Green-logo
Green-logo

Our High-Performing Core Network

Fully virtualizable on VMware, K8S, Docker and OpenStack containers

Security Edge Protection Proxy(SEPP)

SEPP (Security Edge Protection Proxy) is a key element in 5G core networks, enabling secure and trusted communication across operator boundaries. It plays a vital role in supporting 5G roaming and inter-PLMN interoperability by safeguarding control-plane signaling between networks.

Positioned at the edge of the operator’s core network, SEPP filters, mediates, and protects signaling messages exchanged with partner operators. Through the standardized N32 interface, SEPP applies encryption, integrity protection, and policy enforcement to ensure signaling confidentiality and trust.

Request a Demo
Download
Security Edge Protection Proxy(SEPP)

Key Benefits

380cf5e734

A fully software-based solution by design

67d1c6a00b

Centralized and standardized IT integration

8e82b3364f

Easy to operate with standardized processes across domains

ce24ac166d

Centralized and standardized utilization of common network functions

ee115ca98e

Single capacity license with flexible traffic allocation across supported protocols

773702f2c1

Built-in support for interworking and interoperability

IPLOOK's SEPP For MNO roaming between standalone 5G cores (5GC)

IPLOOK's SEPP For MNO roaming between standalone 5G cores (5GC)

  • The IPLOOK SEPP enables operators to achieve end-to-end confidentiality and integrity for designated message elements between the source and destination networks. It offers unique flexibility through an extensive, integrated set of routing and service creation capabilities. It supports the relevant standards as well as HTTP/2-based signaling scenarios.
  • The IPLOOK SEPP is a purpose-built, single-engine software product – not an afterthought, project, or patchwork solution. It enables operators to consolidate network functions, operations, management, and licenses.

Video Series

Features

Support for the N32-f and N32-c interfaces

On-board session database key negotiation

Support for Transport Layer Security (TLS)

Support for security key management and lookup

Supports message modification instruction inclusion via the JSON PATCH method

Support for remote SEPP authorization and authentication

Support for topology hiding

Support for load balancing

Support for egress/ingress limitation

Optional (on-board) support for:

  • IPLOOK Steering Of Roaming (SoR)
  • IPLOOK SS7 Firewall (SS7FW)
  • IPLOOK Diameter Firewall (DFW)
  • IPLOOK Number Portability (NP)
  • IPLOOK Equipment Identity Register (EIR)
  • IPLOOK Diameter Signaling Controller (DRA, DEA, IWF)
  • IPLOOK 5G Service Communication Proxy (SCP)
  • IPLOOK 5G Security Edge Protection Proxy (SEPP)

On-board non-volatile database for key repository and storage

Powerful any-to-any interworking across all supported protocols (including SS7, Diameter, RADIUS, HTTP, LDAP, ENUM, etc.)

Single-view reporting, GUI-based management, and provisioning

Flexible licensing across all supported protocols, not just HTTP/2

Support for PRINS (Protocol for N32 Interconnect Security, JWE/JWS) – ongoing standardization developments in progress

Support for malformed N32 message detection

Support for anti-spoofing mechanisms

Support for high-availability and geo-redundant deployment models

Full GUI-based signaling orchestration and system management with configurable service logic – no scripting or development needed

FAQ

What is the primary role of a SEPP in a 5G Core (5GC) network?

The Security Edge Protection Proxy (SEPP) acts as a non-transparent proxy at the edge of the 5G Core network. Its primary role is to secure inter-PLMN (Public Land Mobile Network) roaming by protecting the control-plane signaling messages exchanged via the N32 interface. It ensures that sensitive data remains encrypted and untampered with as it travels between different mobile operators.

IPLOOK’s SEPP provides a robust security layer through:

  • Encryption & Integrity: Utilizing Transport Layer Security (TLS) and supporting the PRINS protocol (JWE/JWS) for secure interconnect.
  • Topology Hiding: Concealing the internal structure of the operator's core network from external entities.
  • Anti-Spoofing & Detection: Built-in mechanisms to detect malformed N32 messages and prevent signaling fraud.

Unlike "patchwork" or "afterthought" solutions, IPLOOK’s SEPP is a purpose-built, single-engine software product. For a CTO or Network Architect, this means:

  • Lower Complexity: Avoids the integration headaches of stacking multiple legacy products.
  • Consolidated Operations: Centralizes management, licensing, and reporting into a single view.
  • Future-Proofing: Native support for 5G HTTP/2-based signaling ensures compliance with evolving 3GPP standards.

Yes. One of the unique strengths of the IPLOOK SEPP is its Any-to-Any interworking capability. It supports powerful signaling orchestration across all major protocols, including SS7, Diameter, RADIUS, HTTP, LDAP, and ENUM. This allows operators to manage legacy roaming and 5G roaming through a unified gateway.

IPLOOK offers a Single Capacity License with flexible traffic allocation. Unlike traditional vendors that charge per-protocol or per-interface, this model allows operators to shift capacity across supported protocols (e.g., from Diameter to HTTP/2) as their network migrates toward 5G Standalone (SA), significantly reducing Total Cost of Ownership (TCO).

Absolutely. The solution is designed for mission-critical environments, supporting:

  • Load Balancing: Efficiently distributing signaling traffic to prevent bottlenecks.
  • Egress/Ingress Limitation: Protecting the core network from signaling storms or DDoS attacks.
  • High Availability (HA): Support for geo-redundant deployment models to ensure 99.999% reliability for roaming services.

IPLOOK’s SEPP is part of a modular ecosystem. Operators can enable optional "on-board" support for:

  • Steering of Roaming (SoR) to optimize roaming partner selection.
  • SS7/Diameter Firewalls for comprehensive signaling security.
  • Equipment Identity Register (EIR) and Number Portability (NP).
  • SCP (Service Communication Proxy) for advanced 5G signal routing.

Yes. The solution features a Full GUI-based management and provisioning system. It eliminates the need for complex command-line configurations, providing single-view reporting and signaling orchestration. This standardized IT integration ensures that operations teams can monitor and adjust roaming policies with minimal training.

Related Products

Short Message Service Function(SMSF)

Short Message Service Function(SMSF)

N3IWF (Non-3GPP InterWorking Function)

N3IWF (Non-3GPP InterWorking Function)

Network Slice Selection Function(NSSF)

Network Slice Selection Function(NSSF)

Network Repository Function(NRF)

Network Repository Function(NRF)

Network Exposure Function(NEF)

Network Exposure Function(NEF)

Policy Control Function(PCF)

Policy Control Function(PCF)

Unified Data Management(UDM) / Authentication Server Function(AUSF)

Unified Data Management(UDM) / Authentication Server Function(AUSF)

Binding Support Function(BSF)

Binding Support Function(BSF)

Session Management Function(SMF)

Session Management Function(SMF)

Access and Mobility Management Function(AMF)

Access and Mobility Management Function(AMF)

User Plane Function(UPF)

User Plane Function(UPF)

5G Core Network(5GC)

5G Core Network(5GC)

Get Your Product Brochure

Please fill in your name and email to access the product PDF.

Meet IPLOOK at MWC Asia 2026 ×