Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Firewall as a SIP Server Much more than firewall SIP traversal! Prepared for:Spring VON 2003 Enterprise Solutions By: Karl Erik Ståhl President Intertex.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The Firewall as a SIP Server Much more than firewall SIP traversal! Prepared for:Spring VON 2003 Enterprise Solutions By: Karl Erik Ståhl President Intertex."— Presentation transcript:

1 The Firewall as a SIP Server Much more than firewall SIP traversal! Prepared for:Spring VON 2003 Enterprise Solutions By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB karl.stahl@intertex.se © 2003 Intertex Data AB 1

2 IP Phone Internet SOHO LAN Enterprise LAN We have a “new” network XP PIM But do we use it for person to person communication? Everyone has a connection… Operator Network

3 © 2003 Ingate Systems AB © 2003 Intertex Data AB 3 VoIP as we have seen it… PSTN But no connectivity between the IP clouds! Europe IP US VPN Tunnel IP Gateway Toll Bypass SOFT SWITCH MGCP

4 © 2003 Ingate Systems AB © 2003 Intertex Data AB 4 What about universal connectivity? Wouldn’t that be fine? Black Phone RJ45 LAN Intranet Internet IP Phone PSTN RJ11

5 © 2003 Ingate Systems AB © 2003 Intertex Data AB 5 We have SIP – Session Initiation Protocol An Internet Standard IETF RFC 2543, replaced by new RFC 3261 Used for real time person to person IP Communication VoIP, IP Telephony Audio, Video, Data Collaboration Presence, Instant Messaging Lots of activity, ongoing work and development http://www.cs.columbia.edu/~hgs/sip/ http://www.sipforum.org http://www.sipcenter.com http://www.pulver.com

6 © 2003 Ingate Systems AB © 2003 Intertex Data AB 6 “We need QoS of PSTN…” 3 kHz bandwith? Video? Presence? draft-ietf-simple-presence-07.txt Instant Messaging? RFC3428, December 2002 And more… Is black telephony all we want?

7  Voice & Video (XP) Greenwich includes SIP server with API (3Q3)  Applications will arise Windows Messenger 4.6 and later has SIP-mode  Presence & IM 10:s of millions of RTC (SIP) users within a year 4255551212  Dial to phone  Rich SIP APIs Microsoft is pushing – New RTC is SIP-based

8 © 2003 Ingate Systems AB © 2003 Intertex Data AB 8 The Next Big Usage of the Internet! HTTP created the Web SIP will create IP Communication person to person! SMTP created Email

9 IP Phone PSTN SIP /PSTN Gateway Internet SOHO LAN Business LAN SIP Server IAP XP PIM Firewall/NAT problems! DSL Cable MTU Operator network with NAT NAT Firewall NAT Status until recently: SIP is the Protocol for IP Communication Person to Person, BUT IT DOES NOT REACH THE EDGE! So, why don’t we just connect?

10 © 2003 Ingate Systems AB © 2003 Intertex Data AB 10 What is the difference? Typical Internet protocol (SMTP, HTTP…) Internet HOST SERVER SIP (and H.323…) connects person to person Internet PERSON Locate the person - Set up a session - Open real time media streams

11 © 2003 Ingate Systems AB © 2003 Intertex Data AB 11 SIP Firewall Problems Firewall Problems: Sessions initiated from outside the firewall - OK, open port 5060, but… Media streams on dynamically allocated port numbers - Ooops…  ! Even with public IP addresses inside

12 © 2003 Ingate Systems AB © 2003 Intertex Data AB 12 SIP NAT/PAT Problems NAT & PAT Problems: Where is the device? - Registration/location function Private IP addresses and ports in SIP messages - Rewrite with globally routable addresses IP address and port of media stream has to be modified - NAT engine has to be dynamically controlled Worse with private IP addresses inside

13 © 2003 Ingate Systems AB © 2003 Intertex Data AB 13 Suggested Solutions Dynamically controlled Firewall/NATs Midcom: By Firewall Control Proxy (IETF work) uPnP: By the client (Windows) SIP aware Firewall/NATs (SIP Proxy + Registrar) General, handles complex scenarios [Intertex (SOHO), Ingate (enterprise), …] SIP aware Firewall/NATs (SIP ALG – non Proxy) TLS not possible STUN - Can cope with certain types of existing NATs SIP clients need to get STUN into their SIP stacks Requires STUN servers on the net, RTCP is lost Tunnelling - Connects SIP clients to an operator or a corporate LAN Requires ALG for each client with NATed address Tunnels by IPSec or proprietary

14 Firewall/NAT problems! Firewall/NAT SIP transparency! Office or home LAN IP Phone SIP Server PSTN SIP /PSTN Gateway Operator network with NAT Internet NAT Firewall NAT Enterprise LAN DSL Cable MTU DMZ inGate SIParator SIP Enabling the Private Networks inGate Firewall IP Phone IX66 IAP

15 © 2003 Ingate Systems AB © 2003 Intertex Data AB 15 Adding General SIP Traversal to a Firewall Important components: Firewall & NAT Dynamic Firewall Engine SIP Proxy SIP Proxy Server, controlling the firewall User Location SIP Registrar, user location information Firewall Control Protocol Communication between SIP Proxy and firewall In the Ingate and Intertex products: You got a SIP server! Use it just for firewall traversal AND/OR as your - SIP Server - Outgoing proxy - Inbound proxy What have you got?

