Amwell Carepoint Firewall Rules

This article refers to all Amwell Proprietary Hardware devices - C250, C500, TV Kit 100

 

Quick Navigation

Hospital System

Firewall requirements

Amwell Hospital Carepoints must be placed on a network that follows the rules listed below to allow for the appropriate incoming and outgoing traffic. Please supply your network administrator with the following mandatory details — these firewall permissions are needed for application functionality.

  • Firewall and Domain Permissions:
    • See the table below for specific domains and IP’s (where available) that need to be whitelisted on your network
  • Ports:
    • The firewall must be configured for outbound HTTP/HTTPS requests on ports listed in the table below

Amwell Hospital Carepoints employ an explicit firewall allow-listing protocol that restricts all traffic on the device to specific domains and ports.

Firewall Allowlist Requirements

The Amwell Hospital platform requires mandatory firewall permissions for minimum application functionality.

  • Firewall and Domain Permissions:
    • *.amwell.com
    • *.avizia.io
    • *.avizia.com
    • *.amwell.systems
    • global.stun.twilio.com
    • global.turn.twilio.com
  • Ports:
    • The firewall must be configured for requests on the following ports:

REQUIRED

SERVICE

TRANSPORT

PORTS

RULE

DESTINATION

Mandatory

Standard web, redirect to HTTPS

TCP

80

Outgoing

  • *.avizia.com
  • *.avizia.io

Mandatory

Secure WebRTC

TCP

443

Outgoing, Established

  • *.avizia.com
  • *.avizia.io
  • *.amwell.systems
  • 18.204.64.0-31
  • 18.207.64.121
  • 54.172.60.0 - 54.172.61.255
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**

Mandatory

DNS

UDP

53

Outgoing

  •  Local DNS server

Mandatory

Update Service

TCP

443

Outgoing, Established

  • atom-avizia-com.s3.amazonaws.com

Mandatory

Network Time Sync

NTP

123

Outgoing

  • pool.ntp.org

Highly Recommended

Preferred - Media (RTP/RTCP)

UDP & TCP

40000-49999

33000-33499

Outgoing, Established

  • *.avizia.io

 

 

 

 

Mandatory

 

(select either Preferred Media

or

Media (STUN/TURN) below)

Preferred Media  (RTP/RTCP)

Use for best performance and quality

UDP & TCP

40000-49999

33000-33499

Outgoing, Established

  • 34.75.154.64/26
  • 34.75.18.64/26
  • 34.75.114.64/26
  • 34.66.98.64/26
  • 34.132.19.0/26
  • 34.132.48.128/26

 

  • 18.204.64.0-31
  • 18.207.64.121
  • 34.197.115.173
  • 34.197.150.170
  • 34.227.122.4
  • 52.45.34.112
  • 52.45.39.156
  • 18.204.64.21
  • 18.204.64.22
  • 18.204.64.23
  • 18.204.64.24
  • 18.204.64.25
  • 18.204.64.26
  • 18.204.64.27
  • 18.211.52.109
  • 18.213.174.39
  • 18.232.19.174
  • 184.72.160.181
  • 23.21.107.38
  • 3.208.130.218
  • 3.222.53.94
  • 3.224.176.73
  • 3.227.223.125
  • 3.228.161.51
  • 34.192.247.143
  • 34.193.245.37
  • 34.195.10.252
  • 34.198.169.26
  • 34.199.81.209
  • 34.200.22.65
  • 34.225.222.244
  • 34.230.136.95
  • 34.232.0.86
  • 34.232.14.147
  • 35.168.195.217
  • 35.168.217.157
  • 35.170.175.232
  • 50.19.207.165
  • 52.1.227.220
  • 52.20.107.20
  • 52.20.130.77
  • 52.20.93.110
  • 52.203.167.103
  • 52.205.163.92
  • 52.205.204.151
  • 52.206.134.222
  • 52.22.214.169
  • 52.22.34.32
  • 52.23.59.95
  • 52.23.7.230
  • 52.45.147.98
  • 52.45.203.222
  • 52.5.222.231
  • 52.72.189.250
  • 54.165.213.9
  • 54.173.28.112
  • 54.175.199.101
  • 54.235.119.232
  • 18.205.132.106
  • 18.208.1.134
  • 18.234.13.247
  • 18.235.238.80
  • 3.219.236.107
  • 3.222.68.91
  • 3.224.89.6
  • 3.231.187.184
  • 3.81.178.239
  • 34.198.118.110
  • 34.198.155.144
  • 34.200.118.224
  • 34.204.230.253
  • 34.205.227.147
  • 34.231.53.231
  • 34.233.104.108
  • 34.234.53.18
  • 52.20.119.210
  • 52.20.171.7
  • 52.23.39.75
  • 52.44.2.73
  • 52.71.213.142
  • 54.157.4.151
  • 54.205.195.32
  • 54.86.41.103
  • 3.235.111.0/27
  • 3.235.111.64/26
  • 3.238.211.64/27

