Firewall Configuration

 

Overview

VSee services will attempt to navigate network architecture to the best of their ability. However, in order to guarantee the best results, please add the following port and firewall rules to your corporate firewall / router systems.

Please note that VSee is not able to provide fixed IP addresses for these servers and they may be switched without prior notification. However, these IP addresses are relatively stationary and any changes will be updated here if they occur.

All firewall rules are subject to change with at least 1 month of prior notice.

Network Security Diagram

Simplified Rules

If *.vsee.com can be whitelisted, please add this into your firewall rules with the following ports: 

Purpose

Protocol: Port

Detail Servers

VSee Directory, Relay, Call management, Diagnostics, etc.

Required for VSee Messenger authentication, address book services, establishing video calls, video packets relay, VSee Messenger chat communication.

Measure bandwidth for video quality adjustment

TCP: 80, 443, 3478, 5222
UDP: 1853, 3478, 6000, 6001, 6256, 10000, 49152 - 65535 (TURN allocated)

*.vsee.com

Call presence and reporting

Update VSee user’s status, e.g. Offline, Online, In a call, Busy, etc.

TCP: 443

*.pubnub.com

vsee-activeapi.firebaseio.com

Cloud recording service (Optional, depends on contract)

Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.

TCP: 443

s3.amazonaws.com

Detailed Rules (US Customers)

Please note the servers listed below are for calls within the United States only. 

If *.vsee.com cannot be whitelisted, the following subdomains and ports are required.

Purpose

Protocol: Port

Servers

IP Addresses

Purpose

Protocol: Port

Servers

IP Addresses

MESSENGER SERVICE

VSee Directory
Authentication and address book services for VSee Messenger and in-browser call and chat.

TCP: 5222, 443

talk.vsee.com

xmpp01.vsee.com
xmpp02.vsee.com
xmpp03.vsee.com
xmpp04.vsee.com

52.52.36.123
52.52.111.88
52.52.245.139
54.215.77.199

US TURN Servers
Servers that relay packets during video calls in case no direct peer-to-peer connection can be established.

UDP: 3478
TCP: 3478, 443
UDP: 49152 -- 65535
(TURN allocated)

cl-coturn.vsee.com

cl-coturn-use01.vsee.com
cl-coturn-use02.vsee.com
cl-coturn-use03.vsee.com
cl-coturn-use04.vsee.com
cl-coturn-use05.vsee.com
cl-coturn-use06.vsee.com
cl-coturn-use07.vsee.com
cl-coturn-use08.vsee.com
cl-coturn-usw01.vsee.com
cl-coturn-usw02.vsee.com
cl-coturn-usw03.vsee.com
cl-coturn-usw04.vsee.com
cl-coturn-usw05.vsee.com
cl-coturn-usw06.vsee.com
cl-coturn-usw07.vsee.com
cl-coturn-ohio01.vsee.com
cl-coturn-ohio02.vsee.com
cl-coturn-oregon01.vsee.com
cl-coturn-oregon02.vsee.com

34.195.60.220
3.91.120.247
18.204.252.34
34.198.123.188
3.94.156.192
44.198.130.26
3.216.83.102
18.213.46.117
52.52.31.136
13.52.175.91
52.9.63.102
54.177.39.6
54.151.95.19
54.215.118.248
52.9.100.25
3.15.110.201
3.14.225.49
34.210.252.42
44.231.34.161

Region Identification Service
Used to detect the VSee user’s region and to choose the optimal video bridge server for better call performance.

TCP: 443

region.vsee.com

 

54.255.19.27
3.211.169.195
54.177.209.83

Video Bridge
During a VSee video call, networking packets may pass through a video bridge server for best performance.

TCP: 443
UDP: 10000

 

jvb01-ncal.vsee.com
jvb02-ncal.vsee.com
jvb03-ncal.vsee.com
jvb04-ncal.vsee.com
jvb05-ncal.vsee.com
jvb06-ncal.vsee.com
jvb07-ncal.vsee.com
jvb08-ncal.vsee.com
jvb09-ncal.vsee.com
jvb10-ncal.vsee.com
jvb01-nvir.vsee.com
jvb02-nvir.vsee.com
jvb03-nvir.vsee.com
jvb04-nvir.vsee.com
jvb05-nvir.vsee.com
jvb06-nvir.vsee.com
jvb07-nvir.vsee.com
jvb08-nvir.vsee.com
jvb09-nvir.vsee.com
jvb10-nvir.vsee.com

54.151.67.234
54.177.202.54
54.215.26.79
54.219.55.241
184.169.198.132
54.177.84.55
54.67.10.243
54.176.204.219
184.72.28.249
50.18.195.100
35.174.23.28
34.237.10.5
34.232.244.246
18.214.46.241
18.214.51.10
54.242.133.141
54.147.165.97
34.236.235.124
54.204.161.153
174.129.121.60

Messenger update service

Automated check for new versions of VSee Messenger

TCP: 443

cloudfront.vsee.com

 

 

Profile management

Managing VSee user profile, changing password, etc.

