[VOIPSEC] Voipsec Digest, Vol 14, Issue 11

Erwin Davis erwin.davis at gmail.com
Fri Feb 10 14:22:55 CST 2006 

Hi, Jason,

What are the problems to make a firewall into SBC?
Any resources related to those problems? Thanks,

e



Message: 3
> Date: Fri, 10 Feb 2006 09:22:56 -0700
> From: "Boswell, Jason S (Jason)" <jboswell at lucent.com>
> Subject: Re: [VOIPSEC] VoIP, Firewalls and NATs
> To: "'Christopher A. Martin'" <chris at InfraVAST.com>, Arturo Servin
>         <aservin at itesm.mx>
> Cc: Voipsec at voipsa.org
> Message-ID:
>         <
> 81FC03339A3F6B4DB2D80276126BE855B7651B at co7010exch002u.ih.lucent.com>
> Content-Type: text/plain;       charset="iso-8859-1"
>
> Lucent's VPN Firewall Brick also does full ALG inspection of SIP and H323.
> Lots of security vendors offer ALG-level firewalls, but, in my opinion,
> you
> have to focus on vendors that are involved with specific solutions.  There
> are still a lot of problems with trying to make a firewall into an SBC,
> which is essentially what you are trying to do in certain situations.  The
> reason I say it depends on the solution is that different vendors seem to
> have done more testing with certain solutions than others.  SIP is still
> rather unconstrained, so you run into different gotchas depending on the
> devices in the solution.  So, a Cisco might work well with AcmePackets but
> might not with Kagoor.  A Lucent firewall might be great with a Broadworks
> solution but not with another one.  Sonus might have a problem with
> certain
> firewalls but not others.  (just throwing names out there, not trying to
> make specific claims).
>
> Hope that helps.
>
> -Jason Boswell
>
> -----Original Message-----
> From:   Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]  On
> Behalf Of Christopher A. Martin
> Sent:   Saturday, February 04, 2006 10:00 AM
> To:     Arturo Servin
> Cc:     Voipsec at voipsa.org
> Subject:        Re: [VOIPSEC] VoIP, Firewalls and NATs
>
> << File: ATT4629847.txt >> For robustness Ingate offers the best of breed
> in this area, as they are
> proxy based.
>
> Cisco, Netscreen, and Checkpoint offer application level gateway
> solutions, as well as linksys (also cisco).
>
> Microappliances also had a proxy solution but I have not heard much from
> them on their product in some time.
>
> These are all good starting points if you are performing research.
>
> Chris
>
> Arturo Servin wrote:
>
> >
> >
> >            I am doing a personal research about VoIP security and the
> use
> >of firewalls, IPS and NAT. I remember some issues a couple of years ago
> >specifically with NAT and H.323. I guess there was the same problem with
> >SIP. Also I remember a topic in this email list about SIP proxys. Do you
> >know if there are still issues with Firewalls/NAT/IPS and VoIP, how the
> >vendors and protocols are dealing with this? Any comments?
> >
> >
> >
> >Thanks in advance,
> >
> >-as
> >
> >_______________________________________________
> >Voipsec mailing list
> >Voipsec at voipsa.org
> >http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >
> >
> >
> >
>
>
>
>
>

More information about the Voipsec mailing list