Differences between an e-SBC and a Firewall

IP communications sessions are made up of signaling information (data used to configure and control sessions) and media information (digitized voice and video). Signaling information and media information flow under the direction of different IP protocols and move on separate paths:

• The SIP protocol is used to establish and manage sessions. SIP servers (there are several types) are responsible for enabling sessions between two or more parties.

• Real Time Transport Protocol (RTP) is used to deliver the associated audio and video streams.

Unlike a firewall, an e-SBC maintains session status and controls and manipulates SIP signaling plus associated RTP media streams. For example, an e-SBC keeps channels open during a communications session, while a firewall will close and reopen a channel using different port numbers, which can bring down a session.

With the ability to maintain session state and manipulate RTP media streams as well as SIP signaling, the E-SBC can apply dynamic trust levels based on observed endpoint behavior. A SIP firewall is implemented as a SIP proxy server, which is responsible for transmitting and controlling SIP signaling information, but does not actively participate in the RTP media path (the audio and video streams).

An e-SBC, on the other hand, is implemented as a back-to-back user agent (B2BUA), which actively processes both signaling and media paths. A B2BUA ends a session with a SIP entity (who makes the call) and establishes a different session with another SIP entity (who receives the call). This allows an E-SBC to inspect and manipulate the content of the entire session to enforce security policies and efficiently manage business communications.