Shoretel Ingate SIParator 50/55/65

Shoretel Ingate SIParator 50/55/65 Overview:

The Ingate SIParators 50, 55 and 65 are powerful tools for businesses wanting to step up to the next level of using VoIP and other IP-based real time communications, and to do so not only within the company, but outside the enterprise as well. The Ingate SIParator® from Ingate® Systems works seamlessly with an existing fi rewall to allow the traversal of SIP traffi c through the enterprise edge. While traditional fi rewalls block SIP traffi c – including mission-critical applications like VoIP – the SIParator resolves this problem while working in tandem with your existing security solutions. With the SIParator, businesses can harness the productivity and cost-saving benefi ts of VoIP and other IP-based communications while maintaining current investments in security technology.

Ingate’s SIParators are installed all over the world. Common scenarios: enterprises connecting to Internet telephony service providers (ITSP) and SIP trunks, connecting remote users and branch offi ces to use the corporate IP-PBX, and many more.

Ingate‘s SIP proxy-based solution delivers maximum control over SIP signaling, traffi c, and network security. With Ingate products, enterprises can use VoIP and other live communications on the LAN as well as globally over the Internet or private IP networks.

Ingate SIParators 50/55/65

The Ingate SIParators 50/55/65 have four ports each. The smallest – the SIParator 50 – can handle up to 150 concurrent RTP sessions. The Ingate SIParator 55 can handle up to 300 concurrent RTP sessions and the Ingate SIParator 65 has a capacity of 650 concurrent RTP sessions. The software upgrade module available for the Ingate SIParator 50 and 55 offers enterprises the fl exibility to buy only as much capacity as needed. Capacity can be added at any time. Hardware and the functionality are otherwise identical for all three models.

Included in the Ingate SIParator 50/55 and 65 are fi ve SIP traversal licenses, allowing up to fi ve calls to traverse at the same time. Additional SIP traversal licenses can be purchased at any time.

Ingate SIParators feature an encrypted Virtual Private Network (VPN) termination module. The SIParators can be confi gured as a part of the DMZ or in a standalone mode. In both cases, the benefits of SIP-based communications can be added to the network quickly and easily.

Trusted Network Security for VoIP
Ingate’s SIP proxy architecture grants fully secure traversal of the SIP traffic. The ports for the media streams are only opened between the specifi c parties of a call and only for the duration of the call. The SIP proxy inspects the SIP packets before sending them on. TLS and SRTP encryption ensures privacy, making call eavesdropping, call hijacking and call spoofing harder to do. Ingate also supports authentication of users and servers.

Support for SIP Trunking
More and more Internet telephony service providers offer a SIP trunk – a combined Internet and voice connection. For enterprises using an IP-PBX, SIP trunks are an ideal cost-saving solution as they no longer need local PSTN gateways or costly PRIs/BRIs. The service provider provides the PSTN connection. However, in order for SIP trunks to work, SIP traffic (as well as all other data traffic) must be able to traverse the enterprise firewall. Ingate’s SIP Trunking software module, available for all Ingate SIParators, enables firewall and NAT traversal using the built-in SIP proxy, allowing the enterprise to connect to the SIP trunk.

In addition, Ingate SIParators and the Ingate SIP proxy deliver advanced security for all SIP communications, including those via a SIP trunk. Ingate products also help ease compatibility issues between the IP-PBX and Internet telephony service provider.

Choose the Right Features for Your Network
Ingate offers several other add-on software modules that allow you to tailor the SIParator 19 to meet the specific demands of your business. Ingate Quality of Service (QoS) sets priorities to different kinds of data and allocates bandwidth for varied purposes – for instance, giving priority to VoIP.

Ingate Remote SIP Connectivity extends the SIP capabilities of the enterprise to employees working remotely (home offi ce workers, road warriors, etc.). Remote SIP Connectivity manages the traversal of the remote NAT from a central fi rewall and also includes a STUN server.

Ingate VoIP Survival adds a whole new dimension to hosted VoIP service by securing full redundancy in a SIP-based hosted IP-PBX environment all the way out to the customer premises.

Ingate Enhanced Security Module provides Intrusion Detection and Intrusion Prevention for SIP as well as encryption of the communication.

The SIP Registrar Module allows for making the Ingate Registrar the primary registration server.

Global VoIP Connectivity for your IP-PBX
Ingate SIParators open up a world of possibilities and cost savings when used with a SIP-based IP-PBX. Businesses can not only connect to a SIP trunk, but also route telephone calls via IP, between branch offices, home workers, offi ces and others using SIP-based VoIP. With an Ingate SIParator, the enterprise is no longer limited to voice; communication can also include video, instant messaging, presence and more.

Configuration:

Configuration 1: DMZ
The connects to the existing firewall through the DMZ interface. All traffic will pass through the existing firewall. This configuration requires that a static range of UDP and TCP ports are opened between the Internet and the SIParator and between the SIParator and the LAN. SIP clients on the LAN need to have the SIParator defined as their outgoing proxy or be referred to it via DNS. The firewall continues to control security, but SIP traffic is routed to the LAN only through the SIParator.

Configuration 2: DMZ/LAN
The Ingate SIParator connects to the DMZ of the existing firewall and to the LAN. This means that SIP traffic and media streams only have to pass through the existing firewall once (or not at all for all calls inside the office). A static range of UDP and TCP ports needs to be opened in the firewall between the Internet and the SIParator. SIP clients on the LAN need to have the SIParator defined as their outgoing proxy or be referred to it via DNS.

Configuration 3: Standalone
The SIParator connects to both the LAN and the Internet, operating entirely in parallel with the existing firewall. The SIParator will only handle SIP signaling and media streams; everything else will pass through existing firewall. This setup has no requirements for the existing firewall and requires no configuration changes. SIP clients on the LAN need to have the SIParator defined as their outgoing proxy or be referred to it via DNS.

Specifications:

IDS/IPS is not availble for the Ingate SIParator 19

Documentation:

Shoretel Ingate SIParator 50 Datasheet (PDF)