Professional Documents
Culture Documents
Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net
Table of Contents
Executive Summary ...........................................................................................................3 Introduction and Overview ................................................................................................3 Juniper Networks Enables IP Telephony ............................................................................4 Best-in-class Security ....................................................................................................4 Best-in-class Performance ...........................................................................................4 Best-in-class Reliability and Availability ........................................................................4 Centralized Management .............................................................................................4 Partnerships with Application Vendors .........................................................................5 Enterprise IP Telephony Solution Example .........................................................................5 Headquarters and Campus Users ................................................................................5 Branch Office Users......................................................................................................6 Teleworker ..................................................................................................................8 Mobile Worker .............................................................................................................8 Data Center ..................................................................................................................9 Juniper Networks Enterprise Solutions Portfolio ..............................................................10 Firewall/IP Sec VPN ...................................................................................................10 Intrusion Detection and Prevention (IDP) ..................................................................10 SSL VPN Secure Access .............................................................................................. 11 Application Acceleration............................................................................................. 11 Enterprise Routing .....................................................................................................12 Policy, Control and Visibility .......................................................................................13 Conclusion .......................................................................................................................13
Executive Summary
Geographically dispersed workers and consolidation of network resources are some of the trends fueling the growth of IP telephony in todays enterprises. Yet to reap the benefits of IP telephony, enterprises must be able to support its unique requirements. This white paper discusses Junipers unique ability to provide the security, availability, and performance demanded by IP telephony applications. The white paper also looks at real-world examples of the needs of IP telephony users in the enterprise, including headquarters basedcampus worker, branch office user, teleworker, and mobile worker.
Best-in-class Security
Juniper Networks solutions provide complete security for a wide range of IP telephony applications and protocols. These solutions can Detect and prevent threats from impacting service availability Repel attacks targeted at IP telephony equipment Secure call signaling (H.323, SIP etc.) and voice communications from any location using VPN technology and Application Layer Gateways (ALGs) Ensure only appropriate users and devices can access IP telephony resources.
Best-in-class Performance
Juniper Networks platforms are designed to deliver high performance throughput under all network and service conditions. In particular, they deliver the performance required for quality IP telephony communications by Increasing existing bandwidth capacity over wide area links Ensuring minimal latency, jitter, and packet loss, regardless of network conditions, and connectivity over WAN and Expediting VoIP traffic streams using a variety of methods.
Centralized Management
Juniper Networks policy, control, and visibility solutions provide appropriate access control, policy creation and management, and network and service management, ensuring secure and reliable networks for all applications, including IP telephony. In this group, Juniper Networks solutions Restrict network access to valid users and devices Validate and enforce compliance policies on users and devices, and Provide centralized management, monitoring and reporting for network services and infrastructure.
Headquarters
Wireles
IDP
WXC 500
ss Po int
Soft
switch
LAN
Swit ch
Wireles
Voice
SSL VPN
Fire
wall
Fire
wall
Soft
switch
M Ser ie
J S erie
GSM/WiFi IP Softphone
Voice
PSTN
WAN
Internet
Mobile
SSG
J S erie
or
SSG
NS 5GT-
WX 20
IP Softphone IP Agent
GSM/WiFi
IP Softphone
Road Warrior
Enabling IP Telephony with Juniper Enterprise Solutions Increasing deployments of wireless LANs are helping fuel the rollout of IP telephony applications by making it easier to roam in a campus or large office environment. For example, employees visiting from other enterprise locations can use an IP telephony application running on their laptops (or softphone) to make phone calls affordably throughout a campus location, either by using an attached headset and speakers, or by forwarding their extension to any handset in a guest office. Campus security guards can use IP mobile wireless radios to keep in touch while doing their rounds. Wireless networking in these locations requires increased security and performance, so that hackers cannot snoop on wireless IP phone calls for malice or for profit. Another trend fueling security requirements in headquarters locations is the need to accommodate guests. Visiting clients and contractors may expect Internet access for their laptop, and they may want to use a telephone. How can their needs be met without compromising the availability and security of the network? Juniper Networks has a range of solutions to address all these requirements for headquarters and campus users (see Table 1). For users at headquarters/campus using real time, business critical, IP telephony applications such as contact center, the Juniper data center application acceleration (DX) and load balancing platforms help improve performance of web based appliactions accessed by contact center workers,. The Juniper Networks M-Series routing platforms also improve VoIP performance via cRTP packet compression, and provide granular control of quality of service (QoS) for VoIP traffic across the WAN network using MPLS or other mechanisms. Users making and receiving calls on a PDA or laptop throughout the campus on a wireless LAN can be assured that no one is listening in. Campus devices, whether on the wired or wireless network, are checked for security compliance, authenticated, and granted device and user privileges via the Juniper Networks Infranet Controller (IC). The IC authenticates users via RADIUS, using either the Steel-Belted Radius (SBR) functionality included on the IC, or via HTTP. In both cases, third-party identity servers are typically consulted for user credentials. Visiting workers or contractors can also be granted access without compromising enterprise security. IP hardphones and their data ports in guest worker offices can be restricted to certain VLANs via standard discovery protocols supported in 802.1X switches and a standalone SBR server. The Juniper Networks Intrusion Detection and Prevention products (Juniper Networks IDP) protect critical VoIP assets from external and internal attacks. Juniper Networks Firewall/IPSec VPN products keep out unwanted traffic, while opening and closing pinholes dynamically to allow IP phone calls to penetrate the firewall.
