Communication links for voice transmission have previously been predominantly circuit oriented. For this purpose a physical connection is provided for signal transmission between two communication end points and is reserved for the entire duration of the connection. This is also referred to as circuit-oriented transmission, static routing or through switching.
With the advent of packet-oriented data networks (packet switching) such as the Internet for example, reduced-cost communication compared to circuit switching is being provided in the fixed network area. The particular reason for this is the efficient capacity utilization of a connection, since, by contrast with circuit switching, packet switching does not occupy the physical transmission medium for the entire duration of the connection. The data to be transported is subdivided into individual data packets, with each data packet being given an address code identifying it to the recipient of the transmission. The individual data packets are them transmitted independently of each other—they can even use different transmission paths. The principle of packet switching is defined in various standards, the best known standard is described in ITU-T Recommendation X.25.
VoFR (Voice over Frame Relay) or VoIP (Voice over IP) are known for example as packet-oriented methods of transmission for voice. In these methods the data is digitized, undergoes source coding and preferably channel coding and is divided into data packets which are then transferred over the Internet. The data to be transmitted can be composed of the voice and/or video data and of information data and serve for example for transmission of video conferences over the Internet.
To allow transmission of voice and/or video data and information data within the framework of a multimedia conference over the Internet international standards have been created. These standards include the H.323 standard or the SIP standard which use protocols known from the Internet, such as UDP (User Data Protocol) and RTP (Real-Time Protocol).
Increasingly security facilities to protect against unauthorized access to communication devices are provided. These are devices which prevent or render more difficult unauthorized access to data and/or prevent computer viruses being received by filtering out data containing computer viruses. These security devices are also frequently known as firewalls. A firewall in such cases is set up at a point in the data network at which a protected internal network, for example an Intranet, connects to the Internet. All data arriving from the Internet or going out from the internal network pass through the firewall. This gives the firewall the opportunity of ensuring that this data traffic is reliable, i.e. that it accords with the security policy of the relevant site. A firewall thus corresponds to a checkpoint through which the entire incoming and outgoing data traffic must pass. The bundling of the security measures from this one checkpoint is significantly more efficient than spreading the security-Orelevant decisions and technologies across the organization and covering all weakpoints section by section.
The IP addresses needed for transmission of data will only be assigned dynamically by the relevant Internet Service Providers (ISP), which means that, before a connection is established over the Internet the IP address must first be exchanged. A firewall arranged between the data networks is however as a rule designed for the detection of static IP addresses.
For each connection the port numbers of the firewall must be newly defined, which can only apply for the duration of an individual connection. These dynamically determined port numbers give rise to problems in processing of data by the firewall device which as a rule is set up to detect statically defined port numbers. For reasons of security, operators and administrators of current firewall systems may not as a rule make any changes to the configuration to let such data pass through the firewall, since otherwise the risk of unauthorized access to the communication devices increases. This is why for example a multimedia conference using a VoIP connection with an intermediate firewall proves to be extremely problematical.
Conventionally existing firewalls are expanded by additional devices which recognize multimedia data and direct it through the firewall. However this requires an existing firewall system to be replaced by new one which has to be configured completely again and can also have new security gaps.