[VOIPSEC] VoIP, Firewalls and NATs

[Shrikant Latkar]

Juniper Networks also offers FW and IPS appliances that have ALG based
security for H.323 and SIP. Our IPS and FW systems have received
numerous awards for their performance in VoIP deployment.

We have done interop with Avaya and other vendors for the ALGs.

Shrikant
-----------------
Date: Fri, 10 Feb 2006 09:22:56 -0700
From: "Boswell, Jason S (Jason)" <jboswell at lucent.com>
Subject: Re: [VOIPSEC] VoIP, Firewalls and NATs
To: "'Christopher A. Martin'" <chris at InfraVAST.com>, Arturo Servin
	<aservin at itesm.mx>
Cc: Voipsec at voipsa.org
Message-ID:
	
<81FC03339A3F6B4DB2D80276126BE855B7651B at co7010exch002u.ih.lucent.com>
Content-Type: text/plain;	charset="iso-8859-1"

Lucent's VPN Firewall Brick also does full ALG inspection of SIP and
H323.
Lots of security vendors offer ALG-level firewalls, but, in my opinion,
you
have to focus on vendors that are involved with specific solutions.
There
are still a lot of problems with trying to make a firewall into an SBC,
which is essentially what you are trying to do in certain situations.
The
reason I say it depends on the solution is that different vendors seem
to
have done more testing with certain solutions than others.  SIP is still
rather unconstrained, so you run into different gotchas depending on the
devices in the solution.  So, a Cisco might work well with AcmePackets
but
might not with Kagoor.  A Lucent firewall might be great with a
Broadworks
solution but not with another one.  Sonus might have a problem with
certain
firewalls but not others.  (just throwing names out there, not trying to
make specific claims).

Hope that helps.

-Jason Boswell
*******