Home > General Administration > Other Topics > Firewall Rules for Cloud Connectivity

Firewall Rules for Cloud Connectivity

The Cisco Meraki Dashboard provides centralized management, optimization, and monitoring of Cisco Meraki devices. In order to manage a Cisco Meraki device through Dashboard, it must be able to communicate with the Cisco Meraki Cloud (Dashboard) over a secure tunnel. This tunnel is created between Cisco Meraki devices and Dashboard to pass management and reporting traffic in both directions. 

Because the Dashboard is located on the public Internet, the tunnel is always initiated outbound from the managed device. Once a connection is established, the device maintains the connection by occasionally sending packets and receiving a response. When a firewall or gateway exists in the data path between the managed device and Dashboard, certain protocols and port numbers must be permitted outbound through the firewall for the secure tunnel to function. 

Addresses & Ports to Allow

A complete list of destination IP addresses, ports, and their respective purposes can be found in Dashboard under Help > Firewall info:

It's important to note that different organizations may communicate with different servers, so this list can vary between organizations.

Changes to Cisco Meraki Cloud (Dashboard) Addresses

There are some circumstances where the IP address or port used to communicate with Dashboard may change. If this type of change is required, administrators are notified in advance. Secure tunnel connectivity is also redundant and will continue to operate though a secondary connection.

Devices using the 'backup Cloud connection'

While devices will primarily connect to Dashboard using UDP port 7351 for their tunnel, they will attempt to use HTTP/HTTPS if unable to connect over port 7351. When devices are operating like this, a message will be displayed on the device's status page indicating that the 'Connection to the Cisco Meraki Cloud is using the backup Cloud connection.' If this is observed, please ensure that port 7351 is being allowed outbound through the firewall or security appliance traffic from the Cisco Meraki devices will pass through.

 

If unable to configure the recommended firewall settings for the backup cloud connection due to security constraints, please note that Cisco Meraki devices will continue to operate normally, but some features of the Cisco Meraki Dashboard may be slower to respond. This includes, but is not limited to:

  • Configuration updates
  • Live tools
  • Firmware upgrades

Note: While it is possible for Cisco Meraki devices to operate without the recommended firewall settings in place for the backup cloud connection, the firewall settings for Meraki cloud communication are still required for the devices to function correctly. 

You must to post a comment.
Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1735

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community