Is Your Network Ready for VoIP? Evaluating Firewalls for VoIP Access, Control, and Security
To achieve expected benefits from Voice or Video over Internet Protocol (VoIP), organizations must first consider the significant implications for administrative control, end-user access and overall network security. A preliminary step in this process is determining whether the existing firewall is effectively capable of supporting and securing VoIP networking. Fortunately, for some organizations, the firewall they currently have deployed may be capable of providing the functionality required to support and manage a VoIP network. This white paper explores the capabilities required for a VoIP deployment, and demonstrates how SonicWALLŽ VoIP Firewall solutions provide the levels of control, access, and security necessary for converged networks that support voice, video, and data.
The Network Will Never be the Same
With the convergence of voice and video over IP (VoIP), traditional networks will never be the same. The growing acceptance of IP telephony means that people will increasingly place, receive, forward or reject calls based on identity, location or preference. Remote teleworkers will appear to be "plugged in" to the corporate voice and data network. Organizations will source talent from any location, as remote access capabilities enable teleworkers to operate as an integral part of the corporate network. Video and data will accompany calls as content-rich communications become more commonplace. People will use PCs and netbooks to sort and arrange responses using either data "attachments" or non-voice components directly embedded in the stored communication. Adoption of IP communications will accelerate dramatically, based on its increased effectiveness, as well as its superior cost position. VoIP provides a smaller company the ability to operate and appear as a larger company, and the scalability to expand communications across a growing organization quickly.
Before reaping these benefits, however, organizations of all sizes first need to consider significant implications for administrative control, end-user access and overall network security. A preliminary step in this process is determining whether an organization's existing firewall-or its prospective replacement-is effectively capable of providing a converged VoIP network with adequate control, access and security.
A VoIP-Ready Firewall Criteria Checklist
Fortunately, for some organizations, the currently deployed firewall may already be capable of providing the functionality required to support and manage a VoIP network. As detailed in the following sections, besides offering all the standard features of a business class firewall, a VoIP Firewall should be able to provide:
Quality of Service (QoS)
Application Management Firewall
Comprehensive Security against VoIP and common security threats
Reassembly-Free Deep Packet Inspection
Site-to-Site IPSec VPN
SSL VPN Secure Remote Access
Access Considerations for VoIP
VoIP Firewalls can extend access to resources and reduce communications costs by connecting workers at distributed and remote locations via Virtual Private Network (VPN) technology. Remote access is also crucial in business continuity and disaster recovery scenarios.
Site-to-Site IPSec VPN
Organizations can extend access and reduce communications costs by connecting workers at distributed and remote locations with digital telephony devices. A VoIP Firewall can provide IPSec VPN functionality to support site-to-site VoIP traffic between distributed locations over one converged Virtual Private Network (VPN), as opposed to separate networks for each location. For example, a sales representative located in a regional branch may have the same area code and phone number prefix as one located at corporate headquarters, and be able to access four-digit dialing, call forwarding and teleconferencing between sites.
Control Considerations for VoIP
Performance is crucial for voice traffic and other streaming data. To ensure effectiveness, however, a VoIP firewall must include granular control features, without adding latency or burdensome administrative overhead.
Quality of Service (QoS)
Performance is crucial for voice traffic and other streaming data. When VoIP traffic does not receive enough bandwidth, the Quality of Service (QoS) can be degraded, resulting in choppy, echoing, or dropped calls and videoconferences. By garbling business telecommunications, degraded QoS can significantly diminish workforce productivity.
In simple terms, VoIP breaks up phone conversations into separate segments (packets) that can take different routes through network firewalls to their final destination on VoIP phones. A VoIP-ready firewall is able to identify VoIP traffic coming across the network. This allows the firewall to apply policies that give VoIP traffic the highest priority when receiving, inspecting, assembling and accepting VoIP content.
VoIP traffic will only make up part of all of network traffic, so it may not be enough simply to give priority to VoIP traffic to prevent issues. A VoIP firewall will also need to ensure minimum levels of available bandwidth for VoIP by managing how bandwidth is allocated to all network traffic- data, applications and voice. To ensure QoS, VoIP firewalls should be able to block or manage the bandwidth allocated to non-VoIP applications and data (e.g., limiting the bandwidth given to peer-to-peer or streaming video sites such as YouTube), or give VoIP traffic a guaranteed minimum amount of the overall bandwidth available.
Application Management Firewalls
Application firewalls can extend beyond QoS prioritization by enabling administrators to dedicate bandwidth amounts based on specific applications, users and destinations. Administrators can thus guarantee minimum amounts of available bandwidth to VoIP traffic, as well as block or manage the bandwidth allocated to non-VoIP applications and data (e.g., restricting the bandwidth given to peer-to-peer or streaming video sites, such as MySpace and YouTube) that could affect overall network performance and productivity.