Versions Compared

Old Version 11

changes.mady.by.user Hoa Le Quang

Saved on

compared with

New Version Current

changes.mady.by.user An Nguyen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

VSee Messenger services will attempt to navigate network architecture to its the best of their ability. However, in order to guarantee the best results, please add the following port and firewall rules to your corporate firewall / router systems.

Please note that VSee is generally not able to provide the fixed IP addresses for these servers because and they may be switched without prior notification. However, other than the bandwidth server, most IPs these IP addresses are relatively stationary and any changes will be updated here if they occur.

All firewall rules are subject to change with at least 1 month of prior notice.

Table of Contents

Network Security Diagram

Image Added

Simplified Rules

If *.vsee.com can be whitelisted, please add them this into your firewall rules with the following ports: 

Purpose

Protocol: Port

Detail Servers

VSee Directory, Relay, Call management, Diagnostics, etc.

Required for VSee Messenger authentication, address book services, establishing video calls, video packets relay, VSee Messenger chat communication.

Measure bandwidth for video quality adjustment

UDP (STUN): TCP: 80, 443, 3478, 5222
UDP: 1853, 3478, 6000, 6001, 6256
UDP: 6000, 1853
UDP: 10000
TCP (XMPP) 5222
TCP: 3478
HTTPS -- TLS 1.2: 443
TLS: 443
UDP: 49152 -- 65535
10000, 49152 - 65535 (TURN allocated)

*.vsee.com

Network route for peer-to-peer UDP (Optional)
For optimal performance: Allowing for VSee endpoints to directly communicate with each other. This will improve A/V performance and reduce load on firewalls and web proxies.

UDP

any host

Call presence and reporting

Update VSee user’s status, e.g. Offline, Online, In a call, Busy, etc.

HTTPSTCP: 443

*.pubnub.com

vsee-activeapi.firebaseio.com

Cloud recording service (Optional, depends on contract)

Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.

HTTPS -- TLSTCP: 443

s3.amazonaws.com

Measure bandwidth for video quality adjustment

VSee Messenger will call this service to test user’s bandwidth upon launch. Used for choosing optimal call quality.

HTTP(S): 80, 443

bw.vsee.com

Network Security Diagram

Image Removed

Detailed Rules (US Customers)

Please note the servers listed below are for calls within the United States only. 

If *.vsee.com cannot be whitelisted, the following subdomains and ports are required.

cl-coturn

Purpose

Protocol: PortDetail

Servers

IP Addresses

MESSENGER SERVICE

VSee Directory
Authentication and address book services for VSee Messenger and in-browser call and chat.

TCP (XMPP): 5222
HTTPS -- TLS 1.2: , 443

talk.vsee.com

xmpp01.vsee.com
xmpp02.vsee.com

--


xmpp03.vsee.com
xmpp04.vsee.com

52.52.36.123

xmpp02.vsee.com --

52.52.111.88

xmpp03.vsee.com --

52.52.245.139

xmpp04.vsee.com --

54.215.77.199

Call management

Establishing and managing VSee video call sessions.

HTTPS -- TLS 1.2: 443

  • api.vsee.com -- 52.9.212.253, 54.183.82.95

  • client.vsee.com -- 52.9.212.253, 54.183.82.95

Chat file transfer

File transfer inside of VSee Messenger and in-browser chat sessions.

HTTPS -- TLS 1.2: 443

  • assets.vsee.com -- 52.9.212.253, 54.183.82.95

Call presence and reporting

Update VSee user’s status, e.g. Offline, Online, In a call, Busy, etc.

HTTPS: 443

  • *.pubnub.com

  • vsee-activeapi.firebaseio.com

Messenger diagnostics

Various diagnostic messages in VSee Messenger.

HTTPS -- TLS 1.2: 443

  • ironmq.vsee.com -- 52.9.212.253, 54.183.82.95

Messenger update service

Automated check for new versions of VSee Messenger.

HTTPS -- TLS 1.2: 443

  • cloudfront.vsee.com

Cloud recording (optional depends on contract)

Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.

HTTPS -- TLS: 443

  • s3.amazonaws.com

Bandwidth Test
Measure bandwidth for video quality adjustment

HTTP: 80
HTTPS: 443

  • bw.vsee.com

Profile management (optional)

Managing VSee user profile - changing profile details, changing password, etc.

HTTPS -- TLS 1.2: 443

  • vsee.com

  • my.vsee.com -- 52.9.212.253, 54.183.82.95

Network route for peer-to-peer UDP (recommended)
For optimal performance: Allowing for VSee endpoints to directly communicate with each other. This will improve A/V performance and reduce load on firewalls and web proxies. VSee Messenger will attempt to bind local UDP port 6000-6255 but router might allocate other public port.

