Versions Compared

Old Version 1

changes.mady.by.user An Nguyen

Saved on

compared with

New Version Current

changes.mady.by.user An Nguyen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

VSee

...

services will attempt to navigate network architecture to

...

the best of their ability. However, in order to guarantee the best results, please add the following port and firewall rules to your corporate firewall / router systems.

Please note that VSee is

...

not able to provide

...

fixed IP addresses for these servers

...

and they may be switched without prior notification. However,

...

these IP addresses are relatively stationary and any changes will be updated here if they occur.

All firewall rules are subject to change with at least 1 month of prior notice.

Table of Contents

Network Security Diagram

Image Added

Simplified Rules

If *.vsee.com can be whitelisted, please add

...

this into your firewall rules with the following ports:

...

 

Purpose

Protocol: Port

Detail Servers

VSee Directory, Relay, Call management, Diagnostics, etc

...

Call presence and reporting

...

.

Required for VSee Messenger authentication, address book services, establishing video calls, video packets relay, VSee Messenger chat communication.

Measure bandwidth for video quality adjustment

TCP: 80, 443, 3478, 5222
UDP: 1853, 3478, 6000, 6001, 6256, 10000, 49152 - 65535 (TURN allocated)

*.vsee.com

...

Network route for peer-to-peer UDP (Optional)
For optimal performance: Allowing for VSee endpoints to directly communicate with each other. This will improve A/V performance and reduce load on firewalls and web proxies.

...

UDP

...

any host

Call presence and reporting

Update VSee user’s status, e.g. Offline, Online, In a call, Busy, etc.

TCP: 443

*.pubnub.com

vsee-activeapi.firebaseio.com

Cloud recording service

...

HTTPS -- TLS: 443

...

s3.amazonaws.com

...

Measure bandwidth for video quality adjustment

...

HTTP(S): 80, 443

...

http://bw.vsee.com

Network Security Diagram

...

(Optional, depends on contract)

Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.

TCP: 443

s3.amazonaws.com

Detailed Rules (US Customers)

Please note the servers listed below are for calls within the United States only. 

If *.vsee.com cannot be whitelisted, the following subdomains and ports are required.

...

 

Purpose

Protocol: Port

...

Servers

IP Addresses

MESSENGER SERVICE

VSee Directory

...

Authentication and address book services for VSee Messenger and in-browser call and chat.

TCP

...

: 5222

...

, 443

talk.vsee.com

xmpp01.vsee.com

...


xmpp02.vsee.com

...


xmpp03.vsee.com

...


xmpp04.vsee.com

...

Call management

...

HTTPS -- TLS 1.2: 443

...

  • api.vsee.com -- 13.52.171.113, 52.9.150.124, 184.72.21.195

  • client.vsee.com -- 13.52.171.113, 52.9.150.124, 184.72.21.195

...

Chat file transfer

...

HTTPS -- TLS 1.2: 443

...

  • assets.vsee.com -- 13.52.171.113, 52.9.150.124, 184.72.21.195

...

Call presence and reporting

...

HTTPS: 443

...

  • *.pubnub.com

  • vsee-activeapi.firebaseio.com

...

Messenger diagnostics

...

HTTPS -- TLS 1.2: 443

...

  • ironmq.vsee.com -- 13.52.171.113, 52.9.150.124, 184.72.21.195

...

Messenger update service

...

HTTPS -- TLS 1.2: 443

...

  • cloudfront.vsee.com

...

Cloud recording (optional depends on contract)

...

HTTPS -- TLS: 443

...

  • s3.amazonaws.com

...

Bandwidth Test
Measure bandwidth for video quality adjustment

...

HTTP: 80
HTTPS: 443

...

  • http://bw.vsee.com

...

Profile management (optional)

...

HTTPS -- TLS 1.2: 443

...

  • http://vsee.com

  • http://my.vsee.com -- 13.52.171.113, 52.9.150.124, 184.72.21.195

...

