1 Installing Ingate Solutions in the Enterprise © 2014 Ingate Systems AB Prepared for:Ingate’s SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl Erik Ståhl CEO Ingate Systems AB (and Intertex Data AB, now merged) INGATE RESELLER DAY: SIP Trunking and Beyond

2 IX78 E-SBC Enterprise Line of E-SBCs *) Calls = Concurrent RTP Sessions = SIP Trunks 150/400/1000 Calls* 500/700/900 Mbit/s /80 000/ Packets/s 50 Calls* 200 Mbit/s Packets/s 1800/3000/8000 Calls* 4 500/ 4 500/ Mbit/s / / Packets/s Software Firewall/SIParator ® Calls* Can be installed on a virtual machine or natively x86 Linux Servers (industry-standard PC architecture) 50 Calls* 90 Mbit/s Packets/s  Ingate Firewalls and SIParators® – E-SBC  From 50 to simultaneous calls (with media)  Used in a wide variety of SIP Trunking installations  NAT/Firewall traversal  Superior SIP Normalization  Multi level security, incl. SIP IDS/IPS  QoS (Quality of Service)  Failover configurations Ingate IX78 for operator volume deployments

© 2012 Intertex Data and Ingate Systems Confirmed Interoperability: Ingate & Intertex SIP Trunk Providers IP-PBXs SIP Trunk Compliant with  Aastra  Aastra/Ericsson MX One  Adtran UC Server  Digium/Asterisk  Avaya Aura  Avaya IP Office  Avaya SES/CM  Avaya QE  Brekeke  Broadsoft  Cisco  Fonality  HP/3Com -VCX  Innovaphone  Interactive Intelligence  Iwatsu  LG Nortel  Microsoft OCS  Mitel  NEC / Sphere  Nortel BCM  Nortel SCS  Objectworld  Panasonic  Samsung  SER  Shoretel  Siemens  SIP-Gear  Swyx More in pipeline....  360 Networks  Airespring  AT&T  BandTel  Bandwidth.com  Broadvox  BT (British Telecom)  Cablevision  Cbeyond  Cellip  Comm Partners  Cordia Corporation  Deltacom  Excel Switching  Gamma Telecom  GEOS  Global Crossing  IP-Only  Nectar  Level 3  Netlogic  Netsolutions  Nexvortex  Nuvox  O1  One Communications  Paetec  Primus  RNK Telecom  Skype  TDC  Telavox  Tele2  Tele Pacific  Teletek  TeliaSonera  Toplink  Tritel  VoEX  Voice Flex  VoIP Unlimited  Voxbone  Voxitas  XeloQ More in pipeline... Carrier Equipment  Acme Packet  Broadsoft  Genband  Sonus  Sylantro  SER  NSN More in pipeline…

The IP-PBX Trunk Must Meet Service Provider Trunk Data LAN only PBX with system system phones phones PBX Type 1.5 VoIP & Data LAN PBX Type 2 IP- PBX PBX Few PBXs are of this type. Asterisk with firewall (IPtables /NETfilter) can be compiled and configured this way, but requires a lot. Why may an SBC be required to connect a PBX? 1)NAT/Firewall Traversal – Must NAT to same address space! 2)Basic SIP and Network Interoperability - E.g. Authentication, Registrations, UDP/TLS/TCP, Dynamic IP address, etc. 3)SIP Repair - E.g. Call Transfer, Fragmented packets, Bugs, etc. 4)Features - E.g. Remote Users, Administration (remote and local) 5)Security - E.g. Will LAN be opened? Is the PBX designed to be public? VoIP & Data LAN IP- PBX PBX PBX Type 1 Modern IP-PBXs are of this type. Media goes directly between phone and SIP Trunk.  SIP Trunk Interface   Signaling: Media: SIP Trunk PSTN SIP Trunking Provider Network GW SIP System 2) 3) 4) 5) IX781) 2) 3) 4) 5)

© 2012 Intertex Data and Ingate Systems 5 PSTN Public Internet SIP Trunking Provider GW SIP System Data & VoIP LAN IP-PBX Demarcation point of service and bringing SIP communication to the LAN Soft Clients and Multimedia Terminals Intertex IX78 Intertex IX78 Simply Presents the SIP Trunking Service on the Customer’s Protected Combined VoIP & Data LAN, Ready for any PBX to Use Firewall Remote Users