Inbound and outbound for UDP on any port

  • Any hosts

Discover network route for peer-to-peer UDP (optional)

UDP (STUN): 3478, 6000, 6001, 6256

  • stun01.vsee.com -- 50.18.91.143

  • stun02.vsee.com -- 52.52.56.79

  • stun-map01.vsee.com -- 50.18.91.143

  • stun-map02.vsee.com -- 52.52.56.79

  • net.vsee.com

    • net-1.vsee.com -- 50.18.91.143

    • net-2.vsee.com -- 52.52.56.79

US TURN Servers **
Servers that relay packets during VSee video call in case no peer-to-peer connection can be established.

UDP: 3478
TCP: 3478
TLS: 443
UDP: 49152 -- 65535
(TURN allocated)

US TURN Servers
Servers that relay packets during video calls in case no direct peer-to-peer connection can be established.

UDP: 3478
TCP: 3478, 443
UDP: 49152 -- 65535
(TURN allocated)

cl-coturn.vsee.com

cl-coturn-use01.vsee.com
cl-coturn-use02.vsee.com
cl-coturn-use03.vsee.com
cl-coturn-use04.vsee.com
cl-coturn-use05.vsee.com
cl-coturn-use06.vsee.com
cl-coturn-use07.vsee.com
cl-coturn-use08.vsee.com
cl-coturn-usw01.vsee.com
cl-coturn-usw02.vsee.com
cl-coturn-usw03.vsee.com
cl-coturn-usw04.vsee.com
cl-coturn-usw05.vsee.com
cl-coturn-usw06.vsee.com
cl-coturn-usw07.vsee.com
cl-coturn-ohio01.vsee.com
cl-coturn-ohio02.vsee.com
cl-coturn-oregon01.vsee.com
cl-coturn-

use01

oregon02.vsee.com

--

34.195.60.220

cl-coturn-use02.vsee.com --

3.91.120.247

cl-coturn-use03.vsee.com --

18.204.252.34

cl-coturn-use04.vsee.com --

34.198.123.188

cl-coturn-use05.vsee.com --

3.94.156.192

cl-coturn-use06.vsee.com --

44.198.130.26

cl-coturn-use07.vsee.com --

3.216.83.102

cl-coturn-use08.vsee.com --

18.213.46.117

cl-coturn-usw01.vsee.com --

52.52.31.136

cl-coturn-usw02.vsee.com --

13.52.175.91

cl-coturn-usw03.vsee.com --

52.9.63.102

cl-coturn-usw04.vsee.com --

54.177.39.6

cl-coturn-usw05.vsee.com --

54.151.95.19

cl-coturn-usw06.vsee.com --

54.215.118.248

cl-coturn-usw07.vsee.com --

52.9.100.25

cl-coturn-ohio01.vsee.com --

3.15.110.201

cl-coturn-ohio02.vsee.com --

3.14.225.49

cl-coturn-oregon01.vsee.com --

34.210.252.42

cl-coturn-oregon02.vsee.com --

44.231.34.161

Test TURN connectivity here

Region Identification Service
Used to detect the VSee user’s region and to choose the optimal video bridge server for better call performance.

TCP: 443

region.vsee.com

--

54.255.19.27
3.211.169.195
54.177.209.83

Video Bridge **
During a VSee video call, networking packets may pass through a video bridge server for best perfomanceperformance.

TCP: 443
UDP: 10000

US West Coast

jvb01-ncal.vsee.com
jvb02-

- 54.151.67.234
jvb02

ncal.vsee.com
jvb03-ncal.vsee.com
jvb04-ncal.vsee.com
jvb05-ncal.vsee.com
jvb06-

- 54.177.202.54
jvb03

ncal.vsee.com
jvb07-ncal.vsee.com
jvb08-ncal.vsee.com
jvb09-ncal.vsee.com
jvb10-

- 54.215.26.79
jvb04-ncal

ncal.vsee.com
jvb01-nvir.vsee.com
jvb02-nvir.vsee.com
jvb03-nvir.vsee.com
jvb04-

- 54

nvir.

219

vsee.

55.241

com
jvb05-

ncal

nvir.vsee.com
jvb06-

- 184.169.198.132
jvb06-ncal

nvir.vsee.com
jvb07-nvir.vsee.com
jvb08-nvir.vsee.com
jvb09-nvir.vsee.com

--


jvb10-nvir.vsee.com

54.151.67.234
54.177.

