Security Edge Protection Proxy

5G compliant with 4G /3G/2G interworking capabilities

The Next Generation Core (NGC) of the 5G Service Based Architecture is build on HTTP/2 signaling. In such a design it is mandatory to offer services, connectivity and security when it is required. One single signaling bus will be used for all signaling services, meaning that message prioritization, throttling, overload protection and routing should be done by one entity.

The Security Edge Protection Proxy (SEPP) is the network element in the 5G Next Generation Core that will be handling all of those functions. In an ideal world, this entity should be an add-on to the existing DRA and/or STP which runs virtualized in your datacenter.

Mapping the problems
Introduction of IT network technologies to mobile services
Establish connectivity in the Service Based Architecture when it is required
Protect the Next Generation Core network slices against attacks
Traffic management of the Service Based Architecture
Routing optimization in and between the network slices
Securing the Core
Interworking with legacy network (3G/4G)
Due to congestion and overload, services could be unavailable
No communication with new activate network slice
Attacks, unauthorized senders, ... could interrupt the services
disrupted service due to 5G coverage issues
How we solve this

Introducing a Security Edge Protection Proxy (SEPP) into the heart and edge of the Next Generation Core Network, will simplify the managing of your Service Based Architecture traffic and resolve all operational issues. Through a centralized orchestrator, you will be able to forward, manipulate and protect your HTTP/2 traffic between all network slices and external Networks. As a Mobile Operator, you will be in control of the traffic flows and you will remain vendor independent in rolling out new 5G services.


The SEPP is in a unique position to help operators understand and resolve challenges, namely in the areas below:

  • HTTP/2 traffic management in the SBA

  • Load balancing

  • Traffic prioritization

  • Routing selection

  • Network function degradation and failures

  • Interoperability EPS/5GS & Diameter/HTTP

  • Control of congestion and overload

  • Limit outage during upgrades and maintenance


Single solution to manage signaling in 5G and LTE, 3G and 2G

SEPP should be an add-on to existing DRA and STP to simply routing policy


Easy to configure and maintain service flows

GUI based services orchestration configurable through service logic


SEPP as add-on to existing DRA/STP

Software component integrated with existing DRA and/or STP


Key Take-Aways