Title :
SIP policy control for self-configuring modular firewalls
Author :
Folch, M. Blasi ; Stiemerling, M. ; Brunner, M.
Author_Institution :
Network Lab., NEC Eur. Ltd., Heidelberg, Germany
Abstract :
The session initiation protocol (SIP) is one of the major protocols used in voice over IP telephony. A major problem running SIP today are firewalls and network address translators, which block the data of voice calls, because it is carried over UDP. The SIP signaling messages are running over firewalls when properly configured (port 5060 open), but voice data is dropped, because it typically uses dynamic port numbers. In this paper, we propose a solution where a SIP policy control module is added to a modular firewall. This module automatically opens up the firewall for specific voice over IP calls. The decision on what voice call to open the firewall for is based on a set of SIP policy rules. In our solution, no additional software in end-system and servers (PCs, SIP phones, SIP servers etc.) is needed. This policy control decides on who is allowed to call whom. This gives network administrators a very powerful tool to maintain centralized policy control for his voice over IP network.
Keywords :
Internet telephony; authorisation; signalling protocols; telecommunication control; telecommunication security; voice communication; SIP policy control; end-system; network address translators; self-configuring modular firewalls; session initiation protocol; voice calls; voice over IP telephony; Automatic control; Control systems; Europe; Internet telephony; Laboratories; Middleboxes; National electric code; Network address translation; Network servers; Protocols; Firewall Control; Session Initiation Protocol (SIP); Voice over IP;
Conference_Titel :
IP Operations and Management, 2004. Proceedings IEEE Workshop on
Print_ISBN :
0-7803-8836-4
DOI :
10.1109/IPOM.2004.1547597
