to each other (e.g., AMF, SMF, PCF). Firewalls must understand and filter service-based messages, not just ports or IPs and may use application-aware firewalls or API gateways to inspect/control traffic between network functions. - User Plane Firewall (UPF-Level)
Deployed at the User Plane Function level — handles the actual user data traffic and filters malicious or unauthorized data traffic from devices or external services. It’s the key to detecting DDoS, malware, or botnet activity originating from user devices. - Inter-Slice Firewall “Advanced”
5G introduces network slicing — logically isolated virtual networks for specific use cases (e.g., autonomous cars, healthcare). Firewalls enforce security boundaries between slices, preventing lateral movement or data leakage.
5G Firewall Main Challenges
There are many challenges like
- Encryption: With widespread encryption (TLS 1.3, HTTPS), firewalls need smarter inspection without breaking privacy.
- Cloud-Native Design: Firewalls must work in containerized, orchestrated environments (e.g., Kubernetes).
- Zero Trust Models: Each network function or slice needs identity-based access control.
- API Security: Since most 5G Core comms happen over APIs, protecting APIs is a top priority.
The leading vendor focuses on UserPlane, which includes voice, video, internet access, etc. Due to its sheer volume and direct access to the Internet or external services, it’s exposed to a lot of risk. ControlPlane includes signaling and management functions between network nodes (e.g., AMF, SMF, PCF, etc.). This plane is crucial—if compromised, the attacker could disrupt calls, internet sessions, or mobility.