Guidance

Video Hearings service: firewall guidance for corporate IT support services

Updated 8 July 2024

Guidance for supporting access to the Video Hearing service from a corporate network, including our firewall rules.

The Video Hearings service is a browser-based internet service that supports real time video and audio over secure WebRTC.

Camera and microphone access

Users must be able to grant access to their device camera and microphone so that they can carry out a successful self-test of their device and participate in a video hearing.

Your browser policies must allow camera and microphone access to the following:

Real-time media

Content is served as follows:

1. Web traffic is sent via HTTPS over TCP/IP

2. Signalling to client browsers is via WSS/HTTPS

3. Video and audio traffic is sent via SRTP over TCP/IP and UDP

UDP is the preferred method of transit for real time video and audio as it gives better performance and lower latency than TCP/IP.

We recognise that in some cases, corporate firewalls cannot be opened to allow connectivity over UDP. Where WebRTC is unable to negotiate a client connection over UDP, the Video Hearings service will use HTTPS port 443 over TCP/IP for video and audio for the client.

Note that where this method of connectivity is used, the quality of a users’ video and audio will be impacted by their local network connection.

Some corporate firewalls and VPNs have packet filtering or packet inspection implemented. If this is the case, and depending on your configuration, you may need to allow media packets from the Video Hearings service if you are opting to use HTTPS port 443 for video and audio traffic.

URLs

The URLs listed below must be allowed over HTTPS port 443:

  • video.hearings.reform.hmcts.net
  • signalr.hearings.reform.hmcts.net

IP addresses/ranges

For the service to work, the IP addresses/ranges listed must be allowed over TCP/IP HTTPS port 443.

For the best possible user experience, the IP addresses/ranges listed should be allowed over UDP.

TCP/IP addresses

FQDN IP Environment Device
px01.hearings.hmcts.net 35.246.61.150 hearings - prod Signaling node
px02.hearings.hmcts.net 35.246.79.59 hearings - prod Signaling node
px03.hearings.hmcts.net 35.246.113.194 hearings - prod Signaling node
sip.hearings.hmcts.net 35.246.61.150
35.246.79.59
35.246.113.194
hearings - prod SIP records
hearings.hmcts.net 35.242.182.154 hearings - prod Load balancer
px01.self-test.hearings.hmcts.net 35.234.138.149 self-test - prod Signaling node
px02.self-test.hearings.hmcts.net 35.242.187.24 self-test - prod Signaling node
px03.self-test.hearings.hmcts.net 35.197.254.119 self-test - prod Signaling node
sip.self-test.hearings.hmcts.net 35.234.138.149
35.242.187.24
35.197.254.119
self-test - prod SIP records
self-test.hearings.hmcts.net 35.244.218.27 self-test - prod Load balancer
vhs-turn-prd.9kc.org 34.105.188.62 prod Turn relay
vhs-turn-prd.9kc.org 34.105.131.240 prod Turn relay
  35.242.182.154
35.246.61.150
35.246.79.59
35.246.113.194
35.234.138.149
35.242.187.24
35.197.254.119
35.230.139.187
35.230.135.196
35.246.107.219
35.246.20.63
35.246.124.45
35.246.61.132
35.246.26.151
35.242.138.175
35.246.14.216
35.234.149.169
35.242.154.242
35.246.67.204
35.246.103.161
35.246.64.249
35.242.129.244
35.246.107.187
WebRTC client networks Load balancers and conference nodes

UDP IP addresses/ranges

  IP address Protocol Port Service Device
WebRTC client networks 35.242.182.154
35.246.61.150
35.246.79.59
35.246.113.194
35.234.138.149
35.242.187.24
35.197.254.119
35.230.139.187
35.230.135.196
35.246.107.219
35.246.20.63
35.246.124.45
35.246.61.132
35.246.26.151
35.242.138.175
35.246.14.216
35.234.149.169
35.242.154.242
35.246.67.204
35.246.103.161
35.246.64.249
35.242.129.244
35.246.107.187
UDP 40000 - 49999 RTP Media Load balancers and conference nodes

Video engine IP addresses/ranges

Hosting platform IP addresses/ranges Ports
Data centre - DC01 195.11.98.0/26 TCP: 443
Data centre - DC02 195.59.122.128/26 TCP/UDP: 40000-49999
Google Cloud Platform 35.214.56.113
35.214.127.45
35.214.27.4
35.214.48.138
35.214.112.135
35.214.10.80
35.214.10.2
35.214.39.108
35.214.5.139
35.214.112.129
35.214.32.134
35.214.35.47
35.214.114.20
35.214.78.171
35.214.62.51
35.214.8.219
35.214.37.71
35.214.78.76
35.214.126.109
35.214.109.66
35.214.52.74
35.214.77.169
35.214.24.224
35.214.84.53
35.214.43.136
35.214.27.201
35.214.56.138
35.214.22.48
35.214.100.199
35.214.83.49
35.214.11.228
35.214.54.35
35.214.15.226
35.214.2.38
35.214.21.66
35.214.63.85
35.214.20.89
35.214.27.115
35.214.3.138
35.214.94.115
35.214.48.227
35.214.52.98
35.214.32.14
35.214.11.41
35.214.17.77
35.214.2.6
35.214.91.145
35.214.81.160
35.214.24.130
35.214.34.91
35.214.90.73
35.214.84.170
35.214.61.90
35.214.34.0
35.214.96.8
35.214.76.234
35.214.80.148
35.214.40.169
35.214.108.29
35.214.68.161
35.214.23.202
35.214.55.73
35.214.80.69
35.214.45.145
35.214.47.20
35.214.61.211
35.214.18.180
35.214.52.185
35.214.44.132
35.214.36.159
35.214.26.100
35.214.122.85
35.214.57.16
35.214.13.219
35.214.7.63
 

Browsers

You should use the latest version of the operating system on your device.

You should also use the latest version of your internet browser. Which browser you can use depends on your device.

If you are using a laptop or desktop computer, you can use:

  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge
  • Apple Safari (on Macs only)

If you are using an Android tablet or smartphone, you can use:

  • Google Chrome
  • Samsung Internet

If you are using an iPad or iPhone, you can only use Apple Safari.

The Video Hearing service does not work with Internet Explorer on any device.