* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/)
* 5G Network Slicing: The C...

# 5G Network Slicing: The Catalyst for a Secure, Virtualized EPC

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F05%2F5g-network-slicing-catalyst-secure-virtualized-epc%2F)  
[](https://twitter.com/share?text=5G+Network+Slicing%3A+The+Catalyst+for+a+Secure%2C+Virtualized+EPC&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F05%2F5g-network-slicing-catalyst-secure-virtualized-epc%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F05%2F5g-network-slicing-catalyst-secure-virtualized-epc%2F&title=5G+Network+Slicing%3A+The+Catalyst+for+a+Secure%2C+Virtualized+EPC&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2017/05/5g-network-slicing-catalyst-secure-virtualized-epc/&ts=markdown)  
\[\](mailto:?subject=5G Network Slicing: The Catalyst for a Secure, Virtualized EPC)  
Link copied  
By [Steve Regini](https://www.paloaltonetworks.com/blog/author/steve-regini/?ts=markdown "Posts by Steve Regini")  
May 30, 2017  
4 minutes  
[Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)  
[EPC](https://www.paloaltonetworks.com/blog/tag/epc/?ts=markdown)  
[Mobility](https://www.paloaltonetworks.com/blog/tag/mobility/?ts=markdown)  
[next-generation 5G](https://www.paloaltonetworks.com/blog/tag/next-generation-5g/?ts=markdown)

Next-generation 5G networks and the theoretical delivery of 10 Gbs bandwidth to every user make for an exciting proposition -- one that mobile network operators (MNO) are actively discussing and, in many cases, trialing or even marketing. But the promise of more bandwidth alone will not attract all existing dedicated network services and proposed new services to a shared, best-effort model. These services require not only performance but also guaranteed availability, privacy and security (services such as connected car, first responder, enterprise, niche IoT and more to come).

Enter the concept of 5G network slicing -- creating virtualized, dedicated service layers for RAN, EPC and switching. Where infrastructure is shared, network functions are virtualized, orchestration logically slices the network per service, and SDN segments traffic and dynamically reroutes based on overload or outage.

And there's more. With 5G network slicing and the NFV ecosystem that enables it, MNOs can realize a fully virtualized EPC and, at the same time, provide for stronger, preventive security posture. Here's how:

Historically, migrating "big iron" networking elements and interfaces within the EPC to virtual network functions (VNFs) has been problematic due to the inherent limitations of typical VNF throughputs. This has also proven to be a challenge for network security elements guarding the EPCs, such as legacy ACLs, port-based firewalls, point security solutions and unified threat management.

These legacy solutions are being replaced by next-generation firewalls and security platforms that provide application-layer inspection and advanced threat prevention. This is a necessary step for MNOs to address the evolving mobile threat landscape. Because of the way existing 4G networks are architected, however, improving the security posture of these interfaces still runs up against the same VNF throughput challenges previously discussed. As an example, virtualizing an all-in-one 500 Gbps SGi firewall requires load balancing and orchestration across several VNFs just to replace existing port-based security functions. Additionally, there is a need to evolve to next-generation solutions where throughputs are no longer simply line-rate.

By dedicating "slices" in 5G end-to-end across the network, we can establish more granular VNF deployments -- RAN and SGi security interfaces dedicated to specific service and application offerings. For example, instead of one monolithic Gi security interface, we can have a network security segment dedicated to a particular IoT solution, enterprise offering or emergency responder network, each with varying SLAs on performance, redundancy and privacy. This same network slice is extended across the architecture with equivalent RAN-side security slicing per service, as well as roaming-side security slicing. Here, MNOs can implement Next-Generation Security Platform deployments looking across all applications and ports, inspecting content and leveraging decryption capabilities as necessary for dedicated services, all without exhausting VNF capacities. In doing so, they can achieve stronger security posture without exhausting throughput or requiring highly complex load-balancing schemata.

Network slicing has introduced the missing link in the full circle of virtualized security in the EPC -- the ability to segment advanced security to dedicated services. Palo Alto Networks Next-Generation Security Platform includes innovations in the areas of GTP-U content inspection and threat prevention, full application-level SGi inspection and threat prevention, and IoT innovations for application-based security, all of which now fit into VNF footprints with growing throughput capacities (for example, PAN-OS 8.0, [VM-700](https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/virtualization-features/vm-series-firewall-performance-enhancements?ts=markdown) 16 Gbps for full application visibility).

Incorporating these capabilities into a virtually segmented services architecture like 5G network slicing allows dedication of the security VNF and replacement of legacy hardware that would otherwise lead to complex load-balancing architectures. This, in turn, enables virtualized security interfaces into the EPC, which has been one of today's gating factors to full EPC virtualization.

**[Learn more about the Palo Alto Networks VM-Series Firewall Performance Enhancements.](https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/virtualization-features/vm-series-firewall-performance-enhancements?ts=markdown)**

*** ** * ** ***

[**Register for Ignite '17 Security Conference**](http://go.paloaltonetworks.com/ignite2017)  
*Vancouver, BC June 12--15, 2017*

Ignite '17 Security Conference is a live, four-day conference designed for today's security professionals. Hear from innovators and experts, gain real-world skills through hands-on sessions and interactive workshops, and find out how breach prevention is changing the security industry. Visit the [Ignite website](http://www.paloaltonetworksignite.com/) for more information on tracks, workshops and marquee sessions.

*** ** * ** ***

## Related Blogs

### [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Automate Visibility and Harness the Power](https://www.paloaltonetworks.com/blog/2017/11/sp-automate-visibility-harness-power/)

### [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Secure Mobile Roaming: Just in Time to "Roam Like at Home"](https://www.paloaltonetworks.com/blog/2017/10/sp-secure-mobile-roaming-just-time-roam-like-home/)

### [IoT](https://www.paloaltonetworks.com/blog/category/iot/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Let's Prevent 5G "Boundless Connectivity" From Providing "Boundless Opportunity" for Cybercriminals](https://www.paloaltonetworks.com/blog/2017/07/sp-lets-prevent-5g-boundless-connectivity-providing-boundless-opportunity-cybercriminals/)

### [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Boundless Connectivity: Security in the Mobile Ecosystem](https://www.paloaltonetworks.com/blog/2017/07/sp-boundless-connectivity-security-mobile-ecosystem/)

### [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### MNOs Want Better Security: Achieving Threat Prevention in a Hyper-Connected 5G Environment](https://www.paloaltonetworks.com/blog/2017/06/sp-mnos-want-better-security-achieving-threat-prevention-hyper-connected-5g-environment/)

### [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Prisma Cloud Expands Runtime Protection to Azure Serverless Functions](https://www.paloaltonetworks.com/blog/cloud-security/azure-serverless/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language