SGi/Gi Firewalling – Core Security

Protecting the core network for mobile and fixed service providers

Cyberattacks are hitting operators every day – In the Global Risks Report 2018 by the World Economic Forum Cyberattacks are listed the 3rd most likely and 6th most impactful.

While only a few of the incidents make it all the way to the public press, there are still plenty of examples that have made significant impact – including “TalkTalk hit with record £400k fine over cyber-attack” and “WannaCry a wake-up even for data giants such as Telefónica.”.


Communication Service Providers (CSPs) should act now to take advantage of virtualized security solutions. CSPs are transforming their networks in preparation for higher traffic growth and lower latency – this is the perfect time to take security seriously from the start.

Clavister is World Leader in Virtualized Security for CSPs, build for NFV/SDN networks with validated orchestration compatibilities. This comes with 20 years of cybersecurity experience with large enterprises with key references. With traffic increasing exponentially in service provider networks reducing total cost of ownership per Gbps is key.

The Clavister solution performs >250% better – validated independently and proven in Tier-1 networks. Deployed on the Gi / SGi interface and at the edge of the Next Generation Core (NGC) or virtual Evolved Packet Core (vEPC) this solution offers multiple use-cases to protect the core network of an operator. They include Perimeter Protection with firewall services, Intrusion Detection and Prevention System (IDS/IPS) to inspect traffic for known threats, DDoS detection and traffic shaping strategies to mitigate an attack and finally network slicing to segment the network into several zones to for instance isolate IoT traffic from other traffic and provide specific security and traffic management policies for each slice.

In addition critical network services can be offered right from the firewall including Carrier Grade Network Address Translation (CG-NAT) to handle transformation from IPv4 to IPv6 world for all connected devices, Boarder Gateway Routing (BGP) for failover and redundant links connecting to several peering partners.

Offloading the vEPC or NGC the Clavister SGi/Gi Firewalling solution offers the protection service providers need with a technology advantage that enhances their virtual network strategy and lowers total cost of ownership.



Protect from attacks and intrusions


Lower total cost of ownership


Provide good customer experience

Clavister Service-Based Firewall Report

Heavy Reading Analyst Jim Hodges explains why traditional firewalls are not sufficient for architectures prepairing for 5G and Next Generaiton Core networks.

Topics covered in this white paper include:

  • How the 5G Service Based Architecture (SBA) core network and associated capabilities such as 5G slicing will drive new security enforcement firewall functionality
  • The security firewall requirements associated with managing the 5G cloud-distributed new radio (NR) access network
  • The implication of these technologies on existing cloud-based Firewall as a Service (FWaaS) deployments
  • Clavister’s product strategy for dealing with these new service-driven firewall requirements

Use Cases included in this solution



Network perimeter protection securing IT resources and users


Network Attack Protection

Intrusion detection and prevention system, GeoIP restrictions and denial of service protection



Virtual Models

High performance virtualized security gateways designed for new carrier networks based on NFV/SDN.

Get in touch! It will only take a minute