Firewall and network config

This guide, for IT teams, explains how to configure your network so that people can use Attend Anywhere. After reading this guide, you’ll know the TCP and UDP ports you need to open in your firewall.

When people use Attend Anywhere from your organisation’s network, they need to access to the Attend Anywhere site and the services that it depends on. In this guide we use the following requirement levels for network access:

  • Required: Attend Anywhere doesn’t work without this network access.

  • Recommended: Improves the user experience for patients and providers.

  • Optional: Performance and quality monitoring which help us fix problems.

 

Firewall ports

Attend Anywhere uses WebRTC (Web real-time communication) and HTTPS to transfer video-call data between devices. Check that your firewall opens the destination ports shown in the following tables.

 

Individual appointments

Allow the following destination ports on your firewall:

Requirement

Destinations

 Ports

Usage

Required

52.49.123.201
52.213.35.238
35.177.237.5
35.179.41.66
52.56.101.249

UDP/3478
TCP/3478
TCP/443

High-quality video and audio data for calls use port 3478. Lower-bandwidth versions of the data use port 443.

Required

99.77.128.0/18

UDP/3478
TCP/443

Video and audio data for next-generation calls.

 

Group consultations

Allow the following destination ports on your firewall:

Requirement

Destinations

 Ports

Usage

Required

140.238.95.196
130.61.64.185
193.122.11.14
152.67.128.56
158.101.192.6
193.123.38.193

UDP/443
TCP/443

WebRTC’s relay (TURN) servers which help route video and audio data.

Required

3.9.41.96/27
152.67.144.0/24
3.123.12.160/27
3.126.60.32/27
130.61.162.0/24

UDP/10000
UDP/443
TCP/443

Video data for calls.

 

Web access

If your organisation uses a web filter or your firewall blocks HTTPS connections (TCP port 443) by default, you need to allow access to the sites shown in the following tables.

Calls and management console

Tip. If you don't want to include wildcard domains (the * symbol) for Amazon Web Services (AWS) in your firewall, use the AWS IP address ranges. Find IP addresses for the CHIME_MEETINGS, CLOUDFRONT or S3 services in the eu-west-2 region. To help keep your config up to date, we recommend subscribing to AWS change notifications.

Allow access to the following sites:

Requirement

Site

Usage

Required

https://<your-aa-site>
wss://<your-aa-site>

Your Attend Anywhere site. For example, nhs.attendanywhere.com or england.nhs.attendanywhere.com.

Required

https://chime.aws

Video and audio data for next-generation calls.
AWS service is CHIME_MEETINGS.

Required

https://*.chime.aws

Video and audio data for next-generation calls.
AWS service is CHIME_MEETINGS.

Required

https://*.sdkassets.chime.aws

Services supporting next-generation calls.
AWS service is CLOUDFRONT.

 

Group consultations

Allow access to the following sites:

Requirement

Site

Usage

Required

https://london.8x8.vc
wss://london.8x8.vc

London endpoint for group-consultation calls.

Required

https://8x8.vc

User-interface and browser performance statistics for service improvements.

Required

https://api-vo.jitsi.net

Group consultation APIs.

Required

https://rtcstats-server-8x8.jitsi.net
wss://rtcstats-server-8x8.jitsi.net

Analytics services.

Required

https://web-cdn.jitsi.net

Static resources for calls.

 

Realtime status

Allow access to the following sites:

Requirement

Site

Usage

Required

https://cdn.pubnub.com

JavaScript libraries for realtime status.

Recommended

https://*.pndsn.com

 PubSub notification messages for call status updates.

 

Design and type

Allow access to the following sites:

Requirement

Site

Usage

Recommended

https://*.googleapis.com

Stylesheet API for Google Fonts.

Recommended

https://*.gstatic.com

Web-font files from Google Fonts.

Recommended

https://media-prod-*-eu-west-2.s3.eu-west-2.amazonaws.com

Display of images embedded in the pages.
AWS service is S3.

 

Feedback and monitoring

Allow access to the following sites:

Requirement

Site

Usage

Optional

https://*.nr-data.net

User-interface and browser performance monitoring.

Optional

https://js-agent.newrelic.com

Application-performance monitoring for service improvement.

 

Troubleshooting

Because our network config does change, we recommend comparing your firewall settings with this guide at regular intervals. We do expect these settings to change throughout 2024.

 

Guide updated: Wednesday, 1 May 2024