Overview
The SIParator works seamlessly with your existing firewall to allow the flow of the SIP traffic. While traditional firewalls block SIP traffic – including mission critical applications like VoIP – the SIParator resolves this problem, working in tandem with your current security solutions. It also solves the Network Address Translation (NAT) traversal issues inherent in SIP communications, and offers both far- and near-end NAT traversal to extend the SIP capabilities within the corporate network to remote workers. With Ingate products, enterprises can use VoIP and other live communications on the LAN and globally over the Internet or private IP networks.
Ingate SIParator 52
Ingate’s award-winning SIParators also include a fully featured stateful inspection and packet iltering enterprise firewall. The SIParator, in addition to its SIP functionality, can also be used as the enterprise’s main firewall. The built-in firewall also provides a complete and secure environment for the SIParator functions and customer services, all in one and the same product. Firewall and NAT (Network Address Translation) traversal and SIP security are fundamental functions of an E-SBC. SIP, like all real-time communication protocols, is blocked by firewalls, not being aware of SIP signalling and media. The SIParator’s SIP proxy routes the SIP traffic and opens media ports in the built-in NAT/firewall to securely deliver calls to the protected enterprise LAN. The SIParator connects any type of ITSP’s SIP trunk, managed like MPLS or over the public Internet, and also connects home workers and road warriors. Ingate’s FENT (Far End NAT Traversal) function connects SIP phones and soft clients behind remote NAT/firewalls.
Trusted Network Security for VoIP and Unified Communications.
Ingate’s SIP proxy architecture grants fully secure NAT/firewall traversal of the SIP traffic. The SIParator’s enhanced security can handle and add TLS (Transport Layer Security) for secure SIP signaling. It also supports and transcodes SRTP (Secure Real-Time Transport Protocol) for encrypted voice and video. The high level of security and confidentiality further includes authentication and replay protection and other firewall means to shield users from eavesdroppers, hackers and spoofers and protect against theft of service. SIP IDS/IPS (Intrusion Detection System/Intrusion Prevention System) works in tandem with Ingate’s existing security technologies, further strengthening security for VoIP, SIP trunking, UC and other SIP applications.
Diagnostics, Troubleshooting and Monitoring.
The SIParator has extensive logging and diagnostic features, to ease troubleshooting and resolve problems quickly. It can also directly generate PCAP traces, allowing more extensive analyses with WireShark and similar tools. The SIParator also has a built-in test agent that can be used to make test calls in either direction to assess MOS scores. The client can also be
programmed to perform these tests on a scheduled basis.The voice quality of calls can be monitored and reported via RADIUS, including packet loss, jitter, delay, MOS score and more.
Reliability, Load Balancing and High Availability Failover.
The SIParator fully supports load balancing and failover using DNS SRV and speeds up failover by monitoring SIP servers. In addition, the SIParators can be used in failover pairs, protecting from catastrophic failure. By synchronising configuration and long-time states (like SIP registrations), the idle device takes over at the Ethernet level should the active device fail. This Ingate failover method also protects against software faults, since it directly allows dropped calls to be setup freshly again.