Versions Compared

Old Version 6

changes.mady.by.user An Nguyen

Saved on

compared with

New Version Current

changes.mady.by.user An Nguyen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

VSee services will attempt to navigate network architecture to the best of their ability. However, in order to guarantee the best results, please add the following port and firewall rules to your corporate firewall / router systems.

Please note that VSee is not able to provide fixed IP addresses for these servers and they may be switched without prior notification. However, these IP addresses are relatively stationary and any changes will be updated here if they occur.

All firewall rules are subject to change with at least 1 month of prior notice.

Table of Contents

Network Security Diagram

Image RemovedImage Added

Simplified

Rules

If *.

for vsee.qa

can be whitelisted, please add this into your firewall rules with the following ports: 

Purpose

Protocol: Port

Detail

TCP: 80, 443, 3478, 5222
UDP: 1853, 3478, 6000, 6001, 6256, 10000, 49152 - 65535 (TURN allocated)

*.vsee.qa

Servers

IP Addresses

MESSENGER SERVICE

VSee Directory

, Relay, Call management, Diagnostics, etc.

Required for VSee Messenger authentication, address book services, establishing video calls, video packets relay, VSee Messenger chat communication.

Measure bandwidth for video quality adjustment


Authentication and address book services for VSee Messenger and in-browser call and chat.

TCP: 5222, 443

talk.vsee.qa

xmpp01.vsee.qa
xmpp02.vsee.qa

20.21.218.35

20.21.217.211

Qatar TURN Servers
Servers that relay packets during video calls in case no direct peer-to-peer connection can be established.

UDP: 3478
TCP: 3478, 443
UDP: 49152 -- 65535
(TURN allocated)

cl-coturn.vsee.qa

cl-coturn-qa01.vsee.qa
cl-coturn-qa02.vsee.qa

20.173.76.209

20.173.76.208

Video Bridge
During a VSee video call, networking packets may pass through a video bridge server for best performance.

TCP: 443
UDP: 10000

jvb01-qa.vsee.qa
jvb02-qa.vsee.qa

20.173.76.211

20.173.76.210

Reserved IP Addresses
These are allocated for additional TURN and Video Bridge servers.

UDP: 3478
TCP: 3478, 443
UDP: 49152 -- 65535
(TURN allocated)

TCP: 443
UDP: 10000

20.173.76.212

20.173.76.213

20.173.76.214

20.173.76.215

20.173.76.216

20.173.76.217

20.173.76.218

20.173.76.219

20.173.76.220

20.173.76.221

20.173.76.222

20.173.76.223

Region Identification Service
Used to detect the VSee user’s region and to choose the optimal video bridge server for better call performance.

TCP: 443

region.vsee.qa

20.21.217.110

Messenger update service

Automated check for new versions of VSee Messenger

TCP: 443

download.vsee.qa

20.21.217.210

Profile management

Managing VSee user profile, changing password, etc.

TCP: 443

my.vsee.qa

20.21.217.210

Messenger diagnostics

Diagnostic information gathered by VSee Messenger

TCP: 443

ironmq.vsee.qa
rtc-stats-v3.vsee.qa

20.21.217.210

CLINIC SERVICE

Clinic web and API cluster

Basic Clinic functionality

TCP: 443

*.vsee.qa

20.21.217.207

Call presence and reporting

Update VSee

user’s status, e.g. Offline, Online, In a call, Busy, etc.

users' presence status.

TCP: 443

presence.vsee.qa
conferences.vsee.qa

20.21.217.210

OPTIONAL FIREWALL RULES

SSO / AD

TCP: 443

vsee-activeapi

*.

firebaseio

scale.

com

qa

Cloud recording

service

(

Optional, depends

Depends on contract)

Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.

TCP: 443

s3.amazonaws.com

Detailed Rules

If *.vsee.qa cannot be whitelisted, the following subdomains and ports are required.

stvcpvmprdqc01.blob.core.windows.net

Rules for vseebeta.qa

Purpose

Protocol: Port

Servers

IP Addresses

MESSENGER SERVICE

VSee Directory
Authentication and address book services for VSee Messenger and in-browser call and chat.

