Security Gate & Gi Firewall

Size: px
Start display at page:

Download "Security Gate & Gi Firewall"

Transcription

1 Security Gate & Gi Firewall Protecting the Mobility Infrastructure Introduction By the year 2015, it is predicted that there will be 25B devices connected to the Internet, more than three for every person on the planet. By 2020, that number is expected to double to more than six per person. The overwhelming majority of these devices will be wireless devices, connected to WiFi and 3GPP mobility networks such as LTE. Unlike the rise of 2G/3G/3.5G networks, the mobility network infrastructure needed to support this tsunami of new device will require the deployment of large numbers of microcell devices, from large metrocells supporting dense urban areas to residential femtocells needed to provide coverage where only terrestrial broadband Internet connectivity exists. Securing this complex set of software interfaces between sets of nodes will be a critical challenge in meeting the growth requirements of mobility networks. It is equally important to understand that these mobility network architectures are not static. LTE must coexist with older 3GPP architecture, and support handoff of devices between architectures. The classes of devices defined within 3GPP Release 10 (Advanced LTE) can support up to 1Gbps DL/500Mbps UL per device, a ten fold increase compared to current LTE devices supporting 100Mbps DL/50 Mbps UL per device. Round-trip latency requirements have reduced from 100ms for 3G networks, to 10ms for LTE and 5ms for Advanced LTE. The industry crossover from selling mostly standard phones to smartphones means the need to support increasing numbers of concurrent sessions and session rate for application growth. Security solutions for mobility networks must have a proven ability to scale with these requirements as well.this white paper will discuss the background of 3GPP mobility network architectures from a security standpoint, biased towards LTE (Long Term Evolution 3GPP R8 and better). We will explore the concept around two specific security implementations: the Security Gateway (SeGW) to protect the network infrastructure and resources, and the Gi Firewall to inspect traffic from mobility users to packet data networks (including the Internet and Carrier IMS services). Finally we will discuss how the FortiGate can be used to server each of these two roles. While an effort is made in this paper to educate IP security engineers with a background in the architectural concepts and terminology associated with 3GPP mobility networks, it is not intended to substitute for experience or substantive technical information available from reference books and many internet sites. Whenever possible, this paper will make use of the 3GPP terminology, which is rich in acronyms and summary terms. A list of the terms and acronyms used in this are provided at the end. Understanding 3GPP Mobility Networks Prior to LTE, 2G/3G/3.5G networks were primarily designed to handle voice as circuit-switched traffic, to ultimately connect to the similarly circuit-switched PSTN. A separate packet-switched environment handled carrying data such as web, , and SMS/MMS services to packet data networks (PDNs), including the Internet. The radio network controllers (RNCs) associated with these networks have the task of provisioning radio resourcing for both voice and data, but are predominantly biased towards voice. While not the first smartphones on the market, the growth of BlackBerry devices in 2005/2006 and introduction of the Apple iphone in 2007 resulted in a massive demand for data resources on carrier 2G then 3G networks, to the point where RNCs were straining to deliver both voice and data services to the growing number of devices joining the mobility networks. In older 2G/3G environments, a single device receiving a large could use the radio resources equivalent to up to 30 voice calls. 1

2 There are a large number of software interfaces defined within the GPRS network, but of significant security concern are: Figure 1 Older 3GPP mobility network architectures. In the majority of the world (and 30 of the larger 32 carriers), 2G/3G networks are based on GSM/UMTS. However, in the US has majority of subscribers associated with 2G/3G networks based on CDMA (CDMAone/CDMA2000), which supports larger cell sizes with fewer towers. 3GPP specifications and carriers upgraded to improve radio resourcing and data performance. This includes HSPA+ (part of the 3GPP R7) for UMTS networks, with data speeds rivaling LTE. Many HSPA+ carriers market HSPA+ services as 4G, although for this purposes of this paper we are using the term 3.5G, to prevent confusion with LTE, as well as the fact that HSPA+ is compatible with 3G data architectures to allow reuse of existing network packetswitched components. CDMA based carriers have generally opted to migrate data (and eventually voice) services to LTE, rather than upgrade their 3G (EV-DO) packet-switched environments. Regardless of the radio technology used, the core of 2G/3G/3.5G network is the General Packet Radio Service, or GPRS. Relative to security requirements, the principal components of the GPRS are: Gn which is an IP-based interface between the SGSN and internal GGSNs, as well as to other SGSNs, DNS, and external GRX (GPRS Roaming Exchange) providers. This interface uses GTP (GPRS Tunneling Protocol) and DNS Gp which is an IP-based interface between the SGSN and external GGSNs, for use by roaming UEs. This interface uses GTP. Gi which is an IP-based interface between GGSN and external PDNs such as the Internet. This is a general IP interface, although carriers can optionally support various encapsulation/encryption protocols on this interface Unlike older 3GPP networks, LTE combines voice and data traffic onto a common packet-switched network called the Evolved Packet Core EPCs. The role of the RNC has been incorporated into the base stations, or evolved NodeBs (enb), to reduce overall network latency and performance. The role of the SGSN has been split into two components: - S-GW Serving Gateway which is responsible for the delivery of packets to/from UEs within the S-GW geographical service zone - MME Mobility Management Entity which is responsible for the authentication of subscriber UEs, as well as their assignment to S-GWs within same geographical service zone. The MME is the principal control node for the LTE access network SGSN Serving GPRS Support Node which is responsible with the authentication of subscriber User Endpoints (UEs, which are the mobile devices), and the delivery of data packets to/from UEs within the SGSN s geographical service area GGSN Gateway GPRS Support Node which is responsible for internetworking between the carrier s GPRS network and external PDNs, including the Internet Figure 2 Evolution to 4G-LTE. 2

