ETM Voice Firewall

SecureLogix Corporation

http://www.securelogix.com

SecureLogix delivers the world’s first Voice Firewall to secure corporate resources from telephony borne attacks and security risks, and defend your VoIP and legacy voice systems from service disruption and abuse, unauthorized access, toll fraud, and other restricted call traffic.

The ETM® Voice Firewall will help you:
• Defend dial tone availability and call quality
• See and control how people use your private voice network
• Lower telecom costs by limiting unauthorized voice service use
• Protect your corporate data network from back door phone line attack and abuse
• Control unauthorized employee Internet activity over corporate phone lines
• Provide for a more secure and productive work environment
• Lower corporate legal risks and liabilities associate with unsecured and unmonitored telephony activity
The Voice Firewall resides on the ETM® Platform at the edge of your voce network. It inspects and controls all inbound and outbound voice network activity based on user-defined call admission control (CAC) policies. The Voice Firewall allows you to secure and control which inbound and outbound calls will be allowed or alerted as they flow in and out of your private corporate voice network. The Voice Firewall also inspects each call for voice application layer security threats or unauthorized service use violations.

Commercial

Information updated: 29 Mar 06

InGate Firewalls

Ingate

http://www.ingate.com

Ingate Firewalls are the world's first SIP-capable firewalls, making Ingate the only choice for enterprises that want access to SIP-based communications such as presence, instant messaging, audio/video conferencing and VoIP. Ingate products include a SIP proxy and a SIP registrar, support NAT and PAT, have TLS support for encrypted SIP signalling - which means that instant messages are automatically encrypted - and have been cited by users and media for ease of use. Ingate products are selling in the US, Asia and Europe and are receiving reviews from customers and support from industry analysts. And Ingate has the only SIP-capable firewall to pass system integration testing with WorldCom, CommWorks and Broadsoft.

Ingate Firewalls are cost effective and prevent unauthorized access to and from enterprise networks while allowing SIP-based communications. All messages entering and leaving the network are routed through the Ingate Firewall, which examines each packet and blocks those not explicitly authorized to pass. Ingate's VPN and SIP modules make it possible for enterprises to adjust the number of users with minimum investment.

Compatible with all existing networks and operating systems, Ingate Firewalls come in a range of models to meet the needs of the entire enterprise market.

Also see the Ingate SIParator product line. The Ingate SIParator® is a device that connects easily to an existing network firewall to seamlessly enable the traversal of realtime SIP-based communications including presence, instant messaging, conferencing and VoIP. The Ingate SIParator® controls SIP traffic without affecting the security provided by your firewall. Compatible with all existing firewalls, networks and operating systems, Ingate SIParators can support the needs of enterprises of all sizes. SIParators are cost efficient, easy to use, and have the flexibility and scalability required to meet the dynamic needs of today's enterprises.

As with Ingate Firewalls, Ingate SIParators include a SIP proxy and a SIP registrar, support NAT and PAT and have TLS support for encrypted SIP signalling - which means that instant messages are automatically encrypted. All messages entering and leaving the network are routed through the Ingate SIParator®, which examines each packet and blocks those not explicitly authorized to pass.

Commercial

Information updated: 29 Mar 06

SIPAssure

Borderware Technologies, Inc.

http://www.borderware.com

The Challenge
Session Initiation Protocol (SIP) has evolved to become the new secured multimedia communications standard for real-time person-to-person IP communications as defined by the Internet Engineering Task Force (IETF). SIP enables users to communicate with each other in real-time on a standards-based protocol resulting in secure, reliable, predictable, and standards-compliant connectivity.

Today, SIP is used in a range of applications including:
* VoIP (Voice Over IP)
* Video Conferencing
* Instant Messaging
* Online Gaming
* Unified Messaging and much more.

The challenge is that traditional perimeter firewalls are not designed to secure and manage the dynamic nature of real-time SIP communications. Fortunately a solution exists - SIPassure SIP Firewall. SIPassure empowers enterprises to deploy real-time messaging, voice, data, video and other SIP based applications with confidence.

The Solution
SIPassure is the industry’s first SIP Firewall to provide a comprehensive solution with an integrated SIP Proxy and SIP Registrar for secured SIP traffic handling. Based on the BorderWare S-Core™ OS, SIPassure protects your organization against abuse and service disruption from internal and external malicious attacks, interference spam and other related activity.

