Versions Compared

Old Version 13

changes.mady.by.user An Nguyen

Saved on

compared with

New Version 14

changes.mady.by.user An Nguyen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

VSee services will attempt to navigate network architecture to the best of their ability. However, in order to guarantee the best results, please add the following port and firewall rules to your corporate firewall / router systems.

Please note that VSee is not able to provide fixed IP addresses for these servers and they may be switched without prior notification. However, these IP addresses are relatively stationary and any changes will be updated here if they occur.

All firewall rules are subject to change with at least 1 month of prior notice.

Table of Contents

Network Security Diagram

Image RemovedImage Added

Simplified Rules

If *.vsee.com can be whitelisted, please add this into your firewall rules with the following ports: 

Purpose

Protocol: Port

Detail Servers

VSee Directory, Relay, Call management, Diagnostics, etc.

Required for VSee Messenger authentication, address book services, establishing video calls, video packets relay, VSee Messenger chat communication.

Measure bandwidth for video quality adjustment

TCP: 80, 443, 3478, 5222
UDP: 1853, 3478, 6000, 6001, 6256, 10000, 49152 - 65535 (TURN allocated)

*.vsee.com

Call presence and reporting

Update VSee user’s status, e.g. Offline, Online, In a call, Busy, etc.

TCP: 443

*.pubnub.com

vsee-activeapi.firebaseio.com

Cloud recording service (Optional, depends on contract)

Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.

TCP: 443

s3.amazonaws.com

Detailed Rules (US Customers)

Please note the servers listed below are for calls within the United States only. 

If *.vsee.com cannot be whitelisted, the following subdomains and ports are required.

Purpose

Protocol: Port

Servers

IP Addresses

MESSENGER SERVICE

VSee Directory
Authentication and address book services for VSee Messenger and in-browser call and chat.

TCP: 5222, 443

talk.vsee.com

xmpp01.vsee.com
xmpp02.vsee.com
xmpp03.vsee.com
xmpp04.vsee.com

52.52.36.123
52.52.111.88
52.52.245.139
54.215.77.199

US TURN Servers
Servers that relay packets during video calls in case no direct peer-to-peer connection can be established.

UDP: 3478
TCP: 3478, 443
UDP: 49152 -- 65535
(TURN allocated)

cl-coturn.vsee.com

cl-coturn-use01.vsee.com
cl-coturn-use02.vsee.com
cl-coturn-use03.vsee.com
cl-coturn-use04.vsee.com
cl-coturn-use05.vsee.com
cl-coturn-use06.vsee.com
cl-coturn-use07.vsee.com
cl-coturn-use08.vsee.com
cl-coturn-usw01.vsee.com
cl-coturn-usw02.vsee.com
cl-coturn-usw03.vsee.com
cl-coturn-usw04.vsee.com
cl-coturn-usw05.vsee.com
cl-coturn-usw06.vsee.com
cl-coturn-usw07.vsee.com
cl-coturn-ohio01.vsee.com
cl-coturn-ohio02.vsee.com
cl-coturn-oregon01.vsee.com
cl-coturn-oregon02.vsee.com

34.195.60.220
3.91.120.247
18.204.252.34
34.198.123.188
3.94.156.192
44.198.130.26
3.216.83.102
18.213.46.117
52.52.31.136
13.52.175.91
52.9.63.102
54.177.39.6
54.151.95.19
54.215.118.248
52.9.100.25
3.15.110.201
3.14.225.49
34.210.252.42
44.231.34.161

Region Identification Service
Used to detect the VSee user’s region and to choose the optimal video bridge server for better call performance.

TCP: 443

region.vsee.com

54.255.19.27
3.211.169.195
54.177.209.83

Video Bridge
During a VSee video call, networking packets may pass through a video bridge server for best performance.

TCP: 443
UDP: 10000

jvb01-ncal.vsee.com
jvb02-ncal.vsee.com
jvb03-ncal.vsee.com
jvb04-ncal.vsee.com
jvb05-ncal.vsee.com
jvb06-ncal.vsee.com
jvb07-ncal.vsee.com
jvb08-ncal.vsee.com
jvb09-ncal.vsee.com
jvb10-ncal.vsee.com
jvb01-nvir.vsee.com
jvb02-nvir.vsee.com
jvb03-nvir.vsee.com
jvb04-nvir.vsee.com
jvb05-nvir.vsee.com
jvb06-nvir.vsee.com
jvb07-nvir.vsee.com
jvb08-nvir.vsee.com
jvb09-nvir.vsee.com
jvb10-nvir.vsee.com

54.151.67.234
54.177.202.54
54.215.26.79
54.219.55.241
184.169.198.132
54.177.84.55
54.67.10.243
54.176.204.219
184.72.28.249
50.18.195.100
35.174.23.28
34.237.10.5
34.232.244.246
18.214.46.241
18.214.51.10
54.242.133.141
54.147.165.97
34.236.235.124
54.204.161.153
174.129.121.60

Messenger update service

Automated check for new versions of VSee Messenger

TCP: 443

cloudfront.vsee.com

Profile management

Managing VSee user profile, changing password, etc.