Enabling IP Telephony with Juniper Enterprise Solutions Juniper Networks has a suite of branch solutions that provide the services and infrastructure needed to support IP telephony in offices from small to large (see Figure 1 and Table 1). For enterprises using or considering Avaya IP telephony equipment in their branch offices and Avaya Communication Manager software at headquarters, Juniper Networks J4350 and J6350 routers support an integrated Avaya Media Gateway. Consolidating routing, security services, and IP telephony in a single device provides a simple yet highly reliable solution for branch users. The Avaya IG550 Media Gateway supports a variety of traditional telephony interfaces and works with the Avaya Communications Manager to extend IP telephony applications transparently to the branch from headquarters locations. The IG550 Media Gateway protects business critical communications with a range of survivability options that operate under a variety of network conditions. Juniper Networks J-series routers are available with multiple interfaces, supporting simultaneous connections to the Internet, headquarters, and the branch office LAN. The J-series routers are the right choice for branch offices requiring MPLS features in their customer premise equipment. In terms of security, their integral stateful firewall protects the branch office from external threats originating from the Internet. The J-series routers also support IPSec VPNs, providing a highperformance, encrypted tunnel over the Internet for all communications between the branch and headquarters. Branch offices with higher security and performance requirements can add the Juniper Networks SSG Family, which will protect users against new and emerging Internet threats. The SSG Family not only includes the network security features of the J-series router, it also incorporates a host of Unified Threat Management (UTM) features. SSG UTM features such as IPS (with deep packet inspection), Web Filtering, and Antivirus (including Anti-Spyware, Anti-Spam, Anti-Adware, and Anti-Phishing) are all available as an annual subscription. SSG Family UTM features ensure branch users are always protected from the latest threats, since the gateways are automatically updated without IT staff intervention. Branch offices that do not require MPLS support or a media gateway receive excellent protection, routing, and performance by simply deploying an SSG. For enterprises using Avaya IP telephony applications and phones, the SSG Family supports a H.323 and SIP application layer gateway (ALG), which opens and closes pinholes in the firewall to let valid, approved IP phone calls through. Enterprises can ensure high-quality voice communications and fast and consistent response times for real-time applications by leveraging the Juniper WAN application acceleration (WX/ WXC) platforms. By overcoming the technical limitations of WANs, the WX/WXC platforms address the four key performance issues that impact real-time applications bandwidth, latency, jitter, and packet loss. The WX/WXC platforms are typically deployed between branch offices and headquarters or the data center and accelerate applications over the WAN. This dramatically improves response times of all IP-based applications such as email, file services, FTP, Oracle, and SAP; all while freeing up WAN bandwidth and giving voice and other real-time applications the quality of service they require. As a result, IT can successfully roll out VoIP applications to branch offices across the existing IP data network, without increasing WAN capacity.