16 Internet Just Another Internet Service… Enterprise LAN XP inGate Firewall PSTN SIP /PSTN Gateway DNS SRV DMZ inGate SIParator XP Ingate Linköping LAN IX66 Intertex Stockholm LAN Sweden IX66 FWD Booth #301 IX66 SIP Forum Booth #210 USA Sweden IX66 Home Office Users SOHO LAN IX66 XP San Jose Booth #520

17 IP Communications Using IP Networks Intranet IP VPN with IP communications Domestic and global IP communications PBX and PSTN – E.164 resolution Customer Premises PBX PSTN Phone Managed Services Router Vmail OSS SIP Phone WorldCom PSTN Dialing Plans Network GWY Conf PSTN Phone IM IN Enterprise Gateway SIP Routing Firewall SIP Server IP VPN Global IP Comm Intranet IP Comm …other… Many call routing options: Private/Public IP address DNS and DNS SRV records SIP aware NAT/PAT servers Henry Sinnreich 4/10/2002 WorldCom Public IP Network

18 IP Communications Using IP Networks PBX PSTN Phone Managed Services Router Vmail OSS SIP Phone WorldCom PSTN Dialing Plans Network GWY Conf PSTN Phone IM IN Enterprise Gateway SIP Routing Firewall SIP Server IP VPN Global IP Comm Intranet IP Comm …other… Integration with existing phones SIP Capable Firewall Ingate and Intertex First through SIT Customer Premises No IP PBX Needed! Enhanced Functionality Enterprise LAN WorldCom Public IP Network

19 Firewall Presence IM Greenwich Edge Proxy DMZ Microsoft Greenwich Home Server: Presence IM Audio Video Data Col. TLS

20 © 2003 Ingate Systems AB © 2003 Intertex Data AB 20 Product Examples – Ingate Systems AB Complete Firewalls Add-on to Existing Firewalls  Firewall & NAT/PAT  SIP Proxy  SIP Registrar Enterprise Products DMZ Existing Firewall SIParator

21 © 2003 Ingate Systems AB © 2003 Intertex Data AB 21 Product Examples – Intertex Data AB IX66 Internet Gate with or without ADSL modem built-in OEM as: Telia SurfinBird Gate PowerBit SafeGate Review at: www.adslguide.org.uk/hardware/reviews/2002/q1/intertex_ix66-edflc.asp SOHO Products

22 © 2003 Ingate Systems AB © 2003 Intertex Data AB 22 The Intertex IX66 Internet Gate A closer look  Firewall & NAT/PAT Router  SIP Proxy and Registrar  DHCP Server and Client  WEB Server for configuration  Smart Card Reader for security applications  Optional 802.11b Wireless Lan  SIP Appliance Control, LAC via expansion port Optional ADSL and Splitter Built-in

23 © 2003 Ingate Systems AB © 2003 Intertex Data AB 23 SIP Capable Firewalls! Ingate Systems AB www.ingate.com Box 10013, Slakthusplan 4 SE-121 26 Stockholm, Sweden CEO Olle Westerberg olle.westerberg@ingate.com Tel +46 8 6007750 Intertex Data AB www.intertex.se Rissneleden 45 SE-174 44 Sundbyberg, Sweden President Karl Erik Ståhl karl.stahl@intertex.se Tel +46 8 6282828

Download ppt "The Firewall as a SIP Server Much more than firewall SIP traversal! Prepared for:Spring VON 2003 Enterprise Solutions By: Karl Erik Ståhl President Intertex."

Similar presentations

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
1 TURN Server for WebRTC in the Firewall © 2014 Ingate Systems AB Prepared for:Ingates SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl.

1 TURN Server for WebRTC in the Firewall © 2014 Ingate Systems AB Prepared for:Ingates SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl.
Enterprise-Centric UC Live Unified Communication Beyond the Borders © 2010 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingates SIP Trunk-UC.

Enterprise-Centric UC Live Unified Communication Beyond the Borders © 2010 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingates SIP Trunk-UC.
Open Standards: Communications at Your Desktop SmartCity Summit, April 29 th, 2003 Anne L. Coulombe Head of SIP-Based Solutions, Mitel Networks

Open Standards: Communications at Your Desktop SmartCity Summit, April 29 th, 2003 Anne L. Coulombe Head of SIP-Based Solutions, Mitel Networks
Mobility: Connecting Remote Workers TeliaSonera SIP Trunking Deployment © 2011 Intertex Data AB Prepared for:Ingate Systems 3 Day Seminar Unified Communications:

Mobility: Connecting Remote Workers TeliaSonera SIP Trunking Deployment © 2011 Intertex Data AB Prepared for:Ingate Systems 3 Day Seminar Unified Communications:
From Voice on the Net to Real Time Communications Jawad Khaki Vice President Windows Networking & Communications Microsoft Corporation.

From Voice on the Net to Real Time Communications Jawad Khaki Vice President Windows Networking & Communications Microsoft Corporation.
Intertex Data AB, Sweden VoIP to the Edge: Firewalls - The Missing Link Prepared for:Voice On the Net, Fall 2001 By: Karl Erik Ståhl President Intertex.

Intertex Data AB, Sweden VoIP to the Edge: Firewalls - The Missing Link Prepared for:Voice On the Net, Fall 2001 By: Karl Erik Ståhl President Intertex.
1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,

1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
TANDBERG Video Communication Server March 2008. TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.

TANDBERG Video Communication Server March TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.

IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.
© 2012 Intertex Data AB 1 Needs Show Up in Islands Person-to-person, real-time related: + IM, Presence, + SMS (2G, 3G…) (Wireless only!?) + Skype (call.

© 2012 Intertex Data AB 1 Needs Show Up in Islands Person-to-person, real-time related: + IM, Presence, + SMS (2G, 3G…) (Wireless only!?) + Skype (call.
WebRTC & SIP E-SBC PBX Companion

WebRTC & SIP E-SBC PBX Companion
The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.

The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.
Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.

Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.

Similar presentations

Ads by Google