3 The purpose of this segregation is to provide flexibility growth of LTE within geographical areas. MMEs and S-GW are placed into MME and S-GW pool areas, which correlate to unique UE tracking areas. UE tracking areas can contain multiple cells, but a cell is a member of only one UE tracking area. To add complexity, an enb can service cells from different UE tracking areas. Each UE tracking area is associated with MMEs and S-GWs in their respective pool areas. As UEs move between UE tracking areas, they can remain connected to their original MME and/or S-GW, as long as their new UE tracking areas is still associated with the same pool area of the original assignment. Figure 3 Scaling LTE by use of MME and S-GW pool areas. Therefore, if a given UE tracking area requires more access capacity, they can add additional MMEs to its Associated MME pool area. Also, if a given UE tracking area needs more data bandwidth, they can increase the number of S-GWs within the associated SG-W pool areas, and load-balance UE assignments between them. The PDN Gateway, or P-GW, replaces the role of the GGSN. The differential is the inclusion of support for LTE software interfaces, as well as support for QoS requirements in servicing packet-based voice calls through to IP Multimedia Subsystem (IMS) services, which are carrier internal PDN beyond the P-GW. All software interfaces within an LTE network are now IP-based, where some older networks made use of SS7- based signaling on some interfaces. LTE introduces a set of new and renamed software interfaces, many of which need to be considered relative to security requirements. These include: S1-MME which is a control-plane interface between the enb and the MME, and is used to control UE access to the EPC. This interface runs an S1-AP application that is transported over SCTP (Stream Control Transmission Protocol) S1-U which is a user-plane interface between the enb and the S-GW, and is used to transfer data from UEs to their assigned S-GW. This interface uses GTP S3 In order architectures, communication between SGSNs is handled by the Gn interface. LTE supports interoperability with older networks by supporting control-plane communications between the MME and SGSNs. This interface uses GTP S4 Similar to S3, this interface allows LTE to support interoperability with older networks by supporting userplane data transport bewteen SGSNs and LTE P-GWs. This interface uses GTP S5 which is both the control-plane and user-plane interface between S-GWs and internal P-GWs. This interface uses GTP or Proxy Mobile IPv6 plus Generic Routing Encapsulation (PMIPv6/GRE). Note that some LTE products combine the S-GW and P-GW interface into a common device, and in these cases, the S5 interface does not exist externally S6a which provides communication between the MME and HSS (Home Subscriber Server), in support of LTE access operations. This interface uses the Diameter protocol. Note that the MME can communicate with its native HSS or a foreign HSS, for support of roaming users S8 Similar to S5, this interface supports both the control-plane and user-plane communications between the S-GW and foreign P-GWs. The interface uses GTP S10 which is used for communication between MMEs, in support of handoff and management operations. This interface uses GTP S11 which is used for communication between the MME and S-GW, for management communications. This interface uses GTPv2 S12 which is optionally used to allow direct tunneling of data from UEs in older networks to the S-GW of an LTE network. This provides efficiency over using relaying data to the SGSN to be passed by the S4 interface, and requiring coordination via the S3 interface. The S12 interface uses GTP X2 which is the interface that allows enbs to communicate between each other in support of handoff, load-balancing and congestion control. This interface uses SCTP. However, it should be noted that the nature of this interface is that X2 sessions between enbs should be established directly as possible. Therefore it is possible to use an L2 media other than Ethernet. 3

4 SGi which is the interface between the P-GW and external PDNs. It is a generic IP interface, also the optional use of various encryption/encapsulation protocols is supported. It is identical to the Gi interface in older networks As previously noted, substantial growth in the LTE network will come from the deployment of microcells. These have a significant advantage over macrocells (tower-based units). Their smaller footprint allows them to be much easier to position to achieve the most cost effective coverage for a given area. They can also be deployed in both indoor and outdoor settings, which can greatly improve coverage with building that shield tower-based communications, or even allow the deployment of a microcell to cost-effectively cover a macrocell sized rural area that only has light duties. It should be noted that many microcells today can simultaneously support multiple 3GPP network technologies, such as both HSPA+/LTE, to support a wide range of UE devices and deployment models. There are roughly four general types of microcells, although the form factor, usage, and terminology can vary widely between carriers and equipment providers. These are: 1. Metrocells These microcells have a cell size of a few hundred meters, and multiple units can be deployed within densely populated urban areas to meet coverage and subscriber density requirements. 2. Picocells These microcells are generally used in large indoor environments such as shopping centers, with cell sizes that are tens of meters in size. For example, an electronics retailer selling mobile phones from multiple carriers may deploy picocells supporting different carriers to provide high-quality connections for the devices they sell. 3. Small Cells This is a wide-term for a variety of microcells designed to cover lower subscriber density requirements. Their cell sizes can vary up to multiple kilometers in size. For example, an outdoor small cell mounted on a pole or other highpoint in a rural area could provide coverage for a few hundred subscribers in a 2km radius. 4. Femtocells These are a special class of microcells that consumers can purchase to improve connections in their home or small office. Unlike other microcells, the HeNB (Home enb) in these units are lockable to a definable set of UEs. They are designed make use of the consumer s home broadband Internet connection. In general, microcells use available broadband Internet connectivity as backhaul to the carrier s EPC. This broadband connectivity can be provided by the carrier or from a third-party, and can use a variety of broadband media (DSL, cable, fiber, even wireless). These backhaul connections can require encryption/encapsulation (VPN) to support the integrity and confidentiality of the data on the backhaul from the microcells enb to the EPC. Security Requirements for Mobility Networks Before we begin to define the security requirements for mobility networks, a word of caution is provided to the reader. The Internet is IP-based, from which can be inferred that as its commercial use grew from the early 1990 s until today, IP security mechanisms have evolved to meet an ever growing set of threat vectors. Mobility networks may have evolved over the same time from analog circuitswitched to IP-based packed switched networks, but the security of these networks have been generally based on the establishment of isolated IP networks for their management. The focus of improvement of mobility networks has always been to maintain and improve the quality of the subscriber s experience, in the face of subscriber growth and improvement in UE technology. It will come as no surprise that it may be difficult for IP security practitioners to communicate effectively with telecom engineers, the latter of whom are more focused on improvements to radio interface technologies and operational considerations. It is the deployment of mobility network components across third-party providers and the increasing use of IP-based management systems that is forcing the migration away from the security shield offered by isolated IP networks. It is equally important to note that the principal requirement for evaluating the effectiveness of a security solution deployed on a mobility network will be its impact on the performance, reliability, and reported subscriber experience of the network, rather than its demonstrated security effectiveness. Security solutions introduced into mobility networks must have long-term scalability in forwarding performance vectors such as session capacitance (session rate and total number of concurrent sessions) and effective 4

5 throughput, while maintaining low-latency and reliable operation. While HSPA+ is extending the usefulness of UMTS-based 3G networks, with performance at near-parity to LTE-based 4G networks, the discussion of these security devices will be centered on LTE EPC deployments rather than UMTS/CDMA GPRS core deployments. Based on our understanding of mobility network architectures, we can define a set of security requirements need to protect them. There are three distinct types of traffic we need to consider: 1. Control-Plane Generally this is the messaging/ applications between components that make up the infrastructure of the mobility network. As previously noted, the types of protection that can be deployed can be derived from the IP based protocols used to transport these messages/applications 2. Data-Plane Generally this is the data flowing between UEs and the PDNs providing services to them. While traversing the mobility network, much of this traffic is encapsulated in GTP or GRE. However connectivity on the Gi/SGi interface from the GGSN/P-GW is usually open to a variety of content inspection mechanisms 3. External Encryption/Encapsulation As the nature of mobility growth is resulting in the use of third-party networks to backhaul traffic, additional security devices may be required to provide services that are not inherent to the mobility infrastructures themselves. This can support the integrity of both control-plane and/or data-plane communications. For example, a high performance VPN concentrator may be required to terminate IPSec connection from enbs associating themselves with a set of MMEs/S-GWs. Another example could be a VPN device used to provide connectivity from a set of P-GWs to a specific PDN hosted via a third-party network. From these, we can derive two distinct security devices that can be deployed onto mobility networks: a security gateway (SeGW) to protect and provide integrity for control-plane communications, and a Gi firewall (GiFW) to protect, inspect, and provide integrity for data-plane communications (user traffic) to/from external PDNs. It is important to note that for the security functionality defined for both of these security devices, support for both IPv4 and IPv6 is required. The principal role of the SeGW can be defined to include the following security functions: High performance stateful firewall support across LTE interfaces, to generally limit communications between specifically defined devices. QoS support, including rate-limiting, queuing, and support for DSCP marking of packets to allow signaling of QoS requirements to/between other devices DoS protection, to protect the availability of mobility resources from misbehavior of mobility infrastructure devices GTP firewall protection, with support for GTP-C v2 for control plane traffic (S3, S5, S8, S10, S11) and GTP-U for data-plane encapsulation of user-traffic (S1-U, S4, S5, S8, S12) SCTP firewall protection, to limit communications between specifically defined devices (S1-MME, X2) Diameter firewall protection, to protect and control AAA messages (S6a) High performance VPN concentrator support to provide termination of large numbers of VPN tunnels from the enbs to the EPC (MME/S-GW). It is assumed that this will make use of IPSec VPN technology, although it is noted that some carriers and equipment providers are making use of TLS-based VPNs based on OpenVPN/OpenConnect capabilities Support for VPN termination between local and foreign network components, as required by carrier agreements As the GiFW s inspects data-plane traffic between UEs and RDNs, the security functions it can will support can vary widely based on carrier requirements, and even evolve to include value-added functionality. It is important to note that a principal role of the GiFW is to provide protection for UEs from PDN-based attacks, and vice-versa. A set of security functions to be considered include: High performance next-generation firewall (NGFW) for the SGi interface. NGFW functions are considered to include: FW, IPS, and Application Control QoS support, including rate-limiting, queuing, and support for DSCP marking of packets to allow signaling of QoS requirements to/between other devices DoS protection, to protect PDNs from misbehaving UEs DDoS protection, to mitigate the affects of PDN-based DDoS attacks against subscriber UEs, as well as resource protection for data-plane mobility infrastructure components 5