Teleworker
Increasingly people are working from home either for some or all of their workweek. According to a recent ComputerWorld survey, 89% of the top 100 US companies offer telecommuting to their employees. These employees need the same network availability as users in corporate locations. They are typically connected to a corporate location over the Internet using a wired solution, perhaps via cable or DSL. For VoIP solutions, they may be using an IP phone connected to their home gateway, or a softphone application on their computer. In terms of security, teleworkers need a solution beyond a firewall. They need a solution that works in the background, protecting against the latest Internet security threats automatically. On the other hand, managers need to know that their workers are complying with business policies for acceptable use of the Internet while working from home. Juniper Networks solutions for teleworkers include the SSG 5/SSG 20 and the SSL VPN Appliance line installed at headquarters (see Figure 1 and Table 1). Juniper Networks SSG 5 and SSG 20 are security solutions specially designed for small offices and teleworkers. These solutions are designed to be deployed quickly and easily by non-technical users. The SSG 5 and SSG 20 optionally integrate an ADSL modem or wireless modem, delivering a complete telecommuter solution supporting high-performance VoIP and data communications at outstanding value. The SSG 5 and SSG 20 integrate the same robust firewall, IPSec/VPN, and UTM security features available at the headquarters and branch office locations. Juniper Networks UTM features not only protect teleworkers from attacks; they also enforce acceptable use of the Internet for workers using company equipment and networks at home. The SSG 5 and SSG 20 also include a broad array of specific security features for wireless. The SSG Family supports a voice-aware Application Layer Gateway that adds an additional layer of security to VoIP calls. While many organizations will choose to run a high-performance IPSec VPN between full-time teleworkers and their corporate location, there may be instances, such as for distributed call center workers, where they choose to run SSL VPN instead. This solution, while available to teleworkers, is discussed in the mobile worker section.
Mobile Worker
A geographically dispersed workforce and the productivity gains resulting from mobile applications are compelling organizations to support remote, mobile employees. There are several types of workers requiring mobile access to an organizations network resources. Sales people may want access to information while at a customer site or in a hotel room. Office workers may occasionally want to access information while at home in the evening. Home care workers and field service agents, on the other hand, spend their days going from one client location to another. A Juniper Networks Secure Access SSL VPN appliance, deployed at a headquarters location, grants secure, reliable access for valid remote or mobile workers. Regardless of their location, validated users can access the specific corporate applications the organizational policy says they are entitled to, including IP telephony applications, using only a standard web browser. Workers traveling with their laptop, their installed softphone application and a headset can make and receive calls over a Juniper Networks SSL VPN encrypted tunnel, whether they are connected to a hotels network or a customers network, either wired or wireless. Field workers, with their dual mode cell phones (WiFi and GSM), can similarly access applications and make calls using their VoIP corporate application when on campus. Third-party solutions, such as Avaya IP Softphone and IP Agent applications, are fully certified and tested with Juniper Networks SSL VPNs.
Data Center
No discussion of IP telephony solutions in the enterprise is complete without considering the data center, where application servers typically reside. Data centers may be located in headquarters, but often are located outside of headquarters for disaster recovery purposes. Common IP telephony applications housed in the data center include IP PBX, contact centers, and conferencing and collaboration software. Users expect higher availability from voice services, so the data center networking, performance and security must be optimized. Juniper Networks high-performance infrastructure and services solutions address data center requirements for security, application acceleration and load balancing, and connectivity (see Figure 2). Juniper Networks solutions for the data center are listed in Table 1. Juniper Networks data center application acceleration (DX) and load balancing platforms are integral to contact center applications, since they cut web page download times in half. The Juniper WAN application acceleration (WX/WXC) platforms reduce the impact of latency, increase WAN capacity, provide visibility into WAN and application performance, and prioritize VoIP traffic over other applications traffic, to improve application response times for both voice and data traffic. M-Series routers improve bandwidth utilization and minimize latency, jitter, and packet loss, ensuring optimal voice quality. They also contribute to network reliability by diverting traffic to alternate paths if a link fails. Juniper Networks ISG products protect the data center from attack, and secure communications with high-performance, encrypted VPNs.
M Se ries
Internet
s
M Se rie
Private WAN
Integrated IPS/FW/VPN
WAN Optimization
DX DX
Web Servers
Apps SIP Vide
App Servers
Databases
10
Enabling IP Telephony with Juniper Enterprise Solutions Juniper Networks IDP can also identify and prevent attacks specifically targeting or resulting from IP telephony applications. Since Juniper Networks IDP products understand over 60 application-level protocols, including SIP and H.323, they can detect and prevent threats ranging from a DoS attack on a PBX being bombarded with call setup packets, to worms/viruses/trojans attempting to infiltrate IP phones or servers, to toll fraud or unauthorized access to voicemail system. Juniper Networks IDP not only helps protect networks against attacks, it also provides information on rogue servers and applications that may have been unknowingly added to the network (for example, voice-enabled chat or other peer-to-peer voice applications). Juniper Networks IDP provides administrators with visibility into specific applications that are present and/or being used on the network and how, when, and by whom they are being used. A centralized, rule-based management approach offers granular control over the systems behavior with easy access to extensive auditing and logging, and fully customizable reporting.
