Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

VoIP

PolyCom

Check Point and Polycom

Polycom and Check Point are working together to ensure that customers deploying a combined solution of Check Point's VPN-1 product family and PathNavigator, Polycom's premier call processing server solution, enjoy full defense against the various threats in voice communications. The products are currently undergoing interoperability testing to ensure that VPN-1 protection covers the full range of capabilities of the Polycom solution.

A. PathNavigator (Gatekeeper):
Polycom PathNavigator is an advanced gatekeeper developed to accomplish routing and deployment in both H.320 andH.323 environments. Using PathNavigator, video network administrators will be able to control their videoconferencing networks from any web browser, supporting a combination of video conferencing standards as well as a wide range of video devices, MCUs, gateways and other networking equipment. With support for intelligent call routing, plus easy system deployment, Polycom PathNavigator ensures reliability, security and effective cost control. Key features include bandwidth control, Polycom OneDial*, Conference-on-Demand* and least cost routing/alternate routing of IP or ISDN calls.

B. MGC-25:
Polycom's MGC-25 platform is an economical, easy to use, multi-network conferencing solution, packaged in a sleek 19" rack-mountable chassis. The MGC-25 supports the same software as the MGC-50 and MGC-100 platforms, but comes pre-packaged in ten preset configurations of Unified Conferencing, Polycom VoicePlus and standalone Gateway. The MGC-25 is the perfect solution for any work group environment or large enterprise with distributed network requirements

C. PVX - (Software Client)
The Polycom PVX personal video conferencing solution delivers business quality desktop video conferencing from the convenience of your PC.

The Polycom PVX extends the ultimate Polycom video conferencing experience to your PC and webcam with the first software application ever offered. The Polycom PVX works in conjunction with your PC and USB camera to provide the highest quality video and audio experience in the industry.

Check Point Security for VoIP
Check Point offers distinct advantages for securing VoIP. VPN-1 Pro is a tightly integrated software solution that combines the market-leading FireWall-1 security suite with sophisticated VPN technologies to connect corporate networks, remote and mobile users, branch offices, and business partners for secure data, voice, and multimedia communications. FloodGate-1, integrated with VPN-1 Pro, guarantees or prioritizes bandwidth for real-time voice communications.

Security for complex mixed-protocol environments
SIP and H.323 protocols may be used together with appropriate gateways, and VPN-1 Pro supports both equally. Check Point is also working to ensure that VPN-1 supports vendor-proprietary protocols. VPN-1 Pro inspects VoIP control signals passing through the enforcement point to prevent call hijacking, fooled billing, and DoS attacks. Using information derived from the control signals, VPN-1 Pro provides this protection through:

  • Dynamic management of RTP (media) sessions
  • Analysis and enforcement of message states
  • Verification of the existence and correctness
    of call parameters
  • Maintenance of the call state for each call
  • Enforcement of handover domains

VPN-1 Pro overcomes a significant limitation of other firewalls in a VoIP environment. It is the only firewall solution that accepts and allows inbound calls to the local network for both dynamic and nonroutable IP addresses, handling both signaling and media traffic in real time.

As VoIP control signals always pass through the enforcement point, VPN-1 Pro secures the call by opening ports only for those endpoints negotiated during the signaling. It closes the ports as soon as the call ends, without waiting for a timeout. VPN-1 Pro also enforces the order and direction. If both endpoints are on the same side of the VPN-1 Pro enforcement point but the signal routing device is on the other side, VPN-1 Pro is aware of this fact, and will not open any ports for the call.

Application Intelligence for VoIP
Network and application level protection is accomplished through Check Point Application Intelligence. Using INSPECT, the most adaptive and intelligent inspection technology, VPN-1 Pro integrates both network-level and application-level protection and provides the highest level of security, with access control, attack protection, content security, authentication, and integrated Network Address Translation (NAT). VPN-1 Pro protects against Denial of Service (DoS) attacks and against penetration attempts such as connection hijacking and connection manipulation.

Guaranteed or prioritized bandwidth for VoIP protocols
Integrated with VPN-1 Pro, FloodGate-1 improves the VoIP experience by providing guaranteed or prioritized bandwidth for VoIP protocols. The quality of service can be managed for both encrypted and unencrypted VoIP traffic. FloodGate-1 supports the Integrated Differentiated Services (DiffServ). If QoS is managed by VoIP gateways behind VPN-1/FireWall-1, FloodGate-1 uses the DiffServ settings.