 

Media (STUN/TURN)*

Reduces number of ports required, however, increases connection time

UDP & TCP

443, 3478 (UDP & TCP) 5349 TCP

Outgoing, Established

  • 54.172.60.0 - 54.172.61.255,
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**

IP Addresses marked in red italicized print have been deprecated and can be removed from Client Firewall "Allow" lists. 

*Fail-over in case 40000-49999 cannot establish a connection.
**If using Amwell outside of the United States, please consult your Implementation Manager. STUN/TURN is not currently supported on the 210 Telemedicine cart.

†For the most restrictive networks. Note that you may see performance degradation in video quality. STUN/TURN is not currently supported on the 210 Telemedicine cart.

Converge Platform

Firewall requirements

REQUIRED

SERVICE

TRANSPORT

PORTS

RULE

DESTINATION

Mandatory

Standard web, redirect to HTTPS

TCP

80

Outgoing

  • *.avizia.com
  • *.avizia.io

Mandatory

Secure WebRTC

TCP

443

Outgoing, Established

  • global.vss.twilio.com
  • us1.vss.twilio.com
  • us2.vss.twilio.com
  • Sdkgw.us1.twilio.com
  • *.amwell.com
  • *.amwellnow.com
  • *.amwlnw.com
  • *.amwell.systems
  • *.amazonaws.com
  • *.firebasehostingproxy.page.link

Mandatory

DNS

UDP

53

Outgoing

  •  Local DNS server

Mandatory

Update Service

TCP

443

Outgoing, Established

  • atom-avizia-com.s3.amazonaws.com

Mandatory

Network Time Sync

NTP

123

Outgoing

  • pool.ntp.org

Mandatory

 

 

Preferred Media  

(WebRTC/WSS STUN/TURN UDP/TLS/RTP/SAVPF/SRTP/SRTCP)

Use for best performance and quality


 

UDP & TCP

TCP: 443, 3478, 5349, 10000-60000

---

UDP: 3478, 10000-60000

Outgoing, Established


 

  • 34.203.254.0/24
  • 54.172.60.0/23
  • 34.203.250.0/23
  • 3.235.111.128/25
  • 34.216.110.128/27
  • 54.244.51.0/24
  • 44.234.69.0/25

 

Home Platform

Firewall requirements

  • Firewall and Domain Permissions:
    • *.amwell.com
    • *.avizia.io
    • *.avizia.com
    • global.stun.twilio.com
    • global.turn.twilio.com
  • Ports:
    • The firewall must be configured for requests on the following ports:

REQUIRED

SERVICE

TRANSPORT

PORTS

RULE

DESTINATION

Mandatory

Standard web, redirect to HTTPS

TCP

80

Outgoing

  • *.avizia.com
  • *.avizia.io

Mandatory

Secure WebRTC

TCP

443

Outgoing, Established

  • *.avizia.com
  • *.avizia.io
  • *.amwell.systems
  • 18.204.64.0-31
  • 18.207.64.121
  • 54.172.60.0 - 54.172.61.255
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**

