Network Security Diagram
Rules for vsee.qa
Purpose | Protocol: Port | Servers | IP Addresses |
---|
MESSENGER SERVICE |
---|
VSee Directory Authentication and address book services for VSee Messenger and in-browser call and chat. | TCP: 5222, 443
| talk.vsee.qa
| xmpp01.vsee.qa
xmpp02.vsee.qa
| 20.21.218.35
20.21.217.211
|
---|
Qatar TURN Servers Servers that relay packets during video calls in case no direct peer-to-peer connection can be established. | UDP: 3478
TCP: 3478 , 443
UDP: 49152 -- 65535
(TURN allocated)
| cl-coturn.vsee.qa
| cl-coturn-qa01.vsee.qa
cl-coturn-qa02.vsee.qa
| 20.173.76.209
20.173.76.208
|
---|
Region Identification Service Used to detect the VSee user’s region and to choose the optimal video bridge server for better call performance. | TCP: 443
| region.vsee.qa
| 20.21.217.110
| Video Bridge During a VSee video call, networking packets may pass through a video bridge server for best performance. | TCP: 443
UDP: 10000
| | jvb01-qa.vsee.qa
jvb02-qa.vsee.qa
| 20.173.76.211
20.173.76.210
|
---|
Reserved IP Addresses These are allocated for additional TURN and Video Bridge servers. | UDP: 3478
TCP: 3478 , 443
UDP: 49152 -- 65535
(TURN allocated)
TCP: 443
UDP: 10000
| | | 20.173.76.212
20.173.76.213
20.173.76.214
20.173.76.215
20.173.76.216
20.173.76.217
20.173.76.218
20.173.76.219
20.173.76.220
20.173.76.221
20.173.76.222
20.173.76.223
|
---|
Region Identification Service Used to detect the VSee user’s region and to choose the optimal video bridge server for better call performance. | TCP: 443
| region.vsee.qa
| | 20.21.217.110
|
---|
Messenger update service Automated check for new versions of VSee Messenger | TCP: 443
| cloudfrontdownload.vsee.qa
| | 20.21.217.210
|
---|
Profile management Managing VSee user profile, changing password, etc. | TCP: 443
| my.vsee.qa
| | 20.21.217.210
|
---|
Messenger diagnostics Diagnostic information gathered by VSee Messenger | TCP: 443
| ironmq.vsee.qa
rtc-stats-v3.vsee.qa
| | 20.21.217.210
|
---|
CLINIC SERVICE | | |
---|
Clinic web and API cluster Basic Clinic functionality | TCP: 443
| *.vsee.qa
| | 20.21.217.207
|
---|
Call presence and reporting Update VSee users' presence status. | TCP: 443
| presence.vsee.qa
conferences.vsee.qa
| | 20.21.217.210
|
---|
OPTIONAL FIREWALL RULES |
---|
SSO / AD | TCP: 443
| *.scale.qa
| | |
---|
Cloud recording (Depends on contract) Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link. | TCP: 443
| stvcpvmprdqc01.blob.core.windows.net
|
---|
Rules for vseebeta.qa
Purpose | Protocol: Port | Servers | IP Addresses |
---|
MESSENGER SERVICE |
---|
VSee Directory Authentication and address book services for VSee Messenger and in-browser call and chat. | TCP: 5222, 443
| talk.vseebeta.qa
| xmpp01.vseebeta.qa
xmpp02.vseebeta.qa
| xxx 20.21.0.27
20.21.0.42
|
---|
Qatar TURN Servers Servers that relay packets during video calls in case no direct peer-to-peer connection can be established. | UDP: 3478
TCP: 3478 , 443
UDP: 49152 -- 65535
(TURN allocated)
| cl-coturn.vseebeta.qa
| cl-coturn-qa01.vseebeta.qa
cl-coturn-qa02.vseebeta.qa
| xxx
| Region Identification Service Used to detect the VSee user’s region and to choose the optimal video bridge server for better call performance. | TCP: 443
| region.vseebeta.qa
| xxx
| 20.21.103.131
20.21.103.128
|
---|
Video Bridge During a VSee video call, networking packets may pass through a video bridge server for best performance. | TCP: 443
UDP: 10000
| | jvb01-qa.vseebeta.qa
jvb02-qa.vseebeta.qa xxx
| 20.21.103.129
20.21.103.130
|
---|
Reserved IP Addresses These are allocated for additional TURN and Video Bridge servers. | UDP: 3478
TCP: 3478 , 443
UDP: 49152 -- 65535
(TURN allocated)
TCP: 443
UDP: 10000
| | | 20.21.103.132
20.21.103.133
20.21.103.134
20.21.103.135
20.21.103.136
20.21.103.137
20.21.103.138
20.21.103.139
20.21.103.140
20.21.103.141
20.21.103.142
20.21.103.143
|
---|
Region Identification Service Used to detect the VSee user’s region and to choose the optimal video bridge server for better call performance. | TCP: 443
| region.vseebeta.qa
| | 20.173.48.127
|
---|
Messenger update service Automated check for new versions of VSee Messenger | TCP: 443
| cloudfrontdownload.vseebeta.qa
| | 20.173.48.127
|
---|
Profile management Managing VSee user profile, changing password, etc. | TCP: 443
| my.vseebeta.qa xxx
| | 20.173.48.127
|
---|
Messenger diagnostics Diagnostic information gathered by VSee Messenger | TCP: 443
| ironmq.vseebeta.qa
rtc-stats-v3.vseebeta.qa
| | xxx 20.173.48.127
|
---|
CLINIC SERVICE | | |
---|
Clinic web and API cluster Basic Clinic functionality | TCP: 443
| *.vseebeta.qa xxx
| | 20.173.48.105
|
---|
Call presence and reporting Update VSee users' presence status. | TCP: 443
| presence.vseebeta.qa
conferences.vseebeta.qa
| | xxx 20.173.48.127
|
---|
OPTIONAL FIREWALL RULES |
---|
SSO / AD | TCP: 443
| *.scalebeta.qa
| | |
---|
Cloud recording (Depends on contract) Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link. | TCP: 443
| stvcnvmstgqc01.blob.core.windows.net
|
---|
Proxy Servers
Many organizations utilize proxy servers with their networks. However, as VSee network traffic is already encrypted, passing this traffic through a proxy server does not make it any more secure. On the other hand, proxy servers can introduce performance problems. Proxy servers can introduce latency and packet loss, which can degrade audio and video quality where real-time streams are essential. Thus, bypassing proxies for VSee traffic is recommended as routing through all traffic through a proxy server might impact connectivity and A/V performance.
If proxy servers can not be bypassed, VSee services can connect to the above hosts via a proxy server. We recommend the following for better performance with a proxy server:
Proxy servers should allow persistent TCP connections.
Proxy servers should be configured to allow UDP traffic to the VSee TURN Servers at port 3478 and the Video Bridges at port 10000 to proceed directly.
Outbound Connections
VSee services may occasionally need to connect with your systems for webhooks and callbacks, or to securely transfer patient / encounter data through SFTP, etc. Here are the lists of IP addresses that should be whitelisted.