Features:
* SIP Traffic Management
* SIP Security
* Abuse and Spam Prevention
* Security Appliance Technology
* Quality of Service

Commercial

Information updated: 30 Mar 06

Converged Access Point

Converged Access Inc.

http://www.convergedaccess.com

Converged Access Point (CAP) is the industry’s first platform purpose-built to deliver the application performance, WAN efficiency, security and TCO that small offices need to bring business-critical voice, data, and video onto a converged IP WAN. Based on the company’s advanced QoSWorks traffic management technology, the CAP offers premium application performance with lowest TCO.

KEY ADVANTAGES
* Toll-quality VoIP, jitter-free video and business-class IP data performance
* Precise per session, per user application performance guarantees
* WAN optimization with bandwidth utilization that can exceed 95%
* Comprehensive VPN and firewall security that is application-aware
* VoIP gateway support for legacy voice, fax and other analog devices
* Integrated, secure 802.11 b/g Wi-Fi access
* An integrated, compact “all-in-one” small office solution reducing TCO by 66%
* Eliminates the need for separately managed devices that can degrade performance and create single points of failure

Service providers can also easily deploy and operate the CAP as part of a managed VoIP, security or converged service for small and remote office locations. Secure access, toll-quality VoIP, premium business application guarantees, and the ability to measure and verify SLAs are just a few of the highly differentiated services that are possible with the CAP.

Key Feature Highlights:
MANAGED STATEFUL INSPECTION (SPI) FIREWALL
• ICSA 4.0 compliant
• DoS protection for Winnuke, SYN flood, ICMP replay, Bad fragments, spoofed connections
• DMZ Host LAN end-point support
• Port Triggering
• Local or remote security administration
• Advanced filtering for more granular control
• Comprehensive security logging
ALG (APPLICATION LAYER GATEWAY) FIREWALL
• Identifies specific application level flows
• Many (70) applications supported including: VoIP, Chat, SIP, H323, MGCP, Net meeting
VOICE SERVICES
• Protocols supported: SIP (RFC 3261), H.323 (ITU-T H.323 Version 4), MGCP (2705bis02), RTP/RCTP (RFC 1889/1890)
• Codecs supported: G.711 A-Law/ μ-Law, G.729a/b, G.723.1
• Telephony Features: Initiate basic call, Receive call, Caller ID, Call on hold, Call transfer, Three way calling, In-call DTMF relays, Single POTS line fail-over, Standard 911 services accessible
ROUTING
APPLICATION-AWARE PERFORMANCE MANAGEMENT
ADVANCED VOIP/VIDEO QOS FEATURES
MANAGEMENT INTERFACES
INTEGRAL VPN

Commercial

Information updated: 30 Mar 06

MKC Networks 7000 Integrated Communications Server

MKC Networks Corporation

http://www.mkcnetworks.com

Small and mid-size offices can now enjoy the benefits of advanced communications without big-business costs. The MKC Networks 7000 Integrated Communications Server (ICS) provides all the voice and data networking features required to improve your ability to service customers, reduce communications costs and maximize employees' productivity. In fact, for about the cost of a laptop, you can use the 7000 ICS to setup a new office, connect a branch office or support mobile and remote employees. And, for businesses with key or PBX phone systems, the 7000 ICS enhances existing phone systems with improved communications features, such as private employee voicemail and networking.

Superior SIP Application Server
* Application Layer Gateway - delivers crystal clear voice quality, using a secure and comprehensive IP tables based firewall with management tools allowing distinct control of traffic and bandwidth usage.
* Service Creation Environment (SCE) - derived from carrier class architecture, our object oriented building block environment allows for the rapid creation of next generation telephony features.
* ITSP/VSP Gateway - compare and save, Internet based telephony service providers will dramatically reduce your telephony costs, they offer better rate plans, unparalleled access to thousands of worldwide telephone number and services.
* IP Detail Records (IPDR) - our simplistic and easy to learn standards based call logging tool is ideal for large enterprise and carriers attempting to roll-up disparate call records.

Complete Office Computer Network
The 7000 ICS also provides your office with complete business data networking, including:
* Secure local area networking - connect all your computers on a network to save costs and improve productivity by sharing storage space, documents and more.
* Firewall - secure your files and communications against external threats.
* E-mail and/or web server - host your own e-mail or web server, and protect employees from, inappropriate Internet content.
* Virtual private networks - share documents and applications securely between all of your offices.

