The decision of whether to use a session border controller (SBC) or a possible firewall, is something that a lot of IT managers need to face.
Though SIP is fundamentally a cheaper, faster, and easier solution for communications, the transition to this service hasn’t been easy for some businesses. The root causes of most problems can be linked to a reluctance to change, and a general disdain for technology, with issues in adoption ranging from problems with configurations, to poor implementation practices.
One important thing to remember is that regardless of whether firewalls are SIP-aware, this doesn’t mean that service providers are absolved of responsibility. The real issue with security right now is enforcement, since investing in additional or new infrastructure is a problem that scares many customers away.
To overcome some of the hurdles that are being introduced by complexities like NAT and VoIP, vendors are beginning to offer Session Border Controllers. SBCs are solutions that are located on the internet side of firewalls, and can attempt to control the border of VoIP networks by re-originating and terminating all signalling traffic and VoIP media. In other words, SBCs basically behave like a proxy solution for VoIP traffic for firewalls that aren’t VoIP-enabled.
Can Firewalls Support UC and SIP?
When it comes to using firewalls that might be capable of supporting your new SIP trunk, it’s worth noting that there’s a lot of due diligence and effort to consider if you want to properly configure your service or appliance. Determining whether firewalls can support UC and SIP often starts by looking at traffic.
For instance, does your appliance possess the right amount of processing power to be able to handle the traffic that it encounters without introducing issues of impactful latency? Additionally, is the firewall licensed in a way that ensures there won’t be any deficiencies in operation, and does the appliance operate seamlessly alongside other elements of your infrastructure? How much might it cost to use both a firewall and an SBC in comparison to just a firewall, and could the standalone firewall really meet all of your security needs?
Importantly, it’s worth remembering that for some companies, a standalone firewall could easily be deficient in specific areas that end up leading to problems with the service provided, or leave holes in security overall.
CPE Deployments
Today, many communication service providers believe that virtual CPE deployments will garner substantial return on investments and benefits for over a period of years. However, until then, many businesses will be facing pressures in their markets to move into an IP solution that better serves their customer needs.
For those who are making the move to SIP deployments, it’s crucial to harness a security solution that works according to the unique needs of your business. For some, this will mean using s SBC and firewall solution, and for others, it may mean choosing a firewall alone. Either way, it’s time to come to terms with the fact that due diligence is required on the behalf of all companies in the communications sector.
