What is the Difference between a Firewall and a Session Border Controller

Firewall and a Session Border Controller

Controlling the access to a particular site is critically vital among companies to secure their network communications, protect IT infrastructure and preserve high service levels of sessions. One of the most common methods of policies to implement is to use a firewall. But why then Voice Operators use a Session Border Controller (SBC) in addition to a firewall? How do these two terms differ?

These type of questions are probably encountered a lot of times in your business. It’s crucial that you understand the fundamental differences between SBCs and firewalls to use their purpose efficiently.

What is a Firewall and What Does It Do?

To put it simply, firewalls act as gates that are intended primarily to allow or block data communication flow. It’s an integral part of a comprehensive security framework of your network as it prevents unauthorized access. It uses a “wall of code” that checks and inspects each individual “packet” of data that goes beyond either side of the firewall – inbound to or outbound from your network.

Many enterprises believe that firewalls are sufficient enough to safeguard the company against advanced cybersecurity threats. However, as Voice over IP (VoIP) evolves to new speeds and high performance, cybersecurity threats are getting more common.

Firewall and a Session Border Controller

How Does SBC differ with Firewalls?

If a firewall acts as a “gate” that can only be opened or shut, a Session border controller is like a canal that has a series of trenches or pinholes which can be filled and then released. This kind of buffer allows more complex checking and adjustments than a simple open-or-shut gate.

Session Initiation Protocol (SIP) is used to launch and manage sessions. The various types of SIP servers are responsible for enabling sessions using Real-Time Transport Protocol (RTP) between two or more parties. Most IP firewalls offer only basic support for SIP wherein it can permit or reject SIP traffic. Firewalls also cannot actively change nor control real-time IP communication systems in the way SBCs can.

An SBC VoIP can do more things than a firewall. SBCs implement a back-to-back user agent (B2BUA) which actively processes signaling and media paths, in contrast to a firewall which is not actively involved in the RTP media path (the audio and video streams). SBCs can inspect and manipulate contents of the entire session so that it can implement security policies and then efficiently manage enterprise communications.

In addition to controlling and manipulating the SIP signaling and other associated RTP media streams, an SBC VoIP can also preserve the session state. For instance, SBC can keep pinholes open for a particular duration of time during a communication session, while a firewall will close and re-open a pinhole using different port numbers, which may cause the session to get disrupted.

Leave a Reply

Your email address will not be published. Required fields are marked *