6 Support for VPN termination between the EPC and PDN resources located across third-party networks, as well as termination of management VPN connections The ability to include valve-added unified threat management (UTM) security functionality on a per user, group, or device-type basis. Examples of this would include: Web content filtering Anti-malware filtering, sandbox analysis for zero-day threats Botnet protection Data leakage prevention Anti-spam other control/filtering functionality Multimedia messaging service (MMS) scanning Support for NAT functionality, including carrier-grade NAT (CGN), in support of extending IPv4 address resources and aiding native IPv6 deployments to UEs across IPv4 mobility infrastructures (6rd) 4. Terminating VPN connections support backhaul communications between enbs and the EPC across third-party network For the GiFW, the two distinct deployment roles include: 1. Between GGSNs within the GPRS core of older 3GPP networks and PDNs (including the Internet) 2. Between P-GWs within EPCs of LTE networks and PDNs (including the Internet) This is not meant to imply that the same physical appliance cannot perform multiple deployment roles. Virtualizon technology can be used to consolidate multiple deployment roles into a common physical appliance. However, it is important to consider the effect such a consolidation may have on long-term scalability and resiliency requirements of the security solution. The Fortinet Advantage FortiASIC Accelerated FortiGate Appliances The Fortinet FortGate consolidated security platforms offer unmatched performance, flexibility, scalability, and security for carriers and service providers seeking a SeGW solution for their mobility networks. Using FortiASIC technologies, they are capable of sustaining high-performance, lowlatency operation, and can scale to meet multi-year operational and performance targets. Figure 4 Deployment SeGW and GiFW functions into mobility network architectures. The diagram above describes the general deployment of SeGWs and GiFWs, relative to mobility network architectures. For SeGWs, the four distinct deployment roles include: 1. Within the GPRS core of older 3GPP network architectures, notably between SGSN and GGSN resources 2. Between LTE and older 3GPP networks, supporting traffic on LTE interfaces provided for network architecture interoperability (S3, S4, S6a, S8, S12) 3. Between components within the LTE EPC Figure 5 Overview of the Fortinet LTE security solution. 6

7 Appliances supporting FortiASIC Network Processor (NP) technology benefit from the wire-speed firewall performance, QoS support, and DoS protection offered by this family of FortiASICs. The current FortiASIC-NP4 can support these functions at up to 40Gbps, with a packet performance rate supporting any packet size. Supporting extremely low-latency operations (<10 μs), the FortiGate platform far exceeds the performance requirements for insertion into LTE and Advanced-LTE mobility networks The FortiASIC-NP4 also supports hardware acceleration of inter-vdom links. In GiFW implementations, these inter- VDOM links can be used to provide full segregation of PDN security requirements, while providing aggregation to a common set of P-GWs. A wide range of FortiGate mid-size and high-end appliance models are available, to provide flexibility in deploying SeGW & GiFW functionality within production mobility networks. FortiGate appliances also operate as high-performance VPN concentrators. Each FortiASIC-NP4 is capable of supporting up to almost 9 Gbps of IPSec encryption/decryption, and up to 64K IPSec SAs per ASIC. FortiGates support of Virtual Domains (VDOMs), Fortinet s firewall virtualization technology, provides for full segregation of policy, forwarding, and management functions, with support for up to 500 VDOMs per physical appliance. Operating as an SeGW, VDOMs can be used to segregate software interface functions and/or device types within the mobility network architecture, allowing a single hardware platform to perform all of the distinct deployment roles outlined in the requirements section. Figure 7 FortiGate mid-range and high-end models supporting FortiASIC-NP4 technology. Additionally, the FortiGate 5000 series chassis, with networking and security blades, offers the highest combination of performance and flexibility in developing and deploying SeGW & GiFW solutions. FortiGate security blades can operate independently, or a variety of clustering technologies on the central FortiSwitch/FortiController networking blades can be used to scale performance requirements across multiple FortiGate security blades. Figure 6 Representation of using VDOMs and inter-vdom links to consolidate multipe SeGW and FiFW functions into a single appliance. Figure 8 Fully loaded FortiGate 5140B chassis. 7

8 FortiOS/FortiCarrier OS The FortiOS 5.0 operating system provides a wide range of FW/VPN, NGFW, and UTM functions supported within FortiGate hardware and virtual appliances, including the VDOM support to fully segregate security functions within complex mobility networking architectures. However, there are a few carrier-specific security features developed by Fortinet, which require a specially licensed version of FortiOS, called FortiCarrier OS. These functions include: GTP Firewalling and Inspection MMS Scanning Diameter protocol validation Prior to version 5.0, FortiCarrier OS was only supported on specific FortiCarrier hardware models. In version 5.0 FortiCarrier is now supported on both existing FortiCarrier hardware models, as well as on a wide-range of standard FortiGate models by applying a FortiCarrier upgrade license to an existing FortiGate hardware or virtual appliance. GTP Sequence Number Checking GTP & SCTP Stateful Inspection APN, IMSI, MSISDN Filtering Over Billing Protection Support for GTP Profiles Support for APN Objects Support for IMSI Objects Quick Reconnection of GTP Tunnels GTP-in-GTP Tunnel Blocking MMS scanning is a carrier-specific function incorporated in the GiFW role. FortiCarrier OS provides MMS scanning support as follows: Directly to/from UE devices, via the MM1 interface Between the carrier s internal MMS relays/servers to external servers, such as servers, via the interface Between the carrier s internal MMS relays/servers and those belonging to other carriers, via the MM4 interface Between the carrier s internal MMS relays/server to/ from external value-added service providers, via the MM7 interface Billing System MMS VAS Application MMS User Databases MMS MM7 MMS HLR MMS MMS User Agent MM1 Relay MMS Relay/Server MM2 Server MM4 Foreign MMS Relay/Server Figure 9 FortiOS/FortiCarrier OS security functionality. GTP-C v2 firewall support is a critical function for SeGW deployments, which is supported in FortiCarrier OS. As a SeGW, a FortiGate can inspect GTP traffic as follows: External Server #1 (e.g. ) External Server #2 (e.g. Fax) External Server #3 (e.g. UMS) External Server #N Figure 10 FortiCarrier OS MMS scanning deployments. MMS User Agent GTP-C v2 firewall support is a critical function for SeGW deployments, which is supported in FortiCarrier OS. As a SeGW, a FortiGate can inspect GTP traffic as follows: Support for GTP-C v0/v1/v2, and GTP-U GTP Protocol Anomaly Detection and Prevention GTP Packet Forward and Route GTP Multiple Filter Options (Message, APN, IE removal) GTP Sanity Checking all Header field check FortiCarrier OS extends many FortiOS security functions to MMS traffic, including anti-virus scanning, anti-spam and flooding protection, and data leakage prevention (DLP). A special build of FortiCarrier OS provides Diameter protocol validation, which supports the protocol over SCTP or TCP. This functionality supports RFC-6733 and 3GPP application validation, as well as attribute value pair (AVP) validation. Diameter validation is important to maintain both internal and roaming authentication security. 8

