Home > General Administration > Other Topics > Firewall Rules for Cloud Connectivity

Firewall Rules for Cloud Connectivity

The Cisco Meraki Dashboard provides centralized management, optimization, and monitoring of Cisco Meraki devices. In order to manage a Cisco Meraki device through Dashboard, it must be able to communicate with the Cisco Meraki Cloud (Dashboard) over a secure tunnel. This tunnel is created between Cisco Meraki devices and Dashboard to pass management and reporting traffic. 

Because the Dashboard is located on the public Internet, the tunnel is always initiated outbound from the managed device. Once a connection is established, the device maintains the connection by occasionally sending packets and receiving a response. When a firewall or gateway exists in the data path between the managed device and Dashboard, certain protocols and port numbers must be permitted outbound through the firewall for the secure tunnel to function. 

Addresses & Ports to Allow

A complete list of destination IP addresses, ports, and their respective purposes can be found in Dashboard under Help > Firewall info:

It's important to note that different organizations may communicate with different servers, so this list can vary between organizations.

Changes to Cisco Meraki Cloud (Dashboard) Addresses

There are some circumstances where the IP address or port used to communicate with Dashboard may change. If this type of change is required, administrators are notified in advance. Secure tunnel connectivity is also redundant and will continue to operate though a secondary connection.

Devices using the 'backup Cloud connection'

While devices will primarily connect to Dashboard using UDP port 7351 for their tunnel, they will attempt to use HTTP/HTTPS if unable to connect over port 7351. When devices are operating like this, a message will be displayed on the device's status page indicating that the 'Connection to the Cisco Meraki Cloud is using the backup Cloud connection.' If this is observed, please ensure that port 7351 is being allowed outbound through the firewall or security appliance traffic from the Cisco Meraki devices will pass through.

 

If unable to configure the recommended firewall settings due to security constraints, please note that Cisco Meraki devices will continue to operate normally, but some features of the Cisco Meraki Dashboard may be slower to respond. This includes, but is not limited to:

  • Configuration updates
  • Live tools
  • Firmware upgrades
You must to post a comment.
Last modified
17:28, 8 Apr 2016

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 1735

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community