SCCP-Based VoIP
Introduction to SCCP Security and Connectivity
SCCP (Skinny Client Control Protocol) controls telephony gateways from external call control devices called Call Agents (also known as Media Gateway Controllers).
Connectivity and network level security for SCCP-based VoIP communication is supported. All SCCP traffic is inspected and legitimate traffic is allowed. Attacks are blocked. Other Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. capabilities are supported, such as Anti-Spoofing and protection against denial of service attacks.
The validity of SCCP message states is verified for all SCCP messages. For a number of key messages, the existence and validity of the message parameters are also verified.
SCCP-Specific Services
These preconfigured SCCP services are available:
Service |
Port |
Protocol Type |
|
---|---|---|---|
|
2000 |
|
Used for SCCP over TCP. |
|
N/A |
N/A |
Secure SCCP - Media to or from, on IP Protocol 17, ports above 1024. Note - Supported only on Security Management Servers and Security Gateways that run R75.40 and above. |
SCCP Supported Deployments
NAT on SCCP devices is not supported.
The Security Gateway supports SCCP deployments listed in the table.
Supported SCCP Topology |
Description |
---|---|
Call Manager in the Internal Network Computers and resources protected by the Firewall and accessed by authenticated users. |
The IP phones use the services of a Call Manager in an internal network. |
Call Manager in the External Network |
The IP phones use the services of a Call Manager on the external side of the Security Gateway. This topology enables the use of the services of a Call Manager that is maintained by another organization. |
Call Manager in the DMZ |
The same Call Manager controls both endpoint domains. This topology makes it possible to provide Call Manager services to other organizations. |