Application Acceleration
With the increase in web-based applications, the data center in many enterprises is becoming cluttered with many servers, load balancers, and devices that perform specific functions like SSL termination, data compression, authentication, authorization, and accounting (AAA), and HTTP proxy and caching. As the data center scales, these become complex and costly to both deploy and manage. Juniper Networks data center application acceleration (DX) and load balancing platforms integrate all these web front-end functions into a single, highly available and secure platform. In addition, the DX platforms offload responsibilities from application servers, improving the performance of web-based applications and thereby increasing worker productivity. In the case of voice applications, DX platforms accelerate the web-based components of voice applications, such as contact centers or collaboration tools. Another critical area ripe for optimization in the enterprise is WAN links between locations. As enterprises have expanded their business processes to include real-time applications such as voice, their WAN links are getting congested. Increasing WAN capacity alone doesnt address the performance issues caused by latency, jitter and packet loss. Whats needed is a solution that not only frees up WAN bandwidth but also gives voice and other real-time applications the quality of service they require.
11
Enabling IP Telephony with Juniper Enterprise Solutions Juniper Networks WAN application acceleration (WX/WXC) platforms accelerate response times for all IP-based applications running over the WAN, including voice and other real-time applications. Built on the unique WX Framework, the WX/WXC platforms integrate powerful compression and caching, acceleration, bandwidth management and QoS, path optimization, and visibility capabilities. This set of interdependent technologies allows the WX/WXC platforms to overcome the technical limitations of WANs and address the four key performance issues that impact real-time applications: bandwidth, latency, jitter, and packet loss. The WX/WXC platforms create a more controlled environment for IP telephony applications by improving the performance of non-voice applications across the WAN through TCP acceleration and application-specific acceleration technologies. The WX/WXC platforms also make room for voice traffic by increasing available WAN capacity through memory-based compression and diskbased caching. In addition, the WX/WX C platform can compress VoIP headers by as much as thirty percent. By making sure that voice traffic gets higher priority than other data applications using quality of service (QoS) and bandwidth management technologies, the WX/WXC platforms ensure delivery of real-time applications. In locations served by two WAN links, IT staff can use the Policy-based Multipath feature to automatically divert traffic based on performance thresholds, so that lowerpriority traffic is directed over the slower and less expensive links. Lastly, by providing visibility into performance of voice and other real-time applications, the WX/WXC platforms allow IT to quickly identify, troubleshoot, and resolve problems. Working in concert, these capabilities supported by the WX/WXC platforms allow IT can successfully roll out VoIP applications across the existing IP data network, without increasing WAN capacity. The Juniper Networks WX/WXC platforms have been tested and optimized to support Avaya IP telephony applications.
Enterprise Routing
All Juniper Networks routers run the industrys most highly regarded routing operating system. JUNOS is highly modular, available system that offers outstanding performance while simultaneously running services such as Firewall, NAT, and VPN. JUNOS allows full control of the router even when under DoS attacks. Further, Juniper Networks M-series and J-series routers uniquely combine best-in-class IP/MPLS capabilities with unmatched reliability, stability, and security over a wide variety of interfaces. The M-series is ideal for headquarters, campus locations, and data centers, while the J-series is designed for branch and regional offices. The Juniper Networks M-series and J-series routers contribute to excellent quality voice transport both inside and outside the enterprise, while simultaneously delivering consistently high performance. The comprehensive MPLS feature set in these routers, including traffic engineering, auto-bandwidth, and fast reroute, helps ensure the availability critical for IP telephony. Comprehensive quality of service (QoS) functionality prioritizes voice over a converged network, minimizing latency and improving voice quality. Hardware encryption and acceleration built into the J-series and M-series platforms combine to provide the low-latency, low-jitter yet secure transport necessary for high quality voice communications. Bi-directional Forwarding (BDF) provides instant failure recovery if an IP link fails. And unlike most network equipment, link services in Juniper Networks routers efficiently handle voice packets over wide area links using compressed RTP and link fragmentation and interleaving. For secure, optimized IP telephony, the Juniper Networks M-series and J-series fully support the stateful Firewall and IPSec VPN capabilities with little performance impact on routing. Each J-series and M-series optionally supports a stateful firewall with attack detection, keeping all communications secure from external threats. 12
Copyright 2006, Juniper Networks, Inc
Conclusion
To benefit from the cost savings and increased productivity that IP telephony offers, enterprises must support its unique requirements for secure and assured performance, on-demand and in real-time. Further, enterprises must continue to secure their networks from both existing and emerging security threats, from both inside and outside the organization. Juniper Networks leverages an open, standards-based environment to deliver both the network services and infrastructure required for IP telephony. Juniper Networks ensures high quality voice by making more room for voice traffic, recognizing and prioritizing voice traffic in ways designed to benefit users, enterprise locations, and specific VoIP applications. Juniper Networks solutions are recognized for their industry-leading resiliency and performance, enabling enterprises to meet the high expectations of IP telephony users and applications. Juniper Networks solutions also include a complete range of security solutions, protecting the enterprise network in every location and specifically protecting against threats targeting VoIP infrastructure.
