Guidance

Cloud Video Platform: firewall guidance for corporate IT services

Updated 11 November 2024

This guide is for IT professionals supporting access to the Cloud Video Platform (CVP) from a corporate network. It includes our firewall rules.

CVP is a browser-based internet service that supports real time video and audio over secure WebRTC.

If you need technical support, call our helpdesk on 0330 808 9405, Monday to Friday from 9am to 5pm.

Camera and microphone access

Users must be able to grant access to their device camera and microphone so that they can carry out a self-test of their device and participate in a video hearing.

Your browser policies must allow camera and microphone access https://meet.video.justice.gov.uk.

Real-time media

Content is served as follows:

  1. Web traffic is sent using HTTPS over TCP/IP.
  2. Signalling to client browsers is using WSS/HTTPS.
  3. Signalling to H323 and SIP video endpoints is over TCP 1720, 5060, 5061 and UDP 1719.
  4. Video and audio traffic is sent using SRTP over TCP/IP and UDP.

UDP is the preferred method of transit for real time video and audio as it gives better performance and lower latency than TCP/IP.

We recognise that in some cases, corporate firewalls cannot be opened to allow connectivity over UDP. Where WebRTC is unable to arrange a client connection over UDP, the CVP service will use HTTPS port 443 over TCP/IP for video and audio for the client.

Where this method of connectivity is used, the quality of a users’ video and audio will be impacted by their local network connection.

Some corporate firewalls and VPNs have packet filtering or packet inspection implemented. If this is the case, and depending on your configuration, you may need to allow media packets from CVP if you are opting to use HTTPS port 443 for video and audio traffic.

Browsers

You should use the latest version of the operating system on your device.

You should also use the latest version of your internet browser. Which browser you can use depends on your device.

If you are using a Windows-based laptop or desktop computer, you can use:

  • Google Chrome
  • Microsoft Edge
  • Edge Chromium

CVP will not work on any version of Internet Explorer.

If you are using an Apple laptop or device, we recommend you download and use Google Chrome.

IP addresses/ranges

For the service to work, the IP addresses/ranges listed must be allowed as shown in this guide. The full subnet should be allowed as the assigned public addresses will be selected from these ranges.

For the best possible user experience, the IP addresses/ranges listed should be allowed over UDP.

CVP IP subnets

  1. 91.240.195.0/24
  2. 91.240.204.0/22
  3. 176.121.88.0/21
  4. 185.94.240.0/22
  5. 185.124.96.0/22

SIP and H323 endpoints

Required Service Host Transport Ports Rule
Mandatory Signalling Any TCP 1720, 5060,5061 Outgoing, established
Mandatory Signalling Any UDP 1719 Outgoing, established
Mandatory Signalling Any TCP 33000-49999 Outgoing, established
Mandatory Signalling Any UDP 40000-49999 Outgoing, established

WebRTC

Required Service Host Transport Ports Rule
Mandatory Normal web/ secure WebRTC Any TCP 80,443 Outgoing, established
Mandatory Media Any UDP 40000-49999 Outgoing, established
Mandatory Media Any TCP 40000-49999 Outgoing, established

CVP landing page (HTTPS)

  1. 35.214.64.64