9 Summary Given the explosive demand and growth in mobility networks, and subscriber reliance on the performance, security, and reliability of these networks, there is a clear need to deploy scalable, high-performance, and reliable Security Gateway (SeGW) and Gi Firewall (GiFW) solutions. With the migration towards LTE and all IP-based mobility networks, as well as necessary use of third-party networks as backhaul solutions in microcell deployments, carriers can no longer rely on IP network isolation to meet their security requirements. Fortinet has a long history of providing carriers and service providers with security solutions to meet the growing demands placed on their networks. FortiASIC accelerated FortiGate appliances provide the performance, scalability, low-latency, and resiliency to meet the long-term requirements for SeGW and GiFW deployments. FortiOS/ FortiCarrier OS provide a rich and continuously evolving set of features needed to meet the current and future security requirements of mobility networks. Coupled with Fortinet s management and analysis platforms (FortiManager/FortiAnalyzer), security research from FortiGuard Labs, and support for FortiCare, carriers and service providers can rapidly develop and deploy fully managed security solutions into today s advanced mobility infrastructures. GLOBAL HEADQUARTERS Fortinet Inc Kifer Road Sunnyvale, CA United States Tel: Fax: EMEA SALES OFFICE 120 rue Albert Caquot 06560, Sophia Antipolis, France Tel: Fax: APAC SALES OFFICE 300 Beach Road The Concourse Singapore Tel: Fax: LATIN AMERICA SALES OFFICE Prol. Paseo de la Reforma 115 Int. 702 Col. Lomas de Santa Fe, C.P Del. Alvaro Obregón México D.F. Tel: (55) Copyright 2013 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. 9

Fortinet recognized for delivering outstanding enterprise management, security effectiveness, and TCO

Fortinet recognized for delivering outstanding enterprise management, security effectiveness, and TCO Fortinet FortiGate Appliances Earn Coveted Recommend Ratings from NSS Labs in Next Generation Firewall, IPS, and Network Firewall in NSS Labs Group Tests Fortinet s Enterprise-Class Triple Play Fortinet

More information

Fortinet FortiGate App for Splunk

Fortinet FortiGate App for Splunk SOLUTION BRIEF Fortinet FortiGate App for Splunk Threat Investigation Made Easy The FortiGate App for Splunk combines the best security information and event management (SIEM) and threat prevention by

More information

Improving Profitability for MSSPs Targeting SMBs

Improving Profitability for MSSPs Targeting SMBs Improving Profitability for MSSPs Targeting SMBs Using a Multi-tenant Virtual Domain (VDOM) Model to Deliver Cost-Effective Security Services Introduction In recent years the adoption of cloud services,

More information

Fortinet s Solution for the Enterprise Campus

Fortinet s Solution for the Enterprise Campus SOLUTION BRIEF Fortinet s Solution for the Enterprise Campus High Performance Next Generation Firewall Today s enterprises are increasingly looking to upgrade security at the edge of their networks. This

More information

FortiCore A-Series. SDN Security Appliances. Highlights. Securing Software Defined Networking (SDN) Architectures. Key Features & Benefits

FortiCore A-Series. SDN Security Appliances. Highlights. Securing Software Defined Networking (SDN) Architectures. Key Features & Benefits DATA SHEET FortiCore A-Series SDN Security Appliances FortiCore A-Series FortiCore 6200A, 6240A, and 6300A SDN Security Appliances The FortiCore A-Series of Software-Defined Networking (SDN) security appliances

More information

Use FortiWeb to Publish Applications

Use FortiWeb to Publish Applications Tech Brief Use FortiWeb to Publish Applications Replacing Microsoft TMG with a FortiWeb Web Application Firewall Version 0.2, 27 June 2014 FortiWeb Release 5.2.0 Introduction This document is intended

More information

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Network Firewall (INFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Network Firewall (INFW) WHITE PAPER Protecting Your Network From the Inside-Out Internal Network Firewall (INFW) Protecting Your Network From the Inside-Out Internal Network Firewall (INFW) Table of Contents Summary 3 Advanced

More information

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW) WHITE PAPER Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Table of Contents Summary

More information

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW) WHITE PAPER Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Table of Contents Summary

More information

FortiGate/FortiWiFi 60D Series

FortiGate/FortiWiFi 60D Series DATA SHEET FortiGate/FortiWiFi 60D Series Integrated Threat Management for Small Networks FortiGate/FortiWiFi 60D Series FortiGate 60D, 60D-POE, FortiWiFi 60D, 60D-POE The FortiGate/FortiWiFi 60D Series

More information

FortiGate 100D Series

FortiGate 100D Series DATA SHEET FortiGate 100D Series Integrated Security for Small and Medium Enterprises FortiGate 100D Series FortiGate 100D, 140D, 140D-POE and 140D-POE-T1 In order to comply with legislation and secure

More information

The Fortinet Advanced Threat Protection Framework

The Fortinet Advanced Threat Protection Framework WHITE PAPER The Fortinet Advanced Threat Protection Framework A Cohesive Approach to Addressing Advanced Targeted Attacks The Fortinet Advanced Threat Protection Framework Table of Contents Introduction

More information

Diameter in the Evolved Packet Core

Diameter in the Evolved Packet Core Diameter in the Evolved Packet Core A Whitepaper November 2009 Page 2 DIAMETER in the Evolved Packet Core Mobile broadband is becoming a reality, as the Internet generation grows accustomed to having broadband

More information

Practical Security Testing for LTE Networks BlackHat Abu Dhabi December 2012 Martyn Ruks & Nils

Practical Security Testing for LTE Networks BlackHat Abu Dhabi December 2012 Martyn Ruks & Nils Practical Security Testing for LTE Networks BlackHat Abu Dhabi December 2012 Martyn Ruks & Nils 06/11/2012 1 Today s Talk Intro to LTE Networks Technical Details Attacks and Testing Defences Conclusions

