Glossary
SBC
A network device or virtual appliance that sits between SIP networks, providing security, NAT traversal, codec translation and call admission control.
also known as: Session Border Controller
A Session Border Controller (SBC) is a network device or virtual appliance that sits between two SIP networks - typically between your PBX and a SIP trunk provider, or between your PBX and Microsoft Teams for Direct Routing.
What SBCs do
Security - rate limit incoming SIP messages, block known-bad source IPs, enforce TLS encryption, prevent SIP-based attacks (registration flooding, fraudulent call attempts).
NAT traversal - SIP doesn’t naturally work through Network Address Translation. SBCs fix this so calls flow cleanly across firewalls.
Codec translation - if two endpoints don’t share a common codec, the SBC transcodes between them in real time.
Call admission control - limit concurrent calls per source to prevent runaway billing on compromised accounts.
Topology hiding - internal network details (server IPs, extension numbers) are masked from the outside SIP network.
Lawful intercept and compliance - SBCs can implement call-recording and lawful-intercept functions where required.
When you need an SBC
Always for Microsoft Teams Direct Routing. Microsoft requires an SBC between Teams and your third-party PBX. The SBC handles TLS termination, certificate management, and codec translation.
Recommended for high-availability or multi-trunk deployments. SBCs simplify managing multiple SIP providers with failover.
Useful for security-conscious environments. Adding SBC-level protection in front of a SIP trunk provides a useful security layer.
Often not needed for simple single-trunk SIP setups. Many 3CX deployments work fine without a dedicated SBC if the SIP trunk provider’s security and the PBX’s built-in protections are sufficient.
SBC options
- Hardware SBC - dedicated appliance from AudioCodes, Ribbon (Sonus), Oracle/Acme Packet. Common in enterprise.
- Virtual SBC - software running on a VM. AudioCodes Mediant CE, Ribbon EdgeMarc, Cisco CUBE virtual. Standard in modern cloud deployments.
- Managed SBC - your provider operates the SBC. Cloud Phone System Australia includes managed SBC in Direct Routing deployments.
See also
- [[sip]] - the protocol SBCs manage
- [[sip-trunking]] - SBCs commonly sit in front of SIP trunks
- Microsoft Teams Direct Routing - requires SBC
Microsoft Teams Direct Routing → | Switching from Teams Calling →