1
Enabling IP Telephony with Juniper Enterprise Solutions Table 1: Juniper Networks Products for IP Telephony deployments
Location Data Center Product ISG 2000* ISG 1000* Functionality in IP Telephony Deployment High performance, purpose built firewall/VPN platform ensures lowlatency and low jitter packet transport required for voice traffic Dynamic, route-based IPSec VPN with stateful failover to ensure no dropped voice calls Policy-based network segmentation for secure separation of VoIP and other network components Supports H.323, SIP, MGCP, SCCP application layer gateway (ALG), to only let valid, approved IP phone calls through the firewall Optional integrated IDP protect against H.323 and SIP-based attacks via protocol decode and attack prevention Protects network resources including IP PBX and associated servers from DoS attacks, worms, viruses, trojans etc. NetScreen-5400 NetScreen-5200 High performance, purpose built firewall/VPN platform ensures lowlatency and low jitter packet transport required for voice traffic Dynamic, route-based IPSec VPN with stateful failover to ensure no dropped voice calls Policy-based network segmentation for secure separation of VoIP and other network components Supports H.323, SIP, MGCP, SCCP application layer gateway (ALG), to only let let valid, approved IP phone calls through the firewall VoIP specific DoS attack protection to protect the network from being flooded with VoIP calls IC 6000 IC 4000 IDP 1100 IDP 600 802.X enforcement of access control policies based upon user identity, endpoint security state or network information. Protect against H.323 and SIP-based attacks via protocol decode and attack prevention Protects network resources including IP PBX and associated servers from DoS attacks, worms, viruses, trojans etc. M320 M120 M10i Provides superior small-packet QoS performance for VoIP - low latency, low jitter and low packet loss using the highly reliable and modular JUNOS operating system Improves bandwidth utilization and VoIP performance via cRTP packet compression Protects/expedites VoIP traffic to achieve voice-grade QoS through MPLS Detects IP link failures quickly through bi-directional Forwarding Detection (BFD) and MPLS Fast Re-Route (FRR) Link Fragmentation and Interleaving (LFI) support improves QoS on lower-speed links to ensure a high-quality user experience. SA 6000 SSL VPN based clientless secure remote access supports Softphone like applications required for remote IP telephone users Dual-mode transport supports both SSL and IPSec transport for latency-sensitive configurations to ensure smooth operations of voice applications WXC-500 stack Increase existing WAN capacity to support voice calls Ensure voice packet delivery through QoS and bandwidth allocations Reduce latency across WAN for high quality voice communications DX 3680 DX 3600 Improves performance of data components of other telephony applications (messaging, contact center, etc.) by cutting web page download times in half Increases server capacity by 3-4x and reduces server costs by up to 80%
14
Campus
High performance, purpose built firewall/VPN platform ensures lowlatency and low jitter packet transport required for voice traffic Dynamic, route-based IPSec VPN with stateful failover to ensure no dropped voice calls Policy-based network segmentation for secure separation of VoIP and other network components Supports H.323, SIP, MGCP, SCCP application layer gateway (ALG), to only let valid, approved IP phone calls through the firewall Optional integrated IDP protect against H.323 and SIP-based attacks via protocol decode and attack prevention Protects network resources including IP PBX and associated servers from DoS attacks, worms, viruses, trojans etc.
