mail icon

With Managed Firewall/VPN, you benefit from basic port handling and many other functions, such as dynamic routing, performance tuning, site-to-site and client-to-site VPN, packet shaping, Network Address Translation, zone-based policy, stateful inspection and virtual Local Area Network.

Network Adress Translation (NAT)

Network Address Translation changes the IP address information of packets at the firewall. This means that, during a session, the firewall is the only instance that receives all the address information.

Stateful inspection

Stateful inspection covers the areas of spoofing and packet filtering. Spoofing refers to methods that are used to suppress authentication and identity procedures if these are based on the use of trusted addresses or host names in network protocols.

Packet filtering is a dynamic filtering technique that assigns every data packet to a specific session. The packets are analysed and saved in dynamic condition tables. Packets that cannot be assigned to pre-defined contacts or may belong to a DoS attack are discarded.

Zone-based policy

With a zone-based policy, the source and destination addresses are checked and the provision of a source and a destination zone additionally requested. If a source is not in the assigned zone, the firewall discards the packet.

VPN (client-to-site and site-to-site)

The two protocols IPSec and SSL-VPN ensure a secure connection between two sites (site-to-site) or between a user and a site (client-to-site).

Virtual local area network (VLAN)

A VLAN is a logical partial network within a physical network. With this, the data packets from the firewall, router and switches are forwarded to the relevant partial networks. VLAN interfaces are just as secure as physical interfaces.

Packet and traffic shaping

With traffic shaping or packet shaping, you prioritise the network and specify the minimum and maximum bandwidth. These actions initiate applications or protocols on the basis of the selected packets. In addition, you have the option to determine transmission directions and time restrictions.

Performance tuning

With performance tuning, you achieve the system’s maximum performance. For this, an optimal and current policy is required, as well as specific settings on the firewall.

Recurring services

Health Monitoring and Incident Management

Swisscom guarantees that health incidents are processed within the defined service level times. If a security device cannot be reached, Swisscom resolves the problem and informs you immediately.

Security Incident Monitoring and Management

The service collects events and generates security incidents based on the automatic threat analyses. These are divided into different classes: insufficient info, harmful attack, false positive, forensics and offline analysis. Insufficient info and harmful attacks are analysed by a specialist; all others are logged.


In the MSS-i dashboard you can compile extensive reports in accordance with your needs and call them up in real time or download them as PDF files.

I want to know more about the Security Dashboard and reporting.

Change Management

Changes to security devices is part of the service. These can be initiated in the MSS-i dashboard at any time. For example, firewall rule changes (rules, NAT, objects, groups), firewall system adjustments (VLAN, interfaces, routing) and site-to-site or client-to-site adjustments (encryption domain, encryption algorithm).

Release and Patch Management

Swisscom regularly tests manufacturers’ patches and releases and, following approval, implements them automatically.

Configuration and Backup Management

Swisscom takes care of all current configurations and ensures that backups are stored securely and clearly. This allows older configurations to be restored at any time if required.

Life Cycle Management

Swisscom uses only hardware and software that is state of the art.

How you benefit

You know that your firewall is always up to date.

You can integrated the service into your structure and supplement it with module at any time.

You benefit from real-time monitoring by renowned security experts.