Page tree
Skip to end of metadata
Go to start of metadata


SBC Overview

Sangoma SBC acts as the interface between 2 SIP networks to:

    • Solve firewall and NAT issues
    • Normalize and fix SIP messaging
    • Register with SIP trunking provider
    • Hide Network Topology
    • Secure SIP and Voice (TLSSRTP)
    • Codec Conversion (Transcoding)


Real Time IP Communications are Complex

  • Sessions initiated from inside or outside firewalls – NAT
  • QOS is needed to provide voice quality over internet
  • Interoperability problem between vendors

Security and Fraud

  • State full session security
  • Media security and encryption
  • Session Limits: call per second, max calls per user
  • Intrusion detection and prevention

Standard Firewalls are not enough

  • Unlike firewalls SBC maintains session state
  • SBC opens pinholes for ports associated with session
  • Firewall will close and reopen different port numbers breaking the session.
  • SBC inspects, controls and manipulates all network layers: 2 to 7
  • Firewall only works on layer: 2 to 4 (IP/TCP)

Enterprise Security Threats

Denial of Services

  • Call/registration overlaod
  • Malformed messages (fuzzing)
    Configuration errors
  • Mis-configured devices
  • Operator and applicatoin errors

Theft of service / Fraud

  • Unauthorized users
  • Unauthorized media types


  • Smartphones running unauthorized apps
  • Viruses and Malware attacking your VoIP network

Firewall is not enough

Traditional firewalls cannot:

    • Prevent SIP-specific overload / SIP DOS
    • Open/Close RTP media ports in sync with SIP signaling
    • Track session state and provide uninterrupted service
    • Perform internetworking or security on encrypted sessions
    • Solve multi-vendor SIP interoperability
    • Topology Hiding

SBC do all of the above.
  • No labels