Firewall, network address translation (NAT), and network address port translation (NAPT) devices, such as those used in enterprise and home networks, are generally based on a data security model that blocks requests from external sources. More specifically, data requests received from the network protected by the device (e.g., from the private side of the device) are generally serviced, but requests external to the protected network (e.g., from the public side of the device) are blocked. As valid data requests are assumed to be initiated from within the protected network and contain readily available address information, this is not a problem.
Accordingly, these devices create a barrier to certain types of requests and messages, including externally initiated requests and messages having buried address information, such as those used by some peer-to-peer communication and media applications (e.g., Voice over Internet Protocol (VoIP)). Firewall and NAT/NAPT devices may not only block VoIP connections and similar services, but may also deny service providers the ability to distribute VoIP end-to-end and prevent service providers from monitoring, upgrading, or reconfiguring equipment (e.g., IP telephones) that is positioned on the private side of such devices.
Accordingly, what is needed are an apparatus and method for addressing such issues.