More information

SDN Security for VMware Data Center Environments

SDN Security for VMware Data Center Environments SOLUTION BRIEF SDN SECURITY FOR VMWARE DATA CENTER ENVIRONMENTS Purpose-built virtual security appliances will be increasingly used alongside hardware appliances to secure enterprise data centers, which

More information

Security Testing 4G (LTE) Networks 44con 6th September 2012 Martyn Ruks & Nils

Security Testing 4G (LTE) Networks 44con 6th September 2012 Martyn Ruks & Nils Security Testing 4G (LTE) Networks 44con 6th September 2012 Martyn Ruks & Nils 11/09/2012 1 Today s Talk Intro to 4G (LTE) Networks Technical Details Attacks and Testing Defences Conclusions 11/09/2012

More information

FortiGate/FortiWiFi 90D Series

FortiGate/FortiWiFi 90D Series DATA SHEET FortiGate/FortiWiFi 90D Series Enterprise-Grade Protection for Distributed Network Locations FortiGate/FortiWiFi 90D Series FortiGate 90D, 90D-POE, FortiWiFi 90D, 90D-POE The FortiGate/FortiWiFi

More information

FortiGate/FortiWiFi -60C Series Integrated Threat Management for Small Networks

FortiGate/FortiWiFi -60C Series Integrated Threat Management for Small Networks FortiGate/FortiWiFi -60C Series Integrated Threat Management for Small Networks The FortiGate/FortiWiFi-60C Series are compact, all-in-one security appliances that deliver Fortinet s Connected UTM. Ideal

More information

FortiVoice Enterprise

FortiVoice Enterprise DATA SHEET FortiVoice Enterprise Phone systems FVE-100E, 300E-T-T/E, 500E-T2-T/E, 1000E, 1000E-T, 2000E-T2, 3000E and VM Phone systems The IP PBX voice solutions give you total call control and sophisticated

More information

FortiGate 200D Series

FortiGate 200D Series DATA SHEET FortiGate 200D Series Secure Protection for the Campus Perimeter and Branch Office FortiGate 200D Series FortiGate 200D, 200D-, 240D, 240D- and 280D- The FortiGate 200D series delivers high-speed

More information

Introduction. Profound Changes Impose New Security Model. Increased Volume. Creativity And Sophistication. Wide-Scale Ubiquity. Standardized Delivery

Introduction. Profound Changes Impose New Security Model. Increased Volume. Creativity And Sophistication. Wide-Scale Ubiquity. Standardized Delivery Introduction Profound Changes Impose New Security Model The Telecom industry is caught in a perfect storm, driven by global technological, economic and social forces that no Communication Service Provider

More information

5 ½ Things That Make a Firewall Next Gen WHITE PAPER

5 ½ Things That Make a Firewall Next Gen WHITE PAPER 5 ½ Things That Make a Firewall Next Gen WHITE PAPER 5 ½ Things That Make a Firewall Next Gen Table of Contents Introduction 3 #1: Application Awareness and Control 3 #2: User Identity Awareness and Control

More information

FortiSwitch. Data Center Switches. Highlights. High-performance and resilient managed data center switch. Key Features & Benefits.

FortiSwitch. Data Center Switches. Highlights. High-performance and resilient managed data center switch. Key Features & Benefits. DATA SHEET FortiSwitch Data Center Switches FortiSwitch FortiSwitch 1024D, 1048D and 3032D Data Center Switches FortiSwitch Data Center switches deliver outstanding throughput, resiliency and scalability

More information

Securing Next Generation Mobile Networks

Securing Next Generation Mobile Networks White Paper October 2010 Securing Next Generation Mobile Networks Overview As IP based telecom networks are deployed, new security threats facing operators are inevitable. This paper reviews the new mobile

More information

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

How to secure an LTE-network: Just applying the 3GPP security standards and that's it? How to secure an LTE-network: Just applying the 3GPP security standards and that's it? Telco Security Day @ Troopers 2012 Peter Schneider Nokia Siemens Networks Research 1 Nokia Siemens Networks 2012 Intro

More information

Keeping the Store Open: Fighting the Cyber Criminal in the Retail World

Keeping the Store Open: Fighting the Cyber Criminal in the Retail World SOLUTION BRIEF Keeping the Store Open: Fighting the Cyber Criminal in the Retail World Pain Points of the Typical Retail Network CONNECTIVITY Introduction As the most recent wave of attacks have confirmed,

More information

Fortinet s Data Center Solution

Fortinet s Data Center Solution SOLUTION BRIEF Fortinet s Data Center Solution High Performance Network Security for Government Operations Introduction The data center is the focal point of several trends in computing and networking

More information

4G Mobile Networks At Risk

4G Mobile Networks At Risk 07.05.1203 Consortium Attack analysis and Security concepts for MObile Network infastructures supported by collaborative Information exchange 4G Mobile Networks At Risk The ASMONIA Threat and Risk Analysis

More information

Intel Network Builders Solution Brief. Intel and ASTRI* Help Mobile Network Operators Support Small Cell Networks

Intel Network Builders Solution Brief. Intel and ASTRI* Help Mobile Network Operators Support Small Cell Networks Intel Network Builders Solution Brief Intel and ASTRI* Help Mobile Network Operators Support Small Cell Networks Overview Wireless networks built using small cell base stations are enabling mobile network

More information

LTE Overview October 6, 2011

LTE Overview October 6, 2011 LTE Overview October 6, 2011 Robert Barringer Enterprise Architect AT&T Proprietary (Internal Use Only) Not for use or disclosure outside the AT&T companies except under written agreement LTE Long Term

More information

U.S. Patent Appl. No. 13/247.308 filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD

U.S. Patent Appl. No. 13/247.308 filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD U.S. Patent Appl. No. 13/247.308 filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD [0001] The disclosure relates to mobile networks and, more specifically, to wireless

More information

MSSP Advanced Threat Protection Service

MSSP Advanced Threat Protection Service SOLUTION BRIEF SOLUTION BRIEF: MSSP ADVANCED THREAT PROTECTION SERVICE MSSP Advanced Threat Protection Service Fortinet Empowers MSSP Delivery of Complete ATP Managed Security Service The Need For ATP

More information

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW) WHITE PAPER Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Table of Contents Summary...2 Advanced Threats Take Advantage of the Flat Internal Network...3 The Answer is

More information

Mobility Management for All-IP Core Network

Mobility Management for All-IP Core Network Mobility Management for All-IP Core Network Mobility Management All-IP Core Network Standardization Special Articles on SAE Standardization Technology Mobility Management for All-IP Core Network PMIPv6

More information

Cisco Wireless Security Gateway R2

Cisco Wireless Security Gateway R2 Cisco Wireless Security Gateway R2 Product Overview The Cisco Wireless Security Gateway (WSG) is a highly scalable solution for tunneling femtocell, Unlicensed Mobile Access (UMA)/Generic Access Network

More information

Fortigate Features & Demo

Fortigate Features & Demo & Demo Prepared and Presented by: Georges Nassif Technical Manager Triple C Firewall Antivirus IPS Web Filtering AntiSpam Application Control DLP Client Reputation (cont d) Traffic Shaping IPSEC VPN SSL

