Ingate and SonicWall answer the call for securing VoIP

VPN performance was good in this version of the 2040. One important difference between it and previous iterations is the new VPN Wizard, which organizes VPN configuration into plain English with a wonderful, context-sensitive help system that takes much of the mystery out of the process.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

Another nice feature, exemplifying SonicWall's newfound VoIP friendliness, is the updated address management piece, including policy-based NAT, which is so important to VoIP-sensitive NAT traversal. Because VoIP sessions are dynamic, they require fast firewall NAT processing, and the SonicWall 2040 delivers in this department. This allows users to run either SIP or H.323-based audio, video, or VoIP traffic over the device without the headache of tweaking firewall performance.

As far as call quality is concerned, after hooking the SonicWall into our lab's SIP-based VoIP network and making a few tweaks to the SonicWall's NAT management screen, we enjoyed clear calls from Hawaii to Las Vegas.

The Sonicwall Pro 2040 represents a serious shift in the firewall appliance landscape with less emphasis on traditional perimeter port-blocking defenses and far more emphasis on intelligent traffic management, specific attack defenses, and ever better ease-of-use. Add in things such as fourth port fail-over, load balancing, and object-based management, and you have features normally only found in hugely expensive security devices.

Ingate Firewall 1400

Of the two firewall platforms reviewed, the Ingate Firewall 1400 represents the most complete VoIP-oriented solution -- as long as you're running a SIP-based VoIP system. In addition to being a capable SMB firewall, the 1400 includes a full SIP proxy and SIP registrar as standard features. The box is certainly adequate for typical firewall usage, but its voice orientation and its associated licensing policies will intrigue potential buyers.

The 1400 is a 1U, rack-mounted, Celeron-based device capable of supporting up to 1,000 SIP users and (optionally) 100 concurrent VPN tunnels. Ingate has left one particularly notable omission: None of the 1400's four network interfaces are GbE-capable, nor can they be upgraded. Additionally, the box cannot support a redundant power supply. To get these features, you'll need to purchase the higher-end 1880.

Unlike the SonicWall, the Ingate's initial configuration takes place at the command line, but Ingate's documentation makes this process relatively easy. All subsequent management tasks can be accomplished through the unit's browser-based interface.

On the SIP front, the Ingate 1400 packs a powerful punch. Not only does the firewall understand SIP and its associated security issues, its SIP registrar handles SIP-user and domain administration. The appliance also has a SIP proxy to manage incoming SIP requests, and it supports SIP-tolerant versions of NAT, PAT (Port Address Translation), and TLS (Transport Layer Security). The latter is handy for encrypting SIP conversations, solving many customers' worries about the security of VoIP-based phone calls.