AnyFirewall Server | STUN TURN Server Software


STUN TURN Server Software for Guaranteed IP Connectivity and Standards Based NAT Traversal

“Most methods I have used in the past to make business video calls have shown sporadic quality, but not so with the PlayBook Video Chat solution.”
Source: ZDNet Mobile News – James Kendrick

Contact Eyeball Networks

NATs and firewalls break end-to-end connectivity for networked applications including voice, video conferencing, file sharing, and online gaming. AnyFirewall Server is a carrier-grade STUN server, providing NAT traversal support through any NAT, firewall, proxy, or UPnP.

AnyFirewall Server supports applications on any mobile or fixed device, and supports all NAT types including full cone, address-restricted cone, port restricted cone, and symmetric.

AnyFirewall Server delivers complete TURN server functionality, relaying media traffic in port-blocked Enterprise-level NAT traversal scenarios.

AnyFirewall Server can be deployed with AnyFirewall Engine (client-side ICE/STUN/TURN libraries) and AnyConnect Gateway for an end-to-end firewall and NAT traversal solution, or can be combined with third-party, standards-based products.

AnyFirewall Benefits

  • Guaranteed secure application-level connectivity on any network

  • No need to open ports or have customers configure routers

  • Secure TLS – and SRTP security

  • Highest P2P (Peer-to-Peer) connectivity – guaranteed – with rates up to 95%

  • Embedded in products used by 98% of the largest 100 companies worldwide

  • Used by some of the largest semiconductor, unified communication and consumer brands

  • Enable cross-device connectivity with libraries for iOS, Android, OS X, Windows desktop, Windows Mobile and Linux platforms.

  • Jabber connectivity across firewalls through the use of an embedded library, server

  • Build endpoint, gateway or bridge products

  • Design IETF, Microsoft Lync (TM), IBM Sametime(TM) or WebRTC applications

  • Focus your engineering resources on your application and trust Eyeball software to provide you guaranteed connectivity using AnyFirewall Engine

Product Applications


WebRTC Implementations


Remote Worker to Enterprise Connectivity


Remote Camera Security Monitoring

Platform Support

AnyFirewall Server, in conjunction with AnyFirewall Engine, supports NAT traversal connectivity for applications on major fixed and mobile device platforms, including Android, iOS, Linux, OS X, Windows, and Windows Phone.

AnyFirewall Server also supports applications running over many fixed and mobile networks, including cable, DSL, 3G, LTE, 4G, and WiFi.


Standards Support

  • Compliant with IETF, 3GPP, CableLabs, and WebRTC standards STUN, TURN, and ICE

  • TLS and SRTP security

  • Supports any application protocol including Jingle, RTP, SIP, XMPP, and more

  • Supports any data or media format including G.711, G.729, H.263, H.264, MPEG-4, and more

  • AnyFirewall Engine and Server are the reference STUN/TURN/ICE software for CableLabs PacketCable 2.0 certification


Standards Compliance

  • RFC 5245 – ICE

  • RFC 5389 – STUN

  • RFC 5766 – TURN

  • RFC 5768 – ICE – SIP

  • RFC 6336 – ICE – IANA Registry

  • RFC 6544 – ICE – TCP

  • RFC 5928 – TURN Resolution Mechanism

  • RFC 6062 – TURN Extensions for TCP Allocations

  • RFC 6156 – Extension for IPv6

  • MS-STUN – Microsoft STUN extensions

  • MS-TURN – Microsoft TURN extensions

  • MS-ICE – Microsoft ICE extensions

  • MS-ICE2 – Microsoft ICE2 extensions

Features & Performance

AnyFirewall Server supports several critical features and performance which are required for carrier grade service.
These features include:

  • Multiple domain support/ Multi-tenant support so a single AnyFirewall Server or cluster can be scaled to support many domains and tenants – safely and securely

  • NAT classification (required for customer support and service analysis) provide rich diagnostics – enabling user/customer troubleshooting processes

  • Other STUN server support (required for single NIC and some cloud service environments) provides the flexibility to augment server performance by segregating STUN and TURN services

  • STUN DNS (required to enable connectivity for endpoints behind HTTP proxy) simplifies server deployment and infrastructure configuration

  • Intelligent load-balancing for greater scalability forwards to other STUN/TURN server when loaded (required for quality of service)

  • Lawful interception provides facilities to meet law-enforcement interception request/orders

  • Bandwidth reservation and management exposes parameters and controls for selectively-optimizing server & data-center resources

Clustering and Geographic Load-Balancing

AnyFirewall™ Server can be geographically clustered and load balanced using DNS SRV as a load balancing mechanism. In order to add an AnyFirewall™ Server to the cluster, it is sufficient to add another server machine and allow clients to connect to the new server.

Programmability and Integration

  • Linux, Amazon EC2, GoGrid, Joyent, and Rackspace support

  • Web-based administration

  • Integration with ODBC and Diameter directory services

  • Programmable PHP APIs

  • Optional Eyeball Networks technical support and professional services


Eyeball AnyFirewall™ Server prevents unauthorized access to its resources by requiring a shared username/password mechanism between server and clients. Any allocation of resources on the AnyFirewall™ Server requires authentication.

The authentication mechanism is based on long-term credentials, as defined by STUN. Long term credentials (username and password) are stored in an ODBC-compliant database, or accessed via a third-party authentication service.


Eyeball Networks provides technology required to guarantee WebRTC connectivity. The WebRTC specification specifies the use of STUN, TURN and ICE to support NAT traversal requirements. Eyeball Networks AnyFirewall Technology is fundamental to IETF, XMPP and WebRTC specifications and standards. AnyFirewall technology is patented and standards based.

Capacities & Performance

Binding requests/responses per second 10000
Allocations per second UDP 3000
TCP 3000
Allocations concurrent UDP 60000
TCP 60000
Peak throughput (voice) UDP 800 Mbps
TCP 800 Mbps
Peak throughput (video) UDP 650 Mbps
TCP 650 Mbps
Concurrent calls (voice) UDP 6000
TCP 4500
Concurrent calls (video) UDP 1500
TCP 1500

Determine the allocations per second, allocations concurrent, peak throughput, concurrent calls, and binding requests/sec using the AnyFirewall Server Calculator:


Learn More About AnyFirewall Technology

Review the AnyFirewall Server Administration Guide

Field Proven

AnyFirewall Engine is the world’s most widely deployed NAT and firewall traversal toolkit, having been deployed to more than 20 million subscribers by licensees including Comcast, Digital Lifeboat, FujiFilm, Intel, Maxis, Nokia, Nokia Siemens Networks, Polycom, BlackBerry, Smartvue, and more.