Firewall and network config

This guide, for IT teams, explains how to configure your network so that people can use Attend Anywhere. After reading this guide, you’ll know the TCP and UDP ports you need to open in your firewall.

When people use Attend Anywhere from your organisation’s network, they need to access to the Attend Anywhere site and the services that it depends on. In this guide we use the following requirement levels for network access:

  • Required: Attend Anywhere doesn’t work without this network access.

  • Recommended: Improves the user experience for callers and providers.

  • Optional: Performance and quality monitoring which help us fix problems.

 

Firewall ports

Attend Anywhere uses WebRTC (Web real-time communication) and HTTPS to transfer video-call data between devices. Check that your firewall opens the destination ports shown in the following table:

Requirement

Destinations

 Ports

Usage

Required

99.77.128.0/18

UDP/3478
TCP/443

Video and audio data for calls.

 

Web access

If your organisation uses a web filter or your firewall blocks HTTPS connections (TCP port 443) by default, you also need to allow access to the following sites:

Requirement

Site

Usage

Required

https://<your-aa-site>
wss://<your-aa-site>

Your Attend Anywhere site. For example, nhs.attendanywhere.com or england.nhs.attendanywhere.com.

Required

https://chime.aws

Video and audio data for calls.
AWS service is CHIME_MEETINGS.

Required

https://*.chime.aws

Video and audio data for calls.
AWS service is CHIME_MEETINGS.

Required

https://*.sdkassets.chime.aws

Services supporting calls.
AWS service is CLOUDFRONT.

Required

https://cdn.pubnub.com

JavaScript libraries for realtime status.

Recommended

https://*.pndsn.com

PubSub notification messages for call status updates.

Recommended

https://media-prod-*-eu-west-2.s3.eu-west-2.amazonaws.com

Display of images embedded in the pages.
AWS service is S3.

Recommended

https://*.googleapis.com

Stylesheet API for Google Fonts.

Recommended

https://*.gstatic.com

Web-font files from Google Fonts.

Optional

https://*.nr-data.net

User-interface and browser performance monitoring.

Optional

https://js-agent.newrelic.com

Application-performance monitoring for service improvement.

Tip. If you don't want to include wildcard domains (the * symbol) for Amazon Web Services (AWS) in your web filter, use the AWS IP address ranges to convert to IP addresses. AWS publish a JSON data file containing their IP addresses labelled with the service and the region. Allow the IP addresses for the CHIME_MEETINGS, CLOUDFRONT and S3 services in the eu-west-2 region. To help keep your config up to date, we recommend subscribing to AWS change notifications or automating your configuration.

 

Troubleshooting

Because our network config can change, we recommend comparing your firewall settings with this guide at regular intervals.

 

Guide updated: 18 December 2024