Feature Description

The Firewall feature in UPF inspects subscriber traffic and performs IP session-based access control of individual subscriber sessions to protect the subscribers from malicious security attacks. UPF supports the TCP Idle Timeout action to drop the subscriber flow or send reset on TCP timeout expiry.

The firewall configuration allows the system to inspect each packet of the subscriber data session. It also evaluates the security threat and applies the policies configured on uplink and downlink traffic. Firewall supports validation at per flow-level and per packet.

The Firewall feature supports the following functionality:

  • Protection against DoS and DDoS attacks

  • Application-level Gateway

  • Stateful Packet Inspection and Filtering

  • Stateless Packet Inspection and Filtering

  • SNMP Thresholding