Category: Education

Presentation Description

No description available.


Presentation Transcript

Intertex Data AB, Sweden: 

Intertex Data AB, Sweden IX66 Internet Gate A Firewall with SIP Support Prepared for: Voice On the Net DEMO, Spring 2001 By: Henrik Bergstrom Research and Development Intertex Data AB henrik.bergstrom@intertex.se

Demo Setup: 

Demo Setup Internet (public addresses) LAN (private addresses) SIP Home Appliances Controller

SIP to GSM through Firewall: 

SIP to GSM through Firewall Dialling:lars@siplab.net Dynamic session setup siplab.net SIP forwarding RINGING!

SIP to SIP through Firewall: 

SIP to SIP through Firewall Internet (public addresses) LAN (private addresses)

SIP Home Appliances Control: 

SIP Home Appliances Control DO sip:lamp@ <Device>lamp</Device> <Action>power on</Action> Internet (Ethernet) LAN (Ethernet) SIP Server siplab.net SIP Home Appliances Controller

”Media Proxy” Setup: 

”Media Proxy” Setup Non SIP capable firewall DMZ LAN WAN Media streams and SIP signalling SIP capable firewall

SIP Capable Firewall functionality: 

SIP Capable Firewall functionality General Dynamic control of access lists (“holes”), based on SIP and SDP data Session statefulness, e.g. to track end of call Understanding of security issues in SIP, i.e. don’t allow everything in the protocol Additional for NAT (Network Addr. Translation) Rewriting of SIP and SDP data Media stream translation

Accessing Protected Devices: 

Accessing Protected Devices Firewall Problems: Sessions initiated from outside of the firewall - OK, open port 5060, but… Media streams on dynamically allocated port numbers - Ooops…  ! Even with public IP addresses inside

Accessing Protected Devices: 

Accessing Protected Devices NAT & PAT Problems: Where is the device? - Registration/location function Private IP addresses and ports in SIP messages - Rewrite with globally routable addresses IP address and port of media stream has to be modified - NAT engine has to be dynamically controlled Worse with private IP addresses inside

Home Appliances Control: 

Home Appliances Control Control your temperature, refrigerator, alarm, toaster and more… An extension to SIP in progress See www.research.telcordia.com/iapp/ http://search.ietf.org/internet-drafts/draft-moyer-sip-appliances-framework-01.txt Submitted to OSGI See http://www.osgi.org

The Intertex IX66 Internet Gate: 

The Intertex IX66 Internet Gate As Internet Gate ”only” or with integrated ADSL modem The Intertex IX66 series OEM as: PowerBit Telia SurfinBird

The Intertex IX66 Internet Gate: 

The Intertex IX66 Internet Gate A closer look Firewall & NAT/PAT SIP Proxy and Registrar DHCP Server WEB Server for configuration Appliance control, LAC via expansion port

The Intertex IX66 Internet Gate: 

The Intertex IX66 Internet Gate Goodies Two Ethernet and one USB port Expansion port, e.g. for appliance control Smart Card Reader Upgradeable And more… Optional ADSL Built-in

SIP Capable Firewalls: 

SIP Capable Firewalls Products from Intertex IX66 for the SOHO market, with or without ADSL Linux based firewall for larger LANs Linux based Media Proxy as an add on to existing firewalls. Handles large systems.

authorStream Live Help