Currently, telecommunications networks, especially telecommunications networks such as public land mobile networks, are comparably complex. The traffic from a remote site (or typically distributed sites), especially a radio base station, needs to pass several firewalls before reaching the destination, e.g. a central network node of the core network of the public land mobile network such as a network management system (NMS), a public key infrastructure system (PKI-system), or another network entity. All firewalls on the way to the destination need to be well configured, as otherwise the communication is blocked.
Presently, the following principles apply to firewall configurations:    currently, the configuration of the firewall entities is a manual process,    especially in heterogeneous environments (different firewall types/suppliers, different responsibilities, etc.), each firewall is to be configured separately (often one after the other),    a central configuration system for all firewalls is not possible and/or will need manual adaptation from one firewall supplier to another firewall supplier as well as partly from one firewall software release to another firewall software release.
This means that the configuration efforts to assure that the firewall entities in the telecommunications network remain up to date and in an operational state is somehow detrimental to realising a dynamic configuration and re-configuration as well as an automation in the configuration and re-configuration of Internet Protocol networks.
Presently, the following principles apply to end-systems or remote network nodes such as radio base stations:    network elements, e.g. remote network node such as radio base stations, are using certificates to establish an IPSec-tunnel and gain access to the central sites. To get access to the backbone networks, the network elements, e.g. radio base stations such as eNodeBs, is presenting a certificate to the IPSec-gateway; the IPSec-gateway is checking the certificate and if the result is positive, the remote network element can establish an IPSec-tunnel and access the backbone,    the initial certificate is provided to the network element during the plug and play process by a public key infrastructure system,    at least partially, it happens that the configuration of firewalls is forgotten or that the configuration of firewalls is applied incorrectly, e.g. by using a wrong interface.    at least partially, the deletion of firewall rules that are no longer needed is forgotten or not covered in the operational and maintenance process, so that the firewall rule set will only increase, but not decrease if some communication relations are not needed anymore.