Do we still need Gi Firewall for 3G/UMTS/HSPA network ?

• Previous message (by thread): Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
• Next message (by thread): Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Steven,

There seems to be an underlying assumption to your question
- that a firewall exists for Gi traffic only because of the NAT
requirement.  This is not necessarily a safe assumption to make.  The NAT
functionality may be needed to conserve IP space but does not take away from
the importance of protecting the network infrastructure from both the
outside world as well as from the mobiles themselves.

There are caveats to putting firewalls in the Gi path that you have to
consider - such as session count limits and how they play with lots of
small-sized packets. (as you may know, not all mobile applications are
well-behaved).

Miguel

On Thu, Apr 9, 2009 at 11:48 AM, Lee, Steven (NSG Malaysia) <
kin-wei.lee at hp.com> wrote:

> Hi all, in most of the existing 2G/2.5G mobile PS-core (Packet Switch)
> networks have Gi segment (interface between GGSN & IP Router/firewall). Due
> to the IP address constraint, operator usually do NAT on the Gi firewall to
> NAT the private IP to public IP in the past. Looking at the traffic pattern
> and user access behaviour, does it make sense to have firewall between the
> GGSN & Public Internet if the public IP addresses are sufficient to cater
> for mobile subscribers? Especially with 3G/UMTS/HSPA or even LTE in the
> future.
>
> Please share your thought and thanks in advance :)
>
> Regards,
> Steven Lee
>



-- 
--
Miguel de Leon Dimayuga

"For we walk by faith, not by sight."

• Previous message (by thread): Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
• Next message (by thread): Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]