The Intertex IX67 Internet Gate

1
The Intertex IX67 Internet Gate

• Firewall with 4 port Ethernet Switch
• High performance, VPN acceleration
• Unique SIP support, Proxy and Registrar
• Advanced QoS for voice upstream and downstream
• Model variants
• 1 2 FXS ports for analogue Telephones
• Opt. FXO port with SIP/PSTN GW
• Opt. 802.11a/b/g Wireless Lan
• Optional Firmware Upgrades
• PBX functionality (The SIP Switch)
• VPN Gateway

2
A Competent Router With User Friendly
Configuration
3
A Competent Firewall With User Friendly and
Advanced Configuration
Application Support If preconfigured profiles not
sufficient
Rule Edit For the very advanced
Port Redirection For your specific needs
4
And lots of goodies
5
Display and Keys Loved by Users and
Support Firewall Tightness Changed by Pressing a
Key
Only surf and e-mail allowed
All outbound traffic allowed
Editable
User Specified
Blocked
Bridged Firewall and NAT bypassed

• A long push on ALT CFG opens the IX66 for remote
  configuration via the web GUI (for support)

6
Display and Keys Loved by Users and
Support Monitoring Status
Front Panel
Receive speed
Transmit speed
Line quality (SNR)
Firewall security level
IP adress and mask
7
Display and Keys Loved by Users and Support and
much more

• Diagnostic test
• (without any connection to the box)
• Easily initiated by the keys
• Displays error code showing location of one or
  more errors

And more, like easy and clear factory reset, port
feedback when inserting cables, upgrade process
feedback etc. etc.
Internet
DSLAM
ISP
?
?
?
?
?
8
Support Can Configure Remotely and granny can
open the access

• Alt 1 Telephone support
• Ask Press ALT CFG button 2 seconds
• ? opens for remote web GUI access
• WAN IP address displayed on panel
• Surf into http//63.222.234.6766

63?222?234?67

• Alt 2 Set up Web access
• Select password (forced if default)
• Allow remote Web access
• Optionally limit to access only from specified IP
  addresses

• Alt 3 Set up Telnet access
• Select password (forced if default)
• Allow remote Telnet access
• Optionally limit to access only from specified IP
  addresses

9
www.igmanual.com
Context sensitive help On-line user manual
10
Online Upgrades For Extended Functionality

• Make your choice
• Select payment method
• Pay
• ? Upgrade enabled

• Fully automatic
• Email receipt
• Web user account management

11
Telephony Ports With Real SIP Functionality

• FXS ports are general SIP Clients
• FXO port is a local SIP/PSTN Gateway
• Accessible from WAN and LAN

12
IX67 with FXS Ports and PSTN fallback

• Each FXS-port a general SIP Client
• FXS port drives up to 5 PHONES
• Fallback (FXS to FXO) at power failure or WAN
  loss
• Talks to all SIP clients on WAN and LAN (and
  between each other, of course)

13
The FXS Port Use your analogue telephone for
VoIP

• A general SIP client
• Use analogue telephone (REN5)
• Dial/Pick up by Phone, GUI or front panel key
• URL Dialling from GUI

14
The FXO Port

• Local SIP/PSTN gateway in and out
• Emergency 112 calls
• Reliability by PSTN backup, local calls, incoming
  calls on old telephone line integrated (forward
  to FXS or any SIP phone)
• Answer your PSTN line from your SIP Client on a
  PC anywhere!
• Integrates well with operator service

15
The FXO Port is a SIP/PSTN Gateway

Some PBX functional-ity even without SIP Switch
More with SIP Switch
16
The really outstanding
SIP functionality
17
How do we connect?

Non Real Time OR Real Time
SERVER
Internet
PSTN
GSM
3G
18
We have a single new network
Internet
Operator Network
SOHO LAN
Enterprise LAN
Everyone has a connection
but it is seldom used for person-to-person
communication!
19
We are rapidly moving towards a single
protocol!
SIP Session Initiation Protocol

• An Internet Standard
• Used for real time person to person IP
  Communication
• VoIP, IP Telephony
• Audio, Video, Data Collaboration
• Presence, Instant Messaging
• Lots of activity, ongoing work and development
• Everyone is on the wagon
• MCI/Worldcom, Microsoft, Nortel, ATT, Alcatel,
  Siemens, Sprint

20
SIP opens many communication possibilities

21
The Next Step of Internet Usage!

22
So, why dont we just connect?
SIP is the Protocol for IP Communication Person
to Person, BUT IT DOES NOT REACH THE EDGE! SIP
does not traverse common NATs and Firewalls! And
they are still being installed
Everyone has a connection
23
What is the difference?
24
SIP Firewall Problems
Firewall Problems

• Sessions initiated from outside the firewall
• - OK, open port 5060, but
• Media streams on dynamically allocated port
  numbers
• - Ooops ? !

Even with public IP addresses inside
25
SIP NAT/PAT Problems
NAT PAT Problems

• Where is the device?
• - Registration/location function
• Private IP addresses and ports in SIP messages
• - Rewrite with globally routable addresses
• IP address and port of media stream has to be
  modified
• - NAT engine has to be dynamically controlled

Worse with private IP addresses inside
26
The VoIP islands are far from ideal

PSTN
No connectivity between the IP clouds! And still
only low quality voice
27
A Future of Live All IP Connectivity
Global IP Connectivity
VoIP
All SIP Services
SIP capable firewalls make the difference!
28
Suggested Solutions

• Dynamically controlled Firewall/NATs
• Midcom By Firewall Control Proxy Standard
  work failed
• UPnP By the client (Windows) insecure only
  special clients
• SIP aware Firewall/NATs (SIP Proxy Registrar)
• General, handles complex scenarios, PBX
  functionality
• Intertex (SOHO), Ingate (enterprise),
• SIP aware Firewall/NATs (SIP ALG non Proxy)
• Difficult to handle more than simple
  scenarios,TLS not possible
• STUN ? TURN ? ICE Can cope with certain types
  existing NATs
• Complexity has grown in effort to make reliable
  and handle more NATs. Needs to be implemented in
  the SIP clients and servers on the net. Relies on
  clients to open firewall!
• Tunnelling - Brings certain SIP-clients to an
  operator or a corporate LAN
• Requires ALG for each client on LAN with own
  address space
• IPSec, Proprietary

29
Real and Complex Scenarios

Sooner or later The NAT/Firewall problem needs
to be solved where it occurs!

• Complications
• Tight firewalls?
• Call transfer?
• SIP server on the LAN?
• Trusted connections, TLS?

30
SIP Enabling the Private Networks
Office or home LAN
Firewall/NAT SIP transparency!
Firewall/NAT problems!
IAP
31
Much More Than a Firewall

• To get general SIP traversal

• In the Ingate and Intertex products
• You got a SIP server!
• Use it just for firewall traversal
• AND/OR as your
• SIP Server
• Outbound proxy
• Inbound proxy
• PBX (The SIP Swich)

What have you got?
32
The IX67 SIP Server Functions

• Firewall SIP traversal requires NO setup!

• Your own SIP server ready to go!

33
Just Another Internet Service
Internet
34
The SIP Switch A Software Add-on
Check the Separate SIP Switch Presentation!

• Combines the best of POTS, VoIP and IP
  Communication
• Real global IP connectivity (not restricted to
  interworking via the PSTN)
• Much more more than just replication of POTS
• Add PBX functionality locally, still using
  operator services