Products
3G/4G/5G Converged Core
5GC
UPF SMF AMF UDM/AUSF PCF NSSF NEF NRF SEPP N3IWF
EPC
ePDG (VoWiFi) Compact EPC MME HLR/HSS GGSN/SGW/PGW PCRF
IMS
VoLTE VoNR MCX
Mobile Signaling
STP DRA GTP-Router USSD SMSC
Billing
OSS/BSS CHF AAA
Solutions
MNO Solution
MVNO Solution
WISP Solution
Private LTE Solution
E2E Wireless Solution
MEC Solution
NB-IoT Solution
Satellite Solution
5G NTN Solution
Cases
Resource
FAQ
Datasheet
Support
About Us
About Us
Leadership
Gallery
Exhibition
Association
Partners
News
Company News
Events
Press Releases
Contact Us
English
中文版
Español
Français

Home / Products / 5GC / Security Edge Protection Proxy(SEPP)

Security Edge Protection Proxy(SEPP)

SEPP (Security Edge Protection Proxy) is a crucial component of the 5G roaming security architecture. It facilitates user roaming and interoperability with other operators, handling message filtering and policy management on the control plane interface between operators. SEPP primarily functions as a boundary gateway between the control planes of operators' core networks.

SEPPs establish connections and enforce protection policies via the N32 interface, processing each control-plane message in cross-network signaling. The N32 interface is divided into two sub-interfaces based on its purpose: N32-c and N32-f. N32-c is used for the initial handshake process between two SEPPs, including capability negotiation and parameter exchange. N32-f is responsible for transmitting securely protected SBI messages between the two SEPPs.
Request a demo
Security Edge Protection Proxy(SEPP)
RELATED ARTICLE
What is 5G Security Edge Protection Proxy (SEPP)?
The Security Edge Protection Proxy (SEPP) is a proxy that sits at the perimeter of the PLMN network and enables secured communication between inter-PLMN network messages. It protects the home network and acts as a security gateway. Located at the edge of the network, it manages connections between the home network and the visited networks.
Learn more
Key Benefits
A fully software-based solution by design
A fully software-based solution by design
Centralized and standardized IT integration
Centralized and standardized IT integration
Easy to operate with standardized processes across domains
Easy to operate with standardized processes across domains
Centralized and standardized utilization of common network functions
Centralized and standardized utilization of common network functions
Single capacity license with flexible traffic allocation across supported protocols
Single capacity license with flexible traffic allocation across supported protocols
Built-in support for interworking and interoperability
Built-in support for interworking and interoperability
IPLOOK's SEPP 
For MNO roaming between standalone 5G cores (5GC)
The IPLOOK SEPP enables operators to achieve end-to-end confidentiality and integrity for designated message elements between the source and destination networks. It offers unique flexibility through an extensive, integrated set of routing and service creation capabilities. It supports the relevant standards as well as HTTP/2-based signaling scenarios. 
The IPLOOK SEPP is a purpose-built, single-engine software product – not an afterthought, project, or patchwork solution. It enables operators to consolidate network functions, operations, management, and licenses.
5GC SEPP
Features
 
Support for the N32-f and N32-c interfaces
On-board session database key negotiation
Support for Transport Layer Security (TLS)
Support for security key management and lookup
Supports message modification instruction inclusion via the JSON PATCH method
Support for remote SEPP authorization and authentication
Support for topology hiding
Support for load balancing
Support for egress/ingress limitation
Optional (on-board) support for:
»  IPLOOK Steering Of Roaming (SoR)
»  IPLOOK SS7 Firewall (SS7FW) 
»  IPLOOK Diameter Firewall (DFW) 
»  IPLOOK Number Portability (NP)
»  IPLOOK Equipment Identity Register (EIR)
»  IPLOOK Diameter Signaling Controller (DRA, DEA, IWF)
»  IPLOOK 5G Service Communication Proxy (SCP)
»  IPLOOK 5G Security Edge Protection Proxy (SEPP)
On-board non-volatile database for key repository and storage
Powerful any-to-any interworking across all supported protocols (including SS7, Diameter, RADIUS, HTTP, LDAP, ENUM, etc.)
Single-view reporting, GUI-based management, and provisioning
Flexible licensing across all supported protocols, not just HTTP/2
Support for PRINS (Protocol for N32 Interconnect Security, JWE/JWS) – ongoing standardization developments in progress
Support for malformed N32 message detection
Support for anti-spoofing mechanisms
Support for high-availability and geo-redundant deployment models
Full GUI-based signaling orchestration and system management with configurable service logic – no scripting or development needed
Related Products
User Plane Function(UPF)
User Plane Function(UPF)
The User Plane Function (UPF) represents the data plane evolution of a Control and User Plane Separation (CUPS) strategy, which is a fundamental component of the 3GPP 5G core network(5GC).