Network route for peer-to-peer UDP (recommended)
For optimal performance: Allowing for VSee endpoints to directly communicate with each other. This will improve A/V performance and reduce load on firewalls and web proxies. VSee Messenger will attempt to bind local UDP port 6000-6255 but router might allocate other public port.

...

Inbound and outbound for UDP on any port

...

  • Any hosts

...

Discover network route for peer-to-peer UDP (optional)

...

UDP (STUN): 3478, 6000, 6001, 6256

...

  • http://stun01.vsee.com -- 50.18.91.143

  • stun02.vsee.com -- 52.52.56.79

  • http://stun-map01.vsee.com -- 50.18.91.143

  • stun-map02.vsee.com -- 52.52.56.79

  • http://net.vsee.com

    • http://net-1.vsee.com -- 50.18.91.143

    • net-2.vsee.com -- 52.52.56.79

...

US TURN Servers **
Relay packets in case no peer-to-peer connection can be established.

...

UDP: 3478
TCP: 3478
TLS: 443
UDP: 49152 -- 65535
(TURN allocated)

...

52.52.36.123
52.52.111.88
52.52.245.139
54.215.77.199

US TURN Servers
Servers that relay packets during video calls in case no direct peer-to-peer connection can be established.

UDP: 3478
TCP: 3478, 443
UDP: 49152 -- 65535
(TURN allocated)

cl-coturn.vsee.com

cl-coturn-use01.vsee.com
cl-coturn-use02.vsee.com
cl-coturn-use03.vsee.com
cl-coturn-use04.vsee.com
cl-coturn-use05.vsee.com
cl-coturn-use06.vsee.com
cl-coturn-use07.vsee.com
cl-coturn-use08.vsee.com
cl-coturn-usw01.vsee.com
cl-coturn-usw02.vsee.com
cl-coturn-usw03.vsee.com
cl-coturn-usw04.vsee.com
cl-coturn-usw05.vsee.com
cl-coturn-usw06.vsee.com
cl-coturn-usw07.vsee.com
cl-coturn-ohio01.vsee.com
cl-coturn-ohio02.vsee.com
cl-coturn-oregon01.vsee.com
cl-coturn-

...

oregon02.vsee.com

...

34.195.60.220

...

3.91.120.247

...

18.204.252.34
34

...

.198.123.188
3.94.156.192
44.198.130.26
3.216.83.102
18.213.46.117
52.52.31.136

...

13.52.175.91

...


52.9.63.102
54.177.39.6
54.151.95.19
54.215.118.248
52.9.100.25
3.15.110.201

...

3.14.225.49

...

34.210.252.42

...

44.231.34.161

Region Identification Service
Used to detect the

...

VSee user’s region

...

and to choose the optimal video bridge server for better call performance.

TCP: 443

region.vsee.com

...

54.255.19.27
3.211.169.195
54.177.209.83

Video Bridge
During a VSee video call, networking packets may pass through a video bridge server for best performance.

TCP: 443
UDP: 10000

...

jvb01-ncal.vsee.com
jvb02-

...

ncal.vsee.com
jvb03-ncal.vsee.com
jvb04-ncal.vsee.com
jvb05-ncal.vsee.com
jvb06-

...

ncal.vsee.com
jvb07-ncal.vsee.com
jvb08-ncal.vsee.com
jvb09-ncal.vsee.com
jvb10-

...

ncal.vsee.com
jvb01-nvir.vsee.com
jvb02-nvir.vsee.com
jvb03-nvir.vsee.com
jvb04-

...

nvir.

...

vsee.

...

com
jvb05-

...

nvir.vsee.com
jvb06-

...

nvir.vsee.com
jvb07-nvir.vsee.com
jvb08-nvir.vsee.com
jvb09-nvir.vsee.com

...


jvb10-nvir.vsee.com

54.151.67.234
54.177.

...

202.54
54.215.26.79
54.219.55.241
184.169.198.132
54.177.84.55
54.67.10.243

...

