Polycom is not the only organization to realize that firewalls break video collaboration. As described in Part 1 firewalls break video conferencing calls because they intentionally hide the inside part of the network. Part 2 described how Polycom's Real Presence Access Director solves this problem and Part 3 described how Polycom's Video Border Proxies solved this problem.
However, many organizations, especially larger enterprises, government agencies, and educational organizations already have a solution for firewall traversal for video (and voice) communication. One of the leading solutions in this space is Acme Packet (which was acquired by Oracle in February 2013).
Polycom has specifically tested with Acme Packet, have created a deployment guide for Acme Packet, and support Acme Packet. If you use a different SBC it is generally possible to configure it to work with video systems. Contact the SBC vendor for support and design direction.
With Acme Packet, There are two different deployment models: Parallel to the Firewall or Inside the DMZ.
Parallel to the firewall (above) is the preferred architecture, it is simpler to deploy, simpler to maintain, and equally as secure. In some organizations, the security requirement is to put the SBC in the DMZ. Inside the DMZ (below) can leverage the security from the corporate firewall, but will also put additional load on this firewall because all media and SIP signaling will go through it and this also increases latency. Contact Acme Packet, or your SBC vendor to fully weigh the benefits and costs for each solution.
In either of the above architectures, you can support the main SBC use cases:
Connect remote (authenticated) users to the enterprise
Connect guest users to the enterprise (unauthenticated)
Connect remote, trusted division or connect two different enterprises.
Installing a SBC typically requires coordination between multiple groups within an IT team including the DNS administrators, security certificate administrators, and firewall teams. Not coordinating before these groups before attempting an installation often leads to preventable implementation delays.
With this background, we can finally get to part 5, choosing the correct firewall traversal solution.