Amwell Carepoint Firewall Rules

This article refers to all Amwell Proprietary Hardware devices - C250, C500, TV Kit 100

 

Quick Navigation

Hospital System

Firewall requirements

Amwell Hospital Carepoints must be placed on a network that follows the rules listed below to allow for the appropriate incoming and outgoing traffic. Please supply your network administrator with the following mandatory details — these firewall permissions are needed for application functionality.

  • Firewall and Domain Permissions:
    • See the table below for specific domains and IP’s (where available) that need to be whitelisted on your network
  • Ports:
    • The firewall must be configured for outbound HTTP/HTTPS requests on ports listed in the table below

Amwell Hospital Carepoints employ an explicit firewall allow-listing protocol that restricts all traffic on the device to specific domains and ports.

Firewall Allowlist Requirements

The Amwell Hospital platform requires mandatory firewall permissions for minimum application functionality.

  • Firewall and Domain Permissions:
    • *.amwell.com
    • *.avizia.io
    • *.avizia.com
    • global.stun.twilio.com
    • global.turn.twilio.com
  • Ports:
    • The firewall must be configured for requests on the following ports:

REQUIRED

SERVICE

TRANSPORT

PORTS

RULE

DESTINATION

Mandatory

Standard web, redirect to HTTPS

TCP

80

Outgoing

  • *.avizia.com
  • *.avizia.io

Mandatory

Secure WebRTC

TCP

443

Outgoing, Established

  • *.avizia.com
  • *.avizia.io
  • 18.204.64.0-31
  • 18.207.64.121
  • 54.172.60.0 - 54.172.61.255
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**

Mandatory

DNS

UDP

53

Outgoing

  •  Local DNS server

Mandatory

Update Service

TCP

443

Outgoing, Established

  • atom-avizia-com.s3.amazonaws.com

Mandatory

Network Time Sync

NTP

123

Outgoing

  • pool.ntp.org

Highly Recommended

Preferred - Media (RTP/RTCP)

UDP & TCP

40000-49999

33000-33499

Outgoing, Established

  • *.avizia.io

 

 

 

 

Mandatory

 

(select either Preferred Media

or

Media (STUN/TURN) below)

Preferred Media  (RTP/RTCP)

Use for best performance and quality

UDP & TCP

40000-49999

33000-33499

Outgoing, Established

  • 18.204.64.0-31
  • 18.207.64.121
  • 34.197.115.173
  • 34.197.150.170
  • 34.227.122.4
  • 52.45.34.112
  • 52.45.39.156
  • 18.204.64.21
  • 18.204.64.22
  • 18.204.64.23
  • 18.204.64.24
  • 18.204.64.25
  • 18.204.64.26
  • 18.204.64.27
  • 18.211.52.109
  • 18.213.174.39
  • 18.232.19.174
  • 184.72.160.181
  • 23.21.107.38
  • 3.208.130.218
  • 3.222.53.94
  • 3.224.176.73
  • 3.227.223.125
  • 3.228.161.51
  • 34.192.247.143
  • 34.193.245.37
  • 34.195.10.252
  • 34.198.169.26
  • 34.199.81.209
  • 34.200.22.65
  • 34.225.222.244
  • 34.230.136.95
  • 34.232.0.86
  • 34.232.14.147
  • 35.168.195.217
  • 35.168.217.157
  • 35.170.175.232
  • 50.19.207.165
  • 52.1.227.220
  • 52.20.107.20
  • 52.20.130.77
  • 52.20.93.110
  • 52.203.167.103
  • 52.205.163.92
  • 52.205.204.151
  • 52.206.134.222
  • 52.22.214.169
  • 52.22.34.32
  • 52.23.59.95
  • 52.23.7.230
  • 52.45.147.98
  • 52.45.203.222
  • 52.5.222.231
  • 52.72.189.250
  • 54.165.213.9
  • 54.173.28.112
  • 54.175.199.101
  • 54.235.119.232
  • 18.205.132.106
  • 18.208.1.134
  • 18.234.13.247
  • 18.235.238.80
  • 3.219.236.107
  • 3.222.68.91
  • 3.224.89.6
  • 3.231.187.184
  • 3.81.178.239
  • 34.198.118.110
  • 34.198.155.144
  • 34.200.118.224
  • 34.204.230.253
  • 34.205.227.147
  • 34.231.53.231
  • 34.233.104.108
  • 34.234.53.18
  • 52.20.119.210
  • 52.20.171.7
  • 52.23.39.75
  • 52.44.2.73
  • 52.71.213.142
  • 54.157.4.151
  • 54.205.195.32
  • 54.86.41.103
  • 3.235.111.0/27
  • 3.235.111.64/26
  • 3.238.211.64/27
  • 34.75.154.64/26
  • 34.75.18.64/26
  • 34.75.114.64/26

Media (STUN/TURN)*

Reduces number of ports required, however, increases connection time

UDP & TCP

443, 3478 (UDP & TCP) 5349 TCP

Outgoing, Established

  • 54.172.60.0 - 54.172.61.255,
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**

*Fail-over in case 40000-49999 cannot establish a connection.
**If using Amwell outside of the United States, please consult your Implementation Manager. STUN/TURN is not currently supported on the 210 Telemedicine cart.

†For the most restrictive networks. Note that you may see performance degradation in video quality. STUN/TURN is not currently supported on the 210 Telemedicine cart.