54.176.204.219

...

184.72.28.249

...

50.18.195.100

...


...

35.174.23.28

...


...

34.237.10.5

...


...

34.232.244.246

...


...

18.214.46.241

...

18.214.51.10

...

54.242.133.141

...

54.147.165.97

...

34.236.235.124

...

54.204.161.153

...

174.129.121.60

...

Test new video bridge connectivity here

...

US Relays
Relay packets in case no peer-to-peer connection and no TURN connection can be established.

...

UDP: 6000, 1853
HTTP:80
HTTPS: 443

...

  • cl-relay.vsee.com

    • usw01-rel.vsee.com -- 54.215.19.55

    • usw02-rel.vsee.com -- 184.72.50.82

    • use01-rel.vsee.com -- 107.20.144.226

    • use02-rel.vsee.com -- 23.23.244.20

** Subject to change with at least 1 month of prior notice. We might be adding more video bridge / TURN servers for better performance

Performance Impact of Web Proxies: The VSee client can connect to all the above hosts via a Web Proxy.  However, A/V performance will be dependent on the Web Proxy’s capacity.  Some factors that might affect performance through a proxy are:

  • Load on the Web Proxy

  • Prioritization of persistent HTTP(S) connections through the proxy.  

For optimal performance: 

...

The Web Proxy should allow persistent HTTP(S) connections.

...

Messenger update service

Automated check for new versions of VSee Messenger

TCP: 443

cloudfront.vsee.com

Profile management

Managing VSee user profile, changing password, etc.

TCP: 443

vsee.com

my.vsee.com

13.248.147.98
76.223.29.204

Messenger diagnostics

Diagnostic information gathered by VSee Messenger

TCP: 443

ironmq.vsee.com
rtc-stats-v3.vsee.com

13.248.147.98
76.223.29.204

CLINIC SERVICE

Clinic web and API cluster

Basic Clinic functionality

TCP: 443

*.vsee.me

99.83.175.218
75.2.83.122
15.197.200.74
3.33.250.220
15.197.231.104
3.33.211.220

Call presence and reporting

Update VSee users' presence status.

TCP: 443

*.pubnub.com

vsee-activeapi.firebaseio.com

presence.vsee.com
conferences.vsee.com

13.248.147.98
76.223.29.204

OPTIONAL FIREWALL RULES

MFA / SSO (Depends on contract)

Enables login with MFA or using an SSO identity provider.

TCP: 443

auth.vsee.com

See Auth0 IP Allow List

Cloud recording (Depends on contract)

Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.

TCP: 443

s3.amazonaws.com

Connectivity Testing Service

A set of test tools to define if the VSee user’s network conditions are good enough for video calls, checking the reachability of critical VSee infrastructure.

TCP: 443

test.vsee.com

3.95.130.94

Detailed Rules (International Customers)

For international customers, please apply all rules in the US Customers section as well as the following:

Purpose

Protocol: Port

Detail Servers

...

International Relays

...

UDP: 6000, 1853
HTTP:80
HTTPS: 443

cl-relay.vsee.com

...

...

euw01-rel.vsee.com -- 54.217.225.38

International TURN servers

UDP: 3478
TCP: 3478

...

, 443
UDP: 49152 -

...

65535
(TURN allocated)

cl-coturn.vsee.com

cl-coturn-me01.vsee.com
cl-coturn-

...

sg01.

...

vsee.

...

com
cl-coturn-

...

sg02.vsee.com
cl-coturn-euw01.vsee.com

15.185.164.222
18.138.7.255

...

18.138.205.235

...


108.128.27.231

Video Bridge
During a VSee video call, networking packets may pass through a video bridge server for best performance.

TCP: 443
UDP: 10000

jvb01-sg.vsee.com

...

Testing VSee Connectivity

...

You can use the following page to test for basic VSee connectivity: VSee Network Test Page

...

If any of the test above result in failure, you need to resolve it first.

