Why a Session Border Controller is so important for SIP trunking with shoretel...
The Session Border Controller (SBC) is an important part of the VOIP implementation and is a must have for ShoreTel solutions. It enhances the connectivity and works as a security device. We have seen many examples with systems that didn’t use an SBC where PBXs have been compromised and used for illegal/unauthorized long-distance calls because of their exposure to the public internet or when features wouldn’t work as expected because of a specific carrier’s SIP configuration. Below we explain how an SBC device solves these issues.
ShoreTel has implemented most of the RFCs (Request for Comments) regarding SIP interoperability as published from the IETF (Internet Engineering Task Force); however, SIP is evolving and many real world scenarios have yet to be standardized. In order to support features such as Music-on-Hold, call transfer, call parking, redirecting to external numbers, etc. we use a Session Border Controller (SBC) as a bridge for the SIP signaling required by ShoreTel and those requirements of the carrier.
An SBC that can provide deep packet inspection and translation of ShoreTel SIP messages is usually necessary to support features beyond basic call setup and tear down. ShoreTel’s preferred SBC is the InGate SIParator. Shoretel has a list of certified SBC’s that they support for function with ShoreTel.
Enhanced customization options
The InGate SIParator has an enhanced feature set in the dial plan section. This can be used to increase call handling customizations that cannot be performed on the PBX. One example would be only allowing calls into the PBX from DIDs that are assigned by the carrier. Another example is where you strip the (+1) code from incoming calls before they were presented to the PBX. This customization could save you from recreating thousands of DID and DNIS entries if the carrier was unable to send the number of digits expected by the PBX. We can usually accommodate special configurations that may provide additional functionality or solve issues that would not be possible without the Ingate SIParator.
An InGate SBC is not only a session border controller it is a security device. The number one reason for security on your PBX is to prevent outside parties from gaining unauthorized access to your phone system and then using it to place expensive calls. An unsecured phone system using SIP trunks exposed to the internet may be repeatedly scanned and attacked to gain access to it. It is often only hours before fraudulent requests for international calls are received once a SIP device is placed on the internet. The InGate device is designed to be safely exposed to the internet where it will handle security functions.
At LANtelligence, we load Intrusion Detection rule sets on to our publicly exposed InGate devices and we can see the attacks and block the IPs based on rules we customize. Below you can see what the IDS rule pack looks like when installed, as well as some options on how to handle these attacks if encountered.
Our LANtelligence team of engineers is consistently in touch with InGate support team. Their responsiveness and extensive knowledge of SIP ensures that every issue is being quickly resolved even when the issue isn’t on InGate side.