Mandatory

DNS

UDP

53

Outgoing

  •  Local DNS server

Mandatory

Update Service

TCP

443

Outgoing, Established

  • atom-avizia-com.s3.amazonaws.com

Mandatory

Network Time Sync

NTP

123

Outgoing

  • pool.ntp.org

Highly Recommended

Preferred - Media (RTP/RTCP)

UDP & TCP

40000-49999

33000-33499

Outgoing, Established

  • *.avizia.io

 

 

 

 

Mandatory

 

(select either Preferred Media

or

Media (STUN/TURN) below)

Preferred Media  (RTP/RTCP)

Use for best performance and quality

UDP & TCP

40000-49999

33000-33499

Outgoing, Established

  • 34.75.154.64/26
  • 34.75.18.64/26
  • 34.75.114.64/26
  • 34.66.98.64/26
  • 34.132.19.0/26
  • 34.132.48.128/26

 

  • 3.238.211.64/27
  • 18.204.64.0-31
  • 18.207.64.121
  • 34.197.115.173
  • 34.197.150.170
  • 34.227.122.4
  • 52.45.34.112
  • 52.45.39.156
  • 18.204.64.21
  • 18.204.64.22
  • 18.204.64.23
  • 18.204.64.24
  • 18.204.64.25
  • 18.204.64.26
  • 18.204.64.27
  • 18.211.52.109
  • 18.213.174.39
  • 18.232.19.174
  • 184.72.160.181
  • 23.21.107.38
  • 3.208.130.218
  • 3.222.53.94
  • 3.224.176.73
  • 3.227.223.125
  • 3.228.161.51
  • 34.192.247.143
  • 34.193.245.37
  • 34.195.10.252
  • 34.198.169.26
  • 34.199.81.209
  • 34.200.22.65
  • 34.225.222.244
  • 34.230.136.95
  • 34.232.0.86
  • 34.232.14.147
  • 35.168.195.217
  • 35.168.217.157
  • 35.170.175.232
  • 50.19.207.165
  • 52.1.227.220
  • 52.20.107.20
  • 52.20.130.77
  • 52.20.93.110
  • 52.203.167.103
  • 52.205.163.92
  • 52.205.204.151
  • 52.206.134.222
  • 52.22.214.169
  • 52.22.34.32
  • 52.23.59.95
  • 52.23.7.230
  • 52.45.147.98
  • 52.45.203.222
  • 52.5.222.231
  • 52.72.189.250
  • 54.165.213.9
  • 54.173.28.112
  • 54.175.199.101
  • 54.235.119.232
  • 18.205.132.106
  • 18.208.1.134
  • 18.234.13.247
  • 18.235.238.80
  • 3.219.236.107
  • 3.222.68.91
  • 3.224.89.6
  • 3.231.187.184
  • 3.81.178.239
  • 34.198.118.110
  • 34.198.155.144
  • 34.200.118.224
  • 34.204.230.253
  • 34.205.227.147
  • 34.231.53.231
  • 34.233.104.108
  • 34.234.53.18
  • 52.20.119.210
  • 52.20.171.7
  • 52.23.39.75
  • 52.44.2.73
  • 52.71.213.142
  • 54.157.4.151
  • 54.205.195.32
  • 54.86.41.103
  • 3.235.111.0/27
  • 3.235.111.64/26

Media (STUN/TURN)*

Reduces number of ports required, however, increases connection time

UDP & TCP

443, 3478 (UDP & TCP) 5349 TCP

Outgoing, Established

  • 54.172.60.0 - 54.172.61.255,
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**

IP Addresses marked in red italicized print have been deprecated and can be removed from Client Firewall "Allow" lists. 

*Fail-over in case 40000-49999 cannot establish a connection.
**If using Amwell outside of the United States, please consult your Implementation Manager.

†For the most restrictive networks. Note that you may see performance degradation in video quality.

__

last updated: 2021-1019 | KS | Add New IP clusters

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request