TCP: 443

vsee.com

my.vsee.com

13.248.147.98
76.223.29.204

Messenger diagnostics

Diagnostic information gathered by VSee Messenger

TCP: 443

ironmq.vsee.com
rtc-stats-v3.vsee.com

13.248.147.98
76.223.29.204

CLINIC SERVICE

Clinic web and API cluster

Basic Clinic functionality

TCP: 443

*.vsee.me

99.83.175.218
75.2.83.122
15.197.200.74
3.33.250.220
15.197.231.104
3.33.211.220

Call presence and reporting

Update VSee users' presence status.

TCP: 443

*.pubnub.com

vsee-activeapi.firebaseio.com

presence.vsee.com
conferences.vsee.com

13.248.147.98
76.223.29.204

OPTIONAL FIREWALL RULES

MFA / SSO (Depends on contract)

Enables login with MFA or using an SSO identity provider.

TCP: 443

auth.vsee.com

See https://auth0.com/docs/secure/security-guidance/data-security/allowlist

Cloud recording (Depends on contract)

Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.

TCP: 443

s3.amazonaws.com

Connectivity Testing Service

A set of test tools to define if the VSee user’s network conditions are good enough for video calls, checking the reachability of critical VSee infrastructure.

TCP: 443

test.vsee.com

3.95.130.94

Detailed Rules (International Customers)

For international customers, please apply all rules in the US Customers section as well as the following:

Purpose

Protocol: Port

Detail Servers

International TURN servers

UDP: 3478
TCP: 3478, 443
UDP: 49152 - 65535
(TURN allocated)

cl-coturn.vsee.com

cl-coturn-me01.vsee.com
cl-coturn-sg01.vsee.com
cl-coturn-sg02.vsee.com
cl-coturn-euw01.vsee.com

15.185.164.222
18.138.7.255
18.138.205.235
108.128.27.231

Video Bridge
During a VSee video call, networking packets may pass through a video bridge server for best performance.

TCP: 443
UDP: 10000

jvb01-sg.vsee.com

54.151.243.67

Proxy Servers

Many organizations utilize proxy servers with their networks. However, as VSee network traffic is already encrypted, passing this traffic through a proxy server does not make it any more secure. On the other hand, proxy servers can introduce performance problems. Proxy servers can introduce latency and packet loss, which can degrade audio and video quality where real-time streams are essential. Thus, bypassing proxies for VSee traffic is recommended as routing through all traffic through a proxy server might impact connectivity and A/V performance.

If proxy servers can not be bypassed, VSee services can connect to the above hosts via a proxy server. We recommend the following for better performance with a proxy server: 

  • Proxy servers should allow persistent TCP connections.

  • Proxy servers should be configured to allow UDP traffic to the VSee TURN Servers at port 3478 and the Video Bridges at port 10000 to proceed directly.

Testing VSee Connectivity

VSee provides a suite of tools to help test that firewall rules are configured appropriately. Please note that only a subset of the requirements listed above are tested by these tools. It is important to ensure that the firewall rules listed above are followed, even if these tests pass. Failing to follow the firewall configuration requirements may cause issues such as intermittent bad call quality or dropped calls.

Test

URL

Basic VSee connectivity

https://test.vsee.com/connectivity

TURN connectivity

https://test.vsee.com/turn/

Video Bridge connectivity

https://test.vsee.com/jvb/

Other tools

https://test.vsee.com/network/index.html

https://clinic.vsee.me/test_computer

Outbound Connections

VSee services may occasionally need to connect with your systems for webhooks and callbacks, or to securely transfer patient / encounter data through SFTP, etc. Here are the lists of IP addresses that should be whitelisted.

Messenger Service

Expand
titleClick to see Messenger Service IPs
Code Block
13.52.171.113
52.9.150.124
184.72.21.195
184.72.47.83
54.241.101.173

Clinic Service

Expand
titleClick to see Clinic Service IPs
Code Block
13.52.7.6
54.153.119.24
18.144.69.7
52.53.171.200
54.176.88.134
18.144.8.250
52.53.190.38
54.177.38.2
54.215.4.54
54.193.243.179
184.72.50.250
13.56.70.155
13.56.202.120

Updates

Update on 21 Jun 2022:

  • Removed International Relays sg01-rel.vsee.com, euw01-rel.vsee.com

Update on 15 Jun 2022:

  • Removed US Relays use01-rel.vsee.com, use02-rel.vsee.com

This page is also available here https://vsee.com/firewall