Improving Voice over IP Connections

To deny access to user groups without an ACL

1Click the Global Cluster Policies tab.

2Under Access Options, select Deny Access without ACL.

3 Click Submit.

Improving Voice over IP Connections

Real-time applications, such as voice and video, are implemented over UDP. TCP is not appropriate for real-time traffic due to the delay introduced by acknowledgements and retransmission of lost packets. It is more important to deliver packets in real time than to ensure that all packets are delivered. However, with any tunneling technology over TCP, such real-time performances cannot be met.

The Firebox SSL VPN Gateway overcomes this issue by routing UDP packets over the secure tunnel as special IP packets that do not require TCP acknowledgements. Even if the packets get lost in the net- work, no attempt is made by either the client or the server applications to regenerate them, so real-time (UDP like) performance is achieved over a secure TCP-based tunnel.

When the Firebox SSL VPN Gateway is installed as a stand alone appliance, and users connect using the Secure Access Client, two-way communication is supported with the following voice over IP (VoIP) soft- phones:

Avaya IP Softphone

Nortel IP Softphone

Cisco IP Softphone

Cisco IP Communicator

Secure tunneling is supported between the manufacturer’s IP PBX and the softphone software running on the client computer. To enable the VoIP traffic to traverse the secure tunnel, you must install the Secure Access Client and one of the softphones listed above on the same system. When the VoIP traffic is tunneled over the secure tunnel, the following softphone features are supported:

Outgoing calls that are placed from the IP softphone

Incoming calls that are placed to the IP softphone

Bidirectional voice traffic

Enabling Improving Voice over IP Connections

Voice over IP (VoIP) traffic is carried over the UDP protocol. This kind of traffic is very sensitive to latency. The Firebox SSL VPN Gateway tunnels the UDP traffic through SSL connections. If you experience latency in your VoIP application, you can select the Improving Voice over IP Connections setting to minimize latency and improve the audio quality.

When you select this setting, the Firebox SSL VPN Gateway employs weaker encryption ciphers (56-bit). These weaker ciphers are used for all traffic that is transmitted using the UDP protocol, not just the VoIP traffic. Before selecting this option, you might want to consider the security implications of using these weaker ciphers to encrypt the UDP traffic.

The specific ciphers used to encrypt the UDP traffic include

RSA EXP 1024, RC4 56 Bit, MD5

RSA EXP 1024, RC4 56 Bit, SHA

Administration Guide

59

Page 68 Page 70
Page 69
Image 69
WatchGuard Technologies SSL VPN manual Improving Voice over IP Connections, To deny access to user groups without an ACL
Page 68 Page 70

SSL VPN specifications

WatchGuard Technologies offers a robust SSL VPN solution designed for secure remote access to corporate networks. As businesses increasingly rely on a remote workforce, the need for secure and reliable connectivity has never been more critical. WatchGuard's SSL VPN features advanced security technologies that ensure data integrity and confidentiality while enabling seamless access to applications and resources.

One of the standout features of WatchGuard's SSL VPN is its user-friendly interface. The solution is designed to simplify the user experience, enabling employees to connect to the VPN with minimal complexity. With a straightforward setup process, users can quickly establish secure connections from various devices, including laptops, smartphones, and tablets. This flexibility supports a diverse workforce, allowing employees to work from different locations without compromising security.

In addition to its ease of use, WatchGuard's SSL VPN is built on robust security technologies. It employs end-to-end encryption to safeguard data in transit, ensuring that only authorized users can access sensitive information. By utilizing SSL (Secure Sockets Layer) protocols, the VPN creates a secure tunnel between the user’s device and the corporate network, protecting against potential threats such as eavesdropping or man-in-the-middle attacks.

Moreover, WatchGuard Technologies includes multiple authentication options, adding another layer of security. The solution supports multi-factor authentication (MFA), requiring users to provide additional verification beyond just a password. This could involve mobile device verification or biometric authentication, significantly reducing the risk of unauthorized access.

Another key characteristic of WatchGuard’s SSL VPN is its integration with other WatchGuard security solutions. Businesses can benefit from a comprehensive security posture by leveraging firewalls and intrusion prevention systems along with the SSL VPN. This holistic approach ensures that remote connections are continually monitored and secured against evolving cyber threats.

Scalability is also a crucial aspect of WatchGuard's SSL VPN, accommodating growing organizations with changing needs. The solution can easily scale to support an increasing number of remote users without compromising performance. With robust performance metrics, businesses can ensure that even during peak usage times, the VPN remains responsive and reliable.

In summary, WatchGuard Technologies' SSL VPN solution combines ease of use, robust security, flexible authentication, and scalability. These features make it an ideal choice for organizations seeking to provide secure remote access to their employees while maintaining a strong defense against cyber threats. With WatchGuard, businesses can confidently navigate the challenges of a digital landscape, ensuring their network remains secure as they embrace remote work.
Top Page Image Contents