Guidance

Video Hearings service: firewall guidance for corporate IT support services

Updated 8 July 2024

Guidance for supporting access to the Video Hearing service from a corporate network, including our firewall rules.

The Video Hearings service is a browser-based internet service that supports real time video and audio over secure WebRTC.

Camera and microphone access

Users must be able to grant access to their device camera and microphone so that they can carry out a successful self-test of their device and participate in a video hearing.

Your browser policies must allow camera and microphone access to the following:

• https://video.hearings.reform.hmcts.net
• https://service.hearings.reform.hmcts.net

Real-time media

Content is served as follows:

1. Web traffic is sent via HTTPS over TCP/IP

2. Signalling to client browsers is via WSS/HTTPS

3. Video and audio traffic is sent via SRTP over TCP/IP and UDP

UDP is the preferred method of transit for real time video and audio as it gives better performance and lower latency than TCP/IP.

We recognise that in some cases, corporate firewalls cannot be opened to allow connectivity over UDP. Where WebRTC is unable to negotiate a client connection over UDP, the Video Hearings service will use HTTPS port 443 over TCP/IP for video and audio for the client.

Note that where this method of connectivity is used, the quality of a users’ video and audio will be impacted by their local network connection.

Some corporate firewalls and VPNs have packet filtering or packet inspection implemented. If this is the case, and depending on your configuration, you may need to allow media packets from the Video Hearings service if you are opting to use HTTPS port 443 for video and audio traffic.

URLs

The URLs listed below must be allowed over HTTPS port 443:

• video.hearings.reform.hmcts.net
• signalr.hearings.reform.hmcts.net

IP addresses/ranges

For the service to work, the IP addresses/ranges listed must be allowed over TCP/IP HTTPS port 443.

For the best possible user experience, the IP addresses/ranges listed should be allowed over UDP.

TCP/IP addresses

FQDN	IP	Environment	Device
px01.hearings.hmcts.net	35.246.61.150	hearings - prod	Signaling node
px02.hearings.hmcts.net	35.246.79.59	hearings - prod	Signaling node
px03.hearings.hmcts.net	35.246.113.194	hearings - prod	Signaling node
sip.hearings.hmcts.net	35.246.61.150 35.246.79.59 35.246.113.194	hearings - prod	SIP records
hearings.hmcts.net	35.242.182.154	hearings - prod	Load balancer
px01.self-test.hearings.hmcts.net	35.234.138.149	self-test - prod	Signaling node
px02.self-test.hearings.hmcts.net	35.242.187.24	self-test - prod	Signaling node
px03.self-test.hearings.hmcts.net	35.197.254.119	self-test - prod	Signaling node
sip.self-test.hearings.hmcts.net	35.234.138.149 35.242.187.24 35.197.254.119	self-test - prod	SIP records
self-test.hearings.hmcts.net	35.244.218.27	self-test - prod	Load balancer
vhs-turn-prd.9kc.org	34.105.188.62	prod	Turn relay
vhs-turn-prd.9kc.org	34.105.131.240	prod	Turn relay
	35.242.182.154 35.246.61.150 35.246.79.59 35.246.113.194 35.234.138.149 35.242.187.24 35.197.254.119 35.230.139.187 35.230.135.196 35.246.107.219 35.246.20.63 35.246.124.45 35.246.61.132 35.246.26.151 35.242.138.175 35.246.14.216 35.234.149.169 35.242.154.242 35.246.67.204 35.246.103.161 35.246.64.249 35.242.129.244 35.246.107.187	WebRTC client networks	Load balancers and conference nodes

UDP IP addresses/ranges

	IP address	Protocol	Port	Service	Device
WebRTC client networks	35.242.182.154 35.246.61.150 35.246.79.59 35.246.113.194 35.234.138.149 35.242.187.24 35.197.254.119 35.230.139.187 35.230.135.196 35.246.107.219 35.246.20.63 35.246.124.45 35.246.61.132 35.246.26.151 35.242.138.175 35.246.14.216 35.234.149.169 35.242.154.242 35.246.67.204 35.246.103.161 35.246.64.249 35.242.129.244 35.246.107.187	UDP	40000 - 49999	RTP Media	Load balancers and conference nodes

Video engine IP addresses/ranges

Hosting platform	IP addresses/ranges	Ports
Data centre - DC01	195.11.98.0/26	TCP: 443
Data centre - DC02	195.59.122.128/26	TCP/UDP: 40000-49999
Google Cloud Platform	35.214.56.113 35.214.127.45 35.214.27.4 35.214.48.138 35.214.112.135 35.214.10.80 35.214.10.2 35.214.39.108 35.214.5.139 35.214.112.129 35.214.32.134 35.214.35.47 35.214.114.20 35.214.78.171 35.214.62.51 35.214.8.219 35.214.37.71 35.214.78.76 35.214.126.109 35.214.109.66 35.214.52.74 35.214.77.169 35.214.24.224 35.214.84.53 35.214.43.136 35.214.27.201 35.214.56.138 35.214.22.48 35.214.100.199 35.214.83.49 35.214.11.228 35.214.54.35 35.214.15.226 35.214.2.38 35.214.21.66 35.214.63.85 35.214.20.89 35.214.27.115 35.214.3.138 35.214.94.115 35.214.48.227 35.214.52.98 35.214.32.14 35.214.11.41 35.214.17.77 35.214.2.6 35.214.91.145 35.214.81.160 35.214.24.130 35.214.34.91 35.214.90.73 35.214.84.170 35.214.61.90 35.214.34.0 35.214.96.8 35.214.76.234 35.214.80.148 35.214.40.169 35.214.108.29 35.214.68.161 35.214.23.202 35.214.55.73 35.214.80.69 35.214.45.145 35.214.47.20 35.214.61.211 35.214.18.180 35.214.52.185 35.214.44.132 35.214.36.159 35.214.26.100 35.214.122.85 35.214.57.16 35.214.13.219 35.214.7.63

Browsers

You should use the latest version of the operating system on your device.

You should also use the latest version of your internet browser. Which browser you can use depends on your device.

If you are using a laptop or desktop computer, you can use:

• Google Chrome
• Mozilla Firefox
• Microsoft Edge
• Apple Safari (on Macs only)

If you are using an Android tablet or smartphone, you can use:

• Google Chrome
• Samsung Internet

If you are using an iPad or iPhone, you can only use Apple Safari.

The Video Hearing service does not work with Internet Explorer on any device.