System and Network Requirements - Amwell Carepoint Firewall Rules

These requirements have been updated on: 05/13/2022

Amwell Carepoint Firewall Rules

This article refers to all Amwell Proprietary Hardware devices - C250, C500, TV Kit 100 & 200

Hospital System Firewall requirements

Amwell Hospital Carepoints must be placed on a network that follows the rules listed below to allow for the appropriate incoming and outgoing traffic. Please supply your network administrator with the following mandatory details – these firewall permissions are needed for application functionality.

Firewall and Domain Permissions:
  • See the table below for specific domains and IP’s (where available) that need to be allow listed on your network
Ports:
  • The firewall must be configured for outbound HTTP/HTTPS requests on ports listed in the table below

Amwell Hospital Carepoints employ an explicit firewall allow listing protocol that restricts all traffic on the device to specific domains and ports.

Firewall Allow List Requirements

The Amwell Hospital platform requires mandatory firewall permissions for minimum application functionality.

Please find our instructions on Split-Tunnel Virutal Private Network set up Here - recommended for all Amwell products where providers are connecting via VPN.

Firewall and Domain Permissions:
  • *.amwell.com
  • *.avizia.io
  • *.avizia.com
  • *.amwell.systems
  • global.stun.twilio.com
  • global.turn.twilio.com
Ports:
  • The firewall must be configured for requests on the following ports:
REQUIRED SERVICE TRANSPORT PORTS RULE DESTINATION
Mandatory Standard web, redirect to HTTPS TCP 80 Outgoing
  • *.avizia.com
  • *.avizia.io
Mandatory Secure WebRTC TCP 443 Outgoing, Established
  • *.avizia.com
  • *.avizia.io
  • *.amwell.systems
  • 54.172.60.0 - 54.172.61.255
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**
  • 18.204.64.0-31
Mandatory DNS UDP 53 Outgoing
  • Local DNS server
Mandatory Update Service TCP 443 Outgoing, Established
  • atom-avizia-com.s3.amazonaws.com
Recommended Enhanced Fleet Service TCP 443 Outgoing, Established
  • 3.127.6.122 
  • 35.159.42.141
  • 3.66.25.214
  • 18.158.25.22
Mandatory Network Time Sync NTP 123 Outgoing
  • pool.ntp.org
Highly Recommended Preferred - Media (RTP/RTCP) UDP & TCP
  • 40000-49999
  • 33000-33499
Outgoing, Established
  • *.avizia.io
Mandatory

(select either Preferred Media

or

Media (STUN/TURN) below)
Preferred Media (RTP/RTCP)

Use for best performance and quality
UDP & TCP
  • 40000-49999
  • 33000-33499
Outgoing, Established
  • 34.75.154.64/26
  • 34.75.18.64/26
  • 34.75.114.64/26
  • 34.66.98.64/26
  • 34.132.19.0/26
  • 34.132.48.128/26
Media (STUN/TURN)*

Reduces number of ports required, however, increases connection time
UDP & TCP 443, 3478 (UDP & TCP) 5349 TCP Outgoing, Established
  • 54.172.60.0 - 54.172.61.255,
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**

*Fail-over in case 40000-49999 cannot establish a connection.

**If using Amwell outside of the United States, please consult your Implementation Manager. STUN/TURN is not currently supported on the 210 Telemedicine cart.

†For the most restrictive networks. Note that you may see performance degradation in video quality. STUN/TURN is not currently supported on the 210 Telemedicine cart.

Converge Platform Firewall requirements

Please find our instructions on Split-Tunnel Virutal Private Network set up Here - recommended for all Amwell products where providers are connecting via VPN.

REQUIRED SERVICE TRANSPORT PORTS RULE DESTINATION
Mandatory Standard web, redirect to HTTPS TCP 80 Outgoing
  • *.avizia.com
  • *.avizia.io
Mandatory Secure WebRTC TCP 443 Outgoing, Established
  • global.vss.twilio.com
  • us1.vss.twilio.com
  • us2.vss.twilio.com
  • Sdkgw.us1.twilio.com
  • *.amwell.com
  • *.amwellnow.com
  • *.amwlnw.com
  • *.amwell.systems
  • firebasehostingproxy.page.link
Mandatory DNS UDP 53 Outgoing
  • Local DNS server
Mandatory Update Service TCP 443 Outgoing, Established
  • atom-avizia-com.s3.amazonaws.com
Recommended Enhanced Fleet Service TCP 443 Outgoing, Established
  • 3.127.6.122
  • 35.159.42.141
  • 3.66.25.214
  • 18.158.25.22
Mandatory Network Time Sync NTP 123 Outgoing
  • pool.ntp.org
Mandatory Preferred Media (RTP/RTCP)

Use for best performance and quality
UDP & TCP TCP: 443, 3478, 5349, 10000-60000

---

UDP: 3478, 10000-60000
Outgoing, Established
  • 34.203.254.0/24
  • 54.172.60.0/23
  • 34.203.250.0/23
  • 3.235.111.128/25
  • 34.216.110.128/27
  • 54.244.51.0/24
  • 44.234.69.0/25

 

Amwell Hospital TV Kit 200 Platform Firewall Requirements

The Amwell Hospital TV Kit 200 Carepoints must be placed on a network that follows the rules listed below to allow for the appropriate incoming and outgoing traffic. Please supply your network administrator with the following mandatory details - these firewall permissions are needed for application functionality.

