Hbergstrom

Uploaded from authorPOINT Lite
Download as
 PPT
Presentation Description 

No description available

Comments Sign in to comment
Embed URL Thumbnail


Custom Embed WordPress Embed

Views: 106
Like it  ( Likes) Dislike it  ( Dislikes)
Added: April 08, 2008 This Presentation is Public 
Presentation Category : Education All Rights Reserved
Presentation Transcript

Intertex Data AB, Sweden: Intertex Data AB, Sweden IX66 Internet Gate A Firewall with SIP Support Prepared for: Voice On the Net DEMO, Spring 2001 By: Henrik Bergstrom Research and Development Intertex Data AB henrik.bergstrom@intertex.se


Demo Setup: Demo Setup Internet (public addresses) LAN (private addresses) SIP Home Appliances Controller


SIP to GSM through Firewall: SIP to GSM through Firewall Dialling:lars@siplab.net Dynamic session setup siplab.net SIP forwarding RINGING!


SIP to SIP through Firewall: SIP to SIP through Firewall Internet (public addresses) LAN (private addresses)


SIP Home Appliances Control: SIP Home Appliances Control DO sip:lamp@207.137.6.52 lamp power on Internet (Ethernet) LAN (Ethernet) SIP Server siplab.net SIP Home Appliances Controller


”Media Proxy” Setup: ”Media Proxy” Setup Non SIP capable firewall DMZ LAN WAN Media streams and SIP signalling SIP capable firewall


SIP Capable Firewall functionality: SIP Capable Firewall functionality General Dynamic control of access lists (“holes”), based on SIP and SDP data Session statefulness, e.g. to track end of call Understanding of security issues in SIP, i.e. don’t allow everything in the protocol Additional for NAT (Network Addr. Translation) Rewriting of SIP and SDP data Media stream translation


Accessing Protected Devices: Accessing Protected Devices Firewall Problems: Sessions initiated from outside of the firewall - OK, open port 5060, but… Media streams on dynamically allocated port numbers - Ooops…  ! Even with public IP addresses inside


Accessing Protected Devices: Accessing Protected Devices NAT & PAT Problems: Where is the device? - Registration/location function Private IP addresses and ports in SIP messages - Rewrite with globally routable addresses IP address and port of media stream has to be modified - NAT engine has to be dynamically controlled Worse with private IP addresses inside


Home Appliances Control: Home Appliances Control Control your temperature, refrigerator, alarm, toaster and more… An extension to SIP in progress See www.research.telcordia.com/iapp/ http://search.ietf.org/internet-drafts/draft-moyer-sip-appliances-framework-01.txt Submitted to OSGI See http://www.osgi.org


The Intertex IX66 Internet Gate: The Intertex IX66 Internet Gate As Internet Gate ”only” or with integrated ADSL modem The Intertex IX66 series OEM as: PowerBit Telia SurfinBird


The Intertex IX66 Internet Gate: The Intertex IX66 Internet Gate A closer look Firewall & NAT/PAT SIP Proxy and Registrar DHCP Server WEB Server for configuration Appliance control, LAC via expansion port


The Intertex IX66 Internet Gate: The Intertex IX66 Internet Gate Goodies Two Ethernet and one USB port Expansion port, e.g. for appliance control Smart Card Reader Upgradeable And more… Optional ADSL Built-in


SIP Capable Firewalls: SIP Capable Firewalls Products from Intertex IX66 for the SOHO market, with or without ADSL Linux based firewall for larger LANs Linux based Media Proxy as an add on to existing firewalls. Handles large systems.