Other Applications include:
* MeetMe SIP Conference Application
* Advanced Phone System

Easy to Use and Maintain
The 7000 ICS is easily maintained from a web browser, requiring no special technical support. By simply connecting the solution to the Internet, you can easily add new offices or new users as required.

Commercial

Information updated: 30 Mar 06

Kerio WinRoute Firewall

Kerio Technologies, Inc.

http://www.kerio.com

Kerio WinRoute Firewall sets new standards in versatility, security and user access control. Designed for corporate networks, it defends against external attacks and viruses and can restrict access to websites based on their content.

Voice over IP support
It has always been difficult to deploy IP telephony in firewall-protected networks since VoIP protocols were not designed to easily traverse the firewall. Kerio WinRoute Firewalls supports various VoIP-based hardware or software such as Cisco IP Phone 7960, IP SoftPhone, CallManager, Gatekeeper, SIP Proxy Server, Interactive Voice Response, Cisco Unity Voice Mail, etc.

H.323 and SIP
Kerio's protocol inspection modules help the firewall correctly handle VoIP phone and video communication. Kerio WinRoute Firewall allows all VoIP devices using either H.323 or SIP protocol to be used in the protected network and therefore eliminates the need to publicly expose the VoIP infrastructure to the Internet.

Cisco SCCP
UPnP support

Commercial

Information updated: 30 Mar 06

siproxd - SIP proxy/masquerading daemon

Public Domain - SourceForge

http://www.sourceforge.net

Siproxd is a proxy/masquerading daemon for the SIP protocol. It allows SIP clients (like kphone, linphone) to work behind an IP masquerading firewall or router.

GNU General Public License (GPL)

Information updated: 30 Mar 06

Juniper Networks Netscreen

Juniper Networks

http://www.juniper.net

Juniper Networks Firewall / IPSec VPN - Integrated Firewall Security from Juniper Networks

* Complete line of firewall/VPN solutions for enterprises and service providers
* Strong firewall security for access control, user authentication, and network and application-level attack protection
* Lower capital investment, support, deployment, and operations costs, for overall lower TCO
* Predictable performance for a highly reliable, available, and secure network

The Juniper Networks Firewall / IPSec VPN security devices are purpose-built to perform essential security functions. These integrated devices combine a Stateful Inspection firewall with Deep Inspection technology for application-level protection, IPSec virtual private networking (VPN) capabilities, and denial of service (DoS) mitigation functions. Plus they are all manageable by a policy-based central management system, NetScreen-Security Manager. They are available in a range of devices built to meet the throughput requirements of enterprises of all sizes.

(NOTE: Although Juniper Networks Netscreen products provides a SIP ALG (Application Layer Gateway) no info about that was available on the website.)

Commercial

Information updated: 30 Mar 06

Cisco PIX Firewall 6.2

Cisco Systems

http://www.cisco.com

Cisco PIX Firewalls deliver a broad range of advanced firewall services that protect enterprise networks from the threats lurking on the Internet and in today's network environments. The state-of-the-art Cisco Adaptive Security Algorithm (ASA) provides rich stateful inspection firewall services, tracking the state of all authorized network communications and preventing unauthorized network access. Cisco PIX Firewalls deliver an additional layer of security through intelligent, "application-aware" security services that examine packet streams at Layers 4 through 7, using inspection engines specialized for many of today's popular applications. Administrators can easily create custom security policies that will be enforced on network traffic traversing the firewall by leveraging more than 100 pre-defined applications, services, and protocols within Cisco PIX Firewalls, and the flexible access control capabilities that Cisco PIX Firewalls provide. Access to network resources can also be strongly authenticated via the Cisco PIX Firewall's seamless integration with enterprise databases, either directly using TACACS+/RADIUS or indirectly via Cisco Secure Access Control Server (ACS). In addition to these services, Cisco PIX Firewalls provide extensive logging, URL filtering, content filtering, and more in concert with Cisco AVVID (Architecture for Voice, Video and Integrated Data) partner solutions.

