Guide to Firewall and NAT Traversal 

   Google+
NAT Traversal
Home NAT Traversal Server NAT Traversal Gateway Contact

NAT Traversal Solution Requirements

We have seen how NAT/firewalls present a challenge to VoIP call completion. As we saw in Figure 1, there are many different kinds of NATs/firewalls in use, each which may be setup differently, making VoIP calls difficult to complete.

A typical solution to the problem described above is that a VoIP application will require a range of specific port numbers to be left open in the firewall. This approach introduces a severe security risk because an intruder, with knowledge of these open ports, can create malicious software to take advantage of the fact that the firewall is letting traffic in through the open ports. Leaving ports open defeats the reason for installing a firewall in the first place.

Another problem with opening ports is that manual configuration is required by end-users or network administrators. Home users often lack the necessary technical knowledge to correctly make this adjustment, or may even be unable to do so if their ISP controls their firewall product, as is the case with certain cable and DSL service providers. For internal users, their network administrator may also be unable, or more likely unwilling, to open the required ports that the VoIP application needs to function correctly. Either way, users are required to take extra steps to enable end user communications and, more often than not, will give up in frustration. Some key features that are expected from a NAT traversal solution include:

  • Guaranteed call completion with maximized peer-to-peer calls: The solution must ensure 100% call completion rate between users, regardless of the NAT/firewall types used. Moreover, it needs to maximize peer-to-peer calls in order to reduce load on relay servers.

  • Security: The NAT traversal solution must not compromise the security settings of the NAT/firewall.

  • Ease of integration with existing products or services: It is vital for the NAT traversal solution to be easily integrated with existing VoIP products or services, with minimal amount of work and time.

  • Standard compliance and interoperability: The solution must interoperate with equipment from different vendors. Therefore, the solution must be based on some standards to ensure successful communication between devices with different settings.

  • Service scalability: The solution needs to be scalable so that it can be used independent of the number of participants.

  • Optimized call completion time: The solution needs to make sure that the calls are established in a reasonable amount of time.

Next

NAT Traversal White Paper

 fff
  1. Introduction
  2. The Firewall and NAT Traversal Problem for VoIP and IP Communications
    2.1 The NAT/Firewall Traversal Challenge
    2.2 NAT Traversal Solution Requirements
  3. Solving the NAT Traversal Problem
  4. How ICE Methodology Works
  5. AnyFirewall Technology
    5.1 NAT Traversal API - AnyFirewall Engine
    5.2 STUN TURN Server - AnyFirewall Server
    5.3 VoIP call example using AnyFirewall Engine
  6. Conclusion
  7. Reference

 
Home

Terms of Use | Contact Us