Skip to main content

IPsec Security Gateway

Keep your customers’ IP traffic safe as it traverses unsecure networks


Our IPsec Security Gateway solution helps you avoid security breaches that can lead to costly increases in customer churn.

This 3GPP-compliant solution also provides competitive service differentiation and meets the security requirements of sensitive public sector and mission-critical applications. 

Three functions to secure IP traffic

IP traffic is vulnerable to attack whenever it travels across an unsecured or third-party network. Even in secured networks, transport links can be tapped, and insiders pose a risk.

The Nokia 7750 Service Router (SR)-based Security Gateway and Nokia NetGuard Certificate Manager (NCM) provide IP security (IPsec) protection with three essential functions:

  • Authentication, which ensures that the sender and receiver are who they say they are
  • Integrity, which ensures that the data that is received matches the data that was sent
  • Confidentiality, which ensures that no one can read the data as it is being transmitted

Security Gateway

The Security Gateway lets you set up secure tunnels between network endpoints and encrypts traffic so that it can pass safely across these tunnels. It is a feature of the Nokia Service Router Operating System (SR OS) and runs on the 7750 SR platforms.

The Security Gateway is also available as a virtualized network function on the Nokia Virtualized Service Router (VSR) for implementation in a cloud architecture. Both options provide the industry’s highest capacity and throughput. 


Certificate management

IPsec requires digital certificates for authentication. Based on a trusted certification authority, NCM manages the entire lifecycle of a digital identity in a standardized and secure way. It simplifies and secures this process by setting up a public key infrastructure (PKI) according to the 3GPP TS 33.210, 33.310 and 33.401 standards.

With NCM, you can ensure the safe authentication of users, devices, applications and systems without the need for tokens, passwords or other non-standardized authentication schemes. Its distributed architecture supports over 100 million active certificate deployments.

Benefits and features

Long in-service lifetime

  • High capacity and throughput
  • Up to 500,000 IPsec tunnels per 7750 SR chassis
  • Up to 960 Gb/s IPsec throughput 
  • Over 100M certificates supported

Cost effective deployment options

  • Runs on virtual or physical hardware platforms
  • A variety of form factors to address different capacity requirements 
  • Supports centralized and distributed deployments
  • High scalability and forward compatibility, which ensure a long, stable lifetime in your network

Carrier-grade features

  • 7750 SR platform is widely used in global routing networks
  • Full suite of advanced routing features
  • IPv4 and IPv6 support for deployment flexibility
  • Reduced equipment sparing costs and a common management platform when used in a Nokia IP network

High reliability

  • Redundant control, switching, power, fans
  • Non-stop routing, non-stop services
  • Fast convergence
  • Multi-chassis stateful synchronization for
    geo-redundant backup


  • Works with RAN, core and transport networks
  • Works with any generation RAN (3G, 4G, 5G) 
  • Works with macro and small cells, femtocells,
    carrier Wi-Fi

Ready to talk?

Please complete the form below.

The form is loading, please wait...