More information

ALCATEL-LUCENT 7750 SERVICE ROUTER NEXT-GENERATION MOBILE GATEWAY FOR LTE/4G AND 2G/3G AND ANCHOR FOR CELLULAR-WI-FI CONVERGENCE

ALCATEL-LUCENT 7750 SERVICE ROUTER NEXT-GENERATION MOBILE GATEWAY FOR LTE/4G AND 2G/3G AND ANCHOR FOR CELLULAR-WI-FI CONVERGENCE ALCATEL-LUCENT 7750 SERVICE ROUTER NEXT-GENERATION MOBILE GATEWAY FOR LTE/4G AND 2G/3G AND ANCHOR FOR CELLULAR-WI-FI CONVERGENCE The is a next generation mobile packet core data plane platform that supports

More information

Transforming Your WiFi Network Into A Secure Wireless LAN A FORTINET WHITE PAPER. Fortinet White Paper

Transforming Your WiFi Network Into A Secure Wireless LAN A FORTINET WHITE PAPER. Fortinet White Paper Transforming Your WiFi Network Into A Secure Wireless LAN A FORTINET WHITE PAPER Introduction There have been a number of moments in the IT and network industry that can be considered as a Paradigm Shift.

More information

3GPP Long Term Evolution: Architecture, Protocols and Interfaces

3GPP Long Term Evolution: Architecture, Protocols and Interfaces 3GPP Long Term Evolution: Architecture, Protocols and Interfaces Aderemi A. Atayero, Matthew K. Luka, Martha K. Orya, Juliet O. Iruemi Department of Electrical & Information Engineering Covenant University,

More information

Mobile network evolution A tutorial presentation

Mobile network evolution A tutorial presentation Mobile network evolution A tutorial presentation Andy Sutton Principal Design Consultant - Transport Networks Avren Events, Time and Sync in Telecoms, Dublin, Ireland Tuesday 2 nd November 2010 hello About

More information

Nokia Siemens Networks Flexi Network Server

Nokia Siemens Networks Flexi Network Server Nokia Siemens Networks Flexi Network Server Ushering network control into the LTE era 1. Moving towards LTE Rapidly increasing data volumes in mobile networks, pressure to reduce the cost per transmitted

More information

EHRPD EV-DO & LTE Interworking. Bill Chotiner Ericsson CDMA Product Management November 15, 2011

EHRPD EV-DO & LTE Interworking. Bill Chotiner Ericsson CDMA Product Management November 15, 2011 EHRPD EV-DO & LTE Interworking Bill Chotiner Ericsson CDMA Product Management November 15, 2011 ehrpd LTE & CDMA Interworking What is ehrpd? HRPD Is Standards Name For EV-DO ehrpd Is evolved HRPD ehrpd

More information

The Enterprise Cloud Rush

The Enterprise Cloud Rush WHITE PAPER The Enterprise Cloud Rush Microsoft/Azure The Enterprise Cloud Rush Microsoft/Azure Prepared By: John Jacobs VP, Enterprise Systems Engineering, Fortinet Praveen Lokesh Principal Engineer,

More information

Securing the Data Center

Securing the Data Center WHITE PAPER Securing the Data Center Advanced Threats Require Advanced Security Bigger Breaches, Higher Stakes In the wake of recent headline-grabbing data breaches, FBI Director James Comey s oft-quoted

More information

Optimization Handoff in Mobility Management for the Integrated Macrocell - Femtocell LTE Network

Optimization Handoff in Mobility Management for the Integrated Macrocell - Femtocell LTE Network Optimization Handoff in Mobility Management for the Integrated Macrocell - Femtocell LTE Network Ms.Hetal Surti PG Student, Electronics & Communication PIT, Vadodara E-mail Id:surtihetal99@gmail.com Mr.Ketan

More information

Oracle s Secure HetNet Backhaul Solution. A Solution Based on Oracle s Network Session Delivery and Control Infrastructure

Oracle s Secure HetNet Backhaul Solution. A Solution Based on Oracle s Network Session Delivery and Control Infrastructure Oracle s Secure HetNet Backhaul Solution A Solution Based on Oracle s Network Session Delivery and Control Infrastructure HetNets are a gradual evolution of cellular topology, not a distinct network unto

More information

LTE CDMA Interworking

LTE CDMA Interworking LTE CDMA Interworking ehrpd - Use of a Common Core and a Stepping Stone to LTE Mike Dolan Consulting Member of Technical Staff Alcatel-Lucent Overview ehrpd (evolved High Rate Packet Data*) ehrpd involves

More information

LTE Performance and Analysis using Atoll Simulation

LTE Performance and Analysis using Atoll Simulation IOSR Journal of Electrical and Electronics Engineering (IOSR-JEEE) e-issn: 2278-1676,p-ISSN: 2320-3331, Volume 9, Issue 6 Ver. III (Nov Dec. 2014), PP 68-72 LTE Performance and Analysis using Atoll Simulation

More information

Overview of Network Architecture Alternatives for 3GPP2 Femto Cells Jen M. Chen, et al. QUALCOMM Incorporated

Overview of Network Architecture Alternatives for 3GPP2 Femto Cells Jen M. Chen, et al. QUALCOMM Incorporated 3GPP2 Workshop, Boston, MA Title: Source: Contact: Overview of Network Architecture Alternatives for 3GPP2 Femto Cells Jen M. Chen, et al. QUALCOMM Incorporated Jen M. Chen QUALCOMM Incorporated 858-658-2543

More information

Driving Agility and Security with Data Center Consolidation WHITE PAPER

Driving Agility and Security with Data Center Consolidation WHITE PAPER Driving Agility and Security with Data Center Consolidation WHITE PAPER Introduction Enterprises must become more agile while controlling costs to stay competitive. The true value of IT lies in its ability

More information

Technical white paper. Enabling mobile broadband growth Evolved Packet Core

Technical white paper. Enabling mobile broadband growth Evolved Packet Core Technical white paper Enabling mobile broadband growth Evolved Packet Core Contents 3 Enabling mobile broadband growth 4 Enabling migration from current networks to LTE 4 Terminology 5 The demand for cost-effective

More information

Nokia Siemens Networks Flexi Network Gateway. Brochure

Nokia Siemens Networks Flexi Network Gateway. Brochure Nokia Siemens Networks Flexi Network Gateway Prepare for Mobile Broadband Growth Brochure. 2/14 Brochure Table of Content 1. Towards the flat all-ip Network... 3 2. Preparing the Gateway for Mobile Broadband

More information

FortiOS TM Carrier 4.0 Software

FortiOS TM Carrier 4.0 Software BROCHURE FortiOS TM Carrier 4.0 Software Specialized Security for Service Providers Updated for FortiOS 4.0 MR3 FortiOS Carrier 4.0 Consolidated Security Solutions for Service Providers The communications

More information

Load Balancing Microsoft Exchange 2013 with FortiADC

Load Balancing Microsoft Exchange 2013 with FortiADC Load Balancing Microsoft Exchange 2013 with FortiADC Highly Available, High Performing, and Scalable Deployment with FortiADC D-Series Appliances Exchange 2013 and Application Delivery Microsoft Exchange

