A.2 Filtering routers and firewalls

33.2103GPPIP network layer securityNetwork Domain Security (NDS)Release 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

In order to strengthen the security for IP based networks, border gateways and access routers would normally use packet filtering strategies to prevent certain types of traffic to pass in or out of the network. Similarly, firewalls are used as an additional measure to prevent certain types of accesses towards the network.

The rationale behind the application of packet filters and firewalls could be found in the security policy of the network operator. Preferably, the security policy would be an integral part of the network management strategy as a whole.

While network operators are strongly encouraged to use filtering routers and firewalls, the usage, implementation and security policies associated with these are considered outside the scope of this document.

Simple filtering may be needed before the Security Gateway (SEG) functionality. The filtering policy allosw key protocols such as DNS and NTP to pass. This will include traffic over the Za interface from IKEv2 and IPsec ESP in tunnel mode. Unsolicited traffic is rejected.