SCCP-Based VoIP

In This Section: Introduction to SCCP Security and Connectivity SCCP-Specific Services SCCP Supported Deployments Important Information about Creating SCCP Security Rules

Introduction to SCCP Security and Connectivity

SCCP (Skinny Client Control Protocol) controls telephony gateways from external call control devices called Call Agents (also known as Media Gateway Controllers).

Connectivity and network level security for SCCP-based VoIP communication is supported. All SCCP traffic is inspected and legitimate traffic is allowed. Attacks are blocked. Other firewall gateway capabilities are supported, such as anti- spoofing and protection against denial of service attacks.

The validity of SCCP message states is verified for all SCCP messages. For a number of key messages, the existence and validity of the message parameters are also verified.

SCCP-Specific Services

These preconfigured SCCP services are available:

Service	Port	Protocol Type
SCCP	2000	SCCP_TCP	Used for SCCP over TCP.
high_udp_for_secure_SCCP	N/A	N/A	Secure SCCP - Media to or from, on IP Protocol 17, ports above 1024. Note - Supported only on Security Management Servers and Security Gateways that run R75.40 and above.

SCCP Supported Deployments

NAT on SCCP devices is not supported.

The Security Gateway supports SCCP deployments listed in the table.

Supported SCCP Topology	Description
Call Manager in the Internal Network	The IP phones use the services of a Call Manager in an internal network.
Call Manager in the External Network	The IP phones use the services of a Call Manager on the external side of the gateway. This topology enables the use of the services of a Call Manager that is maintained by another organization.
Call Manager in the DMZ	The same Call Manager controls both endpoint domains. This topology makes it possible to provide Call Manager services to other organizations.