SonicWALL 5.8.1 Manuale Utente
VoIP Overview
809
SonicOS 5.8.1 Administrator Guide
VoIP Network
•
VoIP over Wireless LAN (WLAN) - SonicWALL extends complete VoIP security to
attached wireless networks with its Distributed Wireless Solution. All of the security
features provided to VoIP devices attached to a wired network behind a SonicWALL are
also provided to VoIP devices using a wireless network.
attached wireless networks with its Distributed Wireless Solution. All of the security
features provided to VoIP devices attached to a wired network behind a SonicWALL are
also provided to VoIP devices using a wireless network.
Note
SonicWALL’s Secure Wireless Solution includes the network enablers to extend secure
VoIP communications over wireless networks. Refer to the SonicWALL Secure Wireless
Network Integrated Solutions Guide available on the SonicWALL Web site
VoIP communications over wireless networks. Refer to the SonicWALL Secure Wireless
Network Integrated Solutions Guide available on the SonicWALL Web site
for complete information.
•
Bandwidth Management (BWM) and Quality-of-Service (QoS) - Bandwidth
management (both ingress and egress) can be used to ensure that bandwidth remains
available for time-sensitive VoIP traffic. BWM is integrated into SonicWALL Quality of
Service (QoS) features to provide predictability that is vital for certain types of applications.
management (both ingress and egress) can be used to ensure that bandwidth remains
available for time-sensitive VoIP traffic. BWM is integrated into SonicWALL Quality of
Service (QoS) features to provide predictability that is vital for certain types of applications.
•
WAN redundancy and load balancing - WAN redundancy and load balancing allows for
an interface to act as a secondary or backup WAN port. This secondary WAN port can be
used in a simple active/passive setup, where traffic is only routed through it if the primary
WAN port is down or unavailable. Load balancing can be performed by splitting the routing
of traffic based on destination.
an interface to act as a secondary or backup WAN port. This secondary WAN port can be
used in a simple active/passive setup, where traffic is only routed through it if the primary
WAN port is down or unavailable. Load balancing can be performed by splitting the routing
of traffic based on destination.
•
High availability - High availability is provided by SonicOS high availability, which ensures
reliable, continuous connectivity in the event of a system failure.
reliable, continuous connectivity in the event of a system failure.
VoIP Network Interoperability
•
Plug-and-protect support for VoIP devices - With SonicOS, VoIP device adds, changes,
and removals are handled automatically, ensuring that no VoIP device is left unprotected.
Using advanced monitoring and tracking technology, a VoIP device is automatically
protected as soon as it is plugged into the network behind a SonicWALL security appliance.
and removals are handled automatically, ensuring that no VoIP device is left unprotected.
Using advanced monitoring and tracking technology, a VoIP device is automatically
protected as soon as it is plugged into the network behind a SonicWALL security appliance.
•
Full syntax validation of all VoIP signaling packets - Received signaling packets are
fully parsed within SonicOS to ensure they comply with the syntax defined within their
associated standard. By performing syntax validation, the firewall can ensure that
malformed packets are not permitted to pass through and adversely affect their intended
target.
fully parsed within SonicOS to ensure they comply with the syntax defined within their
associated standard. By performing syntax validation, the firewall can ensure that
malformed packets are not permitted to pass through and adversely affect their intended
target.
•
Support for dynamic setup and tracking of media streams - SonicOS tracks each VoIP
call from the first signaling packet requesting a call setup, to the point where the call ends.
Only based on the successful call progress are additional ports opened (for additional
signaling and media exchange) between the calling and called party.
call from the first signaling packet requesting a call setup, to the point where the call ends.
Only based on the successful call progress are additional ports opened (for additional
signaling and media exchange) between the calling and called party.
Media ports that are negotiated as part of the call setup are dynamically assigned by the
firewall. Subsequent calls, even between the same parties, will use different ports,
thwarting an attacker who may be monitoring specific ports. Required media ports are only
opened when the call is fully connected, and are shut down upon call termination. Traffic
that tries to use the ports outside of the call is dropped, providing added protection to the
VoIP devices behind the firewall.
firewall. Subsequent calls, even between the same parties, will use different ports,
thwarting an attacker who may be monitoring specific ports. Required media ports are only
opened when the call is fully connected, and are shut down upon call termination. Traffic
that tries to use the ports outside of the call is dropped, providing added protection to the
VoIP devices behind the firewall.
•
Validation of headers for all media packets - SonicOS examines and monitors the
headers within media packets to allow detection and discarding of out-of-sequence and
retransmitted packets (beyond window). Also, by ensuring that a valid header exists, invalid
media packets are detected and discarded. By tracking the media streams as well as the
signaling, SonicWALL provides protection for the entire VoIP session.
headers within media packets to allow detection and discarding of out-of-sequence and
retransmitted packets (beyond window). Also, by ensuring that a valid header exists, invalid
media packets are detected and discarded. By tracking the media streams as well as the
signaling, SonicWALL provides protection for the entire VoIP session.