Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

VoIP

Check Point and RadvisionRadvision

Radvision and Check Point are working together to ensure that customers deploying a combined solution of Check Point's VPN-1 product family and the Radvision ECS (Enhanced Communications Server) enjoy full defense against the various threats in voice communications. The products are currently undergoing interoperability testing to ensure that VPN-1 protection covers the full range of capabiliies of the Radvision solution.

RADVISION ECS - Enhanced Communications Server, is a suite of management applications for Real-Time IP/ISDN Communications Networks. Offering:

  • Intuitive Web access
  • User configurable dial plan, including URL addressing
  • Complete bandwidth control and traffic optimization
  • Call completion guarantees over IP and ISDN networks
  • Authentication and directory service support with
    the H.350 standard
  • Multi-tiered hierarchical support and zone management
  • Firewall proxy solutions
  • Hot standby functionality for 24 by 7 service
  • Third-Party Call Control

The ECS advanced ITU-T, H.323 version 4.0 compliant gatekeeper application is an essential component for the management of IP telephony and multimedia communication networks. RADVISION ECS provides complete functionality for defining and controlling voice and video traffic management over IP networks. Network managers set policies and control network resources, such as bandwidth usage, authorized services, authentication and billing CDR's to ensure optimal implementation.

The ECS package is specifically designed to provide the necessary feature set for small and medium networks, including inter-zone bandwidth management, simplified dialing, directory Services, e-mail dialing via DNS and much more.

Check Point Security for VoIP
Check Point offers distinct advantages for securing VoIP. VPN-1 Pro is a tightly integrated software solution that combines the market-leading FireWall-1 security suite with sophisticated VPN technologies to connect corporate networks, remote and mobile users, branch offices, and business partners for secure data, voice, and multimedia communications. FloodGate-1, integrated with VPN-1 Pro, guarantees or prioritizes bandwidth for real-time voice communications.

Security for complex mixed-protocol environments
SIP and H.323 protocols may be used together with appropriate gateways, and VPN-1 Pro supports both equally. Check Point is also working to ensure that VPN-1 supports vendor-proprietary protocols. VPN-1 Pro inspects VoIP control signals passing through the enforcement point to prevent call hijacking, fooled billing, and DoS attacks. Using information derived from the control signals, VPN-1 Pro provides this protection through:

  • Dynamic management of RTP (media) sessions
  • Analysis and enforcement of message states
  • Verification of the existence and correctness
    of call parameters
  • Maintenance of the call state for each call
  • Enforcement of handover domains

VPN-1 Pro overcomes a significant limitation of other firewalls in a VoIP environment. It is the only firewall solution that accepts and allows inbound calls to the local network for both dynamic and nonroutable IP addresses, handling both signaling and media traffic in real time.

As VoIP control signals always pass through the enforcement point, VPN-1 Pro secures the call by opening ports only for those endpoints negotiated during the signaling. It closes the ports as soon as the call ends, without waiting for a timeout. VPN-1 Pro also enforces the order and direction. If both endpoints are on the same side of the VPN-1 Pro enforcement point but the signal routing device is on the other side, VPN-1 Pro is aware of this fact, and will not open any ports for the call.

Application Intelligence for VoIP
Network and application level protection is accomplished through Check Point Application Intelligence. Using INSPECT, the most adaptive and intelligent inspection technology, VPN-1 Pro integrates both network-level and application-level protection and provides the highest level of security, with access control, attack protection, content security, authentication, and integrated Network Address Translation (NAT). VPN-1 Pro protects against Denial of Service (DoS) attacks and against penetration attempts such as connection hijacking and connection manipulation.

Guaranteed or prioritized bandwidth for VoIP protocols
Integrated with VPN-1 Pro, FloodGate-1 improves the VoIP experience by providing guaranteed or prioritized bandwidth for VoIP protocols. The quality of service can be managed for both encrypted and unencrypted VoIP traffic. FloodGate-1 supports the Integrated Differentiated Services (DiffServ). If QoS is managed by VoIP gateways behind VPN-1/FireWall-1, FloodGate-1 uses the DiffServ settings.