The Network Will Never be the Same

With the convergence of voice and video over IP (VoIP), traditional networks will never be the same. The growing acceptance of IP telephony means that people will increasingly place, receive, forward or reject calls based on identity, location or preference. Remote teleworkers will appear to be "plugged in" to the corporate voice and data network. Organizations will source talent from any location, as remote access capabilities enable teleworkers to operate as an integral part of the corporate network. Video and data will accompany calls as content-rich communications become more commonplace. People will use PCs and netbooks to sort and arrange responses using either data "attachments" or non-voice components directly embedded in the stored communication. Adoption of IP communications will accelerate dramatically, based on its increased effectiveness, as well as its superior cost position. VoIP provides a smaller company the ability to operate and appear as a larger company, and the scalability to expand communications across a growing organization quickly.

Before reaping these benefits, however, organizations of all sizes first need to consider significant implications for administrative control, end-user access and overall network security. A preliminary step in this process is determining whether an organization's existing firewall-or its prospective replacement-is effectively capable of providing a converged VoIP network with adequate control, access and security.

A VoIP-Ready Firewall Criteria Checklist

Fortunately, for some organizations, the currently deployed firewall may already be capable of providing the functionality required to support and manage a VoIP network. As detailed in the following sections, besides offering all the standard features of a business class firewall, a VoIP Firewall should be able to provide:

Quality of Service (QoS)
Application Management Firewall
Comprehensive Security against VoIP and common security threats
Reassembly-Free Deep Packet Inspection
Robust Manageability
Site-to-Site IPSec VPN
SSL VPN Secure Remote Access
High Performance

Access Considerations for VoIP

VoIP Firewalls can extend access to resources and reduce communications costs by connecting workers at distributed and remote locations via Virtual Private Network (VPN) technology. Remote access is also crucial in business continuity and disaster recovery scenarios.

Site-to-Site IPSec VPN

Organizations can extend access and reduce communications costs by connecting workers at distributed and remote locations with digital telephony devices. A VoIP Firewall can provide IPSec VPN functionality to support site-to-site VoIP traffic between distributed locations over one converged Virtual Private Network (VPN), as opposed to separate networks for each location. For example, a sales representative located in a regional branch may have the same area code and phone number prefix as one located at corporate headquarters, and be able to access four-digit dialing, call forwarding and teleconferencing between sites.

Control Considerations for VoIP

Performance is crucial for voice traffic and other streaming data. To ensure effectiveness, however, a VoIP firewall must include granular control features, without adding latency or burdensome administrative overhead.

Quality of Service (QoS)

Performance is crucial for voice traffic and other streaming data. When VoIP traffic does not receive enough bandwidth, the Quality of Service (QoS) can be degraded, resulting in choppy, echoing, or dropped calls and videoconferences. By garbling business telecommunications, degraded QoS can significantly diminish workforce productivity.

In simple terms, VoIP breaks up phone conversations into separate segments (packets) that can take different routes through network firewalls to their final destination on VoIP phones. A VoIP-ready firewall is able to identify VoIP traffic coming across the network. This allows the firewall to apply policies that give VoIP traffic the highest priority when receiving, inspecting, assembling and accepting VoIP content.

VoIP traffic will only make up part of all of network traffic, so it may not be enough simply to give priority to VoIP traffic to prevent issues. A VoIP firewall will also need to ensure minimum levels of available bandwidth for VoIP by managing how bandwidth is allocated to all network traffic- data, applications and voice. To ensure QoS, VoIP firewalls should be able to block or manage the bandwidth allocated to non-VoIP applications and data (e.g., limiting the bandwidth given to peer-to-peer or streaming video sites such as YouTube), or give VoIP traffic a guaranteed minimum amount of the overall bandwidth available.

Application Management Firewalls

Application firewalls can extend beyond QoS prioritization by enabling administrators to dedicate bandwidth amounts based on specific applications, users and destinations. Administrators can thus guarantee minimum amounts of available bandwidth to VoIP traffic, as well as block or manage the bandwidth allocated to non-VoIP applications and data (e.g., restricting the bandwidth given to peer-to-peer or streaming video sites, such as MySpace and YouTube) that could affect overall network performance and productivity.

Related Courses

Network Security Basic Administration Training
Dell SonicWALL Secure Remote Access Basic Administrator (SRABA)