Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Access 3.0
  3. BlackBerry Access Administration Guide
  4. Managing BlackBerry Access
  5. Configure access to WebRTC-based destinations

Configure access to WebRTC-based destinations

You can configure 
BlackBerry Access for macOS
  and 
BlackBerry Access for Windows
 to allow communication using WebRTC protocol-based web clients such as 
Citrix
 VDI browser-based access.
BlackBerry Access blocks the camera and microphone. Any WebRTC clients trying to use the camera or microphone on 
Windows
 or 
macOS
 is not supported.
WebRTC traffic can often have high bandwidth demands. For this reason, 
BlackBerry
 recommends routing this traffic directly. 
Route WebRTC traffic directly
If the WebRTC destination is accessible directly over the internet, use the following routing configuration:
  • On the 
    Security
     tab of the 
    BlackBerry Access
     app configuration policy, clear the 
    Enforce Strict Tunnel
     checkbox to disable strict tunnel.
  • Configure the 
    BlackBerry Dynamics
     Connectivity profile to route traffic directly to the WebRTC destination, as follows:
    • For 
      BlackBerry UEM
       version 12.11 and later: Add the WebRTC destination URL to the 
      Additional servers
       section and specify 
      Direct connectivity
      . This allows the connection to route directly even if the default route is set to use a 
      BlackBerry Proxy
       cluster.
    • For 
      BlackBerry UEM
       version 12.10 and earlier and 
      Good Control
      : Disable 
      Route All
      .  Ensure that existing internal domains or servers are configured to route through 
      BlackBerry Proxy
       clusters. Do not add the WebRTC destination to the 
      BlackBerry Dynamics
       Connectivity profile. This will allow the connection to route directly.
  • This configuration supports both TCP- and UDP-based WebRTC connections.
    The 
    BlackBerry Dynamics
     Connectivity profile and strict tunnel configuration have no effect on UDP connections. UDP connections route directly to the WebRTC destination through the local internet connection.
Route WebRTC traffic through BlackBerry Proxy
If the WebRTC destination is not directly accessible over the internet, or the traffic is required to route through a 
BlackBerry Proxy
 cluster, take the following items into consideration:
  • To route WebRTC traffic through 
    BlackBerry Proxy
     clusters, the 
    BlackBerry Proxy
     clusters must be configured to use Direct Connect. For more information, see the Direct Connect content.
    If you do not configure the 
    BlackBerry Proxy
     clusters with Direct Connect, the WebRTC destination does not load. For more information, visit support.blackberry.com/community to read article 62766.
  • Ensure that enough 
    BlackBerry Proxy
     servers are installed to handle the load generated by the WebRTC traffic.
  • This configuration supports only TCP-based WebRTC connections. 
    BlackBerry Proxy
     servers support only TCP protocol. UDP-based WebRTC connections do not work if the traffic is routed through 
    BlackBerry Proxy