Market-Leading Voice-over-IP Security Services Protect Next-Generation Converged Networks
Cisco PIX Firewalls continue to provide market-leading protection for numerous voice-over-IP (VoIP) standards and other multimedia standards, including H.323, Session Initiation Protocol (SIP), Skinny, Real-Time Transport Protocol (RTP), Real-Time Streaming Protocol (RTSP), and Real-Time Transport Control Protocol (RTCP). This allows businesses to securely take advantage of the many benefits that converged data and voice networks provide, such as significant total cost of ownership (TCO) savings and the competitive advantages and improved productivity gained through the power of fully integrated voice, video, and data networks. By combining VPN with the rich stateful inspection firewall services that Cisco PIX Firewalls provide for these converged networking standards, businesses can easily extend voice and multimedia services to remote/satellite offices for additional bandwidth and cost savings.

Commercial

Information updated: 31 Mar 06

MERA VoIP Transit SoftSwitch

MERA Systems

http://www.mera-systems.com

MERA VoIP Transit Softswitch (MVTS) is a carrier-grade softswitch with the gatekeeper and proxy functionality that dramatically simplifies VoIP peering. MVTS is a non-vendor-specific single platform solution with smart routing and network protection capabilities. MVTS intrinsic border control mechanisms provide a single entry point into carrier's VoIP infrastructure to enable centralized authentication and billing, facilitate interconnection with peering partners and enhance network security.

With revenue ready MVTS carriers benefit from enhanced flexibility, versatile redundancy schemes, usability and cost-effectiveness. Low entry point (30 channels) and quick time-to-market make MVTS the solution that perfectly fits the bill of start-up carriers' business needs.

1) MERA VoIP Transit Softswitch provides elaborate mechanisms for handling the signaling (H.323) and media (RTP/RTCP) traffic that empower carriers to improve their ASR and increase profit margins. MVTS performs smart routing based on a wide range of internal rules and provides RADIUS interface for interaction with add-on routing systems.
MVTS dynamically switches between the routes with best ASR improving the overall performance. The MERA solution's elaborate routing capabilities enable carriers to offer competitive rates while maintaining the critical QoS and reliability levels.

2) MVTS enables carriers to solve various interoperability issues and to securely bridge between otherwise incompatible VoIP networks. MVTS fixes inconsistencies in vendor-specific protocol implementations and allows carriers to work in a multiple-vendor environment as well as provides interconnection between carrier and enterprise networks.

3) MVTS serves a single point-of-entry into the carrier's network and provides flexible proxy options to keep up critical security levels and efficiently manage bandwidth consumption. MVTS features Full Proxy mode (for both Signaling and Media Traffic) for hiding the network topology and traffic exchange with external gateways and Signaling Proxy mode for peering with "trusted" partners and traffic exchange within your own network. The desired proxy mode is selected on a case-by-case basis and can be assigned to each separate gateway.

4) Flexible number translation tools allow for digit manipulation according to the needs of the carrier's partners. MVTS provides various number translation patterns for effective peering with partner networks and source number disguise. Regexp-based number translation is performed either at ingress, egress or within MVTS to ensure greater routing flexibility. Furthermore, the MERA solution enables carriers to apply differentiated translation rules for routing and billing reports.

5) Adjustable gatekeeper and registrar capabilities add to greater flexibility in peering with partner networks — carriers are given an ultimately helpful tool to ensure seamless interoperability irrespective of their partner's network configuration or used equipment. To partner networks, MVTS can operate as a RAS user, Gatekeeper/Registrar or Gateway depending on the partner's network architecture. To provide enterprise-to-carrier interoperability MVTS enables interconnection with RAS users and dynamic users such as IP PBXs or devices without a fixed IP address.

6) MVTS provides exhaustive statistics that enables carriers to monitor network performance, pinpoint and promptly fix problems affecting the voice quality. MVTS statistics capabilities allow the system's administrator to view data per call originators, dial peers, call terminating endpoints, gateways and routes and detect quality degradation causes. With MVTS carriers benefit from QoS theft protection as the correspondence of the claimed QoS to the actual one can be easily checked.

Commercial

Information updated: 11 Sep 06

Avaya SG200 Security Gateway

Avaya Inc.

http://www.avaya.com

The SG200 Security Gateway is a VPN/firewall device designed for branch office and small/mid-sized enterprise deployments that require an integrated security solution for advanced data and Voice over IP (VoIP) applications.

Stateful Multilayer Inspection (SMLI) firewall with DoS protection and an H.323 application proxy provides a secure network perimeter for voice/data applications
• Bandwidth Management
• IP Telephony Configuration
• Firewall Multi-Interface Support with Cost-Effective Expansion
• Integrated VPN support with Optional Licensing

Commercial

Information updated: 15 May 06

Last page update:  01 Nov 2007