Manualshelf

Installation manual

ManualsBrandsAethra ManualsComputer equipmentX5
71727374757677787980
78
NAT – FIREWALL Interoperability
Introduction
There are many strategic advantages for companies that succeed in making all traffic converge from
voice applications, video and data to one IP network infrastructure.
Unfortunately, the drive to concentrate all IP communications onto one single network has reduced.
The connection between a company’s corporate network and the Internet world is accomplished
with firewalls and devices using NAT (Network Address Translation), which block voice and video
calls via IP. Firewalls block IP traffic for video and voice by preventing any unsolicited
communication from the outside. Devices implementing NAT block IP traffic because all
equipment on the internal network uses private IP addresses, and can therefore not be contacted
from outside the local domain.
There are several solutions to the problem of getting IP communications past NAT and firewalls:
bypassing the firewall or NAT device, upgrading the network infrastructure with an Application
Level Gateway (ALG), and going out through the firewall or NAT using semi-tunnelling
connections. Going around the firewall or NAT device is not the best solution for most companies.
Removing the firewall or placing videoconferencing equipment on an unshielded section of the
network could seriously compromise the network’s security.
Using these devices is very expensive and besides this an access policy for Firewalls and NATs
would be needed. These devices should be located along the communication path at every point
where a NAT and Firewall are present.
A second solution is the improvement of the network by the introduction of an ALG, but this is
intrusive and potentially expensive. ALGs are software packages specifically designed for firewalls
from various producers that examine every packet attempting to pass through the firewall in order
to determine whether it concerns a known protocol like H.323 or SIP. If the packet contains a
known protocol, the Firewall allows it through. However, like Proxies and MCUs that go around
firewalls, ALGs also need an access policy for firewalls and every firewall or NAT device needs
up-to-date ALG software. Because new protocols are continually being developed, ALG software
must be updated frequently.
IP Voice and Video Crossing NAT and Firewall
The use of existing network infrastructures for the transmission of voice, video and data promises
interesting strategic advantages for companies of all sizes. Commonly known as “rich media
communications” or “Internet Protocol (IP) communications” these technologies for converging
networks offer new opportunities to communicate, coordinate and collaborate with customers,
suppliers, commercial partners and others all over the world.
Unfortunately, the protocols used for IP communications conflict with most of the security
mechanisms for networks (such as Firewalls and NAT), resulting in protracted or late
implementation times for IP video and voice applications.
Firewalls and NATs – How they work
In an IP network, every device is assigned a unique IP address. All computers, telephones, and
videoconference terminals have at their disposal approximately 65,000 ports for the purpose of
establishing communication channels to transmit data to other devices on the network.
Messages between IP network devices are composed of packets that contain the following
information: the IP address of the terminal that has generated the message, the port number from
which the message has been sent, the IP address of the destination terminal, the port number at the
destination, and the data being sent.