Polycom 3725-76302-001LI , XMPP Signaling

Signaling Settings Local Cluster Configuration

Polycom, Inc. 73

Untrusted SIP Call Handling Configuration

You can configure special handling for SIP calls from devices outside the

corporate firewall that aren’t registered with the Polycom DMA system and

aren’t from a federated division or enterprise. These calls ome to the DMA

system via session border controllers (SBCs) such as a Polycom RealPresence

Access Director or Acme Packet Session Border Controller device.

For security purposes, you can route such “unauthorized” or “guest” calls to

one or more specific VMRs (virtual meeting rooms) or VEQs (virtual entry

queues), or to a specific SIP peer. You do so by creating a separate set of

“guest” dial rules used only for these untrusted calls. See “Dial Rules” on

page2 43.

Depending on the SBC and how it’s configured, such calls can be

distinguished in one of two ways:

•By port: The SBC routes untrusted calls to a specific port.

•By prefix: The SBC adds a specific prefix in the Request-URI of the first

INVITE message for the call.

The RealPresence Access Director SBC supports only the prefix method. The

Acme Packet Session Border Controller SBC can be configured for either.

In the SIP Settings section of the page, you can add one or more ports,

prefixes, or both for untrusted calls. For each entry, you can specify whether

authentication is required. Calls to an untrusted call prefix follow the

authentication setting for that prefix, not for the port on which they’re

received. For port entries, you can also specify the transport, and if TLS,

whether certificate validation is required (mTLS).

XMPP Signaling

If XMPP signaling is enabled, the Polycom DMA system’s Call Server operates

as an XMPP server, providing chat and presence services to the XMPP clients

that log into it.

Logins are accepted from any DMA user, local or Active Directory. Clients log

in by sending an XMPP login message to the virtual signaling address (IP or

FQDN) and XMPP port number of the DMA system, such as:

dma1.polycom.com:5223

Logged-in clients have presence and chat capability amongst themselves and

with clients logged into any federated XMPP service. Federation is automatic

and depends simply on DNS resolution of domains.

Note

If Skip certificate validation for encrypted signaling is turned off on the Security

Settings page, then Require certificate validation for TLS is turned on for both

authorized and unauthorized ports, and it can’t be turned off. See “Security

Settings” on page48.