IPsec Security Gateway
Keep your customers’ IP traffic safe as it traverses unsecure networks
Overview
Our IPsec Security Gateway solution helps you avoid security breaches that can lead to costly increases in customer churn.
This 3GPP-compliant solution also provides competitive service differentiation and meets the security requirements of sensitive public sector and mission-critical applications.
Three functions to secure IP traffic
IP traffic is vulnerable to attack whenever it travels across an unsecured or third-party network. Even in secured networks, transport links can be tapped, and insiders pose a risk.
The Nokia 7750 Service Router (SR)-based Security Gateway and Nokia NetGuard Certificate Manager (NCM) provide IP security (IPsec) protection with three essential functions:
- Authentication, which ensures that the sender and receiver are who they say they are
- Integrity, which ensures that the data that is received matches the data that was sent
- Confidentiality, which ensures that no one can read the data as it is being transmitted
Security Gateway
The Security Gateway lets you set up secure tunnels between network endpoints and encrypts traffic so that it can pass safely across these tunnels. It is a feature of the Nokia Service Router Operating System (SR OS) and runs on the 7750 SR platforms.
The Security Gateway is also available as a virtualized network function on the Nokia Virtualized Service Router (VSR) for implementation in a cloud architecture. Both options provide the industry’s highest capacity and throughput.
Certificate management
IPsec requires digital certificates for authentication. Based on a trusted certification authority, NCM manages the entire lifecycle of a digital identity in a standardized and secure way. It simplifies and secures this process by setting up a public key infrastructure (PKI) according to the 3GPP TS 33.210, 33.310 and 33.401 standards.
With NCM, you can ensure the safe authentication of users, devices, applications and systems without the need for tokens, passwords or other non-standardized authentication schemes. Its distributed architecture supports over 100 million active certificate deployments.
Benefits and features
Long in-service lifetime
- High capacity and throughput
- Up to 500,000 IPsec tunnels per 7750 SR chassis
- Up to 960 Gb/s IPsec throughput
- Over 100M certificates supported
Cost effective deployment options
- Runs on virtual or physical hardware platforms
- A variety of form factors to address different capacity requirements
- Supports centralized and distributed deployments
- High scalability and forward compatibility, which ensure a long, stable lifetime in your network
Carrier-grade features
- 7750 SR platform is widely used in global routing networks
- Full suite of advanced routing features
- IPv4 and IPv6 support for deployment flexibility
- Reduced equipment sparing costs and a common management platform when used in a Nokia IP network
High reliability
- Redundant control, switching, power, fans
- Non-stop routing, non-stop services
- Fast convergence
- Multi-chassis stateful synchronization for
geo-redundant backup
Versatility
- Works with RAN, core and transport networks
- Works with any generation RAN (3G, 4G, 5G)
- Works with macro and small cells, femtocells,
carrier Wi-Fi
Resources
Related solutions and products
Solution
Cybersecurity for railways
Secure your railway infrastructure
Solution
Secure Optical Transport
Secure data from intrusion and theft though quantum-safe encryption, key management and intrusion detection
Solution
ViTrust Public Safety
Robust mission-critical mobile broadband services
Solution
XDR Security
Cloud-native Extended Detection and Response platform
Product
NetGuard Audit Compliance Manager
Automate the audit and analysis of all parameters in physical and virtual networks
Product
NetGuard Certificate Lifecycle Manager
Automate the lifecycle management of your security certificates
Learn more about network security

Blog
Exponential potential: enabling networks that sense, think, and act

eBook
Real-time security data monitoring and reporting with Nokia NetGuard Endpoint Detection and Response

Blog
The compromised insider attack challenge – how to detect and respond before they cause harm

Blog
AI/ML unleashes the full potential of 5G-Advanced

Case Study
C-RAN fronthaul case study

Brochure
Advanced Security Testing and Research (ASTaR) Lab
Presentation
Safeguarding security of 5G networks with the ASTaR lab

Blog