IPsec Security Gateway
Keep your customers’ IP traffic safe as it traverses unsecure networks
Overview
Our IPsec Security Gateway solution helps you avoid security breaches that can lead to costly increases in customer churn.
This 3GPP-compliant solution also provides competitive service differentiation and meets the security requirements of sensitive public sector and mission-critical applications.
Three functions to secure IP traffic
IP traffic is vulnerable to attack whenever it travels across an unsecured or third-party network. Even in secured networks, transport links can be tapped, and insiders pose a risk.
The Nokia 7750 Service Router (SR)-based Security Gateway and Nokia NetGuard Certificate Manager (NCM) provide IP security (IPsec) protection with three essential functions:
- Authentication, which ensures that the sender and receiver are who they say they are
- Integrity, which ensures that the data that is received matches the data that was sent
- Confidentiality, which ensures that no one can read the data as it is being transmitted
Security Gateway
The Security Gateway lets you set up secure tunnels between network endpoints and encrypts traffic so that it can pass safely across these tunnels. It is a feature of the Nokia Service Router Operating System (SR OS) and runs on the 7750 SR platforms.
The Security Gateway is also available as a virtualized network function on the Nokia Virtualized Service Router (VSR) for implementation in a cloud architecture. Both options provide the industry’s highest capacity and throughput.
Certificate management
IPsec requires digital certificates for authentication. Based on a trusted certification authority, NCM manages the entire lifecycle of a digital identity in a standardized and secure way. It simplifies and secures this process by setting up a public key infrastructure (PKI) according to the 3GPP TS 33.210, 33.310 and 33.401 standards.
With NCM, you can ensure the safe authentication of users, devices, applications and systems without the need for tokens, passwords or other non-standardized authentication schemes. Its distributed architecture supports over 100 million active certificate deployments.
Benefits and features
Long in-service lifetime
- High capacity and throughput
- Up to 500,000 IPsec tunnels per 7750 SR chassis
- Up to 960 Gb/s IPsec throughput
- Over 100M certificates supported
Cost effective deployment options
- Runs on virtual or physical hardware platforms
- A variety of form factors to address different capacity requirements
- Supports centralized and distributed deployments
- High scalability and forward compatibility, which ensure a long, stable lifetime in your network
Carrier-grade features
- 7750 SR platform is widely used in global routing networks
- Full suite of advanced routing features
- IPv4 and IPv6 support for deployment flexibility
- Reduced equipment sparing costs and a common management platform when used in a Nokia IP network
High reliability
- Redundant control, switching, power, fans
- Non-stop routing, non-stop services
- Fast convergence
- Multi-chassis stateful synchronization for
geo-redundant backup
Versatility
- Works with RAN, core and transport networks
- Works with any generation RAN (3G, 4G, 5G)
- Works with macro and small cells, femtocells,
carrier Wi-Fi
Resources
Related solutions and products
Solution
Cybersecurity for railways
Secure your railway infrastructure
Solution
Quantum-safe optical networking
Secure data from intrusion and theft though quantum-safe encryption, key management and intrusion detection
Solution
XDR Security
Cloud-native Extended Detection and Response platform
Product
7750 Defender Mitigation System
A next-generation platform for DDoS mitigation
Product
NetGuard Audit Compliance Manager
Automate the audit and analysis of all parameters in physical and virtual networks
Product
NetGuard Certificate Lifecycle Manager
Automate the lifecycle management of your security certificates
Learn more about network security
Research
The evolution of CSPs’ cybersecurity posture survey

Blog
Autonomous Operations - is it time for a new Network Operating System?

Data Sheet
7750 Defender Mitigation System
Video
NetGuard Cybersecurity Dome Demo Explainer
Video
Securing telecom networks in a 5G era

Blog
Enhancing critical networks’ cybersecurity with XDR

White paper
Security in the quantum era

Blog
Exponential potential: enabling networks that sense, think, and act
Latest news
Ready to talk?
Please complete the form below.
The form is loading, please wait...