Service Domain Security

Protect business critical systems within the core network

The Service Domain of a Communications Service Provider’s network hosts critical services such as DNS servers for address translation, IMS platforms for Voice over LTE (VoLTE) and Voice-Mail servers for messaging applications. These servers are critical to providing a good customer experience and need to therefor be protected from overload risks. In addition, a lot of sensitive data is passing through these servers and they need therefor extra protection from threats from outside and from within the network itself.


Service Domain Security

The solution includes dedicated firewall platforms providing protection with more intelligence. The firewall understands the signaling and can perform inspection and validation on a deep level. For DNS services a DNS Application Layer Gateway (ALG) is screening all requests and enable blocking of malicious traffic. For IMS platforms the firewall includes a back-2-back user-agent performing stateful handling, inspection and validation of SIP signaling.

For secure traffic request to for instance a Secure Webservices server the firewall is able to host the certificate of the destination server inside the firewall, enabling it to decrypt the traffic and preforming full inspection before delivering the requests to the web-severs. This not only enables a layer of security it also offloads the web-server infrastructure as encryption there is now optional.

With this layer of protection in front of the service domain the CSP can be sure that all traffic is screened and validated. In addition, traffic overload situations can be mitigated using smart shaping strategies.



Protects critical systems


Protect privacy


Protect the network from disturbances

Clavister Service-Based Firewall Report

Heavy Reading Analyst Jim Hodges explains why traditional firewalls are not sufficient for architectures prepairing for 5G and Next Generaiton Core networks.

Topics covered in this white paper include:

  • How the 5G Service Based Architecture (SBA) core network and associated capabilities such as 5G slicing will drive new security enforcement firewall functionality
  • The security firewall requirements associated with managing the 5G cloud-distributed new radio (NR) access network
  • The implication of these technologies on existing cloud-based Firewall as a Service (FWaaS) deployments
  • Clavister’s product strategy for dealing with these new service-driven firewall requirements

Use Cases included in this solution

Network Attack Protection

Intrusion detection and prevention system, GeoIP restrictions and denial of service protection


Control Signalling Validation

Gateway function for specific signalling validation including GTP and SCTP


Virtual Models

High performance virtualized security gateways designed for new carrier networks based on NFV/SDN.

Get in touch! It will only take a minute