Polycom 3725-76302-001LI manual Xmpp Signaling, Dma1.polycom.com5223

Untrusted SIP Call Handling Configuration

You can configure special handling for SIP calls from devices outside the corporate firewall that aren’t registered with the Polycom DMA system and aren’t from a federated division or enterprise. These calls ome to the DMA system via session border controllers (SBCs) such as a Polycom RealPresence Access Director or Acme Packet Session Border Controller device.

For security purposes, you can route such “unauthorized” or “guest” calls to one or more specific VMRs (virtual meeting rooms) or VEQs (virtual entry queues), or to a specific SIP peer. You do so by creating a separate set of “guest” dial rules used only for these untrusted calls. See “Dial Rules” on page 243.

Depending on the SBC and how it’s configured, such calls can be distinguished in one of two ways:

•By port: The SBC routes untrusted calls to a specific port.

•By prefix: The SBC adds a specific prefix in the Request-URI of the first INVITE message for the call.

The RealPresence Access Director SBC supports only the prefix method. The Acme Packet Session Border Controller SBC can be configured for either.

In the SIP Settings section of the page, you can add one or more ports, prefixes, or both for untrusted calls. For each entry, you can specify whether authentication is required. Calls to an untrusted call prefix follow the authentication setting for that prefix, not for the port on which they’re received. For port entries, you can also specify the transport, and if TLS, whether certificate validation is required (mTLS).

Note

If Skip certificate validation for encrypted signaling is turned off on the Security Settings page, then Require certificate validation for TLS is turned on for both authorized and unauthorized ports, and it can’t be turned off. See “Security Settings” on page 48.

XMPP Signaling

If XMPP signaling is enabled, the Polycom DMA system’s Call Server operates as an XMPP server, providing chat and presence services to the XMPP clients that log into it.

Logins are accepted from any DMA user, local or Active Directory. Clients log in by sending an XMPP login message to the virtual signaling address (IP or FQDN) and XMPP port number of the DMA system, such as:

dma1.polycom.com:5223

Logged-in clients have presence and chat capability amongst themselves and with clients logged into any federated XMPP service. Federation is automatic and depends simply on DNS resolution of domains.