Direct SBC connections not via a Sonicwall Firewall

Hi All

I have a Session Border Controller attached, at the moment, to a Sonicwall Firewall; is it safe, or sensible to take out the connections from the Sonicwall and have the SBC connected directly to the ISP?  I am difficulties getting the Sonicwall to pass SIP to the SBC.


Thanks in advance
EricIT Systems and Asset ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

buckethead34Commented:
Possibly depending on the security capabilities of your SBC. The other thing to check on the Sonicwall is SIP-ALG and/or SIP inspection settings and toggle those to see if that allows it.
EricIT Systems and Asset ManagerAuthor Commented:
Hi Buckethead

The SBC is a Sangoma SBCT-CAR-250, Sangoma support is difficult to navigate :-(
J SpoorTME / Network Security EvangelistCommented:
Most of these 3rd party IP enabled devices do not run a hardened OS and would be possibly exploitable.

so no, not recommended. also see buckethead's comment about enabling the SIP ALG
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

Start Today!
EricIT Systems and Asset ManagerAuthor Commented:
Hi All,
I change the setting, the result was I was able to call in using MicroSIP but not with a Mobile or Landline, any ideas?

Thanks
Benjamin Van DitmarsSr Network EngineerCommented:
can you make a drawing of your setup. and the settings on acl, nat and sip of the firewall.
EricIT Systems and Asset ManagerAuthor Commented:
Hi Benjamin

I will put the diagram up shortly , a little tied up at the moment being a virus hunter - if only I could rid of users :-)

Thanks

E.
buckethead34Commented:
When you say you were able to call in using MicroSIP, what are you using for Call Control? Does the SBC have that type of functionality or is it another server? I'm just trying to figure out what actually set up the call. It may not have traversed the SBC at all. Do you have public numbers coming in on a SIP trunk terminated to the SBC or did the provider of the SIP trunk provide you with test numbers?
EricIT Systems and Asset ManagerAuthor Commented:
@Buckethead  - I am not sure what you mean by call control, the calls come on IP (from Voxbone and others) via the Sonicwall into the Sangoma SBC and from there either into an IVR server with user prompts or it goes to our internal TDM switch via the PRI card in the SBC.
I am quite new into SIP configuration so it is a steep learning curve.


Regards

E.
EricIT Systems and Asset ManagerAuthor Commented:
Hi All
I have found out that I can use Sangoma SBC as a primary point of access as it is hardened and has many features to protect my network, however I need it to work through my Sonicwall NSA firewall as I only have 1 ISP connection.  It seems Sonicwalls are known to be problematic with SBCs - so I work on it and add a different post if I get stuck.

Many thanks for your comments and suggestions

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.