System and Network Requirements - Amwell Platform
This documentation was last updated on: 4/13/2026 6:59:29 PM (UTC).
Quick Navigation
Please find the System and Network requirements for the Amwell Platform (previously Converge) below. Please click here to view Amwell’s full list of Products and their network requirements.
Please click here to view the complete System and Network Requirements change log.
Amwell Platform
The following guide provides details on the minimum requirements necessary to enable the Amwell Platform for Patients, Providers, Administrators and Guests. Please note, this document outlines general guidelines and is subject to change with new releases.
Quick Technical Check for Computers and Mobile Devices
Video Bandwidth
- Minimum video bandwidth: 1Mbps per call participant
- Recommended video bandwidth: 4Mbps per call participant
- High-Definition video is available on networks that can support a sustained connection at 1Mbps Up and 4 Mbps Down per user. High Definition requires a compatible camera.
NOTE: Video is not recommended on LTE or Mobile Data. If provider is on optimal device and connection and there are still connectivity issues, this may be an issue with the patient’s device and/or connection.
Specifications
- Amwell Platform software is web‑based.
- The web/mobile solutions utilize standard TCP ports for communications: 443 and 10000-60000.
- The video-sharing component utilizes standard UDP and TCP ports for video transmission: 443 and 3478, 5349 and 10000-60000.
- Traffic is encrypted using SSL; for a detailed list of firewall requirements, please see the table at the bottom of this document.
- Our solutions are tested against W3 standards.
- An audit trail is documented and stored for every event, including logins, edits to forms, and collaboration instances.
- The software may leverage email or SMS to coordinate consultations between users.
Minimum Technical Requirements
Tech Check
To use the Amwell Platform Tech Check tool, please navigate here.
Web Browser Requirements
Based on Twilio Video and WebRTC support
| OS Platform | Supported Web Browser | Unsupported |
|---|---|---|
| Windows |
|
|
| Mac |
* pop up feature has been disabled |
|
| Linux |
|
|
| Chrome OS |
|
|
| Android |
|
|
| iOS iPhone, iPad |
|
|
- If unsupported browser is used, an error screen will prompt user to copy the visit link and use a supported browser.
- The current and last two versions of each browser will be supported.
- Ensure that your browser window maintains at least 960px width. Otherwise, some features and functionality may not be available.
- *For customers Carepoint Calling with TV Kit 200S – Provider devices must allow cookies for *.solaborate.com.
- **"Mobile Safari UIWebView" refers to a specific rendering engine and browser functionality used within apps on iOS devices (iPhone, iPad, iPod Touch). It's not a standalone browser like Mobile Safari but rather a web view engine embedded within an app that allows it to display web content.
Hardware Requirements for Web‑Based Solution
PC
For the Amwell Platform Video, minimum hardware requirements for CPU, GPU, RAM, and OS are needed to ensure a stable video call experience, especially when using the Video Processors library, which is CPU intensive.
Here's a breakdown of the hardware requirements:
- CPU: Intel i5-7200
- GPU: Intel HD Graphics 620
- RAM: 16GB
- Minimum 4 GB of free physical RAM
- OS: Windows 10 Pro
- Example Device: HP ProBook 450 G4
- Bandwidth Recommendations:
- The bandwidth required depends on the codec, resolution, and frame rate.
- For VP8, 640x480 at 30 fps requires a minimum of 400 kbps.
- For VP8 Simulcast, 640x480 at 30 fps requires a minimum of 550 kbps.
- For H.264, 640x480 at 30 fps requires a minimum of 400 kbps.
Mac
- OS X 11 or newer
- At least 16 GB of RAM installed
- Minimum 4 GB of free physical RAM
- An Intel i5 core processor or equivalent
For the Amwell Platform Video on macOS, rRecommended minimum bandwidth is 2 Mbps for a room with 9 participants using low-resolution (240x180) VP8 video and HD audio. Higher resolutions like 640x480 (SD) require around 4 Mbps, and 1280x720 (HD) needs about 6 Mbps. VP8 Simulcast, a more advanced codec, also has specific bitrate recommendations based on resolution, with 150 kbps for 176x144, 550 kbps for 640x480, and 1400 kbps for 1280x720
Disclaimer "(Higher specification machines are recommended for best experience)" The performance may be impacted by other applications running on the PC and higher specification machines are recommended for optimal performance.
| Operating System Compatibility |
|---|
| Mac OS X (Most recent 3 versions)* |
| Windows 10 or Newer |
*Video on macOS requires Safari version 11 or later
Mobile Device Minimum OS Requirements
| Operating System Compatibility | Device Compatibility |
|---|---|
|
|
|
|
*Please note that the Amwell Platform does NOT support A12 and A32 Samsung devices at this time.