The UPF plays the most critical role in the process of data transfer. It provides the interconnect point between the mobile infrastructure and the Data Network (DN), i.e. encapsulation and decapsulation of GTP-U.
Learn More
Network Exposure Function(NEF)
Network Exposure Function(NEF)
NEF, located between the 5G core network and external third-party application functionaries (and possibly some internal AFs), is responsible for managing the external open network data, and all external applications that want to access the internal data of the 5G core must pass through the NEF.

By opening the network capability to third-party applications, it can realize the friendly connection between network capability and business requirements, improve business experience and optimize network resource allocation.
Learn More
Network Repository Function(NRF)
Network Repository Function(NRF)
NRF, one of the network functions of the 5G core network(5GC). It supports the service discovery feature, which receives NF discovery requests from NF instances and provides information about the discovered NF instance (discovered) to another NF instance. Registration information includes NF type, address, service list, etc.
Learn More
Network Slice Selection Function(NSSF)
Network Slice Selection Function(NSSF)
Network slicing is a key native capability of 5G that can maximize the performance of communication networks and reduce network construction and operation and maintenance costs, and it has become an industry consensus that 'slicing is capability and slicing is product' in the 5G era.
The core network, as a key anchor point for network differentiation and operation, has emerged as a more important network in the 5G era, providing the ability to deploy network functions and resources on-demand to meet the diverse business needs of future vertical industries.
Learn More
Unified Data Management(UDM) / Authentication Server Function(AUSF)
Unified Data Management(UDM) / Authentication Server Function(AUSF)
UDM: The same as 4G’ s HSS (Home Subscriber Services), UDM is a centralized way to process network user data in 5G through Nudm interfaces to provide services for AMF, SMF, SMSF, AUSF, NEF and GMLC. It also provides services such as authorization of accessing, registration, uninterrupted services.

AUSF: As a major part of 5GC to facilitate security processes, AUSF performs the authentication function of identifying UEs and storing authentication keys.
Learn More
Policy Control Function(PCF)
Policy Control Function(PCF)
The 5G PCF performs the same function as the PCRF in 4G networks.

• Provides policy rules for control plane functions. This includes network slicing, roaming and mobility management.
• Accesses subscription information for policy decisions taken by the UDR.
• Supports the new 5G QoS policy and charging control functions.
Learn More
Session Management Function(SMF)
Session Management Function(SMF)
SMF is a fundamental element of the 5G Service-Based Architecture (SBA). The SMF keeps trace of PDU sessions and QoS Flows in the 5GC for UEs and make sure their states and status are in sync between Network Functions in Control and User Planes.

It also receives PCC (Policy and Charging Control) Rules from PCF (Policy Charging Function) and convert PCC Rules into SDF Templates, QoS Profiles and QoS Rules for UPF, gNB and UE respectively for QoS Flows establishment, modification and release etc.
Learn More
Access and Mobility Management Function(AMF)
Access and Mobility Management Function(AMF)
AMF terminates the control plane of different access networks onto the 5G Core Network(5GC) and control which UEs can access the 5GC to exchange traffic with DNs. It also manages the mobility of UEs when they roam from one gNB to another for session continuity, whenever possible.
Learn More
N3IWF (Non-3GPP InterWorking Function)
N3IWF (Non-3GPP InterWorking Function)
N3IWF (Non-3GPP InterWorking Function) is responsible for connecting untrusted non-3GPP access network to 5GC. UE and N3IWF establish an IPSec tunnel, N3IWF connects to the User Plane and Control Plane of 5GC through N2 interface and N3 interface separately.
Learn More
User Plane Function(UPF)
User Plane Function(UPF)
The User Plane Function (UPF) represents the data plane evolution of a Control and User Plane Separation (CUPS) strategy, which is a fundamental component of the 3GPP 5G core network(5GC).

