1 / 14

Intertex Data AB, Sweden

Intertex Data AB, Sweden. IX66 Internet Gate A Firewall with SIP Support Prepared for: Voice On the Net DEMO, Spring 2001 By: Henrik Bergstrom Research and Development Intertex Data AB henrik.bergstrom@intertex.se. GSM. PSTN. Demo Setup. Internet (public addresses). LAN

harmon
Télécharger la présentation

Intertex Data AB, Sweden

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intertex Data AB, Sweden IX66 Internet Gate A Firewall with SIP Support Prepared for: Voice On the Net DEMO, Spring 2001 By: Henrik Bergstrom Research and Development Intertex Data AB henrik.bergstrom@intertex.se

  2. GSM PSTN Demo Setup Internet (public addresses) LAN (private addresses) SIP Home Appliances Controller

  3. SIP Server Internet Internet PSTN Gateway GSM Gateway Firewall/NAT PSTN LAN SIP Proxy Registrar SIP to GSM through Firewall SIP forwarding siplab.net RINGING! Dialling:lars@siplab.net Dynamic session setup

  4. OUTBOUND CALL REGISTER INBOUND CALL SIP to SIP through Firewall Internet (public addresses) LAN (private addresses)

  5. Internet Internet SIP SIP SIP Home Appliances Control DO sip:lamp@207.137.6.52 <Device>lamp</Device> <Action>power on</Action> Internet (Ethernet) LAN (Ethernet) SIP Home Appliances Controller siplab.net SIP Server

  6. Internet Internet ”Media Proxy” Setup WAN LAN Non SIP capable firewall DMZ Media streams and SIP signalling SIP capable firewall

  7. SIP Capable Firewall functionality General • Dynamic control of access lists (“holes”), based on SIP and SDP data • Session statefulness, e.g. to track end of call • Understanding of security issues in SIP, i.e. don’t allow everything in the protocol Additional for NAT (Network Addr. Translation) • Rewriting of SIP and SDP data • Media stream translation

  8. Accessing Protected Devices Firewall Problems: • Sessions initiated from outside of the firewall - OK, open port 5060, but… • Media streams on dynamicallyallocated port numbers - Ooops…  ! Even with public IP addresses inside

  9. Accessing Protected Devices NAT & PAT Problems: • Where is the device? - Registration/location function • Private IP addresses and ports in SIP messages - Rewrite with globally routable addresses • IP address and port of media stream has to be modified - NAT engine has to be dynamically controlled Worse with private IP addresses inside

  10. Home Appliances Control Control your temperature, refrigerator, alarm, toaster and more… An extension to SIP in progress • See www.research.telcordia.com/iapp/ • http://search.ietf.org/internet-drafts/draft-moyer-sip-appliances-framework-01.txt Submitted to OSGI • See http://www.osgi.org

  11. The Intertex IX66 Internet Gate • The Intertex IX66 series • OEM as: • PowerBit • Telia SurfinBird As Internet Gate ”only” or with integrated ADSL modem

  12. The Intertex IX66 Internet Gate A closer look • Firewall & NAT/PAT • SIP Proxy and Registrar • DHCP Server • WEB Server for configuration • Appliance control, LAC via expansion port

  13. The Intertex IX66 Internet Gate Goodies • Two Ethernet and one USB port • Expansion port, e.g. for appliance control • Smart Card Reader • Upgradeable • And more… Optional ADSL Built-in

  14. SIP Capable Firewalls Products from Intertex • IX66 for the SOHO market, with or without ADSL • Linux based firewall for larger LANs • Linux based Media Proxy as an add on to existing firewalls. Handles large systems.

More Related