TCP: 5222, 443

talk.

vsee

vseebeta.qa

xmpp01.

vsee

vseebeta.qa
xmpp02.

vsee

vseebeta.qa

20.21.

218

0.

35

27

20.21.

217

0.

211

42

Qatar TURN Servers
Servers that relay packets during video calls in case no direct peer-to-peer connection can be established.

UDP: 3478
TCP: 3478, 443
UDP: 49152 -- 65535
(TURN allocated)

cl-coturn.

vsee

vseebeta.qa

cl-coturn-qa01.

vsee

vseebeta.qa
cl-coturn-qa02.

vsee

vseebeta.qa

20.

173

21.

76.209

20.173.76.208

Region Identification Service
Used to detect the VSee user’s region and to choose the optimal video bridge server for better call performance.

TCP: 443

region.vsee.qa

103.131

20.21.

217

103.

110

128

Video Bridge
During a VSee video call, networking packets may pass through a video bridge server for best performance.

TCP: 443
UDP: 10000

jvb01-qa.

vsee

vseebeta.qa
jvb02-qa.

vsee

vseebeta.qa

20

.173.76.211

.21.103.129

20.21.103.130

Reserved IP Addresses
These are allocated for additional TURN and Video Bridge servers.

UDP: 3478
TCP: 3478, 443
UDP: 49152 -- 65535
(TURN allocated)

TCP: 443
UDP: 10000

20.21.103.132

20.21.103.133

20.21.103.134

20.21.103.135

20.21.103.136

20.21.103.137

20.21.103.138

20.21.103.139

20.21.103.140

20.21.103.141

20.21.103.142

20.21.103.143

Region Identification Service
Used to detect the VSee user’s region and to choose the optimal video bridge server for better call performance.

TCP: 443

region.vseebeta.qa

20.173.

76

48.

210

127

Messenger update service

Automated check for new versions of VSee Messenger

TCP: 443

cloudfront

download.

vsee

vseebeta.qa

20.173.48.127

Profile management

Managing VSee user profile, changing password, etc.

TCP: 443

vsee.qa

my.

vsee

vseebeta.qa

20.

21

173.

217

48.

210

127

Messenger diagnostics

Diagnostic information gathered by VSee Messenger

TCP: 443

ironmq.

vsee

vseebeta.qa
rtc-stats-v3.

vsee

vseebeta.qa

20.

21

173.

217

48.

210

127

CLINIC SERVICE

Clinic web and API cluster

Basic Clinic functionality

TCP: 443

*.

vsee

vseebeta.qa

20.

21

173.

217

48.

207

105

Call presence and reporting

Update VSee users' presence status.

TCP: 443

vsee-activeapi.firebaseio.com

presence.

vsee

vseebeta.qa
conferences.

vsee

vseebeta.qa

20.

21

173.

217

48.

210

127

OPTIONAL FIREWALL RULES

SSO / AD

Enables login with MFA or using an SSO identity provider.

TCP: 443

auth

*.

scale

scalebeta.qa

See SCALE info

Cloud recording (Depends on contract)

Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.

TCP: 443

xxx

stvcnvmstgqc01.blob.core.windows.net

Proxy Servers

Many organizations utilize proxy servers with their networks. However, as VSee network traffic is already encrypted, passing this traffic through a proxy server does not make it any more secure. On the other hand, proxy servers can introduce performance problems. Proxy servers can introduce latency and packet loss, which can degrade audio and video quality where real-time streams are essential. Thus, bypassing proxies for VSee traffic is recommended as routing through all traffic through a proxy server might impact connectivity and A/V performance.

If proxy servers can not be bypassed, VSee services can connect to the above hosts via a proxy server. We recommend the following for better performance with a proxy server: 

  • Proxy servers should allow persistent TCP connections.

  • Proxy servers should be configured to allow UDP traffic to the VSee TURN Servers at port 3478 and the Video Bridges at port 10000 to proceed directly.

Outbound Connections

VSee services may occasionally need to connect with your systems for webhooks and callbacks, or to securely transfer patient / encounter data through SFTP, etc. Here are the lists of IP addresses that should be whitelisted.

Messenger Service

Code Block
20.21.208.105

& Clinic Service

Code Block
20.21.208.105