REQUIRED SERVICE TRANSPORT PORTS RULE DESTINATION
Mandatory Device endpoints TCP 443 Outgoing, Established
  • login.solaborate.com
  • api.solaborate.com
  • signaling.solaborate.com
  • mobile.solaborate.com
Mandatory Amwell Application TCP 443 Outgoing, Established
  • amwell.solaborate.com
Mandatory Twilio STUN/TURN Servers (Primary) TCP & UDP

TCP: 443, 3478

UDP: 443, 3478, 5349

Outgoing, Established
  • global.twilio.com
Mandatory Xirsys STUN/TURN Servers (Secondary) TCP & UDP

TCP: 443, 3478

UDP: 443, 3478, 5349
Outgoing, Established
  • global.xirsys.net
Mandatory Application Updates/App Center TCP 443 Outgoing, Established
  • app.appcenter.ms
  • api.mobile.azure.com
  • *.appcenter.ms
  • *.azureedge.net
Mandatory Crash and Logs/Crashlytics TCP 443 Outgoing, Established
  • *.fabric.io
  • *.crashlytics.com
Mandatory Application Insights/Logs and metrics TCP 443 Outgoing, Established
  • dc.applicationinsights.azure.com
  • dc.applicationinsights.microsoft.com
  • dc.services.visualstudio.com
  • ussc.rt.prod.applicationinsights.trafficmanager.net
Mandatory Update Service TCP 443 Outgoing, Established
  • soldevbuilds.blob.core.windows.net
  • ota-distribution.solaborate.com
Mandatory Network Time Sync TCP & UDP

TCP: 443

UDP: 123

Outgoing, Established
  • extreme-ip-lookup.com
  • *.ntp.org
  • api.ipify.org
Mandatory Selective Forwarding Unit (SFU) WebRtc Media Servers UDP 10000-20000 Outgoing, Established
  • 52.185.30.96/27

Home Platform Firewall requirements

Please find our instructions on Split-Tunnel Virutal Private Network set up Here - recommended for all Amwell products where providers are connecting via VPN.

Firewall and Domain Permissions:
  • *.amwell.com
  • *.avizia.io
  • *.avizia.com
  • *.amwell.systems
  • global.stun.twilio.com
  • global.turn.twilio.com
Ports:
  • The firewall must be configured for requests on the following ports:
REQUIRED SERVICE TRANSPORT PORTS RULE DESTINATION
Mandatory Standard web, redirect to HTTPS TCP 80 Outgoing
  • *.avizia.com
  • *.avizia.io
Mandatory Secure WebRTC TCP 443 Outgoing, Established
  • *.avizia.com
  • *.avizia.io
  • *.amwell.systems
  • 54.172.60.0 - 54.172.61.255
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**
  • 18.204.64.0-31
Mandatory DNS UDP 53 Outgoing
  •  Local DNS server
Mandatory Update Service TCP 443 Outgoing, Established
  • atom-avizia-com.s3.amazonaws.com
Recommended Enhanced Fleet Service TCP 443 Outgoing, Established
  • 3.127.6.122
  • 35.159.42.141
  • 3.66.25.214
  • 18.158.25.22
Mandatory Network Time Sync NTP 123 Outgoing
  • pool.ntp.org
Highly Recommended Preferred - Media (RTP/RTCP) UDP & TCP 40000-49999

33000-33499
Outgoing, Established
  • *.avizia.io
Mandatory

(select either Preferred Media

or

Media (STUN/TURN) below)
Preferred Media (RTP/RTCP)

Use for best performance and quality
UDP & TCP
  • 40000-49999
  • 33000-33499
Outgoing, Established
  • 34.75.154.64/26
  • 34.75.18.64/26
  • 34.75.114.64/26
  • 34.66.98.64/26
  • 34.132.19.0/26
  • 34.132.48.128/26
Media (STUN/TURN)*

Reduces number of ports required, however, increases connection time
UDP & TCP 443, 3478 (UDP & TCP) 5349 TCP Outgoing, Established
  • 54.172.60.0 - 54.172.61.255,
  • 34.203.250.0 - 34.203.251.255
  • 54.244.51.0 - 54.244.51.255**

*Fail-over in case 40000-49999 cannot establish a connection.

**If using Amwell outside of the United States, please consult your Implementation Manager.

†For the most restrictive networks. Note that you may see performance degradation in video quality.