The UPF plays the most critical role in the process of data transfer. It provides the interconnect point between the mobile infrastructure and the Data Network (DN), i.e. encapsulation and decapsulation of GTP-U.
Learn More
Network Exposure Function(NEF)
Network Exposure Function(NEF)
NEF, located between the 5G core network and external third-party application functionaries (and possibly some internal AFs), is responsible for managing the external open network data, and all external applications that want to access the internal data of the 5G core must pass through the NEF.

By opening the network capability to third-party applications, it can realize the friendly connection between network capability and business requirements, improve business experience and optimize network resource allocation.
Learn More
Network Repository Function(NRF)
Network Repository Function(NRF)
NRF, one of the network functions of the 5G core network(5GC). It supports the service discovery feature, which receives NF discovery requests from NF instances and provides information about the discovered NF instance (discovered) to another NF instance. Registration information includes NF type, address, service list, etc.
Learn More
Network Slice Selection Function(NSSF)
Network Slice Selection Function(NSSF)
Network slicing is a key native capability of 5G that can maximize the performance of communication networks and reduce network construction and operation and maintenance costs, and it has become an industry consensus that 'slicing is capability and slicing is product' in the 5G era.
The core network, as a key anchor point for network differentiation and operation, has emerged as a more important network in the 5G era, providing the ability to deploy network functions and resources on-demand to meet the diverse business needs of future vertical industries.
Learn More
Unified Data Management(UDM) / Authentication Server Function(AUSF)
Unified Data Management(UDM) / Authentication Server Function(AUSF)
UDM: The same as 4G’ s HSS (Home Subscriber Services), UDM is a centralized way to process network user data in 5G through Nudm interfaces to provide services for AMF, SMF, SMSF, AUSF, NEF and GMLC. It also provides services such as authorization of accessing, registration, uninterrupted services.

AUSF: As a major part of 5GC to facilitate security processes, AUSF performs the authentication function of identifying UEs and storing authentication keys.
Learn More
Policy Control Function(PCF)
Policy Control Function(PCF)
The 5G PCF performs the same function as the PCRF in 4G networks.

• Provides policy rules for control plane functions. This includes network slicing, roaming and mobility management.
• Accesses subscription information for policy decisions taken by the UDR.
• Supports the new 5G QoS policy and charging control functions.
Learn More
Session Management Function(SMF)
Session Management Function(SMF)
SMF is a fundamental element of the 5G Service-Based Architecture (SBA). The SMF keeps trace of PDU sessions and QoS Flows in the 5GC for UEs and make sure their states and status are in sync between Network Functions in Control and User Planes.

It also receives PCC (Policy and Charging Control) Rules from PCF (Policy Charging Function) and convert PCC Rules into SDF Templates, QoS Profiles and QoS Rules for UPF, gNB and UE respectively for QoS Flows establishment, modification and release etc.
Learn More
Access and Mobility Management Function(AMF)
Access and Mobility Management Function(AMF)
AMF terminates the control plane of different access networks onto the 5G Core Network(5GC) and control which UEs can access the 5GC to exchange traffic with DNs. It also manages the mobility of UEs when they roam from one gNB to another for session continuity, whenever possible.
Learn More
N3IWF (Non-3GPP InterWorking Function)
N3IWF (Non-3GPP InterWorking Function)
N3IWF (Non-3GPP InterWorking Function) is responsible for connecting untrusted non-3GPP access network to 5GC. UE and N3IWF establish an IPSec tunnel, N3IWF connects to the User Plane and Control Plane of 5GC through N2 interface and N3 interface separately.
Learn More
Contact Us
Send us a message with the form below. We will contact you as soon as possible.
*
*
*
*
By submitting this form, I acknowledge and agree that IPLOOK may process my personal data in accordance with its data privacy policy. I reserve the right to withdraw my consent at any time by emailing sales@iplook.com.
GET IN TOUCH WITH OUR EXPERTS
GET IN TOUCH WITH OUR EXPERTS
Tell us your business needs, and we' ll find the perfect solution.
Book a free consultation
GET IN TOUCH WITH OUR EXPERTS
GET IN TOUCH WITH OUR EXPERTS
Tell us your business needs, and we' ll find the perfect solution.
Book a free consultation
Services Sales