VoIP (Voice over IP) represents an easily proven, cost-saving technology that many beleaguered IT executives are eager to exploit. Implementation, however, throws up hurdles, not the least of which is integrating VoIP into an existing security policy, especially the firewall.
The problem with sending VoIP traffic across firewall boundaries is the complex nature of VoIP traffic, especially NAT and its performance burden.
NAT changes a packet's source address from the private one used on the local network, to a public address that can be routed over the Internet. In small networks this isn't particularly taxing, but in large networks, the significant muscle and time associated with routing traffic creates a problem for VoIP traffic across firewall latencies. Fixing this problem requires tweaking each firewall product for VoIP support, a Herculean task given the multitude of VoIP standards.
Fortunately, a new breed of products is emerging to ease this VoIP-firewall standoff before it becomes pervasive. We reviewed two self-billed VoIP-capable firewalls geared toward SMBs, the Ingate Firewall 1400 and the SonicWall Pro 2040. Although both proved effective, the SonicWall device held the advantage, boasting superior firewall capabilities and exceeding Ingate's SIP-based VoIP deployment limitation.
SonicWall Pro 2040
The 2040 represents a more typical example of VoIP support in a firewall package than does the SIP-dependent Ingate box. SonicWall has redesigned its software to deal with the performance problems associated with passing VoIP traffic. Further, the company has also improved on its core firewall offering. Unlike other firewall appliances we've tested at the University of Hawaii, it stood up to every attack we threw at it.
Similar to the Ingate, the SonicWall 2040 is a 1U rack-mountable device with four 10/100 ports. Unlike the Ingate, the SonicWall is based on a full-powered Intel Pentium III 800MHz CPU and the proprietary SonicOS, which probably accounts for its performance superiority over the Ingate.
SonicWall is clearly moving away from a port-blocking definition of firewall functionality, leaving this task largely to platforms, notably desktop-oriented defense packages such as Zone Labs' ZoneAlarm. The message here is one heard from many firewall vendors: Simple perimeter security isn't enough any more. Network security must be handled in layers, both internally as well as on the edge.
The 2040 is looking to make its mark in the
areas of NAT, automatic handling of the plethora of existing denial of service attacks, and, finally, in even more simplified management of VPNs.
The SonicWall fold-out quick-start guide made setup easy. We were able to achieve default configuration quickly and to create custom rules following the well-documented manual and online help system. SonicWall's Web browser-based management interface handles configuration, though once again the company has significantly improved this software in a never-ending quest for ultimate usability.
| Test Center Scorecard | |||||||
|---|---|---|---|---|---|---|---|
 |  |  |  |  |  |  | |
| 25% | 25% | 15% | 15% | 10% | 10% | ||
| Ingate Firewall 1400 | 7 | 8 | 7 | 8 | 7 | 7 |
7.4
Good
|
| 25% | 25% | 15% | 15% | 10% | 10% | ||
| SonicWall Pro 2040 | 9 | 8 | 8 | 8 | 8 | 9 |
8.4
Very Good
|
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
Recommend This