NetScreen-5400 NetScreen-5200
High performance, purpose built firewall/VPN platform ensures lowlatency and low jitter packet transport required for voice traffic Dynamic, route-based IPSec VPN with stateful failover to ensure no dropped voice calls Policy-based network segmentation for secure separation of VoIP and other network components Supports H.323, SIP, MGCP, SCCP application layer gateway (ALG), to only let let valid, approved IP phone calls through the firewall VoIP specific DoS attack protection to protect the network from being flooded with VoIP calls
802.1X enforcement of access control policies based upon user identity, endpoint security state or network information Protect against H.323 and SIP-based attacks via protocol decode and attack prevention Protects network resources including IP PBX and associated servers from DoS attacks, worms, viruses, trojans etc.
M10i M7i
Provides superior small-packet QoS performance for VoIP - low latency, low jitter and low packet loss using the highly reliable and modular JUNOS operating system Improves bandwidth utilization and VoIP performance via cRTP packet compression Protects/expedites VoIP traffic to achieve voice-grade QoS through MPLS Detects IP link failures quickly through bi-directional Forwarding Detection (BFD) and MPLS Fast Re-Route (FRR) Link Fragmentation and Interleaving (LFI) support improves QoS on lower-speed links to ensure a high-quality user experience.
SA 6000 SA 4000
SSL VPN based clientless secure remote access supports Softphone like applications required for remote IP telephone users Dual-mode transport supports both SSL and IPSec transport for latency-sensitive configurations to ensure smooth operations of voice applications
Increase existing WAN capacity to support voice calls Ensure voice packet delivery through QoS and bandwidth allocations Reduce latency across WAN for high quality voice communications Improves performance of data components of other telephony applications (messaging, contact center, etc.) by cutting web page download times in half Increases server capacity by 3-4x and reduces server costs by up to 80%
DX 3280 DX 3200
15
Branch Office
SSG 550 SSG 520 SSG 140 SSG 20*** SSG 5***
High performance, purpose built firewall/VPN platform ensures lowlatency and low jitter packet transport required for voice traffic Dynamic, route-based IPSec VPN with stateful failover to ensure no dropped voice calls Policy-based network segmentation for secure separation of VoIP and other network components Supports H.323, SIP, MGCP, SCCP application layer gateway (ALG), to only let let valid, approved IP phone calls through the firewall Provides a full set of UTM security features that includes Anti-spam, Antivirus, IPS and Web Filtering VoIP specific DoS attack protection to protect the network from being flooded with VoIP calls
Provides superior small-packet QoS performance for VoIP - low latency, low jitter and low packet loss using the highly reliable and modular JUNOS operating system Improves bandwidth utilization and VoIP performance via cRTP packet compression Protects/expedites VoIP traffic to achieve voice-grade QoS through MPLS Detects IP link failures quickly through bi-directional Forwarding Detection (BFD) and MPLS Fast Re-Route (FRR) Link Fragmentation and Interleaving (LFI) support improves QoS on lower-speed links to ensure a high-quality user experience.In addition, J4350 and J6350 supports Avaya IG550 gateway and interface modules
Protect against H.323 and SIP-based attacks via protocol decode and attack prevention Protects network resources including IP PBX and associated servers from DoS attacks, worms, viruses, trojans etc.
SA 2000 SA 700
SSL VPN based clientless secure remote access supports Softphone like applications required for remote IP telephone users Dual-mode transport supports both SSL and IPSec transport for latency-sensitive configurations to ensure smooth operations of voice applications
Increase existing WAN capacity to support voice calls Ensure voice packet delivery through QoS and bandwidth allocations Reduce latency across WAN for high quality voice communications High performance, purpose built firewall/VPN platform ensures lowlatency and low jitter packet transport required for voice traffic Dynamic, route-based IPSec VPN with stateful failover to ensure no dropped voice calls Policy-based network segmentation for secure separation of VoIP and other network components Supports H.323, SIP, MGCP, SCCP application layer gateway (ALG), to only let let valid, approved IP phone calls through the firewall Provides a full set of UTM security features that includes Anti-spam, Antivirus, IPS and Web Filtering VoIP specific DoS attack protection to protect the network from being flooded with VoIP calls
Support for Softphone application provided through clientless secure remote access through SSL VPN functionality provided through the appliance at the Data center or on Campus Support for Softphone application that runs on PDA, GSM/WiFi cell phones etc. provided through clientless secure remote access through SSL VPN functionality provided through the appliance at the Data center or on Campus
Copyright 2006, Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
16