IPSec-as-a-Service

Alpha Data’s Azure hosted highly available IPSec-as-a-Service (IPSecaaS) is a managed security model for the deployment, operation, and maintenance of Internet Protocol Security (IPSec) VPN tunnels. This approach eliminates the need for organizations to manage complex VPN infrastructure internally. The service ensures secure data transmission by providing encryption, authentication, integrity validation, and traffic inspection. As a result, it protects data in transit from tampering and ensures it is delivered securely and reliably to the intended destination.

The customer’s on-premises data center (DC) routers/VPN devices will establish IPSec peering with FortiGate firewalls hosted in Microsoft Azure. These FortiGate (SecGW) virtual machines will terminate IPSec tunnels from the customer’s on-prem DCs and securely route traffic to the packet core hosted in customer onPrem DC. The solution leverages Security Gateway (SecGW) functionality using FortiGate to enable secure connectivity for RAN elements, including eNodeBs and gNodeBs, from customer on-premises sites to the packet core over IPSec. The FortiGate VMs will be deployed across two availability zones in Azure to ensure high availability and resilience. The RAN (eNodeBs/gNodeBs) will connect to the SecGW (Azure-hosted FortiGate firewalls) via the customer’s on-prem DC, where IPSec tunnels are established and managed.