Hi all,
I have a query about VoIP security etc... I'm OK with normal route and switch stuff, but when it comes to unified comms and security, it's a bit of a weak point, so I hoping you guys could help.
A diagram of the setup is here:
This is only one side,there is another, and it works as an Active/Active setup with VRRP... calls are load balanced
"X" doesn't currently exist, but with more users coming online, we feel "X" should... But with what?
Initially with some research, everything pointed towards SBC's, some of the contractor guys suggested this would be a good approach too, but looking more into it, our current IP to E1 gateway is doing a lot of the functions of an SBC, so when you factor in costs and licences, also the fact we would be using very little of the features,they seem pointless.
Other users (SIP Endpoints) will always be known, so a firewall seemed like the next logical choice, but what type?
Effectively we want to reduce/manage the risk of DoS attacks, replay attacks and just general security of the IP to E1 gateways. A routed statefull firewall seemed ideal, with some traffic policing, but how is this setup with VoIP in mind (Cisco ASA)? Also, we need something that is not too complex to make edit to for testing, faultfinding and onboarding of new users (endpoints)...I'm assuming this will be a lot of ACL manipulation? Is VRRP much of a hassle through firewalls?
Would a transparent FW be a better option?
Does it need to be an ASA at all, or could we just get a router with a security licence to do this?
Probably some stupid questions in here, but like I said UC and SEC aren't really something I've much experience in.
No comments:
Post a Comment