Sign in to follow this  
Followers 0

Why Linphone didn't work...

2 posts in this topic

This is for BoBB in particular, but others should find it of interest:

1. What's the significance of VoIP-enabled firewalls in terms of the problems they address and how much impact they can have on an end user's network? Are current-generation products up to the challenge?

The key problem to be addressed is that voice traffic-whether H.323 or SIP Session Initiation Protocol-uses unpredictable, dynamically-assigned UDP port numbers to carry voice packets. To support such VoIP traffic, administrators would have to leave thousands of port numbers open, creating a huge security "hole" in their firewalls. This isn't an issue for the H.323 or SIP control messages used for call control or initial call setup, since firewalls can leave these few well-known ports open. The problem is what to do for RTP Real-Time Protocol packets associated with calls that originate from outside the firewall. This is all further complicated by the widespread use of NAT Network Address Translation, which requires mapping of IP addresses embedded within VoIP call control packets.

Multiple solutions have become available. For example, you can use an external H.323 or SIP proxy server product that can "tunnel" VoIP traffic through known firewall ports, or have the proxy instruct the firewall which UDP ports to open on a per-call basis. Alternatively, these same functions can be embedded in the firewall itself, with an integral proxy server telling the firewall which ports to open as needed.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0