© 2012 Intertex Data and Ingate Systems 6 PSTN Public Internet SIP Trunking Provider GW SIP System Data & VoIP LAN IP-PBX Demarcation point of service and bringing SIP communication to the LAN Soft Clients and Multimedia Terminals Intertex IX78 … or from an Extra IP Connection, still in Parallel with an Existing, non SIP Aware Firewall Firewall Remote Users

© 2012 Intertex Data and Ingate Systems 7 PSTN Public Internet SIP Trunking Provider GW SIP System Data & VoIP LAN IP-PBX Demarcation point of service and bringing SIP communication to the LAN Soft Clients and Multimedia Terminals Intertex IX78 Remote Users … or the Intertex IX78 can be the Company Firewall, presenting the Customer with a Protected Combined VoIP & Data LAN, Ready to use!

Proposed Setup for the DOCSIS Network PSTN Public Internet SIP Trunk Provider GW SIP System IP- PBX NAT/ Firewall CMTS Bridge for Existing NAT/ Firewall (non SIP aware) Cable Modem IX78 E-SBC  Plug in existing firewall to Ethernet port 4 on the IX78 (bridged connection to the WAN)  IX78 WAN SIParator will handle QoS (backing off firewall’s data traffic if required)  WAN SIParator 2 – requires two IP addresses, one for the firewall, another for the IX78  WAN SIParator 1 – requires only one IP address, shared between the IX78 and the firewall  DHCP or fixed WAN IP address(es) Data & VoIP LAN Easy and advantageous installation using advanced WAN SIParator mode

© 2012 Intertex Data and Ingate Systems 9 Installation Wizard SIP Trunking Made Easy

The SIP Trunking Installation Wizard  jkjjk

Ingate Firewall & SIParator Extracts From Product Training SIP Trunking Focused

Ingate Startup Tool Startup Tool  “Out of the Box” setup and commissioning of the Firewall and SIParator products  Update current configuration  Product Registration and unit Upgrades, including Software and Licenses.  Automatic selection of ITSP and IP-PBX  Backup of Startup Tool database  Located at FREE!

Ingate Startup Tool Startup Tool - Network Topology  Firewall or SIParator deployment type  Inside (Eth0) - Private  Outside (Eth1) - Public  Default Gateway  DNS Server

Ingate Startup Tool Startup Tool – IP-PBX  Select IP-PBX  Provide IP Address

Ingate Startup Tool Startup Tool – ITSP_1  Select Trunking Provider  Account Information

Ingate Startup Tool Startup Tool – Upload Config  Login to web GUI and apply settings  Upload

Ingate Startup Tool Startup Tool – Apply the Config  The Startup Tool will launch a browser to have the installer Apply the Configuration.

Configuration: Network & Basics

Programming: Network Networks & Computers  Provides a view of the Network connected on each interface as a Routing Table.

Programming: Basic Configuration Access Control  Provides configuration for HTTP and HTTPS access.

Programming: SIP Services

Interoperability  Common deviations from the standard

Programming: SIP Traffic Dial Plan “Dial Plan”  Combine the From Header, Request-URI and Forward To tables in the Dial Plan table.

Programming: SIP Traffic Routing “DNS Override for SIP Requests”  Enter SIP domains to which traffic should be sent, but which for some reason cannot be looked up using DNS.

Programming: SIP Traffic User Routing  SIP Accounts (Clients) that need to be routed to a IP-PBX.  To Header Routing can be used here with a

Programming: SIP Traffic SIP Status  Shows current SIP activity

SIP Trunk Group

Programming: SIP Trunk SIP Trunk Configuration – SIP Trunk Parameters  ITSP Address/Domain  Interop Parameters  Ingate Behaviours  TGP  Media Behaviour

Programming: SIP Trunk SIP Trunk Configuration – Main & PBX & SIP Lines  Main Trunk Line  Default Attributes  PBX Line  Individual matching to individual characteristics

Programming: SIP Trunk SIP Trunk Configuration – PBX Trunk  Define IP-PBX location  Define other attributes for Ingate behaviour to IP-PBX

SECURITY

Troubleshooting

Logging Configuration  SIP Events will ensure SIP calls are logged.

Troubleshooting Logging & Tools  Display # Rows/Page  Show Newest on Top  Select SIP Log Attributes  Select “Show internal SIP Signaling”

Troubleshooting Packet Capture  Creates a Wireshark PCAP network trace.  Network Interface Selection – All Interfaces  Start – Stop - Download