VoIP Overview
810
SonicOS 5.8.1 Administrator Guide
• Configurable inactivity timeouts for signaling and media - In order to ensure that
dropped VoIP connections do not stay open indefinitely, SonicOS monitors the usage of
signaling and media streams associated with a VoIP session. Streams that are idle for more
than the configured timeout are shut down to prevent potential security holes.
• SonicOS allows the administrator to control incoming calls - By requiring that all
incoming calls are authorized and authenticated by the H.323 Gatekeeper or SIP Proxy,
SonicOS can block unauthorized and spam calls. This allows the administrator to be sure
that the VoIP network is being used only for those calls authorized by the company.
• Comprehensive monitoring and reporting - For all supported VoIP protocols, SonicOS
offers extensive monitoring and troubleshooting tools:
–
Dynamic live reporting of active VoIP calls, indicating the caller and called parties, and
bandwidth used.
–
Audit logs of all VoIP calls, indicating caller and called parties, call duration, and total
bandwidth used. Logging of abnormal packets seen (such as a bad response) with
details of the parties involved and condition seen.
–
Detailed syslog reports and ViewPoint reports for VoIP signaling and media streams.
SonicWALL ViewPoint is a Web-based graphical reporting tool that provides detailed
and comprehensive reports of your security and network activities based on syslog data
streams received from the firewall. Reports can be generated about virtually any aspect
of firewall activity, including individual user or group usage patterns and events on
specific firewalls or groups of firewalls, types and times of attacks, resource
consumption and constraints, etc.
Supported VoIP Protocols
SonicWALL security appliances support transformations for the following protocols.
H.323
SonicOS provides the following support for H.323:
• VoIP devices running all versions of H.323 (currently 1 through to 5) are supported
• Microsoft's LDAP-based Internet Locator Service (ILS)
• Discovery of the Gatekeeper by LAN H.323 terminals using multicast
• Stateful monitoring and processing of Gatekeeper registration, admission, and status
(RAS) messages
• Support for H.323 terminals that use encryption for the media streams
• DHCP Option 150. The SonicWALL DHCP Server can be configured to return the address
of a VoIP specific TFTP server to DHCP clients
• In addition to H.323 support, SonicOS supports VoIP devices using the following additional
ITU standards:
–
T.120 for application sharing, electronic white-boarding, file exchange, and chat
–
H.239 to allow multiple channels for delivering audio, video and data
–
H.281 for Far End Camera Control (FECC)
SIP
SonicOS provides the following support for SIP:
–
Base SIP standard (both RFC 2543 and RFC 3261)