A new firewall is correcting a problem that most companies aren't yet experiencing, but experts said could become...
an issue in the not too distant future.
The problem is that most firewalls block the very technology that is now gaining momentum as the protocol for voice-over-IP (VOIP) and instant messaging - the Session Initiation Protocol (SIP).
While VOIP expense and inconsistency has kept its adoption rates low, instant messaging is becoming a popular business tool. Microsoft is now shipping SIP with Windows XP for instant messaging. Since today's firewalls block SIP, companies must either use instant messaging and VOIP outside their existing firewalls or avoid it all together.
To address this problem, Ingate Systems, a Swedish company, has introduced the first SIP-capable firewall. While firewall heavy hitters like Cisco and Checkpoint are ramping up their own SIP-capable firewalls, Ingate's is the early leader.
Dave Passmore, an analyst at The Burton Group, a Midvale, Utah, consulting firm, said during the next year or two IT managers need to think about moving to a firewall that will allow SIP transmission.
In the not so distant future, Passmore said people will communicate over their computers by a combination of text, voice, video or sound. And SIP will be at the core of those communications. "SIP is smart enough to look at the capability of two machines and negotiate the highest common denominator," he said. Over time, SIP is likely to become a dominate protocol for communications Passmore said.
Ingate has introduced two products to address the growing interests in SIP. One is a firewall that will allow SIP-based communication through the firewall without compromising integrity, the other works with a company's existing firewall to provide the same functions.
Ingate Chief Executive Olle Westerberg said that in the U.S., instant messaging will help spread the use of SIP and create the need for changes in enterprise firewalls. "We re now just leaving the exploratory development stage and moving into the commercial deployment stage," he said.
Today's firewalls are almost specifically designed to block SIP. They block transmission originating from the public Internet with exception of Web traffic. SIP port numbers are assigned at random at the beginning of each session. So, for a standard firewall to allow SIP communications it would have to open thousands of ports. Ingate's system can identify SIP sessions. It then opens only the port needed for that communication to take place and then closes the port once the session is concluded.
Ingate has already sold units to Swedish carrier Telia and embattled WorldCom. Westerberg says that he is also getting great interest from companies throughout Asia, Though WorldCom continues to test a number of SIP capable firewalls, Ingate's is the only one that it has certified and is selling to its own customers.
WorldCom's director of multimedia services engineering, Teresa Hastings said WorldCom has worked with Ingate for almost a year to test and deploy the system and it is now conducting trials with a number of customers. "We've made every effort to make this a doable and understandable solution, but it has to be done carefully and with eyes wide open as with any firewall solution," she said.
The Ingate products are being distributed in the U.S. through Interlink Communication Systems. The product runs from $850 to $3,500. A large enterprise system can cost as much as $10,000.
CommWorks Corp., a subsidiary of 3Com Corp. that develops IP technologies for carrier networks, has certified Ingate's Siperator, the product that enables existing firewalls to allow SIP-based communication. While CommWorks product manager Venkatakrishnan Raman won't comment on the products performance during testing, he said it scored 90 percent (nothing below 80 passes) and it is the only SIP-capable firewall product to gain Commworks certification.
"From a small enterprise perspective, Ingate's solution was good," Raman says.
Laura Koetzle, an analyst at Forrester Research, Cambridge, Mass., is less enthusiastic about Ingate. She said that even though the technology is interesting, there's not much interest right now in VOIP. Last year, only 7% of companies surveyed by Forrester Research used any kind of VOIP. And when interest picks up, firewall giants like Cisco are likely to step up with their own systems.
Westerberg expects stiff competition. "Yes," he said, "In five years time every firewall will be SIP capable. We will have to continue to innovate, to improve and stay better than the competition."