Configure HTTP Tunnel Settings

An HTTP tunnel proxy enables SIP guest users to attend web-based video conferences hosted by the Polycom RealPresence Web Suite. Some restrictive networks block outgoing UDP-based traffic and can limit outgoing TCP traffic to ports 80 and 443. In these situations, if a SIP guest client cannot establish a native SIP/RTP connection to a RealPresence Web Suite video conference, the RealPresence DMA system can act as a web proxy to tunnel the SIP guest call on port 80, 443, or on a port in the 9950-9999 range. Once the SIP client is connected to a meeting, the RealPresence DMA system continues to tunnel TCP traffic, including SIP signaling, media, and Binary Floor Control Protocol (BFCP) content.

The RealPresence Web Suite client uses auto-discovery to ensure that a SIP guest call is routed through the HTTP tunnel proxy when necessary. When a RealPresence Web Suite SIP guest user attempts to join a meeting, auto-discovery determines if standard SIP and media ports are reachable for the call. If not, the call is routed through the HTTP tunnel proxy.

An HTTP tunnel proxy and an HTTPS proxy can both use port 443 on the same external access proxy IP address. If you configure a port other than 443 as the external listening port for HTTP tunnel proxy calls, these calls may fail if the SIP guest client’s network blocks outgoing traffic to other ports.

The following conditions apply to the HTTP tunnel proxy:

  • Only one HTTP tunnel proxy can be configured.
  • The HTTP tunnel proxy does not support SVC video conferencing.
  • Use of an HTTP tunnel proxy is not supported with two RealPresence DMA systems deployed in a VPN tunnel configuration.
  • Before you configure an HTTP tunnel proxy, complete the following steps:
    • Assign public access proxy IP addresses in network settings.
    • Add an HTTPS proxy and configure the RealPresence Web Suite Experience Portal as a next hop.

Procedure

  1. Go to Service Config > Access Proxy Settings.
  2. Click Add HTTP Tunnel Proxy.
    http tunnel proxy
  3. In the Add HTTP Tunnel Proxy Settings window, complete the fields according to the following table:
    Field Description
    Name The unique name of this HTTP Tunnel proxy.
    Public IP address The public IP address of the RealPresence DMA system network interface that receives access proxy traffic (specified when you configure network settings).
    Public listening port

    The public port at which the RealPresence DMA system listens for HTTPS proxy traffic.

    • Default HTTP port: 443 or 80
    • Port range: 9950–9999
    Note: redirects inbound access proxy traffic on ports 443 and 389 to ports from the configured Access Proxy Dynamic Port Ranges on the access proxy public interface. The CentOS operating system does not allow processes without root ownership to listen on ports <1024. Redirecting access proxy traffic on ports <1024 to the dynamic ports enables the access proxy process to function correctly. The RealPresence DMA system automatically.
  4. Click OK to save the HTTP tunnel proxy.