Skip to content
4 min read

What is a VoIP Firewall and How Does it Work?

businessman researching what is a voip firewall and how does it work

Today, it’s quite easy to find network weaknesses, especially if they are not protected. A firewall is a critical part of any network, and a network without a firewall is like a home without a fence. As a business, firewalls should be taken seriously, or you risk being susceptible to cyber attacks.

This article discusses what a VoIP Firewall is, how it works, and the best practices around its configuration.

What is a VoIP Firewall?

A VoIP Firewall is a security system for networks. It tracks the inflow and outflow of VoIP traffic to protect and control access to sensitive data.

VoIP systems are susceptible to cyber-attacks because they are connected to the internet. The firewall inspects the data packets getting into and out of the phone system and sifts through any malicious information that might pose a security threat to the network.

Why Use Firewalls for Your VoIP Network?

Here are some of the reasons you should use firewalls for your VoIP network:

Track Data Traffic

VoIP firewall tracks and checks the flow of VoIP traffic to protect access to sensitive data. The firewall inspects the data packets coming into and out of the VoIP phone system and sifts through any malicious information that might pose a security threat to the network.

Block Trojan Horses

VoIP firewall blocks Trojan horses. Trojan horses are malicious codes, software, or virus that disguise themselves as safe program but can take control of and damage your computer. This sometimes happens with remote phones or when sharing the network with other businesses.

Intercept Hackers

Hackers usually hide their identity when trying to spread viruses or intercept unencrypted data. VoIP firewall configuration blocks hackers from illegally accessing your network.

Minimize Keyloggers’ Risk

Another reason to use firewalls for your VoIP network is to prevent keyloggers, one of the SaaS security risks. A keylogger is a type of monitoring software that records keystrokes made by a user, which can help hackers log into your private online accounts. VoIP firewall configuration prevents this risk.

Block Spam Call/Messages

Spam in VoIP can be unsolicited sales calls, incessant annoying messages, etc. Spam often conceals malware & spyware and can carelessly be downloaded to softphones.

Detect Insider Attacks

Internal attacks often happen more than outsider attacks. The 2021 Insider Threat Report by Cybersecurity Insiders states that 98% of organizations feel vulnerable to insider attacks. Having a VoIP firewall helps efficiently combat this threat.

How VoIP Firewall Works

Communication over a network is in layers of the Open Systems Interconnection (OSI) model. There are seven layers of the OSI Model: the physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer.

VoIP Firewall monitors traffic by inspecting it at layers three and four – the network and transport layers. The network layer contains IP addresses, while the transport layer deals with end-to-end communications, such as TCP and UDP port numbers.

VoIP Firewalls leverage the IP addresses, TCP, and UDP port numbers to allow or disallow packets to go through a device. This is why they are on the network edge, between the ISP and the internal network, to inspect packets of incoming network traffic.

VoIP Firewall Configuration and Best Practices

Here are the best practices when configuring VoIP Firewall:

Do not use a first-generation firewall

The packet filter implementation of a first-generation firewall is not enough to allow VoIP to work while still providing a sufficient level of security. It cannot link different sessions of a voice conversation. Therefore, all used IP addresses and port pairs must be included in filtering rules to allow conversations.

For SIP, this is not an issue as only two ports are configured, but in RTP, thousands of ports are open. Consequently, these ports allow different types of traffic, which can work against the security benefits of the firewall.

Use a Stateful firewall at the very least

Stateful firewalls detect the association between sessions and allow communication over voice sessions associated with SIP sessions to pass based on specific filtering rules. However, there is a loophole. Packets sent by a malicious user can mask as SIP packets because they use the correct port number and will therefore be allowed through.

Use an application layer firewall whenever possible

An application-layer firewall scans, monitors, and controls network traffic and local system access to and from an application or service. An application-layer firewall is one level ahead of stateful firewalls in that it inspects each packet to determine if it is what it claims to be.

Install a session border controller (SBC)

An SBC facilitateS the communication of VoIP conversations and ensures a smooth deployment while maintaining the utmost level of VoIP security. Its other uses include NAT traversal, QoS, interoperability mediation, to name a few.

Disable SIP ALG

SIP Application Layer Gateway was intended to solve problems around the use of Network Address Translation (NAT). However, it is known to be unstable and, depending on how it is implemented, can cause more problems. Generally, this feature should be disabled on your firewall.

Use IPv6

IPv6 removes the NAT issues with firewalls. It provides an inherently secure protocol that authenticates and encrypts end-to-end conversations.

Some VoIP Problems Caused by Firewalls

Here are some common VoIP issues caused by firewalls:

Firewalls view sessions as discrete

One of the main problems firewalls cause in VoIP is viewing communication sessions of the same voice conversation as separate entities. This means some sessions may be allowed or not, which results in a partial or total loss of voice communications.

Multisite telephony deployments

Here, calls between branch sites are routed over the WAN and go through any locally installed firewall. This can result in issues affecting the Quality of Service, Bandwidth for voice and video, Availability, Dial plan, NAT, and Security.

Blocked ports

Some of the most common VoIP problems involving the blocked TCP and UDP ports are associated with firewalls. The point on the network where ports are most commonly blocked is at the network edge. Here, some mechanisms may already be employed, such as firewall rules, access lists, or network address translation (NAT) that may be responsible for the blocked ports.


Firewalls are an integral part of any network security strategy. Following these best practices helps you get your network and VoIP communications to the desired level of security.

When it comes to VoIP, the ULTATEL cloud phone system provides a reliable and top-notch cloud solution. We offer VoIP services with regular security testing and enterprise-level system availability.

Leave a reply