84.55
jvb07-ncal.vsee.com --

202.54
54.215.26.79
54.219.55.241
184.169.198.132
54.177.84.55
54.67.10.243

jvb08-ncal.vsee.com --

54.176.204.219

jvb09-ncal.vsee.com --

184.72.28.249

jvb10-ncal.vsee.com --

50.18.195.100

US East Coast
jvb01-nvir.vsee.com --

35.174.23.28

(existing)


jvb02-nvir.vsee.com --

34.237.10.5

(existing)


jvb03-nvir.vsee.com --

34.232.244.246

(existing)


jvb04-nvir.vsee.com --

18.214.46.241

jvb05-nvir.vsee.com --

18.214.51.10

jvb06-nvir.vsee.com --

54.242.133.141

jvb07-nvir.vsee.com --

54.147.165.97

jvb08-nvir.vsee.com --

34.236.235.124

jvb09-nvir.vsee.com --

54.204.161.153

jvb10-nvir.vsee.com --

174.129.121.60

  • Test new video bridge connectivity here

    • US Relays
    Relay packets in case no peer-to-peer connection and no TURN connection can be established.

    UDP: 6000, 1853
    HTTP:80
    HTTPS: 443

    cl-relay.vsee.com

  • usw01-rel.vsee.com -- 54.215.19.55

    • usw02-rel.vsee.com -- 184.72.50.82

    Messenger update service

    Automated check for new versions of VSee Messenger

    TCP: 443

    cloudfront.vsee.com

    Profile management

    Managing VSee user profile, changing password, etc.

    TCP: 443

    vsee.com

    my.vsee.com

    13.248.147.98
    76.223.29.204

    Messenger diagnostics

    Diagnostic information gathered by VSee Messenger

    TCP: 443

    ironmq.vsee.com
    rtc-stats-v3.vsee.com

    13.248.147.98
    76.223.29.204

    CLINIC SERVICE

    Clinic web and API cluster

    Basic Clinic functionality

    TCP: 443

    *.vsee.me

    99.83.175.218
    75.2.83.122
    15.197.200.74
    3.33.250.220
    15.197.231.104
    3.33.211.220

    Call presence and reporting

    Update VSee users' presence status.

    TCP: 443

    *.pubnub.com

    vsee-activeapi.firebaseio.com

    presence.vsee.com
    conferences.vsee.com

    13.248.147.98
    76.223.29.204

    OPTIONAL FIREWALL RULES

    MFA / SSO (Depends on contract)

    Enables login with MFA or using an SSO identity provider.

    TCP: 443

    auth.vsee.com

    See Auth0 IP Allow List

    Cloud recording (Depends on contract)

    Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.

    TCP: 443

    s3.amazonaws.com

    Connectivity Testing Service

    A set of test tools to define if the VSee user’s network conditions are good enough for video calls, checking the reachability of critical VSee infrastructure.

    HTTPSTCP: 443

    test.vsee.com

    -

    3.95.130.94

    ** Subject to change with at least 1 month of prior notice. We might be adding more video bridge / TURN servers for better performance

    Performance Impact of Web Proxies: The VSee client can connect to all the above hosts via a Web Proxy.  However, A/V performance will be dependent on the Web Proxy’s capacity.  Some factors that might affect performance through a proxy are:

    • Load on the Web Proxy

    • Prioritization of persistent HTTP(S) connections through the proxy.  

    For optimal performance: 

    • The Web Proxy should allow persistent HTTP(S) connections.

    • The Web Proxy should be configured to allow traffic to the VSee TURN Servers to proceed directly.

    Detailed Rules (International Customers)

    For international customers, please apply all rules in the US Customers section as well as the following:

    Purpose

    Protocol: Port

    Detail Servers

    International TURN servers

    UDP: 3478
    TCP: 3478
    TLS: , 443
    UDP: 49152 - - 65535
    (TURN allocated)

    cl-coturn.vsee.com

    cl-coturn-me01.vsee.com
    cl-coturn-

    15

    sg01.

    185

    vsee.

    164.222

    com
    cl-coturn-

    sg01

    sg02.vsee.com
    cl-coturn-euw01.vsee.com

    15.185.164.222
    18.138.7.255

    cl-coturn-sg02.vsee.com --

    18.138.205.235

    cl-coturn-euw01


    108.128.27.231

    Video Bridge
    During a VSee video call, networking packets may pass through a video bridge server for best performance.

    TCP: 443
    UDP: 10000

    jvb01-sg.vsee.com

    -- 108.128.27.231

    Testing VSee Connectivity

  • You can use the following page to test for basic VSee connectivity: VSee Network Test Page

  • If any of the test above result in failure, you need to resolve it first.

