Partner Firewall Request

Partner Firewall Request

Firewall Requirements for Hearo System

Hey team,

Our system needs outbound internet access to work. No inbound ports needed - everything is client-initiated.

Important: The system works behind strict firewalls. UDP is optional but recommended for better video quality.

What to whitelist:

Core System (Required):

• remote.hearo.ai (port 443)

• hearoeventhub.servicebus.windows.net (port 443)

• *.pubnub.com (port 443)

Video Calling (Required for tablet video calls):

• *.tokbox.com (port 443)

• *.opentok.com (port 443)

• *.twilio.com (port 443) - new, being added

• turn.hearolife.com (port 443)

• UDP ports 10000-65535 (WebRTC media streams)

• UDP port 3478 to stun.l.google.com (STUN)

Optional (admin tools):

• Port 8883 (MQTTS) - only used during setup/troubleshooting

Simple version:

If your firewall isn't super restrictive:

• Allow outbound TCP port 443 to anywhere

• Allow outbound UDP ports 3478 and 10000-65535 (recommended)

About the UDP ports:

• Required for optimal video quality (direct peer-to-peer)

• If blocked, video still works via our TURN relay server (slightly higher latency)

• Most modern firewalls with stateful inspection handle this automatically

• If you don't use video at all, you can skip UDP entirely

Any questions, let me know.

More details: See NETWORK_REQUIREMENTS.md for the full technical breakdown.