More information

Place graphic in this box

Place graphic in this box White Paper Place graphic in this box The ABCs of ADCs The Basics of Server Load Balancing and the Evolution to Application Delivery Controllers Introduction Whether you need to expand an application from

More information

FortiGate -3700D High Performance Data Center Firewall

FortiGate -3700D High Performance Data Center Firewall FortiGate -3700D High Performance Data Center Firewall Data centers, cloud providers, carriers and service providers need a high-speed, high-capacity firewall to stay ahead of ever-increasing network performance

More information

Use of MPLS in Mobile Backhaul Networks

Use of MPLS in Mobile Backhaul Networks Use of MPLS in Mobile Backhaul Networks Introduction Backhaul plays a vital role in mobile networks by acting as the link between Radio Access Network (RAN) equipment (Eg: radio basestation) and the mobile

More information

FortiAuthenticator TM User Identity Management and Single Sign-On

FortiAuthenticator TM User Identity Management and Single Sign-On FortiAuthenticator TM User Identity Management and Single Sign-On FortiAuthenticator user identity management appliances strengthen enterprise security by simplifying and centralizing the management and

More information

Accelerating 4G Network Performance

Accelerating 4G Network Performance WHITE PAPER Accelerating 4G Network Performance OFFLOADING VIRTUALIZED EPC TRAFFIC ON AN OVS-ENABLED NETRONOME INTELLIGENT SERVER ADAPTER NETRONOME AGILIO INTELLIGENT SERVER ADAPTERS PROVIDE A 5X INCREASE

More information

SOLUTION GUIDE. Hybrid WAN Solutions with FortiWAN. The cost-effective way to deliver the WAN bandwidth and redundancy your organization demands

SOLUTION GUIDE. Hybrid WAN Solutions with FortiWAN. The cost-effective way to deliver the WAN bandwidth and redundancy your organization demands SOLUTION GUIDE Hybrid WAN Solutions with FortiWAN The cost-effective way to deliver the WAN bandwidth and redundancy your organization demands Overview Almost every organization faces the need for increased

More information

INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests

INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests INDEPENDENT VALIDATION OF FORTINET SOLUTIONS NSS Labs Real-World Group Tests INDEPENDENT VALIDATION OF FORTINET SOLUTIONS Introduction Organizations can get overwhelmed by vendor claims and alleged silver

More information

Mobility and cellular networks

Mobility and cellular networks Mobility and cellular s Wireless WANs Cellular radio and PCS s Wireless data s Satellite links and s Mobility, etc.- 2 Cellular s First generation: initially debuted in Japan in 1979, analog transmission

More information

Load Balancing Microsoft Exchange 2013 with FortiADC

Load Balancing Microsoft Exchange 2013 with FortiADC Load Balancing Microsoft Exchange 2013 with FortiADC Highly Available, High Performing, and Scalable Deployment with FortiADC D-Series Appliances Exchange 2013 and Application Delivery Microsoft Exchange

More information

NTT DOCOMO Technical Journal. Core Network Infrastructure and Congestion Control Technology for M2M Communications

NTT DOCOMO Technical Journal. Core Network Infrastructure and Congestion Control Technology for M2M Communications M2M 3GPP Standardization Further Development of LTE/LTE-Advanced LTE Release 10/11 Standardization Trends Core Network Infrastructure and Congestion Control Technology for M2M Communications The number

More information

Mobile IPv6 deployment opportunities in next generation 3GPP networks. I. Guardini E. Demaria M. La Monaca

Mobile IPv6 deployment opportunities in next generation 3GPP networks. I. Guardini E. Demaria M. La Monaca Mobile IPv6 deployment opportunities in next generation 3GPP networks I. Guardini E. Demaria M. La Monaca Overview of SAE/LTE Terminology SAE (System Architecture Evolution): core network/system aspects

More information

Whitepaper. 10 Metrics to Monitor in the LTE Network. www.sevone.com blog.sevone.com info@sevone.com

Whitepaper. 10 Metrics to Monitor in the LTE Network. www.sevone.com blog.sevone.com info@sevone.com 10 Metrics to Monitor in the LTE Network The deployment of LTE increases dependency on the underlying network, which must be closely monitored in order to avert serviceimpacting events. In addition, the

More information

ehrpd Mike Keeley Market Segment Director

ehrpd Mike Keeley Market Segment Director ehrpd Mike Keeley Market Segment Director Agenda ehrpd What, Why, and When? ehrpd s Impact on the Core Network ehrpd s Impact on the Mobile Device Verifying ehrpd works 2 Acronyms AAA AN BSC EAP- AKA ehrpd

More information

IP-based Mobility Management for a Distributed Radio Access Network Architecture. helmut.becker@siemens.com

IP-based Mobility Management for a Distributed Radio Access Network Architecture. helmut.becker@siemens.com IP-based Mobility Management for a Distributed Radio Access Network Architecture helmut.becker@siemens.com Outline - Definition IP-based Mobility Management for a Distributed RAN Architecture Page 2 Siemens

More information

FortiGate. Accelerated security for mid-enterprise and branch office. Designed for today s network security requirements

FortiGate. Accelerated security for mid-enterprise and branch office. Designed for today s network security requirements DATA SHEET FortiGate 300D and 500D Accelerated security for mid-enterprise and branch office FortiGate FortiGate 300D and 500D Accelerated security for mid-enterprise and branch office With cyber threats

More information

Mobile Devices Security: Evolving Threat Profile of Mobile Networks

Mobile Devices Security: Evolving Threat Profile of Mobile Networks Mobile Devices Security: Evolving Threat Profile of Mobile Networks SESSION ID: MBS-T07 Anand R. Prasad, Dr.,ir., Selim Aissi, PhD Objectives Introduction Mobile Network Security Cybersecurity Implications

More information

WHITE PAPER. Empowering the MSSP. Part 2: End To End Security Services Ecosystem

WHITE PAPER. Empowering the MSSP. Part 2: End To End Security Services Ecosystem WHITE PAPER Empowering the MSSP Part 2: End To End Security Services Ecosystem Introduction Responding to Real World Customer Needs An increasing number of SMBs and enterprises plan to spend more of their

More information

FortiGate/FortiWiFi -90D Series Enterprise-Grade Protection for Smaller Networks

FortiGate/FortiWiFi -90D Series Enterprise-Grade Protection for Smaller Networks FortiGate/FortiWiFi -90D Series Enterprise-Grade Protection for Smaller Networks FortiGate/FortiWiFi-90D Series consolidated security appliances deliver comprehensive enterprise-class protection for remote

More information

Supporting mobility in the RAN cloud

Supporting mobility in the RAN cloud Supporting mobility in the RAN cloud Michael Fitch BT 23 rd October 2012 Cloud basics On-Demand Self-Service A consumer can provision computing capabilities, such as server time and network storage, automatically

More information

Long-Term Evolution. Mobile Telecommunications Networks WMNet Lab

Long-Term Evolution. Mobile Telecommunications Networks WMNet Lab Long-Term Evolution Mobile Telecommunications Networks WMNet Lab Background Long-Term Evolution Define a new packet-only wideband radio with flat architecture as part of 3GPP radio technology family 2004:

More information

Contents VULNERABILITIES OF MOBILE INTERNET (GPRS), 2014

Contents VULNERABILITIES OF MOBILE INTERNET (GPRS), 2014 VULNERABILITIES OF MOBILE INTERNET (GPRS) Dmitry Kurbatov Sergey Puzankov Pavel Novikov 2014 Contents 1. Introduction 2. Summary 3. Mobile network scheme 4. GTP protocol 5. Searching for mobile operator

More information

Simplified network architecture delivers superior mobile broadband

Simplified network architecture delivers superior mobile broadband White paper Simplified network architecture delivers superior mobile broadband Profitable wireless broadband with Internet-HSPA Contents 3 Executive Summary 4 Mobile data traffic is growing strongly 5

More information

FortiCarrier Systems Specialized Security for Service Providers

FortiCarrier Systems Specialized Security for Service Providers DATASHEET FortiCarrier Systems Specialized Security for Service Providers As the communications industry continues its convergence toward an all-ip model, service providers of all types are challenged

More information

Overview. Where other. Fortinet protects against the fullspectrum. content- and. without sacrificing performance.

