[VOIPSEC] VoIP, Firewalls and NATs

Boswell, Jason S (Jason) jboswell at lucent.com
Fri Feb 10 10:22:56 CST 2006 

Lucent's VPN Firewall Brick also does full ALG inspection of SIP and H323.
Lots of security vendors offer ALG-level firewalls, but, in my opinion, you
have to focus on vendors that are involved with specific solutions.  There
are still a lot of problems with trying to make a firewall into an SBC,
which is essentially what you are trying to do in certain situations.  The
reason I say it depends on the solution is that different vendors seem to
have done more testing with certain solutions than others.  SIP is still
rather unconstrained, so you run into different gotchas depending on the
devices in the solution.  So, a Cisco might work well with AcmePackets but
might not with Kagoor.  A Lucent firewall might be great with a Broadworks
solution but not with another one.  Sonus might have a problem with certain
firewalls but not others.  (just throwing names out there, not trying to
make specific claims).

Hope that helps.

-Jason Boswell

 -----Original Message-----
From: 	Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]  On
Behalf Of Christopher A. Martin
Sent:	Saturday, February 04, 2006 10:00 AM
To:	Arturo Servin
Cc:	Voipsec at voipsa.org
Subject:	Re: [VOIPSEC] VoIP, Firewalls and NATs

 << File: ATT4629847.txt >> For robustness Ingate offers the best of breed
in this area, as they are 
proxy based.

Cisco, Netscreen, and Checkpoint offer application level gateway 
solutions, as well as linksys (also cisco).

Microappliances also had a proxy solution but I have not heard much from 
them on their product in some time.

These are all good starting points if you are performing research.

Chris

Arturo Servin wrote:

> 
>
>            I am doing a personal research about VoIP security and the use
>of firewalls, IPS and NAT. I remember some issues a couple of years ago
>specifically with NAT and H.323. I guess there was the same problem with
>SIP. Also I remember a topic in this email list about SIP proxys. Do you
>know if there are still issues with Firewalls/NAT/IPS and VoIP, how the
>vendors and protocols are dealing with this? Any comments?
>
> 
>
>Thanks in advance,
>
>-as
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>  
>

More information about the Voipsec mailing list