noun_Email_707352 noun_917542_cc noun_Globe_1168332 Map point Play Untitled Retweet

SS7, SIGTRAN and Diameter firewall for improved network security

Our signaling firewall solution protects Communication Service Providers’ critical signaling network from security threats. Advanced functionality covers SS7, SIGTRAN and Diameter traffic.

Protecting core network

Operators need to protect their most important asset, their core network, which is the engine behind their entire network operations. There are numerous harms and risks to overcome: network overload, denial of service, service or network operations disruptions, or attacks against operator or subscribers’ assets.

Attackers are persistent and can easily bypass even in-built security functionality in the recent core network generations. The GSMA has identified the most common attacks and basic firewall rules to prevent those. Yet today surprisingly many operators don’t have any firewall to protect their core network.

Our advanced firewall solution covers SS7, SIGTRAN and Diameter traffic. It includes all the rules identified by the GSMA, GSMA FS.11 and GSMA FS.19 rules for 2G, 3G, 4G and SEPP for 5G networks. The solution is configurable and helps to stay aligned with the GSMA recommendations now and in the future.

Jörgen Tränk

Lead Product Manager

Key benefits

Our SS7, SIGTRAN and Diameter firewall solution protects 2G/3G, 4G and eventually 5G core networks from all known types of security attacks.

Core network security

Our SS7, SIGTRAN and Diameter firewall solution protects 2G/3G, 4G and eventually 5G core networks from all known types of security attacks.

Operators can add additional advanced routing rules to the pre-defined GSMA recommendations. A versatile platform enables several other network functions.

Futureproof and adaptable

Operators can add additional advanced routing rules to the pre-defined GSMA recommendations. A versatile platform enables several other network functions.

Ready-built firewall protection for several virtualized platforms such as VMware and OpenStack.

Virtualization-ready

Ready-built firewall protection for several virtualized platforms such as VMware and OpenStack.

Key features

GSMA FS.11 and FS.19 and SEPP

The firewall solution protects the core network from all known types of security attacks. It implements the rules recommended by the GSMA in FS.11 and FS.19 for 2G, 3G and 4G core networks as well as a Signaling Edge Protection Proxy (SEPP) for 5G networks.

Protection during signaling storms

With the powerful, telecom grade virtual platform, the signaling firewalls can be set up to isolate internal home network routing from external networks traffic. Therefore, our firewall protects the home network also during a signaling storm.

Easy to configure filtering rules

The set of firewall rules can be expanded when an operator sees new types of attacks occurring in the network. Configuration of all firewall functions and features are done through an easy-to-use web-GUI.

Wide protocol support

The range of in-built protocol variants and firewall functionality ensures that the firewall solution fits with networks over SS7, SIGTRAN, IPv4, IPv6, TDM (E1/T1/J1) and Diameter, TCP, SCTP.

Virtualization ready

Our firewalls come with a user-friendly Web Graphical User Interface (GUI) for operation. Flexible configuration rules for both protocol stacks as well as firewall behaviour, viewing alarms, statistics, SW repository including upgrade/downgrade functions, documentation, log, and trace-functionality, all conveniently packaged in one GUI.

Northbound REST API

Our firewall solution can also be operated via a Northbound REST API. All alarms, statistics and operations of the solution platform are available through this REST API.

Telecom grade platform

Powerful telecom grade platform as the firewall backbone

The firewall solution is powered with the virtual telecom grade platform, TietoEVRY’s Evolved Signaling Controller (ESC), which is suitable for both virtualized and bare-metal solutions. Multiple core network applications, such as STP, DRA, MNP and SoR, can simultaneously co-execute in the same platform. Benefit from the shared capacity – and forget struggling with capacity safety margins for each application separately.

Read more about ESC
Share on Facebook Tweet Share on LinkedIn