Voice over ip represents an easily proven, cost-saving technology that many beleaguered IT executives are eager to exploit. Implementation, however, throws up hurdles, not the least of which is integrating VoIP into an existing security policy, especially the firewall. The problem with sending VoIP traffic across firewall boundaries is the complex nature of VoIP traffic, especially NAT and its performance burden. NAT changes a packet's source address from the private one used on the local network, to a public address that can be routed over the Internet. In small networks this isn't particularly taxing, but in large networks, the significant muscle and time associated with routing traffic creates a problem for VoIP traffic across firewall latencies. Fixing this problem requires tweaking each firewall product for VoIP support, a Herculean task given the multitude of VoIP standards.
展开▼