Video Hearings service: firewall guidance for corporate IT support services
Updated 8 July 2024
Guidance for supporting access to the Video Hearing service from a corporate network, including our firewall rules.
The Video Hearings service is a browser-based internet service that supports real time video and audio over secure WebRTC.
Camera and microphone access
Users must be able to grant access to their device camera and microphone so that they can carry out a successful self-test of their device and participate in a video hearing.
Your browser policies must allow camera and microphone access to the following:
Real-time media
Content is served as follows:
1. Web traffic is sent via HTTPS over TCP/IP
2. Signalling to client browsers is via WSS/HTTPS
3. Video and audio traffic is sent via SRTP over TCP/IP and UDP
UDP is the preferred method of transit for real time video and audio as it gives better performance and lower latency than TCP/IP.
We recognise that in some cases, corporate firewalls cannot be opened to allow connectivity over UDP. Where WebRTC is unable to negotiate a client connection over UDP, the Video Hearings service will use HTTPS port 443 over TCP/IP for video and audio for the client.
Note that where this method of connectivity is used, the quality of a users’ video and audio will be impacted by their local network connection.
Some corporate firewalls and VPNs have packet filtering or packet inspection implemented. If this is the case, and depending on your configuration, you may need to allow media packets from the Video Hearings service if you are opting to use HTTPS port 443 for video and audio traffic.
URLs
The URLs listed below must be allowed over HTTPS port 443:
- video.hearings.reform.hmcts.net
- signalr.hearings.reform.hmcts.net
IP addresses/ranges
For the service to work, the IP addresses/ranges listed must be allowed over TCP/IP HTTPS port 443.
For the best possible user experience, the IP addresses/ranges listed should be allowed over UDP.
TCP/IP addresses
FQDN | IP | Environment | Device |
---|---|---|---|
px01.hearings.hmcts.net | 35.246.61.150 | hearings - prod | Signaling node |
px02.hearings.hmcts.net | 35.246.79.59 | hearings - prod | Signaling node |
px03.hearings.hmcts.net | 35.246.113.194 | hearings - prod | Signaling node |
sip.hearings.hmcts.net | 35.246.61.150 35.246.79.59 35.246.113.194 |
hearings - prod | SIP records |
hearings.hmcts.net | 35.242.182.154 | hearings - prod | Load balancer |
px01.self-test.hearings.hmcts.net | 35.234.138.149 | self-test - prod | Signaling node |
px02.self-test.hearings.hmcts.net | 35.242.187.24 | self-test - prod | Signaling node |
px03.self-test.hearings.hmcts.net | 35.197.254.119 | self-test - prod | Signaling node |
sip.self-test.hearings.hmcts.net | 35.234.138.149 35.242.187.24 35.197.254.119 |
self-test - prod | SIP records |
self-test.hearings.hmcts.net | 35.244.218.27 | self-test - prod | Load balancer |
vhs-turn-prd.9kc.org | 34.105.188.62 | prod | Turn relay |
vhs-turn-prd.9kc.org | 34.105.131.240 | prod | Turn relay |
35.242.182.154 35.246.61.150 35.246.79.59 35.246.113.194 35.234.138.149 35.242.187.24 35.197.254.119 35.230.139.187 35.230.135.196 35.246.107.219 35.246.20.63 35.246.124.45 35.246.61.132 35.246.26.151 35.242.138.175 35.246.14.216 35.234.149.169 35.242.154.242 35.246.67.204 35.246.103.161 35.246.64.249 35.242.129.244 35.246.107.187 |
WebRTC client networks | Load balancers and conference nodes |
UDP IP addresses/ranges
IP address | Protocol | Port | Service | Device | |
WebRTC client networks | 35.242.182.154 35.246.61.150 35.246.79.59 35.246.113.194 35.234.138.149 35.242.187.24 35.197.254.119 35.230.139.187 35.230.135.196 35.246.107.219 35.246.20.63 35.246.124.45 35.246.61.132 35.246.26.151 35.242.138.175 35.246.14.216 35.234.149.169 35.242.154.242 35.246.67.204 35.246.103.161 35.246.64.249 35.242.129.244 35.246.107.187 |
UDP | 40000 - 49999 | RTP Media | Load balancers and conference nodes |
---|
Video engine IP addresses/ranges
Hosting platform | IP addresses/ranges | Ports |
---|---|---|
Data centre - DC01 | 195.11.98.0/26 | TCP: 443 |
Data centre - DC02 | 195.59.122.128/26 | TCP/UDP: 40000-49999 |
Google Cloud Platform | 35.214.56.113 35.214.127.45 35.214.27.4 35.214.48.138 35.214.112.135 35.214.10.80 35.214.10.2 35.214.39.108 35.214.5.139 35.214.112.129 35.214.32.134 35.214.35.47 35.214.114.20 35.214.78.171 35.214.62.51 35.214.8.219 35.214.37.71 35.214.78.76 35.214.126.109 35.214.109.66 35.214.52.74 35.214.77.169 35.214.24.224 35.214.84.53 35.214.43.136 35.214.27.201 35.214.56.138 35.214.22.48 35.214.100.199 35.214.83.49 35.214.11.228 35.214.54.35 35.214.15.226 35.214.2.38 35.214.21.66 35.214.63.85 35.214.20.89 35.214.27.115 35.214.3.138 35.214.94.115 35.214.48.227 35.214.52.98 35.214.32.14 35.214.11.41 35.214.17.77 35.214.2.6 35.214.91.145 35.214.81.160 35.214.24.130 35.214.34.91 35.214.90.73 35.214.84.170 35.214.61.90 35.214.34.0 35.214.96.8 35.214.76.234 35.214.80.148 35.214.40.169 35.214.108.29 35.214.68.161 35.214.23.202 35.214.55.73 35.214.80.69 35.214.45.145 35.214.47.20 35.214.61.211 35.214.18.180 35.214.52.185 35.214.44.132 35.214.36.159 35.214.26.100 35.214.122.85 35.214.57.16 35.214.13.219 35.214.7.63 |
Browsers
You should use the latest version of the operating system on your device.
You should also use the latest version of your internet browser. Which browser you can use depends on your device.
If you are using a laptop or desktop computer, you can use:
- Google Chrome
- Mozilla Firefox
- Microsoft Edge
- Apple Safari (on Macs only)
If you are using an Android tablet or smartphone, you can use:
- Google Chrome
- Samsung Internet
If you are using an iPad or iPhone, you can only use Apple Safari.
The Video Hearing service does not work with Internet Explorer on any device.