* For optimal experience, no older than two versions behind the current OS should be used.
Video Requirements for Mobile Web‑Based Solution
The Amwell Platform software will work with webcams that are USB based and are certified for use with the end user’s operating system.
- Video bandwidth
- Minimum video bandwidth: 1Mbps per call participant
- Recommended video bandwidth: 2Mbps per call participant
- High-Definition video is available on networks that can support a sustained connection at 3Mbps Up and 2 Mbps Down. High Definition requires a compatible camera.
- iPhone and Android phones: Video supported over Wi‑Fi and with some cellular networks.
- iPad: Video is supported over Wi‑Fi and with some cellular networks
- Jitter and Packet Loss (recommended)
- Packet loss < 2%
- Jitter < 15ms
Virtual Desktops not supported: Browsers running inside a virtual machine such as Citrix or VMWare will experience low‑quality video. This is not currently supported by Amwell. We recommend working with your EHR / EMR to optimize your virtual machines for video streaming via content redirection so that the video call is routed directly to the local desktop browser.
Requirements for E‑Mail Delivery
The Amwell Platform software sends invitations via e‑mail for:
- Guest Visits
- Patient Video Visits
To ensure proper and timely delivery of these messages, your mail and spam servers should allow emails from @amwlehr.com.
Caller ID and Outbound SMS
The Amwell Platform software sends calls and texts via the following:
- Caller ID: Telehealth Call
- Inbound Phone Number: (857) 407‑4536
- SMS header: TELEHEALTH VISIT
- SMS Phone number: (888) 522‑6688 or (617) 652‑5066
Port Access & Network Connectivity
To use the Twilio Port Checker, please navigate to https://networktest.twilio.com/
Please find our instructions on Split‑Tunnel Virtual Private Network set up here – recommended for all Amwell products where providers are connecting via VPN.
NOTE: All network segments need to maintain a min MTU 1400, with Recommended 1500.
| Required | Port | IP Addresses & URLs | Specification | Details |
|---|---|---|---|---|
| Mandatory for Amwell Platform |
|
|
Twilio/Amwell Platform | Outbound established connections for audio and video streams |
| Mandatory for Amwell Platform |
|
|
Amwell Platform/Pexip | Outbound established connections for audio and video streams |
| Mandatory for Amwell Platform |
|
|
Cloudflare/Amwell Platform/Pexip | Outbound established connections for audio and video streams for TURN and STUN |
| Mandatory for Amwell Platform |
|
|
Amwell Platform | New URLs for Amwell Platform Product and Looker Reporting |
| Mandatory for Amwell Platform |
|
Staging:
|
Amwell Platform | AWS S3 buckets that will contain files / images / resources for the provider profile. |
| On Demand on the Amwell Platform | ||||
| Mandatory for On Demand Workflow | TCP: 443 |
Suki (Notes) Staging
Production
Dr. First (eRx) Staging
Health Gorilla (Labs) Staging
Production
|
||
| *Mandatory for Amwell Platform |
|
|
Amwell Platform/Pexip (SIP Services) | Outbound established connections for audio and video streams |
*If your interpretive services require safelisting of SIP Domains, allow the listed servers or IPs.
Understanding Deep Packet Inspection (DPI) and WebRTC Compatibility in Healthcare Endpoints
In healthcare environments (hospitals, clinics, telehealth setups using Pexip), laptops and desktops typically run enterprise-grade endpoint security and secure access software that performs deep packet inspection (DPI) or equivalent traffic analysis. These tools are required for HIPAA compliance, data loss prevention (DLP), and zero-trust security. They inspect packet payloads (not just headers), decrypt/re-encrypt TLS traffic, classify apps/protocols, and enforce policies in real time.
WebRTC traffic (which Pexip relies on heavily for browser-based video conferencing, media streams over UDP, DTLS-SRTP encryption, ICE/STUN/TURN, and signaling over WebSockets/HTTPS) is especially sensitive. DPI-based tools can:
- Break or delay DTLS handshakes during TLS inspection.
