Local Cluster Configuration
Polycom, Inc. 82
d Leave the default port numbers (5060 for TCP/UDP, 5061 for TLS) unless you have a good reason
for changing them.
e To turn on SIP digest authentication for either the unencrypted or TLS port, select the
corresponding Enable authentication check box.
Device authentication credentials must be added on the Inbound Authentication tab of the
Device Authentication page. Click the Device authentication settings link to go directly there.
f To enable mutual TLS, select Require mutual authentication (validation of client certificates).
4 To enable the system to receive untrusted calls (see Untrusted SIP Call Handling Configuration)
from SIP session border controllers (SBCs) configured to route such calls to special ports, do the
following:
a Under Unauthorized ports, click Add.
The Add Guest Port dialog opens.
b Specify the port number, the transport, whether authentication is required, and for TLS, whether
certificate validation is required (mutual TLS). Click OK.
The new entry is added to the Unauthorized ports list.
c Repeat for each additional port on which to receive “unauthorized” or “guest” calls.
5 To enable the system to receive untrusted calls (see Untrusted SIP Call Handling Configuration)
from SIP session border controllers (SBCs) configured to add a specific prefix in the Request-URI of
the INVITE message for such calls, do the following:
a Under Unauthorized prefixes, click Add.
The Add Guest Prefix dialog opens.
b Specify the prefix number, whether it should be stripped, and whether authentication is required.
Click OK.
The new entry is added to the Unauthorized prefixes list.
c Repeat for each additional prefix used for “unauthorized” or “guest” calls.
6 Click Update.
A dialog informs you that the configuration has been updated.
7 Click OK.
The system processes the configuration. The Status field shows the current H.323 signaling state.
8 If you enabled the system to receive “unauthorized” or “guest” calls, do the following:
a Go to Admin > Call Server > Dial Rules and click in the Dial rules for unauthorized calls list
to give it focus.
b
Add one or more dial rules to be used for routing “unauthorized” or “guest” calls. See Dial Rules.
An unauthorized call rule can route calls to a conference room ID (virtual meeting room, or VMR),
a virtual entry queue (VEQ), or a SIP peer.
Note: Understanding SIP communications
The system only answers UDP calls if that transport is enabled. But for communications back to the
endpoint, it uses the transport protocol that the endpoint requested (provided that the transport is
enabled, and for TCP, that unencrypted connections are permitted).
For more information about this and other aspects of SIP, see RFC 3261.