DracoFelis
Premium
join:2003-06-15
2 edits | reply to richie111
Re: nyc thinking of voip need help
said by richie111  :
spi stateful packet inspection IS the firewall. you not believing me doesn't make me less correct.
Actually you are both partially correct. A NAT router will provide some real "firewall features" (such as blocking most unsolicited inbound connections) even with SPI turned off. This is a side effect of how NAT works.
OTOH for the more "advanced" firewall features, you really do need SPI on. So by turning off SPI, the person really hasn't totally removed their firewall, however they have limited its ability to check the packets. In a sense, they have turned their firewall into a more limited (less protecting) type of firewall, by turning off SPI. However, they have not totally removed all firewall protections.
BTW: I'm able to use my P8 phone, without trouble, on my SMC router with SPI on. However, I did tweak some settings from their default (such as increasing the UDP session timeout to over a minute). I suspect similar tweaks may allow other SPI routers (such as the Netgear the other poster was using) to co-exist with VoIP. In other words, I don't think it's SPI itself that is breaking these VoIP services, it is the default SPI settings that cause these VoIP services to (incorrectly) be detected by the firewall as traffic to block.... |
