We're after a solution to effectively protect asterisk servers (multiple) within a private LAN from the internet using an effective SBC. The solution would need to be able to be set up on a vmware virtual machine running Ubuntu and OpenSBC or similar can be used, with detailed documentation.
The SBC should provide as minimum the following:
- Effective topology hiding of internal asterisk/voip network
- Multiple NICs as needed
- Ability to provide HA fail over to another machine running the SBC
- NAT traversal for devices behind far end residential or office firewalls (ie no remote firewall configuration required)
- Effective defense against denial attacks and spoofing
- Provide an effective SBC (as if the device was not in place) so that functions such as call control, transfers, BLF, MWI, presence/status are completely unchanged.
- Configurable firewall on the SBC (white / black lists etc) with Fail2Ban integration
- Logging of attacks, or suspicious activity including file changes. Email to admin email if this happens.
- Documentation to provide installation and configuration setup so that the solution will work with our asterisk farm.
- Documentation for setup of the SBC to connect with our existing asterisk servers, ie example ip addressing, gateway ip's, domains etc
- Delivery as a vmware image/appliance (or SSH into an existing Ubuntu server)
Any questions, please feel free to ask.
Thanks for your interest.