Network mobility (NEMO) is an important requirement for internet networks to reach the goal of ubiquitous connectivity. With NEMO basic support protocols, correspondent entities suffer from a number of limitations and problems that prevent route-optimization procedures to be established between the correspondent nodes and mobile network nodes associated with NEMO. The goal is to alleviate the signaling load and execute the route-optimization steps on behalf of the correspondent entities that are not sophisticated enough to support route optimization. This paper introduces a new architecture that uses firewall as a new entity with new mobility filtering rules and acts as root certificate server supporting PKI infrastructure. The PKI-firewall executes the route-optimization procedure on behalf of these correspondent entities depends on CA distributed to its mobile end nodes. User entities is reachable via optimized path approved by mobile node or user CA As a result of completing the above procedure, performance degradation will be reduced, especially when signaling storm occurs; applying these modifications will increase the security, availability and scalability of NEMO optimization and enable wider NEMO deployment. An analytical model is used to validate the new proposed framework and understand the behavior of this framework under different network scenarios.