The Internet has become a mainstream network for communicating not just data, such as email and pictures, but also for providing real-time bi-directional voice communications. Voice over Internet Protocol (VoIP) is an industry standard that has evolved to enable users to place phone calls through the Internet, instead of through the Public Switched Telephone Network (PSTN). A conventional phone may now be connected to the Internet using an interface device that converts analog phone signals to digital signals that can be communicated through the Internet. A phone call may thereby be communicated through the Internet to a VoIP provider, who converts the call back to an analog signal and places the call through a PSTN that is local to the called phone. A user can thereby dial a telephone number in a conventional manner and have the call routed through the Internet, instead of through a PSTN.
Unfortunately, a VoIP architecture has an inherent vulnerability of being directly connected to the Internet. Current VoIP architectures and firewall configurations may not provide a sufficient level of security. For example, conventional VoIP architectures may lack discretely defined control and data zones, where a zone is a group of devices that share a similar function or required level of protection. Ingress/egress to other zones may be regulated/monitored by a network security device, such as a firewall. Conventional VoIP architectures may also lack a clearly defined set of rules for governing interaction between zones to ensure a secure exchange of control and data messages. In addition, conventional VoIP architectures may not consistently adhere to VoIP control logic standards when implementing VoIP protocols relating to control, setup, and data exchange between discrete VoIP elements, e.g., softswitch, media gateways, proxies, etc. Accordingly, there exists a need for improved network architectures that may provide improved security.