| |
Once you have installed the ISL Conference Proxy, we warmly advise you to test the network configuration This will prevent any connection problems your ISL Light users might experience.
Testing the installation |
- Log into a machine that is outside your network and is connected to the Internet.
- Open a command line (Start -> Run -> cmd on Windows, terminal on Linux).
- Type in telnet 1.2.3.4 7615, replace 1.2.3.4 with the IP address of the ISL Conference Proxy server, and press enter several times. A message like HTTP/1.0 503 Request parse error should appear. If the message does not appear, it is highly possible that there is a problem with the firewall. For more information on this matter, please read the next paragraph - Configuring the firewall.
- Repeat the procedure given in the step 3 for telnet 1.2.3.4 443 and telnet 1.2.3.4 80.
- To achieve backward compatibility with ISL Light 2, you should also try telnet 1.2.3.4 7612. A message like OK should appear.
|
|
Configuring the firewall |
- ISL Conference Proxy requires several TCP ports to operate properly. We advise you to open at least the port 80, 443, 7612 and 7615 in your firewall.
- If a web server is already running on the port 80 and the port 443 and the ISL Conference Proxy sends you an error notification for the ports in question (80, 443), we advise you to do the following:
- If you do not need a web server, which is already running, please disable it. Some installations on Windows or Linux include a default web server. To disable the Microsoft IIS, please follow the instructions: Administrative tools -> Internet Information Services, select Default Web Site and click stop.
- If you are using a web server and do not want to disable it, the optimal solution is to:
- either assign to the server another IP address, which is visible on the internet. Then bind the web server to the first IP address and bind the ISL Conference Proxy to the second IP address. Please note: you might need to contact your ISP about the additional IP address.
- or install the ISL Conference Proxy on another server, which can be accessed from the internet.
- If you do not have the possible to acquire a free IP address, the ISL Conference Proxy can be configured to run only on the port 7615. However, you need to understand that only users, which are not behind restrictive firewalls, will be able to access the ISL Conference Proxy. Another alternative, which might work in some cases, is to configure the ISL Conference Proxy to run on other popular ports like 21 (FTP), 110 (POP3) or 143 (IMAP).
- If you need to change the ports in your firewall, which the ISL Conference Proxy will be listening on, log into the ISL Conference Proxy administration web services, select Configuration - General:
|
and edit the field HTTPT ports:
- After
saving the settings, you will need to restart
the ISL Conference Proxy. If you have disabled
the port 80
and 443, or changed the main transport port
(7615), you also need to create new
ISL Light packets with appropriate settings.
In case an inconsistency
has occured in the ISL Conference
Proxy
and the
ISL Light
port
configuration,
the system will send you a
warning notification the next time you will
be requesting a session code in the ISL Light Desk application.
Detailed description of the ports |
Configuring IP based access |
- The ISL Conference Proxy administration can be limited only to a certain IP. IP based access control can be configured in the Configuration - Security.
|
- IP
based access control
services can be currently configured only
to:
- the ISL Conference
Proxy administration web services (/conf)
- the xmlmsg: XML database manipulation interface (/xmlmsg)
- By default, access to the ISL Conference Proxy administration is limited to a local machine. If you want to access ISL Conference Proxy administration web services from another computer in the network, you will have to enter its IP address in the field Allowed IP addresses for administration.
- IP addresses for hosts must be in a form 1.2.3.4, whereas IP addresses to match subnets in a form 1.2.3.4/255.0.0.0. Matches can be separated by a space or a comma. The match "any" can be used to allow connections from any IP (corresponds to the match 0.0.0.0/0.0.0.0). Connections coming from a local machine (local or bind-ip interface) are always allowed.
- "Must use SSL" setting can be used to restrict the service to allow only connections encrypted with SSL.
- Linux specific: to change the trusted IP addresses for administration you can also run confproxyctl headless from command line. The confproxyctl is available for ISL Conference Proxy 3.0.1 and later.
|
Binding the ISL Conference Proxy to an IP |
- ISL Conference Proxy can be instructed to listen only on a specific IP address. Log into the ISL Conference Proxy administration web services, select Configuration - General and enter the field Bind IP for server X.
|
- After saving the settings, restart the ISL Conference Proxy.
- Linux specific: the bind IP setting can also be changed from command line by running confproxyctl bindip. The confproxyctl is available only for ISL Conference Proxy 3.0.1 and later.
|
|
|
