Signature-based Firewalls: Stop Unwanted Peer-to-Peer Traffic

Stateful firewalls are able to track applications, providing per-user policies to allow, deny, throttle, or apply quality of service to each application. The Meru Networks firewall uses deep packet inspection to classify applications, and apply the appropriate policies. It is integrated with the advanced wireless quality-of-service features of Meru access points to protect voice calls and provide the necessary quality, especially when mixed with intensive video and data traffic.

But the rise of encrypted peer-to-peer applications such as Skype means that a stateful firewall is no longer enough. Meru Networks offers a signature-based firewall that can go further than deep packet inspection by detecting and applying policies based on behavior. These policies can be enforced across all kinds of applications, applying even to encrypted traffic.

The signature-based firewall is particularly useful to enterprises that face strict regulatory compliance requirements, such as external communication monitoring and recording. These can block unauthorized peer-to-peer voice calls while enabling and prioritizing SIP-based calls to authorized voice services.

Organizations that have strict end-to-end VPN requirements can also use the signature-based firewall to provide wireless quality of service directly to encrypted voice traffic.

In all cases, signature-based rules act as first-class citizens within the Meru firewall, able to enforce the same policies with the same priority as rules using direct-match and deep-inspection.