VoIP (Voice over IP) represents an easily proven, cost-saving technology that many beleaguered IT executives are eager to exploit. Implementation,
however, throws up hurdles, not the least of which is integrating VoIP into an existing security policy, especially the firewall.
The problem with sending VoIP traffic across firewall boundaries is the complex nature of VoIP traffic, especially NAT and
its performance burden.
NAT changes a packet's source address from the private one used on the local network, to a public address that can be routed
over the Internet. In small networks this isn't particularly taxing, but in large networks, the significant muscle and time
associated with routing traffic creates a problem for VoIP traffic across firewall latencies. Fixing this problem requires
tweaking each firewall product for VoIP support, a Herculean task given the multitude of VoIP standards.
Fortunately, a new breed of products is emerging to ease this VoIP-firewall standoff before it becomes pervasive. We reviewed
two self-billed VoIP-capable firewalls geared toward SMBs, the Ingate Firewall 1400 and the SonicWall Pro 2040. Although both
proved effective, the SonicWall device held the advantage, boasting superior firewall capabilities and exceeding Ingate's
SIP-based VoIP deployment limitation.
SonicWall Pro 2040
The 2040 represents a more typical example of VoIP support in a firewall package than does the SIP-dependent Ingate box. SonicWall
has redesigned its software to deal with the performance problems associated with passing VoIP traffic. Further, the company
has also improved on its core firewall offering. Unlike other firewall appliances we've tested at the University of Hawaii, it stood up to every attack we threw at it.
Similar to the Ingate, the SonicWall 2040 is a 1U rack-mountable device with four 10/100 ports. Unlike the Ingate, the SonicWall
is based on a full-powered Intel Pentium III 800MHz CPU and the proprietary SonicOS, which probably accounts for its performance
superiority over the Ingate.
SonicWall is clearly moving away from a port-blocking definition of firewall functionality, leaving this task largely to platforms,
notably desktop-oriented defense packages such as Zone Labs' ZoneAlarm. The message here is one heard from many firewall vendors:
Simple perimeter security isn't enough any more. Network security must be handled in layers, both internally as well as on
the edge.
The 2040 is looking to make its mark in the
areas of NAT, automatic handling of the plethora of existing denial of service attacks, and, finally, in even more simplified
management of VPNs.
The SonicWall fold-out quick-start guide made setup easy. We were able to achieve default configuration quickly and to create
custom rules following the well-documented manual and online help system. SonicWall's Web browser-based management interface
handles configuration, though once again the company has significantly improved this software in a never-ending quest for
ultimate usability.
Our performance tests aimed to gather some basics of the 2040's VPN performance, as well as to gauge how well it managed encryption
processing. Our Spirent TeraVPN tests simulated up to 20 branch office VPN connections. With a well-integrated encryption
chip, SonicWall showed almost no difference in performance between simple single DES encryption and complicated AES-256.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