Converge Platform

Firewall requirements

REQUIRED

SERVICE

TRANSPORT

PORTS

RULE

DESTINATION

Mandatory

Standard web, redirect to HTTPS

TCP

80

Outgoing

  • *.avizia.com
  • *.avizia.io

Mandatory

Secure WebRTC

TCP

443

Outgoing, Established

  • global.vss.twilio.com
  • us1.vss.twilio.com
  • us2.vss.twilio.com
  • Sdkgw.us1.twilio.com
  • *amwell.com
  • *amwellnow.com
  • *amwlnw.com
  • *amwell.systems
  • *.amazonaws.com
  • *firebasehostingproxy.page.link

Mandatory

DNS

UDP

53

Outgoing

  •  Local DNS server

Mandatory

Update Service

TCP

443

Outgoing, Established

  • atom-avizia-com.s3.amazonaws.com

Mandatory

Network Time Sync

NTP

123

Outgoing

  • pool.ntp.org

Mandatory

 

 

Preferred Media  

(WebRTC/WSS STUN/TURN UDP/TLS/RTP/SAVPF/SRTP/SRTCP)

Use for best performance and quality


 

UDP & TCP

TCP: 443, 3478, 5349, 10000-60000

---

UDP: 3478, 10000-60000

Outgoing, Established


 

  • 34.203.254.0/24
  • 54.172.60.0/23
  • 34.203.250.0/23
  • 3.235.111.128/25
  • 34.216.110.128/27
  • 54.244.51.0/24
  • 44.234.69.0/25

 

Home Platform

Firewall requirements

  • Firewall and Domain Permissions:
    • *.amwell.com
    • *.avizia.io
    • *.avizia.com
    • global.stun.twilio.com
    • global.turn.twilio.com
  • Ports:
    • The firewall must be configured for requests on the following ports:

REQUIRED

SERVICE

TRANSPORT

PORTS

RULE

DESTINATION

Mandatory

Standard web, redirect to HTTPS

TCP

80

Outgoing

  • *.avizia.com
  • *.avizia.io

Mandatory

Secure WebRTC

TCP

443

Outgoing, Established

  • *.avizia.com
  • *.avizia.io
  • 18.204.64.0-31
  • 18.207.64.121
  • 54.172.60.0 - 54.172.61.255
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**

Mandatory

DNS

UDP

53

Outgoing

  •  Local DNS server

Mandatory

Update Service

TCP

443

Outgoing, Established

  • atom-avizia-com.s3.amazonaws.com

Mandatory

Network Time Sync

NTP

123

Outgoing

  • pool.ntp.org

Highly Recommended

Preferred - Media (RTP/RTCP)

UDP & TCP

40000-49999

33000-33499

Outgoing, Established

  • *.avizia.io

 

 

 

 

Mandatory

 

(select either Preferred Media

or

Media (STUN/TURN) below)

Preferred Media  (RTP/RTCP)

Use for best performance and quality

UDP & TCP

40000-49999

33000-33499

Outgoing, Established

  • 18.204.64.0-31
  • 18.207.64.121
  • 34.197.115.173
  • 34.197.150.170
  • 34.227.122.4
  • 52.45.34.112
  • 52.45.39.156
  • 18.204.64.21
  • 18.204.64.22
  • 18.204.64.23
  • 18.204.64.24
  • 18.204.64.25
  • 18.204.64.26
  • 18.204.64.27
  • 18.211.52.109
  • 18.213.174.39
  • 18.232.19.174
  • 184.72.160.181
  • 23.21.107.38
  • 3.208.130.218
  • 3.222.53.94
  • 3.224.176.73
  • 3.227.223.125
  • 3.228.161.51
  • 34.192.247.143
  • 34.193.245.37
  • 34.195.10.252
  • 34.198.169.26
  • 34.199.81.209
  • 34.200.22.65
  • 34.225.222.244
  • 34.230.136.95
  • 34.232.0.86
  • 34.232.14.147
  • 35.168.195.217
  • 35.168.217.157
  • 35.170.175.232
  • 50.19.207.165
  • 52.1.227.220
  • 52.20.107.20
  • 52.20.130.77
  • 52.20.93.110
  • 52.203.167.103
  • 52.205.163.92
  • 52.205.204.151
  • 52.206.134.222
  • 52.22.214.169
  • 52.22.34.32
  • 52.23.59.95
  • 52.23.7.230
  • 52.45.147.98
  • 52.45.203.222
  • 52.5.222.231
  • 52.72.189.250
  • 54.165.213.9
  • 54.173.28.112
  • 54.175.199.101
  • 54.235.119.232
  • 18.205.132.106
  • 18.208.1.134
  • 18.234.13.247
  • 18.235.238.80
  • 3.219.236.107
  • 3.222.68.91
  • 3.224.89.6
  • 3.231.187.184
  • 3.81.178.239
  • 34.198.118.110
  • 34.198.155.144
  • 34.200.118.224
  • 34.204.230.253
  • 34.205.227.147
  • 34.231.53.231
  • 34.233.104.108
  • 34.234.53.18
  • 52.20.119.210
  • 52.20.171.7
  • 52.23.39.75
  • 52.44.2.73
  • 52.71.213.142
  • 54.157.4.151
  • 54.205.195.32
  • 54.86.41.103
  • 3.235.111.0/27
  • 3.235.111.64/26
  • 3.238.211.64/27
  • 34.75.154.64/26
  • 34.75.18.64/26
  • 34.75.114.64/26

Media (STUN/TURN)*

Reduces number of ports required, however, increases connection time

UDP & TCP

443, 3478 (UDP & TCP) 5349 TCP

Outgoing, Established

  • 54.172.60.0 - 54.172.61.255,
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**

*Fail-over in case 40000-49999 cannot establish a connection.
**If using Amwell outside of the United States, please consult your Implementation Manager.

†For the most restrictive networks. Note that you may see performance degradation in video quality.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request