Security Gateways

Security Gateways (Gateways without carrier license) can be deployed at these interfaces:

Interface

Located Between

Description

Gi/SGi

Home PLMN and Internet

Protects the network from threats originating from the Internet, such as the Overbilling attack.

Go

GGSNs and CSCF SIPserver

Protects the CSCFClosed Call Session Control Function. A set of roles for SIP servers or proxies that handle SIP signal packets in the IP Multimedia Subsystem (IMS). (Call Session Control Function) SIP server and enforces the SIP protocol. A major feature of this Gateway is RTP pinholing - i.e., it dynamically follows the negotiated RTP sessions, opening only the UDP ports required.

S11

eNodeB, MME and SGW

Inspects SCTPClosed Stream Control Transmission Protocol, SCTP was defined as a transport protocol for SS7 messages to be transmitted over IP networks. and DiameterClosed An authentication, authorization and accounting protocol that has many features not included in the legacy RADIUS protocol. performs IPSec encryption on GTPClosed GPRS Tunnel Protocol.-U traffic.

Note - Mobile to mobile IMS communications can also be protected by the Gateway on the Go interface. To do so, mobile to mobile traffic must be routed from the GGSNClosed Gateway GSN (GPRS Support Node). to the Gateway and back to the GGSN.