Overview. Where other. Fortinet protects against the fullspectrum. content- and. without sacrificing performance. Overview Fortinet pioneered an innovative, high performance network security solution that addresses the fundamental problems of an increasingly bandwidth-intensive network environment and a more sophisticated

More information

Fortinet Secure Wireless LAN

Fortinet Secure Wireless LAN Fortinet Secure Wireless LAN A FORTINET SOLUTION GUIDE www.fortinet.com Introduction to Wireless Security Broad adoption of IEEE 802.11n has created a complex wireless landscape with proliferating mobile

More information

Disaster Recovery with Global Server. Load Balancing

Disaster Recovery with Global Server. Load Balancing DATA SHEET FortiADC D-Series Application Delivery Controllers FortiADC D-Series FortiADC 200D, 700D, 1500D, 2000D and 4000D Application Delivery Controllers The FortiADC D-series of Application Delivery

More information

10 METRICS TO MONITOR IN THE LTE NETWORK. [ WhitePaper ]

10 METRICS TO MONITOR IN THE LTE NETWORK. [ WhitePaper ] [ WhitePaper ] 10 10 METRICS TO MONITOR IN THE LTE NETWORK. Abstract: The deployment of LTE increases dependency on the underlying network, which must be closely monitored in order to avert service-impacting

More information

Trends in Mobile Network Architectures 3GPP LTE Mobile WiMAX Next Generation Mobile Networks Dr.-Ing. Michael Schopp, Siemens Networks

Trends in Mobile Network Architectures 3GPP LTE Mobile WiMAX Next Generation Mobile Networks Dr.-Ing. Michael Schopp, Siemens Networks Trends in Mobile Network Architectures 3GPP LTE Mobile WiMAX Next Generation Mobile Networks Dr.-Ing. Michael Schopp, Siemens Networks Outline 1 Next Generation Mobile Networks 2 New Radio Access Network

More information

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation

More information

Virtualization techniques for redesigning mobile backhaul networks: challenges and issues. Fabrice Guillemin Orange Labs, IMT/IMT/OLN/CNC/NCA

Virtualization techniques for redesigning mobile backhaul networks: challenges and issues. Fabrice Guillemin Orange Labs, IMT/IMT/OLN/CNC/NCA Virtualization techniques for redesigning mobile backhaul networks: challenges and issues Fabrice Guillemin Orange Labs, IMT/IMT/OLN/CNC/NCA MobiArch 2015 September 7, 2015 Outline 1 2 3 Introduction Convergent

More information

Telecommunication Services Engineering (TSE) Lab. Chapter III 4G Long Term Evolution (LTE) and Evolved Packet Core (EPC)

Telecommunication Services Engineering (TSE) Lab. Chapter III 4G Long Term Evolution (LTE) and Evolved Packet Core (EPC) Chapter III 4G Long Term Evolution (LTE) and Evolved Packet Core (EPC) http://users.encs.concordia.ca/~glitho/ Outline 1. LTE 2. EPC architectures (Basic and advanced) 3. Mobility management in EPC 4.

More information

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used

More information

An Oracle White Paper December 2013. The Time for Diameter Is Now: Why Service Providers Should Implement Diameter Today

An Oracle White Paper December 2013. The Time for Diameter Is Now: Why Service Providers Should Implement Diameter Today An Oracle White Paper December 2013 The Time for Diameter Is Now: Why Service Providers Should Implement Diameter Today Introduction There is little secret about how smartphones and tablets are affecting

More information

SAE and Evolved Packet Core

SAE and Evolved Packet Core SAE and Evolved Packet Core Farooq Bari Seattle Communications (COM-19) Society Chapter Nov. 13, 2008 1 SAE/EPS Background Around 2005, 3GPP RAN groups initiated the LTE work and in parallel the SAE work

More information

Advantages of Consolidating Network Security with Wireless for Small & Mid-Size Businesses

Advantages of Consolidating Network Security with Wireless for Small & Mid-Size Businesses Advantages of Consolidating Network Security with Wireless for Small & Mid-Size Businesses Patrick Bedwell VP, Product Marketing 1 Copyright 2014 Fortinet Inc. All rights reserved. Today s Agenda Security

More information

Integrating Lawful Intercept into the Next Generation 4G LTE Network

Integrating Lawful Intercept into the Next Generation 4G LTE Network Integrating Lawful Intercept into the Next Generation 4G LTE Network All telecommunication providers that currently or plan to provide 4G LTE service to their customers must consider significant changes

More information

464XLAT in mobile networks

464XLAT in mobile networks STRATEGIC WHITE PAPER IPv6 migration strategies for mobile networks To cope with the increasing demand for IP addresses, most mobile network operators (MNOs) have deployed Carrier Grade Network Address

More information

Security MWC 2014. 2013 Nokia Solutions and Networks. All rights reserved.

Security MWC 2014. 2013 Nokia Solutions and Networks. All rights reserved. Security MWC 2014 2013 Nokia Solutions and Networks. All rights reserved. Security Ecosystem overview Partners Network security demo + End-user security demo + + + + NSN end-to-end security solutions for

More information

Implementing LTE International Data Roaming

Implementing LTE International Data Roaming Implementing International Data Roaming Data Roaming Standardization Implementing International Data Roaming On completion of EPC standardization at 3GPP, specifications for international roaming between

More information

Introduction to Evolved Packet Core

Introduction to Evolved Packet Core S T R A T E G I C W H I T E P A P E R Introduction to Evolved Packet Core This white paper provides a brief introduction to Evolved Packet Core a new mobile core for LTE. Herein, key concepts and functional

More information

Managed 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service

Managed 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service Solution Overview Managed 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service What You Will Learn With the arrival of the fourth-generation (4G) or Long Term Evolution (LTE) cellular wireless

More information

UMTS/GPRS system overview from an IP addressing perspective. David Kessens Jonne Soininen

UMTS/GPRS system overview from an IP addressing perspective. David Kessens Jonne Soininen UMTS/GPRS system overview from an IP addressing perspective David Kessens Jonne Soininen Introduction 1) Introduction to 3GPP networks (GPRS, UMTS) Technical overview and concepts for 3GPP networks Mobility

More information