The latest version of Ingate Systems’ Firewall 1600 improves on the Firewall 1400. The result is a SIP-aware VoIP firewall suitable for all but the largest enterprises.
The Firewall 1600 is a more capable unit designed to handle twice the load of the 1400. It’s built to fit easily into the enterprise; Ethernet ports run at gigabit speeds, for example. The firewall supports VoIP survival, which lets a remote office continue to function and connect to the outside world even if the central PBX is down or unreachable. Although this feature requires a media gateway to connect to the PSTN, it lets your remote offices function even when network problems intrude.
Other useful features include support for remote SIP connectivity. Employees can travel outside the phone network but retain network access if they use a SIP phone or a SIP softphone.
The 1600’s Web-based GUI, used for configuring the firewall, is intuitive and easy to use. Some of those configurations included advanced functions such as setting up NAT traversal and proxy settings, but we never had to open the manual during configuration. Normally NAT requires outside users and firewall managers to jump through a series of hoops that make the process very difficult or impossible, even in cases where the firewall will pass SIP packets (not all will). Thankfully, NAT traversal is designed into the 1600, so setting up outside users is reasonably easy.
The 1600 attaches to your network in a number of ways. It can work as a stand-alone VoIP firewall, siphoning off voice traffic and easing the burden on your enterprise firewall. It can live in the DMZ of your existing firewall and handle voice traffic through it. Or the 1600 can be your only firewall, handling both voice and data protection. In this scenario the 1600 is a capable network firewall, although it isn’t as full featured as some — it lacks VLAN hardware acceleration, for example.
We tested the 1600 in each of the firewall configurations described above and found all of them to be effective. In our SIP PBX test, the Firewall 1600 served as the only VoIP firewall on the network. For the most part, configuration and management were surprisingly easy. It worked perfectly with the Siemens Hi-Path 8000, the Zultys MX250, and the Versatel Networks 1500L media gateway. There were a few unresolved problems with the Avaya PBX, mainly in maintaining sessions for long periods of time. We are fairly sure this was due to a configuration issue, but we ran out of time before we found out for certain.
More importantly, the 1600 handles twice as many VoIP users as its Firewall 1400 sibling. Its six interfaces, two of them running at 1Gb, mean the Firewall 1600 fits well into existing networks and won’t create a bottleneck. It handles as many as 1,000 registered SIP users and standard SIP addressing for reaching specific phones on inward calls.
Like the Firewall 1400, the 1600 allows you to create lists of which callers are allowed to do specific functions.