...

54.151.243.67

Proxy Servers

Many organizations utilize proxy servers with their networks. However, as VSee network traffic is already encrypted, passing this traffic through a proxy server does not make it any more secure. On the other hand, proxy servers can introduce performance problems. Proxy servers can introduce latency and packet loss, which can degrade audio and video quality where real-time streams are essential. Thus, bypassing proxies for VSee traffic is recommended as routing through all traffic through a proxy server might impact connectivity and A/V performance.

If proxy servers can not be bypassed, VSee services can connect to the above hosts via a proxy server. We recommend the following for better performance with a proxy server: 

  • Proxy servers should allow persistent TCP connections.

  • Proxy servers should be configured to allow UDP traffic to the VSee TURN Servers at port 3478 and the Video Bridges at port 10000 to proceed directly.

Testing VSee Connectivity

VSee provides a suite of tools to help test that firewall rules are configured appropriately. Please note that only a subset of the requirements listed above are tested by these tools. It is important to ensure that the firewall rules listed above are followed, even if these tests pass. Failing to follow

...

Update on 4 Jun 2021:

  • Total of 20 video bridges will be available in Aug 1, 2021

  • IP addresses are added for convenience 

Update on 16 Feb 2021:

  • Added 5 more video bridges jvb04-nvir.vsee.com , jvb01-ncal.vsee.com, jvb02-ncal.vsee.com, jvb03-ncal.vsee.com, jvb04-ncal.vsee.com

  • Removed port 4443, 10001-20000 range for video bridge

  • Removed US Relays usw03-rel.vsee.com, use03-rel.vsee.com, use04-rel.vsee.com, use05-rel.vsee.com

  • Removed International Relays euw02-rel.vsee.com

  • Removed International TURN server cl-coturn-sn01.vsee.com

Update on 13 July 2020:

...

Updated network connectivity test URL

...

Added 6001, 6256 port for STUN

...

Added note for new TURN, Video bridge will be added in with 1 month notice

...

Added region.vsee.com

Update on 8 Jun 2020:

  • Added cl-coturn-ohio01.vsee.com, cl-coturn-ohio02.vsee.com, cl-coturn-oregon01.vsee.com, cl-coturn-oregon02.vsee.com into TURN server list

Update on 1 Jun 2020:

  • Added UDP: 49152 -- 65535 (TURN allocated) to TURN protocol / port info

...

the firewall configuration requirements may cause issues such as intermittent bad call quality or dropped calls.

Test

URL

Basic VSee connectivity

https://test.vsee.com/connectivity

TURN connectivity

https://test.vsee.com/turn/

Other tools

https://test.vsee.com/network/index.html

https://clinic.vsee.me/test_computer

Outbound Connections

VSee services may occasionally need to connect with your systems for webhooks and callbacks, or to securely transfer patient / encounter data through SFTP, etc. Here are the lists of IP addresses that should be whitelisted.

Messenger Service

Code Block
13.52.171.113
52.9.150.124
184.72.21.195
184.72.47.83
54.241.101.173

Clinic Service

Code Block
13.52.7.6
13.56.46.159
52.52.174.230
54.177.111.163
13.52.58.237
18.144.134.162
54.241.243.156
54.176.136.131
13.56.219.50
13.56.202.120
13.56.70.155
50.18.137.251
13.52.25.116

Updates

Update on 1 Aug 2023

  • Updated correct list of Clinic Service IPs.

  • The following IPs are no longer valid

    • 54.153.119.24, 18.144.69.7, 52.53.171.200, 54.176.88.134, 18.144.8.250, 52.53.190.38, 54.177.38.2, 54.215.4.54, 54.193.243.179, 184.72.50.250

Update on 13 July 2023

  • Relayout content, separate out IP addresses for easy copy & paste

  • Removed legacy relay servers

  • Added in Singapore Video bridge

  • Added dedicated section for Testing VSee Connectivity

  • Added Outbound Connections section