cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

SBC behind existing firewall

Jump to solution

So I'm going to be installing my first Session Border Controller and I have a Netvanta 3430 w/ SBC (50 calls) on the way. I have a phone system that is currently on the LAN working with SIP trunks provided by the provider. We are now adding ip phones and will need to add the SBC to get those working with the SIP trunks. I understand the phone system (172.16.1.x) will communicate with the Adtran interface (172.16.1.x), but I have a question about the other 3430 interface that will need to communicate with the SIP trunks. Can that interface be behind the existing router (172.16.1.x) or does it need it's own public ip address?

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: SBC behind existing firewall

Jump to solution

I can't recommend strongly enough that the interface of the SBC facing the SIP trunks of the carrier have a public IP not behind any existing firewall. The SBC essentially is a firewall for VoIP.

There are so many things that can go wrong doing it any other way. Even if you can get it to work now, something will change in the future such as newer protocols, someone upgrading firewall software, etc that will break things in weird, intermittent, and unpredictable ways.

This is especially true if your firewall does NAT or is managed by a different entity than you. Unmitigated disaster in the making with weeks of blamestorming.

View solution in original post

2 Replies
jayh
Honored Contributor
Honored Contributor

Re: SBC behind existing firewall

Jump to solution

I can't recommend strongly enough that the interface of the SBC facing the SIP trunks of the carrier have a public IP not behind any existing firewall. The SBC essentially is a firewall for VoIP.

There are so many things that can go wrong doing it any other way. Even if you can get it to work now, something will change in the future such as newer protocols, someone upgrading firewall software, etc that will break things in weird, intermittent, and unpredictable ways.

This is especially true if your firewall does NAT or is managed by a different entity than you. Unmitigated disaster in the making with weeks of blamestorming.

Anonymous
Not applicable

Re: SBC behind existing firewall

Jump to solution

Thank you