VoIP's firewall challenges
One of the interesting nuggets from SuperComm 2002 was the lip service that large service providers are giving voice over IP. Under pressure from direct enterprise sales of VoIP platforms to their best customers, BellSouth and
VoIP's firewall challenges One of the interesting nuggets from SuperComm 2002 was the lip service that large service providers are giving voice over IP. Under pressure from direct enterprise sales of VoIP platforms to their best customers, BellSouth and others are now offering or planning to offer managed VoIP services from platforms such as Cisco's AVVID equipment. Providers need to keep an eye out for pesky implementation problems that early adopters have discovered. One such issue is the treatment of VoIP in a secure enterprise environment.
At the crux of the problem is the basic enterprise firewall. VoIP problems occur on phone calls that originate in the outside world - a big problem when waiting for someone to call you back
NATAcces VoIP Firewall Technology This unique technology in the company?s Tenor VoIP MultiPath Switches that allows VoIP implementers to keep their VoIP gateways behind NATs and NAT-enabled firewalls. NATAccess performs network address translation within packet payloads during the call set-up process. By providing the outside party's router with the appropriate public IP addresses for internal users, NATAccess allows authorized streaming VoIP traffic?and only authorized traffic?to pass through the firewall.
VoIP Traffic with the PIX Firewall
In this sample configuration, a PIX Firewall is configured in order to allow the traversal of two different Voice over IP
protocols-H.323, and Session Initiation Protocol (SIP). Due to the fact that VoIP protocols are made up of signaling and IP address/port combinations, there are a number of issues with VoIP and Network Address Translations (NAT). The PIX Firewall fixup protocol addresses these issues.
Firewall-Friendly VoIP Secure Gateway
IP telephony services using Voice over Internet
Protocol (VoIP) technologies have rapidly spread over the last several years. Many IP telephony
services have recently been started: for example, consumer IP telephony services provided
by legacy telephone carriers, IP-PBX (Private Branch eXchange) services provided by enterprises,
and IP telephony outsourcing services for enterprises (IP Centrex services) provided by ISPs
carriers. In the case of IP-Centrex services, ISPs/carriers provide not only IP-Centrex services but also
consumer IP telephony services, so ISPs/carriers can provide secure interoperation between an
enterprise IP phone and a consumer IP phone. However, apart from IP-Centrex services, IP-PBX
services cannot interoperate with consumer IP telephony services.
SIP Firewall The challenge Session Initiation Protocol (SIP) has evolved to become the new secured multimedia communications standard for real-time person-to-person IP communications as defined by the Internet Engineering Task Force (IETF). SIP enables users to communicate with each other in real-time on a standards-based protocol resulting in secure, reliable, predictable, and standards-compliant connectivity.
The VoIP SIP is used in a range of applications including:-
* VoIP (Voice Over IP)
* Video Conferencing
* Instant Messaging
* Online Gaming
* Unified Messaging and much more.
VoIP Broadband Firewall Router
This VoIP (802.11g) Firewall Router packs many powerful features into a single box to
allow home and SOHO users to enjoy affordable VoIP calls, while having the mobility and high-speed Internet access. The world-standard Gateway feature
known as ?Least Cost Routing? enables users to choose the best VoIP call
rates provided by various Internet Telephony Service Providers (ITSPs). Two integrated FXS ports provide dual lines for making VoIP calls. An additional
FXO port enables you to make calls via PSTN Fixed-line while providing even faster Internet access sharing. Unparalleled firewall security features such as
SPI, DoS attack prevention, and URL Content Filtering protect your Internet access against attacks by hackers. In addition, the Quality of Service feature
ensures a smooth net connection for inbound and outbound data with minimal traffic congestion.