Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

VoIP

Check Point and MediatrixMediatrix

Mediatrix and Check Point are working together to ensure that customers can securely converge a wide range of legacy equipment into an IP network for interaction with IP-based telephone systems. This integrated solution protects customer investment in traditional analog phone equipment and fax machines and provides encrypted and authenticated VoIP service for analog phone users.

Mediatrix-Flexible Migration to VoIP
Advanced VoIP access devices and gateways from Mediatrix provide an ideal migration path for enterprises and small businesses wishing to take advantage of the benefits of VoIP while protecting their current Customer Premise Equipment investment in analog and digital phones, fax, PBX and Key Systems.

Mediatrix VoIP access devices, gateways and solutions are designed for immediate deployment within existing network architectures - delivering on the promises of VoIP today. Mediatrix products and solutions focus on delivering IP telephony's basic benefits: cost-effectiveness, reliability and scalability.

Mediatrix access devices connect conventional telephones, legacy telephony systems or G3 fax machines to LANs. They access an Intranet or the Internet to permit high-quality, full-duplex, audio/fax communications over IP Packet Networks. Mediatrix gateways provide IP connectivity to legacy PBX systems, as well as PSTN access to IP-based PBX and Key systems.

Mediatrix products provide VoIP functionality over existing corporate networks and Virtual Private Networks (VPNs) to produce cost-effective converged voice/data IP networks. They support the major signaling protocols in use today: SIP, MGCP/NCS and H.323. This allows for maximum industry interoperability and greater flexibility in field deployments.

Check Point Security for VoIP
Check Point offers distinct advantages for securing VoIP. VPN-1 Pro is a tightly integrated software solution that combines the market-leading FireWall-1 security suite with sophisticated VPN technologies to connect corporate networks, remote and mobile users, branch offices, and business partners for secure data, voice, and multimedia communications. FloodGate-1, integrated with VPN-1 Pro, guarantees or prioritizes bandwidth for real-time voice communications.

Security for complex mixed-protocol environments
SIP and H.323 protocols may be used together with appropriate gateways, and VPN-1 Pro supports both equally. VPN-1 Pro inspects VoIP control signals passing through the enforcement point to prevent call hijacking, fooled billing, and DoS attacks. Using information derived from the control signals, VPN-1 Pro provides this protection through:

  • Dynamic management of RTP (media) sessions
  • Analysis and enforcement of message states
  • Verification of the existence and correctness of call parameters
  • Maintenance of the call state for each call
  • Enforcement of handover domains

VPN-1 Pro overcomes a significant limitation of other firewalls in a VoIP environment. It is the only firewall solution that accepts and allows inbound calls to the local network for both dynamic and nonroutable IP addresses, handling both signaling and media traffic in real time.

As VoIP control signals always pass through the enforcement point, VPN-1 Pro secures the call by opening ports only for those endpoints negotiated during the signaling. It closes the ports as soon as the call ends, without waiting for a timeout. VPN-1 Pro also enforces the order and direction. If both endpoints are on the same side of the VPN-1 Pro enforcement point but the signal routing device is on the other side, VPN-1 Pro is aware of this fact, and will not open any ports for the call.

Application Intelligence for SIP
Network and application level protection is accomplished through Check Point Application Intelligence. Using INSPECT, the most adaptive and intelligent inspection technology, VPN-1 Pro integrates both network-level and application-level protection and provides the highest level of security, with access control, attack protection, content security, authentication, and integrated Network Address Translation (NAT).

Leveraging SMART Management, VPN-1 Pro enables you to intelligently manage security infrastructure with maximum efficiency. VPN-1 Pro restricts signal routing locations and controls signaling and data connections. VPN-1 Pro Application Intelligence™ ensures packets conform to RFC 3261 for SIP over UDP/IP and inspects SIP-based Instant Messaging protocols.

It protects against Denial of Service (DoS) attacks and against penetration attempts such as connection hijacking and connection manipulation. VPN-1 Pro validates the expected usage of the SIP protocol. For example, if an end-of-call message comes immediately after the start of the call, the call will be denied because this behavior is characteristic of a DoS attacks.

Guaranteed or prioritized bandwidth for VoIP protocols
Integrated with VPN-1 Pro, FloodGate-1 improves the VoIP experience by providing guaranteed or prioritized bandwidth for VoIP protocols. The quality of service can be managed for both encrypted and unencrypted VoIP traffic. FloodGate-1 supports the Integrated Differentiated Services (DiffServ). If QoS is managed by VoIP gateways behind VPN-1/FireWall-1, FloodGate-1 uses the DiffServ settings.

ArrowMore on Mediatrix