RolteC
0h
join:2001-05-20
Fresh Meadows, NY
| reply to andranic
Re: nyc thinking of voip need help
Not really, just cause SPI isnt on doesnt mean the firewall is off. Ive had everything off before and ran multiple tests and nothing got through (except for the few ports I had forwarded)
So hmm yeah, theres 1 thing still there, leave SPI on, and dont have your phone, or take it off and have your phone, your choice there..... The factors of intruders is something else which may have to be accounted for at times. |
|
richie111
join:2001-07-24
Far Rockaway, NY
clubs: | spi stateful packet inspection IS the firewall. you not believing me doesn't make me less correct. |
|
DracoFelis
Premium
join:2003-06-15
2 edits | said by richie111  :
spi stateful packet inspection IS the firewall. you not believing me doesn't make me less correct.
Actually you are both partially correct. A NAT router will provide some real "firewall features" (such as blocking most unsolicited inbound connections) even with SPI turned off. This is a side effect of how NAT works.
OTOH for the more "advanced" firewall features, you really do need SPI on. So by turning off SPI, the person really hasn't totally removed their firewall, however they have limited its ability to check the packets. In a sense, they have turned their firewall into a more limited (less protecting) type of firewall, by turning off SPI. However, they have not totally removed all firewall protections.
BTW: I'm able to use my P8 phone, without trouble, on my SMC router with SPI on. However, I did tweak some settings from their default (such as increasing the UDP session timeout to over a minute). I suspect similar tweaks may allow other SPI routers (such as the Netgear the other poster was using) to co-exist with VoIP. In other words, I don't think it's SPI itself that is breaking these VoIP services, it is the default SPI settings that cause these VoIP services to (incorrectly) be detected by the firewall as traffic to block.... |
|