- Misclassify or throttle UDP media flows (WebRTC often uses dynamic high ports).
- Add latency, drop packets, or block connections if signatures don't perfectly match "approved" video traffic.
- Interfere with Pexip's TURN servers or direct peer connections.
This is a common source of issues like one-way audio/video, frozen screens, failed connections, or poor quality in Pexip WebRTC clients on corporate healthcare devices.
Common Apps/Agents That Run on Healthcare Laptops & Desktops and Use DPI (or DPI-like Inspection)
Here are the most frequently deployed ones in U.S. healthcare (based on widespread adoption for telehealth/zero-trust):
- Zscaler Client Connector (ZCC / ZIA + ZPA)
- What it does: Full inline proxy + DPI + 100% TLS/SSL decryption/re-encryption for all outbound traffic. It performs deep content inspection, DLP, threat detection, and app classification directly on the endpoint.
- How it affects Pexip WebRTC: Routes and inspects WebRTC UDP/media flows; TLS inspection often breaks DTLS. Very common in healthcare for HIPAA-grade egress control.
- Why in healthcare: Explicitly promoted for telehealth, PHI protection, and replacing traditional VPNs.
- Netskope Client (or Netskope Private Access / SWG)
- What it does: Client-based Secure Web Gateway with DPI, real-time TLS inspection, DLP, and cloud/SaaS traffic steering. Inspects payloads for threats, data exfiltration, and policy violations.
- How it affects Pexip WebRTC: Common culprit for video conferencing disruptions (latency on UDP streams, inspection of WebRTC signaling). Netskope's healthcare threat reports highlight heavy use in the sector.
- Why in healthcare: Strong focus on preventing PHI leaks to unsanctioned cloud apps and AI tools.
- Palo Alto Networks GlobalProtect / Prisma Access Client
- What it does: ZTNA/SWG client with App-ID, User-ID, and content inspection (DPI equivalent) plus threat prevention. Performs deep packet analysis and TLS decryption.
- How it affects Pexip WebRTC: Can block or reroute media streams unless Pexip domains/ports are explicitly exempted.
- Why in healthcare: Widely used for secure remote access and telehealth endpoints.
- Symantec / Broadcom Endpoint Security (or Endpoint Protection with Web Protection / Network Threat Protection)
- What it does: Host-based firewall + IPS + DPI-like packet inspection for threats and DLP. Includes web filtering and content scanning.
- How it affects Pexip WebRTC: IPS signatures or deep inspection can interfere with WebRTC protocols.
- Forcepoint Endpoint / Web Security or DLP Client
- What it does: Explicit SSL/TLS inspection + DPI for data security and threat prevention. Often paired with SD-WAN or endpoint agents.
- How it affects Pexip WebRTC: Inspects encrypted video traffic and can disrupt real-time flows.
- Other Endpoint DLP Tools with DPI Integration (less common but relevant)
- Examples: Netwrix Endpoint Protector (explicitly combines endpoint DLP with DPI for packet payload analysis), Digital Guardian/Fortra, or Symantec DLP endpoint agents.
- These scan network flows directly on the host for sensitive data (e.g., PHI in video streams or metadata).
Less likely but possible:
- CrowdStrike Falcon (very common EDR in healthcare) has network threat detection but lighter DPI than the above SWG/ZTNA tools.
- Microsoft Defender for Endpoint (network protection features) — usually milder impact unless custom policies are aggressive.
Quick Troubleshooting Tips for Pexip WebRTC Issues
Healthcare IT teams usually resolve this by:
- Adding bypass/exclusion rules for Pexip domains (e.g., *.pexip.com, TURN/STUN servers) and WebRTC UDP ports (typically 5000–65535, plus 443/80 for signaling).
- Disabling TLS inspection or enabling "pass-through" for Pexip traffic.
- Whitelisting in the client's policy (Zscaler/Netskope/etc. have specific video-conferencing exceptions).
Pexip's own docs (telehealth/Epic integration guides) and general WebRTC troubleshooting recommend network/proxy exceptions exactly for these enterprise inspection tools.
