The Border Patrol: Firewalls For VOIP
by Gary Audin
Posted 02/2004; Published 10/2003




Firewalls provide security by blocking intrusions into an enterprise network. By allowing certain traffic in while blocking other kinds, they represent the physical implementation of an enterprise’s security policies.


But firewalls also produce performance problems and cause delay. Most firewalls are designed for data applications and are not application specific, though some firewall vendors (such as Check Point, Jasomi, Datapower, F5 and Sarvega) are moving toward packet content analysis (called deep packet inspection). This is a move to more application-specific security, though even it does not yet cover voice over IP (VOIP) packet analysis.


VOIP traffic requires real-time delivery, short delay, low jitter and low packet loss across networks. Data firewalls are not designed for real-time applications. Among other issues, they have difficulty dealing with Network Address Translation (NAT) and VOIP signaling.


Besides these challenges, other performance and control issues arise when voice passes through a firewall. Next-generation firewalls will have to understand the concept of a “call” in order to do voice traffic analysis.


These complexities point toward the central question: What is the best way for enterprises to deploy firewall capabilities in converged voice/data networks?


About the author:

Gary Audin is president of Delphi, Inc., an independent consulting and training firm.



Access paper

Approx. 172 kB


For help with .pdf file downloads, please check out the help topic.


Return to Business Communications Review Gold Sponsor Archives


Return to Voice over Packet Webtorials menu


Return to Security Webtorials menu

This article is reproduced by special arrangement with our partner, Business Communications Review.


Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at