    • All tests pass might not mean you will have a successful call

    54.151.243.67

    Proxy Servers

    Many organizations utilize proxy servers with their networks. However, as VSee network traffic is already encrypted, passing this traffic through a proxy server does not make it any more secure. On the other hand, proxy servers can introduce performance problems. Proxy servers can introduce latency and packet loss, which can degrade audio and video quality where real-time streams are essential. Thus, bypassing proxies for VSee traffic is recommended as routing through all traffic through a proxy server might impact connectivity and A/V performance.

    If proxy servers can not be bypassed, VSee services can connect to the above hosts via a proxy server. We recommend the following for better performance with a proxy server: 

    • Proxy servers should allow persistent TCP connections.

    • Proxy servers should be configured to allow UDP traffic to the VSee TURN Servers at port 3478 and the Video Bridges at port 10000 to proceed directly.

    Testing VSee Connectivity

    VSee provides a suite of tools to help test that firewall rules are configured appropriately. Please note that only a subset of the requirements listed above are tested by these tools. It is important to ensure that the firewall rules listed above are followed, even if these tests pass. Failing to follow the firewall configuration requirements may cause issues such as intermittent bad call quality or dropped calls.

    Updates

    Update on 21 Jun 2022:

    Removed International Relays sg01-rel.vsee.com, euw01-rel

    Test

    URL

    Basic VSee connectivity

    https://test.vsee.com/connectivity

    TURN connectivity

    https://test.vsee.com

    Update on 15 Jun 2022:

    Removed US Relays use01-rel

    /turn/

    Other tools

    https://test.vsee.com

    , use02-rel.vsee.com

    Update on 30 May 2022:

    Added TURN connectivity test URL -

    /network/index.html

    https://

    test

    clinic.vsee.

    com/turn

  • Added new TURN servers

    • US EAST - cl-coturn-use04.vsee.com, cl-coturn-use05.vsee.com, cl-coturn-use06.vsee.com, cl-coturn-use07.vsee.com, cl-coturn-use08.vsee.com

    • US WEST - cl-coturn-usw03.vsee.com, cl-coturn-usw04.vsee.com, cl-coturn-usw05.vsee.com, cl-coturn-usw06.vsee.com, cl-coturn-usw07.vsee.com

    • Update on 4 Jun 2021:

    • Total of 20 video bridges will be available in Aug 1, 2021

    • IP addresses are added for convenience 

    Update on 16 Feb 2021:

    • Added 5 more video bridges jvb04-nvir.vsee.com , jvb01-ncal.vsee.com, jvb02-ncal.vsee.com, jvb03-ncal.vsee.com, jvb04-ncal.vsee.com

    • Removed port 4443, 10001-20000 range for video bridge

    • Removed US Relays usw03-rel.vsee.com, use03-rel.vsee.com, use04-rel.vsee.com, use05-rel.vsee.com

    • Removed International Relays euw02-rel.vsee.com

    • Removed International TURN server cl-coturn-sn01.vsee.com

    Update on 13 July 2020:

  • Updated network connectivity test URL

    • Increase priority for Peer-to-peerUDP

  • Added 6001, 6256 port for STUN

  • Added note for new TURN, Video bridge will be added in with 1 month notice

  • Added region.vsee.com

    • Update on 8 Jun 2020:

    • Added cl-coturn-ohio01.vsee.com, cl-coturn-ohio02.vsee.com, cl-coturn-oregon01.vsee.com, cl-coturn-oregon02.vsee.com into TURN server list

    Update on 1 Jun 2020:

    • Added UDP: 49152 -- 65535 (TURN allocated) to TURN protocol / port info

    This page is also available here https://vsee.com/firewall

    me/test_computer

    Outbound Connections

    VSee services may occasionally need to connect with your systems for webhooks and callbacks, or to securely transfer patient / encounter data through SFTP, etc. Here are the lists of IP addresses that should be whitelisted.

    Messenger Service

    Code Block
    13.52.171.113
52.9.150.124
184.72.21.195
184.72.47.83
54.241.101.173

    Clinic Service

    Code Block
    13.52.7.6
13.56.46.159
52.52.174.230
54.177.111.163
13.52.58.237
18.144.134.162
54.241.243.156
54.176.136.131
13.56.219.50
13.56.202.120
13.56.70.155
50.18.137.251
13.52.25.116

    Updates

    Update on 1 Aug 2023

    • Updated correct list of Clinic Service IPs.

    • The following IPs are no longer valid

      • 54.153.119.24, 18.144.69.7, 52.53.171.200, 54.176.88.134, 18.144.8.250, 52.53.190.38, 54.177.38.2, 54.215.4.54, 54.193.243.179, 184.72.50.250

    Update on 13 July 2023

    • Relayout content, separate out IP addresses for easy copy & paste

    • Removed legacy relay servers

    • Added in Singapore Video bridge

    • Added dedicated section for Testing VSee Connectivity

    • Added Outbound Connections section