S9 Security Gateway

Able to handle the largest femtocell and FMC deployments, the GENBAND’s S9^TM Security Gateway is the market’s most scalable platform, reaching up to 1.2 million IPSec tunnels and 3000 tunnels per second set-up with complete High Availability (HA).  The S9 allows mobile operators to offer secure, scalable fixed mobile convergence solutions, including femtocells and FMC/WiFi/WLAN solutions, advancing high quality voice and multimedia services to residential and business subscribers at their homes or places of work. For the mobile operator, femtocells and FMC pose significant security threats since these services typically use the public Internet for communication into the mobile core network.  Use of the Internet for backhauling voice and multimedia traffic exposes the operator’s core network to numerous types of IP-based attacks and exploitations, and user privacy is also at risk of being compromised. The S9 Security Gateway ensures that femtocell/FMC communications can travel securely over untrusted networks like the Internet, into the mobile core network. 

The S9 protects the mobile operator’s network and ensures user privacy by leveraging state-of-the-art security technologies.  Based on a carrier-class Advanced Telecom Computing Architecture (ATCA), the S9 uses purpose-built Security Gateway modules that reside in GENBAND’s 14-slot Integrated Border Gateway chassis.  The S9 offers full HA with sub-second failover and supports hot-swappable components, with in-service platform upgrades.  In femtocell/FMC networks, the S9 provides security, user authentication, mobile-IP connectivity management, secured tunnel management, policy enforcement, and accounting.  It monitors each femtocell/FMC connection for IP intrusion and attacks, and filters and firewalls mobile control protocols.  The S9 manages mobile traffic flows from the femtocell/FMC access point into the mobile core network.  Voice traffic is forwarded to the Mobile Switching Center (MSC) or Call Session Control Function (CSCF) where call treatment takes place, and multimedia traffic is forwarded to the Packet Data Serving Node (PDSN) in a CDMA network or to the Gateway GPRS Support Node (GGSN) in a GSM/UMTS network. 

The S9 Security Gateway enables very high scale along with the choice and flexibility for femtocell/FMC deployment models that best fit the operator’s business and technical requirements.  Open standards compliance with IETF, IMS, and 3GPP/3GPP2 allows flexible options for deploying femtocell/FMC services -- operators can start with a traditional MSC service model and migrate to architectures such as IMS and LTE.  In GSM/UMTS networks, the S9 is a Tunnel Termination Gateway (TTG), and in CDMA networks the S9 functions as the Packet Data Interworking Function (PDIF). The S9 Security Gateway also addresses the technical gaps not addressed by the GGSN or the Packet Data Serving Node (PDSN).