Deep Packet Inspection (DPI) has a mixed but often disruptive impact on WebRTC, particularly in enterprise, healthcare, or ISP-managed networks (common in telemedicine setups like yours with Twilio Video or Pexip Infinity). It excels at traffic classification and security but frequently introduces latency, connectivity failures, and media issues due to how it interacts with WebRTC's protocols.
Reference - https://help.pexip.com/service/optimize-experience.htm
Network appliances manipulating packets
Consider if there are security appliances at the network edge which could be delaying the transfer of media traffic. Is there deep packet inspection that is adding delay? Such packet inspection policies will lead to sluggish video call behavior.
Key Effects of DPI on WebRTC
- Classification and Heuristic-Based Treatment (Even with Encryption) SRTP encrypts the media payload, but the first 12 bytes of the RTP header remain unencrypted (SSRC, sequence number, timestamp, etc.). DPI uses this plus packet size, inter-arrival timing, RTP timestamp increments, and DTLS handshake fingerprints to reliably identify "WebRTC/RTP video/audio streams."→ Result: DPI can apply QoS rules, throttle bandwidth, deprioritize, or drop flows—even if it can't read the actual video/audio content. This is why WebRTC resists blind blocking better than unencrypted VoIP (DTLS makes it look like HTTPS traffic, risking collateral damage if over-blocked), but smart DPI still fingerprints and treats it specially.
- Added Latency, Jitter, and Packet Processing Delay DPI inspection (stateful tracking, pattern matching) adds 5–50+ ms per packet in busy networks. Real-time apps hate this—WebRTC's congestion control (Google Congestion Control) reacts poorly, leading to lower resolution, higher packet loss, or freezing. In high-security environments (HIPAA-compliant healthcare networks), DPI + traffic shaping often makes calls feel "laggy" compared to direct internet.
- UDP Flow Timeouts and Premature Session Teardown Many DPI/firewall combos (e.g., Palo Alto) have aggressive UDP idle timeouts (default ~30s). WebRTC media is bursty; silent periods (e.g., during screen-share-only or low-motion video) cause the flow to be torn down. → Classic symptoms:
- One-way audio/video
- Black screens (remote track stops rendering)
- Intermittent reconnects or "media lost" after initial connection This is extremely common in Pexip deployments and Twilio Video on corporate networks.
- ICE Candidate Failures and Blocked Direct Paths DPI can drop STUN Binding requests/responses or block high-port UDP (WebRTC's dynamic RTP range: usually 49152–65535).
- Direct peer-to-peer paths fail → fallback to TURN (good) or total failure (bad).
- Partial success: Signaling works, but media doesn't → black screen / one-way media. DTLS ClientHello fingerprints are sometimes explicitly blocked in restrictive networks (e.g., certain countries or high-security enterprises).
- Throttling or Selective Dropping Once classified, DPI might rate-limit "video" flows or reorder packets (hurts jitter buffer). In extreme cases, it triggers active probing that breaks DTLS handshakes.
Common DPI-Using Apps/Agents in Healthcare Environments
These are the most frequently deployed endpoint agents on healthcare devices (based on industry standards for hospitals, clinics, and telehealth):
|
Category |
Common Tools/Agents |
DPI/Inspection Type |
Typical Impact on Pexip WebRTC |
|
DLP (Data Loss Prevention) |
Symantec/Broadcom DLP Endpoint, Forcepoint DLP Endpoint, Microsoft Purview DLP, Digital Guardian |
Deep content inspection of network traffic, clipboard, files |
Scans outbound traffic for PHI → can block or quarantine WebRTC streams |
|
EDR/XDR / Endpoint Security |
Microsoft Defender for Endpoint, CrowdStrike Falcon, Palo Alto Cortex XDR |
Network threat protection + DPI-like inspection |
Classifies UDP as threat → drops media packets |
|
SASE / Secure Web Gateway Clients |
Zscaler Client Connector, Netskope Client |
Full DPI + SSL/TLS decryption & re-encryption |
Intercepts all traffic → breaks DTLS, adds latency |
|
VPN / Firewall Clients |
Palo Alto GlobalProtect, Cisco AnyConnect (with security modules) |
Traffic inspection + policy enforcement |
UDP port restrictions or unknown protocol blocking |
Note: These agents run silently in the background with kernel-level hooks. Network-level firewalls (e.g., Palo Alto NGFW) add another layer but the question focuses on laptop/desktop apps.