Our Video Consultation feature is generally used for calls between clinicians and patients.

Patient side

Patients will typically make calls on their personal devices using a mobile internet or domestic home broadband network connection. We find it's only in exceptional cases that firewall configuration changes would need to be made on the patient side. We generally recommend, in the rare case that a patient experiences network connectivity issues, that asking them to use a mobile internet connection is the best solution versus debugging/configuring their home firewall.

Clinician side

Clinician side network connectivity issues are also rare but more likely to occur than clinician side due to enterprise firewalls being more stringent.

We recommend the following minimum requirements:

  • HTTP/HTTPS traffic allowed to *.accurx.com, *.service.signalr.net  and cdn.polyfill.io 
  • HTTPS traffic allowed to *.whereby.com, *.whereby.dev, *.whrby.net, *.appearin.net  and *.cloudfront.net 
  • WebSocket traffic allowed to *.appearin.net

For best results we recommend the following:

  • TCP on port 443 opened for outbound traffic (see technical background)
  • UDP on port 443 opened for outbound traffic (see technical background)
  • Allow HTTP/HTTPS traffic to the following to allow support functionality: *.intercom.io , intercom.help , *.intercomcdn.com 
  • Allow HTTP/HTTPS traffic to the following to allow monitoring functionality: *.sentry.io, dc.services.visualstudio.com 

We recommend testing a clinicians network connectivity by making a call between a device attached to the same network they would use and a device attached to a known good network connection (e.g. a mobile internet connection).

You can use the Network tab in the developer tooling for your browser to identify any requests that are being blocked.

Support

Organisations we work with have kindly shared product specific configuration they have found useful. See the sections below for configuring Smoothwall, SonicWall and more. Please do share configuration tips for other products using our support chat below and we will include in this article.

Contact us for further support with firewall configuration.

Technical background

The Video Consultation feature is built on the industry standard WebRTC protocol.

At the start of a video call, the clients negotiate how they will communicate with each other. They will either communicating directly or through a relayed connection using a TURN server. This maximises video quality whilst supporting a range of network situations, including hospital sites where it is more likely direct communication from client to client would not be permitted.

Opening port 443 for outbound TCP and UDP traffic is recommend to allow the direct mode of operation which can improve video quality however is not required.

Configuring Smoothwall Web Filter

For sites using Smoothwall Web Filter, we recommend the following configuration:

  • Add appearin.net  domain to authentication exceptions group.

Configuring SonicWALL

For sites using SonicWALL, we've found some organisations have had to disable the "App Control" feature. We will update this article if we learn about a more fine grained way to achieve.

Configuring Sophos UTM

For sites using Sophos UTM, we've found some organisations have had to use a combination of configuring HTTP/HTTPS filtering with exceptions for the traffic described above and then bypassing Sophos UTM for the WebSocket traffic.

Through working with organisations to configure their firewalls, we've learnt that Sophos UTM does not support filtering of WebSocket traffic at the moment. If you have more context on this, please contact us and we will share with other organisations by updating this article.

We've seen sites configure Proxy Auto Configuration (Sophos UTM > Web Protection > Filtering Options > Misc > Proxy Auto Configuration) to send WebSocket traffic direct to a Cisco Firepower configured with an outbound application rule to allow STUN.

For example, one site has kindly shared their configuration:

// Allow accuRx Video Consultation to go direct to firewall and be governed by configuration at that layer.
if (shExpMatch(host, "*.appearin.net")) return "DIRECT";

Did this answer your question?