TCP: 443

vsee.com

 

 

my.vsee.com

 

13.248.147.98
76.223.29.204

Messenger diagnostics

Diagnostic information gathered by VSee Messenger

TCP: 443

ironmq.vsee.com
rtc-stats-v3.vsee.com

 

13.248.147.98
76.223.29.204

CLINIC SERVICE

 

 

Clinic web and API cluster

Basic Clinic functionality

TCP: 443

*.vsee.me

 

99.83.175.218
75.2.83.122
15.197.200.74
3.33.250.220
15.197.231.104
3.33.211.220

Call presence and reporting

Update VSee users' presence status.

TCP: 443

*.pubnub.com

 

 

vsee-activeapi.firebaseio.com

 

 

presence.vsee.com
conferences.vsee.com

 

13.248.147.98
76.223.29.204

 

 

 

 

 

OPTIONAL FIREWALL RULES

 

 

MFA / SSO (Depends on contract)

Enables login with MFA or using an SSO identity provider.

TCP: 443

auth.vsee.com

 

See Auth0 IP Allow List

Cloud recording (Depends on contract)

Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.

TCP: 443

s3.amazonaws.com

 

 

Connectivity Testing Service

A set of test tools to define if the VSee user’s network conditions are good enough for video calls, checking the reachability of critical VSee infrastructure.

TCP: 443

test.vsee.com

 

3.95.130.94

Detailed Rules (International Customers)

For international customers, please apply all rules in the US Customers section as well as the following:

Purpose

Protocol: Port

Detail Servers

 

 

Purpose

Protocol: Port

Detail Servers

 

 

International TURN servers

 

UDP: 3478
TCP: 3478, 443
UDP: 49152 - 65535
(TURN allocated)

cl-coturn.vsee.com

cl-coturn-me01.vsee.com
cl-coturn-sg01.vsee.com
cl-coturn-sg02.vsee.com
cl-coturn-euw01.vsee.com

15.185.164.222
18.138.7.255
18.138.205.235
108.128.27.231

Video Bridge
During a VSee video call, networking packets may pass through a video bridge server for best performance.

TCP: 443
UDP: 10000

 

jvb01-sg.vsee.com

54.151.243.67

Proxy Servers

Many organizations utilize proxy servers with their networks. However, as VSee network traffic is already encrypted, passing this traffic through a proxy server does not make it any more secure. On the other hand, proxy servers can introduce performance problems. Proxy servers can introduce latency and packet loss, which can degrade audio and video quality where real-time streams are essential. Thus, bypassing proxies for VSee traffic is recommended as routing through all traffic through a proxy server might impact connectivity and A/V performance.

If proxy servers can not be bypassed, VSee services can connect to the above hosts via a proxy server. We recommend the following for better performance with a proxy server: 

  • Proxy servers should allow persistent TCP connections.

  • Proxy servers should be configured to allow UDP traffic to the VSee TURN Servers at port 3478 and the Video Bridges at port 10000 to proceed directly.

Testing VSee Connectivity

VSee provides a suite of tools to help test that firewall rules are configured appropriately. Please note that only a subset of the requirements listed above are tested by these tools. It is important to ensure that the firewall rules listed above are followed, even if these tests pass. Failing to follow the firewall configuration requirements may cause issues such as intermittent bad call quality or dropped calls.

Outbound Connections

VSee services may occasionally need to connect with your systems for webhooks and callbacks, or to securely transfer patient / encounter data through SFTP, etc. Here are the lists of IP addresses that should be whitelisted.

Messenger Service

13.52.171.113 52.9.150.124 184.72.21.195 184.72.47.83 54.241.101.173

 

Clinic Service

13.52.7.6 13.56.46.159 52.52.174.230 54.177.111.163 13.52.58.237 18.144.134.162 54.241.243.156 54.176.136.131 13.56.219.50 13.56.202.120 13.56.70.155 50.18.137.251 13.52.25.116

 

Updates

Update on 1 Aug 2023

  • Updated correct list of Clinic Service IPs.

  • The following IPs are no longer valid

    • 54.153.119.24, 18.144.69.7, 52.53.171.200, 54.176.88.134, 18.144.8.250, 52.53.190.38, 54.177.38.2, 54.215.4.54, 54.193.243.179, 184.72.50.250

Update on 13 July 2023

  • Relayout content, separate out IP addresses for easy copy & paste

  • Removed legacy relay servers

  • Added in Singapore Video bridge

  • Added dedicated section for Testing VSee Connectivity

  • Added Outbound Connections section